Learn Nexus

Learn Nexus In Comparison with IOS

By: Prashant Phirke (CCIE R&S)

Learn Nexus Page 2

Table of Contents

Configuration Fundamentals .................................................................................................................... 3 Interface Configuration .......................................................................................................................... 10 Port-Channel ......................................................................................................................................... 15 HSRP ...................................................................................................................................................... 20 DHCP Relay ............................................................................................................................................ 25 STP ........................................................................................................................................................ 28 EIGRP .................................................................................................................................................... 32 OSPF ...................................................................................................................................................... 37 BGP ....................................................................................................................................................... 42 BGP (Advanced) ..................................................................................................................................... 48 Multicast ............................................................................................................................................... 54 Netflow ................................................................................................................................................. 65 SPAN ..................................................................................................................................................... 70 TACACS+, RADIUS, and AAA ................................................................................................................... 74 Layer-3 Virtualization ............................................................................................................................. 79

Learn Nexus Page 3

Configuration Fundamentals The Cisco NX-OS is a data center class operating system designed for maximum scalability and application availability. The CLI interface for the NX-OS is very similar to Cisco IOS, so if you understand the Cisco IOS you can easily adapt to the Cisco NX-OS. However, a few key differences should be understood prior to working with the Cisco NX-OS. Important Cisco NX-OS and Cisco IOS Software Differences In Cisco NX-OS:

• When you first log into the NX-OS, you go directly into EXEC mode. • Role Based Access Control (RBAC) determines a user’s permissions by default. NX-OS

5.0(2a) introduced privilege levels and two-stage authentication using an enable secret that can be enabled with the global feature privilege configuration command.

• By default, the admin user has network-admin rights that allow full read/write access. Additional users can be created with very granular rights to permit or deny specific CLI commands.

• The Cisco NX-OS has a Setup Utility that allows a user to specify the system defaults, perform basic configuration, and apply a pre-defined Control Plane Policing (CoPP) security policy.

• The Cisco NX-OS uses a feature based license model. An Enterprise or Advanced Services license is required depending on the features required. Additional licenses may be required in the future.

• A 120 day license grace period is supported for testing, but features are automatically removed from the running configuration after the expiration date is reached.

• The Cisco NX-OS has the ability to enable and disable features such as OSPF, BGP, etc… using the feature configuration command. Configuration and verification commands are not available until you enable the specific feature.

• Interfaces are labeled in the configuration as Ethernet. There aren’t any speed designations.

• The Cisco NX-OS supports Virtual Device Contexts (VDCs), which allow a physical device to be partitioned into logical devices. When you log in for the first time You are in the default VDC (VDC 1).

• The Cisco NX-OS has two preconfigured VRF instances by default (management, default). The management VRF is applied to the supervisor module out-of-band Ethernet port (mgmt0), and the default VRF instance is applied to all other I/O module Ethernet ports.

• SSHv2 server/client functionality is enabled by default. TELNET server functionality is disabled by default. (The TELNET client is enabled by default and cannot be disabled.)

• VTY and Auxiliary port configurations do not show up in the default configuration unless a parameter is modified (The Console port is included in the default configuration). The VTY port supports 32 simultaneous sessions and the timeout is disabled by default for all three port types.

Learn Nexus Page 4

Things You Should Know The following list provides some additional Cisco NX-OS information that should be helpful when configuring and maintaining the Cisco NX-OS.

• The default administer user is predefined as admin. An admin user password has to be specified when the system is powered up for the first time, or if the running configuration is erased with the write erase command and system is repowered.

• If you remove a feature with the global no feature configuration command, all relevant commands related to that feature are removed from the running configuration.

• The NX-OS uses a kickstart image and a system image. Both images are identified in the configuration file as the kickstart and system boot variables. The boot variables determine what version of NX-OS is loaded when the system is powered on. (The kickstart and system boot variables have to be configured for the same NX-OS version.)

• The show running-config command accepts several options, such as OSPF, BGP, etc… that will display the runtime configuration for a specific feature.

• The show tech command accepts several options that will display information for a specific feature.

Configuration Comparison The following sample code show similarities and differences between the Cisco NX-OS software and the Cisco IOS Software CLI.

Cisco IOS CLI Cisco NX-OS CLI Default User Prompt

c6500> n7000# Entering Configuration Mode c6500# configure terminal n7000# configure terminal Saving the Running Config to the Startup Config (nvram) c6500# write memory

or

c6500# copy running-config startup-config

n7000# copy running-config startup-config

Erasing the startup config (nvram) c6500# write erase n7000# write erase

Learn Nexus Page 5

Installing a License Cisco IOS Software does not require a license file installation. n7000# install license bootflash:license_file.lic

Interface Naming Convention interface Ethernet 1/1

interface FastEthernet 1/1

interface GigabitEthernet 1/1

interface TenGigabitEthernet 1/1

interface Ethernet 1/1

Default VRF Configuration (management) Cisco IOS Software doesn’t enable VRFs by default. vrf context management

Configuring the Software Image Boot Variables

boot system flash sup-bootdisk:s72033-ipservicesk9_wan-mz.122-33.SXH1.bin

boot kickstart bootflash:/n7000-s1-kickstart.4.0.4.bin sup-1

boot system bootflash:/n7000-s1-dk9.4.0.4.bin sup-1

boot kickstart bootflash:/n7000-s1-kickstart.4.0.4.bin sup-2

boot system bootflash:/n7000-s1-dk9.4.0.4.bin sup-2

Enabling Features Cisco IOS Software does not have the functionality to enable or disable features. feature ospf

Enabling TELNET (SSHv2 is recommended) Cisco IOS Software enables TELNET by default. feature telnet

Configuring the VTY Timeout and Session Limit

line vty 0 9 line vty

Learn Nexus Page 6

exec-timeout 15 0

login

session-limit 10

exec-timeout 15

Verification Command Comparison The following table compares some useful show commands for verifying the initial system startup and running configuration.

Cisco NX-OS Cisco IOS Software Command Description show running-config show running-config Displays the running configuration show startup-config show startup-config Displays the startup configuration - - - show interface show interface Displays the status for all of the interfaces show interface ethernet <x/x>

show interface <int type> Displays the status for a specific interface

- - - show boot show boot Displays the current boot variables - - - show clock show clock Displays the system clock and time zone

configuration show clock detail show clock detail Displays the summer-time configuration - - - show environment show environment Displays all environment parameters show environment clock

show environment status clock Displays clock status for A/B and active clock

show environment fan show environment cooling fan-tray Displays fan status

show environment power show power Displays power budget show environment temperature

show environment temperature Displays environment data

- - - show log logfile show log Displays the local log

Learn Nexus Page 7

show log nvram - Displays persistent log messages (severity 0-2) stored in NVRAM

show module show module Displays installed modules and their status show module uptime - Displays how long each module has be

powered up show module fabric - Displays fabric modules and their current

status show platform fabric-utilization show fabric utilization Displays the % of fabric utilized per module show process cpu show process cpu Displays the processes running on the CPU show process cpu history

show process cpu history

Displays the process history of the CPU in chart form

show process cpu sorted

show process cpu sorted Displays sorted processes running on the CPU

- - - show system cores - Displays the core dump files if present show system exception-info show exception Displays last exception log show system redundancy status show redundancy Displays the supervisors High Availability

status show system resources show process cpu Displays CPU and memory usage data show system uptime - Displays system and kernel start time

(Displays active supervisor uptime) - - - show tech-support show tech-support Displays system technical information for

Cisco TAC show tech-support <name>

show tech-support <name>

Displays feature specific technical information for Cisco TAC

- - - show version show version Displays running software version, basic

hardware, CMP status and system uptime - - - show line show line Displays console and auxiliary port

information show line com1 - Displays auxiliary port information show line console show line console 0 Displays console port information

Learn Nexus Page 8

show line console connected - States if the console port is physically

connected show terminal show terminal Displays terminal settings show users show users Displays current virtual terminal settings - - - show vrf show ip vrf Displays a list of all configured VRFs show vrf <name> show ip vrf <name> Displays an specified VRF show vrf <name> detail

show vrf detail <name> Displays details for a specified

show vrf <name> interface - Displays interface assignment for a specified

VRF show vrf default - Displays a summary of the default VRF show vrf detail show vrf detail Displays details for all VRF's show vrf interface show ip vrf interface Displays VRF interface assignment show vrf management - Displays a summary of the management VRF - - - show license - Displays all license file information show license brief - Displays the license file names installed show license file <name> - Displays license contents based on a specified

name show license host-id - Displays the chassis Host-ID used for creating

a license show license usage - Displays all licenses used by the system show license usage <license-type> - Displays all licenses used by the system per

type show license usage vdc-all - Displays all licenses used by the system for all

VDCs - - - show vdc - Displays a list of the configured VDC's show vdc <name> - Displays a summary of the individual VDC show vdc <name> detail - Displays configuration details for a specific

VDC show vdc <name> membership - Displays interface membership for a specific

VDC show vdc <name> - Displays resource allocation for a specific

Learn Nexus Page 9

resource VDC show vdc current-vdc - Displays the VDC that the user is currently in show vdc detail - Displays details information for all VDCs show vdc membership - Displays interface membership for all VDCs show vdc resources - Displays resource allocation for all VDCs

Learn Nexus Page 10

Interface Configuration The NX-OS supports different physical and virtual interface types to meet various network connectivity requirements. The different interface types include: layer-2 switched (access or trunk), layer-3 routed, layer-3 routed (sub-interface trunk), switched virtual interface (SVI), port-channel, loopback, and tunnel interfaces.

Important Cisco NX-OS and Cisco IOS Software Differences In Cisco NX-OS:

• SVI command-line interface (CLI) configuration and verification commands are not available until you enable the SVI feature with the feature interface-vlan command.

• Tunnel interface command-line interface (CLI) configuration and verification commands are not available until you enable the Tunnel feature with the feature tunnel command.

• Interfaces support stateful and stateless restarts after a supervisor switchover for high availability.

• Only 802.1q trunks are supported, so the encapsulation command isn't necessary when configuring a layer-2 switched trunk interface. (Cisco ISL is not supported)

• An IP subnet mask can be applied using /xx or xxx.xxx.xxx.xxx notation when configuring an IP address on a layer-3 interface.

• The CLI syntax for specifying multiple interfaces is different in Cisco NX-OS Software. The range keyword has been omitted from the syntax (IE: interface ethernet 1/1-2)

• The out-of-band management ethernet port located on the supervisor module is configured with the interface mgmt 0 CLI command.

Things You Should Know The following list provides some additional facts about the Cisco NX-OS that should be helpful when configuring interfaces.

• An interface can only be configured in 1 VDC at a time. • All 4 interfaces in a port group must be assigned to the same VDC when assigning

interfaces on the 32 port 10GE module. There are not any restrictions for the 48 port 1GE modules.

• 10 GE interfaces can be configured in dedicated mode using the rate-mode dedicated interface CLI command.

• The default port type is configurable for L3 routed or L2 switched in the setup startup script. (L3 is the default port type prior to running the script)

• A layer-2 switched trunk port sends and receives traffic for all VLANs by default (This is the same as Cisco IOS Software). Use the switchport trunk allowed vlan interface CLI command to specify the VLANs allowed on the trunk.

• The clear counters interface ethernet x/x CLI command resets the counters for a specific interface.

Learn Nexus Page 11

Configuration Comparison The following sample code shows configuration similarities and differences between the Cisco NX-OS and Cisco IOS Software CLIs. The CLI is very similar between Cisco IOS and Cisco NX-OS Software.

Cisco IOS CLI Cisco NX-OS CLI Configuring a Routed Interface

interface gigabitethernet 1/1

ip address 192.168.1.1 255.255.255.0

no shutdown

interface ethernet 1/1

ip address 192.168.1.1/24

no shutdown Configuring a Switched Interface (VLAN 10) vlan 10

interface gigabitethernet 1/1

switchport

switchport mode access

switchport access vlan 10

no shutdown

vlan 10


switchport

switchport mode access

switchport access vlan 10

no shutdown Configuring a Switched Virtual Interface (SVI) Cisco IOS Software does not have the ability to enable or disable SVI interfaces using the feature command.

interface vlan 10

ip address 192.168.1.1 255.255.255.0

no shutdown

feature interface-vlan

interface vlan 10

ip address 192.168.1.1./24

no shutdown

Configuring a Switched Trunk Interface

Learn Nexus Page 12

interface GigabitEthernet 1/1

switchport

switchport trunk encapsulation dot1q

switchport trunk native vlan 2

switchport trunk allowed vlan 10,20

switchport mode trunk

no shutdown



switchport trunk allowed vlan 10,20

switchport trunk native vlan 2

no shutdown

Configuring a Routed Trunk Sub-Interface interface gigabitethernet 1/1

no switchport

no shutdown

interface gigabitethernet1/1.10

encapsulation dot1Q 10

ip address 192.168.1.1 255.255.255.0

no shutdown


no switchport

no shutdown

interface ethernet 1/1.10

encapsulation dot1q 10

ip address 192.168.1.1/24

no shutdown

Configuring a Loopback Interface

interface loopback 1

ip address 192.168.1.1 255.255.255.255

no shutdown

interface loopback 1

ip address 192.168.1.1/32

no shutdown Configuring a Tunnel Interface Cisco IOS Software does not have the ability to enable or disable Tunnel interfaces using the feature command.

feature tunnel

Learn Nexus Page 13

interface Tunnel 1

ip address 192.168.1.1 255.255.255.0

tunnel source 172.16.1.1

tunnel destination 172.16.2.1

no shutdown

interface tunnel 1

ip address 192.168.1.1/24

tunnel source 172.16.1.1

tunnel destination 172.16.2.1

no shutdown

Configuring an Interface Description interface gigabitethernet 1/1

description Test Interface


description Test Interface Configuring Jumbo Frames interface gigabitethernet 1/1

mtu 9216


mtu 9216 Configuring Multiple Interfaces (Examples) interface range gigabitethernet 1/1-2

or

interface range gigabitethernet 1/1, gigabitethernet 2/1

interface ethernet 1/1-1

or

interface ethernet 1/1, ethernet 2/1

Verification Command Comparison The following table lists some useful show commands for verifying the status and troubleshooting an interface.

Cisco NX-OS Interface

Cisco IOS Software Interface Command Description

show interface show interface Displays the status and statistics for all interfaces or a specific interface

show interface brief - Displays a brief list of the interfaces (type, mode,

Learn Nexus Page 14

status, speed, MTU) show interface capabilities

show interface capabilities Displays interface capabilities

show interface counters

show interface counters

Displays interface counters (input/output unicast, multicast & broadcast)

show interface debounce - Displays the de-bounce status and time in ms for all

interfaces show interface description - Displays all interfaces with configured descriptions show interface ethernet

show interface interface-type Displays status and statistics for a specific interface

show interface flowcontrol

show interface flowcontrol

Displays Flow Control (802.1p) status and state for all interfaces

show interface loopback

show interface loopback

Displays status and statistics for a specific loopback interface

show interface mac-address - Displays all interfaces and their associated MAC

Addresses show interface mgmt - Displays status and statistics for the management

interface located on the supervisor show interface port-channel

show interface port-channel

Displays status and statistics for a specific port-channel

show interface status show interface status Displays all interfaces and their current status show interface switchport

show interface switchport

Displays a list of all interfaces that are configured as switchports

show interface transceiver

show interface transceiver

Displays a list of all interfaces and optic information (calibrations, details)

show interface trunk show interface trunk Displays a list of all interfaces configured as trunks show interface tunnel <#>

show interface tunnel <#>

Displays status and statistics for a specific tunnel interface

show interface vlan <#>

show interface vlan <#>

Displays status and statistics for a specific VLAN interface

Learn Nexus Page 15

Port-Channel Port-Channels provide a mechanism for aggregating multiple physical Ethernet links into a single logical Ethernet link. Port-Channels are typically used to increase availability and bandwidth, while simplifying the network topology. Port-Channels can be configured in Static Mode (no protocol) or in conjunction with a protocol such as LaCP defined in IEEE 802.3ad or PaGP for dynamic negotiations and keep-alive detection for failover. Important Cisco NX-OS and Cisco IOS Software Differences In Cisco NX-OS:

• 256 Port-Channels are supported per chassis • LaCP and Static Mode Port-Channels are supported (PaGP is not supported in Cisco NX-

OS Software). • LaCP command-line interface (CLI) configuration and verification commands are not

available until you enable the LaCP feature with the feature lacp command. • The CLI syntax for specifying multiple interfaces is different in Cisco NX-OS Software.

The range keyword has been omitted from the syntax (IE: interface ethernet 1/1-2) • A Port-Channel can be converted between a layer-2 and layer-3 Port-Channel without

removing the member ports. • The force keyword can be used when adding an interface to an existing Port-Channel to

force the new interface to inherit all of the existing Port-Channel compatibility parameters.

Things You Should Know The following list provides some additional facts about the Cisco NX-OS that should be helpful when designing, configuring, and maintaining a network using Port-Channels.

• A single Port-Channel cannot connect to two different VDCs in the same chassis. • You cannot disable LaCP with the no feature lacp command if LaCP is configured for a

Port-Channel. LaCP must be disabled on all Port-Channels prior to disabling LaCP globally.

• The show port-channel compatibility-parameters CLI command is very useful for verifying interface parameters when configuring Port-Channels.

• The show port-channel load-balance forwarding-path CLI command can be used to determine the individual link a flow traverses over a specific Port-Channel.

Learn Nexus Page 16

Configuration Comparison The following sample code shows configuration similarities and differences between the Cisco NX-OS and Cisco IOS Software CLIs. The CLI is very similar between Cisco IOS and Cisco NX-OS. Cisco NX-OS does not use the range keyword when specifying multiple interfaces. Cisco NX-OS also has the ability to force an interface to inherit existing Port-Channel compatibility parameters using the force keyword.

Cisco IOS CLI Cisco NX-OS CLI Enabling the LaCP Feature

Cisco IOS Software does not have the ability to enable or disable LaCP. feature lacp

Configuring LACP Active Mode interface range gigabitethernet 1/1-2

channel-group 1 mode active


channel-group 1 mode active Configuring LaCP Passive Mode interface range gigabitethernet 1/1-2

channel-group 1 mode passive


channel-group 1 mode passive Configuring Static Mode (no protocol) interface range gigabitethernet 1/1-2

channel-group 1 mode on


channel-group 1 mode on Enabling a Port Channel interface port-channel 1

no shutdown

interface port-channel 1

no shutdown Layer-2 Port-Channel Example interface range gigabitethernet 1/1-2

switchport



switchport


Learn Nexus Page 17


no shutdown


no shutdown Layer-3 Port-Channel Example interface range gigabitethernet 1/1-2

no switchport



ip address 192.168.1.1 255.255.255.0

no shutdown


no switchport



ip address 192.168.1.1/32

no shutdown Adding an Interface to an Existing Port-Channel Cisco IOS Software does not have the force option, so all interface parameters have to be compatible prior to adding the interface to an existing Port-Channel.

interface range gigabitethernet 1/3

no switchport

channel-group 1 mode active[


channel-group 1 force mode active

Configuring the System Load-Balance Algorithm

port-channel load-balance dst-mac port-channel load-balance ethernet destination-mac

Configuring the Load-Balance Algorithm per Module port-channel per-module load-balance

port-channel load-balance dst-mac module 1

port-channel load-balance ethernet destination-mac module 1

Learn Nexus Page 18

Verification Command Comparison The following table lists some useful show commands for verifying and troubleshooting a Port-Channel configuration.

Cisco NX-OS Port-Channels Cisco IOS Software Port-Channels Command Description

show interface show interface Displays statistics all interfaces or a specific interface

show interface port-channel <#>

show interface port-channel <#>

Displays statistics for a specific port-channel

- - - show port-channel capacity - Displays port-channel resources (total,

used, free) show port-channel compatibility-parameters - Displays the compatibility-parameters

(IE: speed, duplex, etc) show port-channel database - Displays the aggregation state for one

or more port-channels show port-channel load-balance

show etherchannel load-balance

Displays the load-balancing algorithm (hash) configured

show port-channel load-balance forwarding-path

show etherchannel load-balance hash-result

Displays packet forwarding information

show port-channel summary show etherchannel summary

Displays a summarized list of all port-channels

show port-channel traffic - Displays the load per link in a port-channel (Based in interface counters)

show port-channel usage - Displays the range of used and unused port-channel numbers

- - - show lacp counters show lacp counters Displays the LaCP PDU and error

counters show lacp interface - Displays detailed LaCP information

per interface show lacp neighbors show lacp neighbors Displays detailed LaCP information

per neighbor show lacp port-channel show lacp <port-

channel-#> Displays the port-channel LaCP configuration

Learn Nexus Page 19

show lacp system-identifier show lacp sys-id Displays the LaCP system ID (Priority / MAC address)

Learn Nexus Page 20

HSRP HSRP is a Cisco proprietary First Hop Redundancy Protocol (FHRP) designed to allow transparent failover for an IP client’s default gateway (first-hop router). Important Cisco NX-OS and Cisco IOS Software Differences In Cisco NX-OS:

• HSRP command-line interface (CLI) configuration and verification commands are not available until you enable the HSRP feature with the feature hsrp command.

• HSRP is hierarchical. All related commands for an HSRP group are configured under the group number.

• The HSRP configuration commands use the format hsrp <option> instead of standby <option>.

• The HSRP verification commands use the format show hsrp <option> instead of show standby <option>.

• HSRP supports stateful process restart by default. • The hello and hold-time timer ranges for the millisecond options are different. In Cisco

NX-OS, hello = 250 to 999 milliseconds, and hold time = 750 to 3000 milliseconds. In Cisco IOS Software, hello = 15 to 999 milliseconds, and hold time = 50 to 3000 milliseconds.

Things You Should Know The following list provides some additional facts about Cisco NX-OS that should be helpful when designing, configuring, and maintaining HSRP-enabled networks.

• If you remove the feature hsrp command, all relevant HSRP configuration information is also removed.

• HSRPv1 is enabled by default (HSRPv2 can be enabled per interface). • HSRPv1 supports 256 group numbers (0 to 255). HSRPv2 supports 4096 group numbers

(0 to 4095). • HSRPv1 and HSRPv2 are not compatible. However, a device can be configured to run a

different version on different interfaces. • The show running-config hsrp command displays the current HSRP configuration. • Configuration of more than one FHRP on an interface is not recommended. • Object tracking is supported. Tracking can be configured for an interface’s line protocol

state, IP address state, and for IP route reachability (determining whether a route is available in the routing table).

Learn Nexus Page 21

• An interface can track multiple objects. • Secondary IP addresses are supported in the same or a different group as the interface’s

primary IP address. • Load sharing can be accomplished by using multiple HSRP groups per interface.

Configuration Comparison The following sample code shows configuration similarities and differences between the Cisco NX-OS and Cisco IOS Software CLIs. There are two significant differences: Cisco NX-OS uses a hierarchical configuration, and it uses the hsrp keyword instead of the standby keyword for configuration and verification commands. Both enhancements make the configuration easier to read.

Cisco IOS CLI Cisco NX-OS CLI Enabling the HSRP Feature

Cisco IOS Software does not have the ability to enable or disable HSRP. feature hsrp

Configuring HSRP on an Interface

interface Ethernet2/1

ip address 192.168.10.2 255.255.255.0

standby 0 ip 192.168.10.1


ip address 192.168.10.2/24

hsrp 0

ip 192.168.10.1 Configuring the priority and preempt Options


ip address 192.168.10.2 255.255.255.0

standby 0 ip 192.168.10.1

standby 0 priority 110

standby 0 preempt


ip address 192.168.10.2/24

hsrp 0

preempt

priority 110

Learn Nexus Page 22

ip 192.168.10.1 Modifying the Hello and Holdtime Timers (Seconds)


ip address 192.168.10.2 255.255.255.0

standby 0 ip 192.168.10.1

standby 0 timers 1 3


ip address 192.168.10.2/24

hsrp 0

timers 1 3

ip 192.168.10.1 Modifying the Hello and Holdtime Timers (Milliseconds)


ip address 192.168.10.2 255.255.255.0

standby 0 ip 192.168.10.1

standby 0 timers msec 250 msec 750


ip address 192.168.10.2/24

hsrp 0

timers msec 250 msec 750

ip 192.168.10.1 Configuring MD5 Authentication


ip address 192.168.10.2 255.255.255.0

standby 0 ip 192.168.10.1

standby 0 authentication md5 key-string cisco123


ip address 192.168.10.2/24

hsrp 0

authentication md5 key-string cisco123

ip 192.168.10.1 Configuring HSRP Version 2 on an Interface interface Ethernet2/1

ip address 192.168.10.2 255.255.255.0

standby version 2


ip address 192.168.10.2/24

hsrp version 2 Configuring Minimum and Reload Initialization Delay

Learn Nexus Page 23


ip address 192.168.10.2 255.255.255.0

standby delay minimum 5 reload 10


ip address 192.168.10.2/24

hsrp delay minimum 5 reload 10 Configuring Object Tracking (Interface Line-Protocol)

track 1 interface Ethernet2/2 line-protocol


ip address 192.168.10.2 255.255.255.0

standby 0 ip 192.168.10.1

standby 0 track 1 decrement 20

track 1 interface ethernet 2/2 line-protocol


ip address 192.168.10.2/24

hsrp 0

track 1 decrement 20

ip 192.168.10.1

Verification Command Comparison The following table compares some useful show commands for verifying and troubleshooting an HSRP configuration.

Cisco NX-OS HSRP Cisco IOS Software HSRP Command Description

show hsrp show standby <#> Displays detailed information for all HSRP groups

show hsrp active - Displays all of the groups in the “active” state show hsrp brief show standby brief Displays a summary of all the HSRP groups show hsrp delay - Displays minimum and maximum delay times

for preempting show hsrp group - Displays detailed information for a specified

group show hsrp init - Displays all the groups in the "init" state

Learn Nexus Page 24

show hsrp interface - Displays detailed information for a specific interface

show hsrp learn - Displays all the groups in the "learn" state show hsrp listen - Displays all the groups in the "listen" state show hsrp speak - Displays all the groups in the "speak" state show hsrp standby - Displays all the groups in the "standby" state show hsrp summary - Displays summary information for HSRP

groups - - - show track show track Displays the configured tracked objects show track brief show track brief Displays a brief list of tracked objects show track interface show track interface Displays the status of tracked interfaces show track ip show track ip Displays the IP protocol objects that are

tracked

Learn Nexus Page 25

DHCP Relay The DHCP Relay feature was designed to forward DHCP broadcast requests as unicast packets to a configured DHCP server or servers for redundancy. Important Cisco NX-OS and Cisco IOS Software Differences In Cisco NX-OS:

• DHCP command-line interface (CLI) configuration and verification commands are not available until you enable the DCHP feature with the feature dhcp command.

• The DHCP service is not enabled by default, whereas it is enabled by default in Cisco IOS Software.

• The DHCP-Relay command ip dchp relay address is equivalent to the ip helper-address command in Cisco IOS Software.

• Only packets destined to User Datagram (UDP) port 67 (Bootps) and 68 (Bootpc) are forwarded by the relay, whereas Cisco IOS Software forwards additional protocols (Trivial File Transfer Protocol [TFTP], Domain Name System [DNS], Time, NetBios, and Neighbor Discovery).

• The Cisco NX-OS cannot act as a DHCP server.

Things You Should Know The following list provides some additional facts about Cisco NX-OS that should be helpful when designing, configuring, and maintaining networks with the DHCP-Relay feature.

• If you remove the feature dhcp command, all relevant DHCP configuration information is also removed.

• Prior to NX-OS 4.2(1), the service dhcp command enabled the DHCP Relay feature. In NX-OS 4.2(1) the command was changed to ip dhcp relay.

• Sixteen DHCP Relay addresses can be configured per interface. • DHCP packets are always forwarded through DHCP Relay in the same Virtual Route

Forwarding (VRF) instance assigned to the interface. • Assign a DHCP Relay to every interface that may have a client, even if the server resides

in the same Layer-2 broadcast domain (VLAN). - This has been fixed in 4.2(1) software. • DHCP Option 82 information can be configured with the ip dhcp relay information

option global command. • The DHCP Relay configuration can be verified with the show ip dhcp relay address

command.

Learn Nexus Page 26

Configuration Comparison The following sample code shows configuration similarities and differences between the Cisco NX-OS and Cisco IOS Software CLIs. There are two significant differences: in Cisco NX-OS, the DHCP feature must be enabled, and the DHCP service is not enabled by default.

Cisco IOS CLI Cisco NX-OS CLI Enabling the DHCP Feature

Cisco IOS Software does not have the ability to enable or disable DHCP. feature dhcp

Enabling the DHCP Service Cisco IOS Software enables service dhcp by default. ip dhcp relay

Configuring DHCP Relay for an Interface interface Ethernet2/1

ip address 192.168.10.1 255.255.255.0

ip helper-address 1.1.1.1


ip address 192.168.10.1/24

ip dhcp relay address 1.1.1.1 Configuring Option 82 Information ip dhcp relay information option ip dhcp relay information option

Verification Command Comparison The following table compares some useful show commands for verifying and troubleshooting the DHCP-Relay feature.

Cisco NX-OS DHCP-Relay

Cisco IOS Software DHCP-Relay Command Description

show ip dhcp relay address - Displays a list of DHCP-Relay(s)

configured for all interfaces show ip dhcp relay - Displays the DHCP-Relay(s) configured

Learn Nexus Page 27

address interface for a specific interface

Learn Nexus Page 28

STP STP is a standards based link-layer protocol originally defined in IEEE 802.1d that runs on switches to prevent forwarding loops when using redundant layer-2 network topologies. Newer variants of STP have been developed called Rapid Spanning Tree protocol (RSTP) defined in IEEE 802.1w and Multiple Spanning Tree protocol (MST) defined in IEEE 802.1s that are enhanced for better scalability and converge faster than the original version. Important Cisco NX-OS and Cisco IOS Software Differences In Cisco NX-OS:

• Rapid-PVST+ and the MST protocols are supported. • Rapid-PVST+ is enabled by default. • High availability is achieved with stateful switchover when two supervisors are installed

in a chassis. • The STP port types are identified with the port type designation as opposed to the

portfast designation in Cisco IOS Software.

Things You Should Know The following list provides some additional facts about the Cisco NX-OS that should be helpful when designing, configuring, and maintaining a network configured with the STP.

• Rapid-PVST+ is interoperable with the 802.1d STP. • Rapid-PVST+ is interoperable with MST. (This is enabled by default) • Only one STP can be enabled per VDC. • Bridge Assurance is enabled globally by default, but is disabled on an interface by

default. • Bridge Assurance can be enabled for an interface using the spanning-tree port type

network interface command. • The clear spanning-tree counters command clears the counters for an STP interface or a

VLAN. • STP enhancements such as BPDU Guard, Loop Guard, Root Guard, and BPDU Filtering

are supported. Spanning-Tree best practices are applicable to both Cisco NX-OS and Cisco IOS Software

Learn Nexus Page 29

• Do not disable STP. Even if the layer-2 topology does not require STP, it should always be enabled as a safeguard for configuration and/or cabling errors.

• Changing the STP mode can disrupt traffic. • Enabling Bridge Assurance is recommended. However, only enable Bridge Assurance on

layer-2 links if both devices on each end of the link support it. • Typically the core/backbone devices should be configured as the primary and secondary

root bridges. • The default bridge priority is 32,768 (plus the VLAN #). The lower the value, the more

likely it will become the root bridge. • Configure 802.1q trunk ports as edge trunk port type when connecting to L3 hosts such

as firewalls, load-balancers, or servers for faster convergence.

Configuration Comparison The following sample code shows configuration similarities and differences between the Cisco NX-OS and Cisco IOS Software CLIs. The CLI is identical with the exception of the port type terminology. The Cisco IOS uses the portfast designation, whereas Cisco NX-OS uses the port type designation.

Cisco IOS CLI Cisco NX-OS CLI Configuring VLANs

vlan 10,20 vlan 10,20 Configuring Rapid PVST+

spanning-tree mode rapid-pvst Rapid-PVST is enabled by default.

spanning-tree mode rapid-pvst Configuring the Rapid-PVST+ Bridge Priority spanning-tree vlan 10 root primary

spanning-tree vlan 20 root secondary

spanning-tree vlan 10 root primary

spanning-tree vlan 20 root secondary Configuring MST spanning-tree mode mst spanning-tree mode mst Configuring a MST Instance

Learn Nexus Page 30

spanning-tree mst configuration

instance 1 vlan 10

instance 2 vlan 20

spanning-tree mst configuration

instance 1 vlan 10

instance 2 vlan 20 Configuring the MST Bridge Priority spanning-tree mst 1 root primary

spanning-tree mst 2 root secondary

spanning-tree mst 1 root primary

spanning-tree mst 2 root secondary Configuring STP Port Types Globally spanning-tree portfast edge default

or

spanning-tree portfast network default

spanning-tree port type edge default

or

spanning-tree port type network default Configuring STP Port Types per Interface interface GigabitEthernet1/1

switchport

spanning-tree portfast edge

or

spanning-tree portfast network

or

spanning-tree portfast disable


switchport

spanning-tree port type edge

or

spanning-tree port type network

or

spanning-tree port type normal Configuring a Trunk as an Edge Port Type interface GigabitEthernet1/1

switchport

spanning-tree portfast edge trunk


switchport

spanning-tree port type edge trunk Disabling PVST Simulation Globally no spanning-tree mst simulate pvst global no spanning-tree mst simulate pvst global

Learn Nexus Page 31

Disabling PVST Simulation per Port interface GigabitEthernet1/1

switchport

spanning-tree mst simulate pvst disable


switchport

spanning-tree mst simulate pvst disable

Verification Command Comparison The following table lists some useful show commands for verifying and troubleshooting a STP network configuration. The show commands are identical for Cisco IOS and Cisco NX-OS Software.

Cisco NX-OS STP Cisco IOS Software STP Command Description show spanning-tree show spanning-tree Displays high level STP process

information show spanning-tree active show spanning-tree active Displays all ports in the active state show spanning-tree blockedports

show spanning-tree blockedports Displays all ports in the blocked state

show spanning-tree detail show spanning-tree detail Displays detailed information per STP instance

show spanning-tree interface

show spanning-tree interface

Displays detailed STP information for a specific interface

show spanning-tree mst show spanning-tree mst Displays high-level MST configuration

show spanning-tree mst configuration

show spanning-tree mst configuration

Displays the MST instance configuration

show spanning-tree mst detail

show spanning-tree mst detail Displays detailed MST information

show spanning-tree root show spanning-tree root Displays STP root information show spanning-tree summary

show spanning-tree summary Displays STP summary information

show spanning-tree vlan show spanning-tree vlan Displays per VLAN STP information

Learn Nexus Page 32

EIGRP EIGRP is a Cisco proprietary hybrid distance vector routing protocol used to exchange network reachability information within an autonomous system. Important Cisco NX-OS and Cisco IOS Software Differences In Cisco NX-OS:

• EIGRP command-line interface (CLI) configuration and verification commands are not available until you enable the EIGRP feature with the feature eigrp command.

• The EIGRP protocol requires the Enterprise Services license. • The EIGRP instance can consist of 20 characters. Cisco IOS Software supports numbers

1- 65536. • Eight equal-cost paths are supported by default; Cisco NX-OS supports up to 16. • Route auto-summarization is disabled by default. • Networks and interfaces are added to an EIGRP instance under the interface

configuration mode. • If a router ID is not manually configured, the loopback-0 IP address is always preferred.

If loopback 0 does not exist, Cisco NX-OS selects the IP address for the first loopback interface in the configuration. If no loopback interfaces exist, Cisco NX-OS selects the IP address for the first physical interface in the configuration.

• A default route can be generated with the default-information originate command, whereas Cisco IOS Software requires additional CLI commands to achieve similar results.

• When interface authentication is configured, the EIGRP key is encrypted with Data Encryption Standard 3 (3DES) in the configuration. Cisco IOS Software requires the service password command.

• Distribute-lists used to filter routes from routing updates are applied under the interface with the ip distribute-list eigrp command, as opposed to under the EIGRP router instance.

Things You Should Know The following list provides some additional facts about Cisco NX-OS that should be helpful when designing, configuring, and maintaining an EIGRP network.

• Four EIGRP instances can be configured per virtual device context (VDC). • Numerous Virtual Route Forwarding (VRF) instances can be associated with an EIGRP

instance.

Learn Nexus Page 33

• If the feature eigrp command is removed, all relevant EIGRP configuration information is also removed.

• The shutdown command can be used to disable an EIGRP instance while retaining the configuration. This feature can also be applied per interface with the ip eigrp <instance #> shutdown command.

• The show running-config eigrp command displays the current EIGRP configuration. • An EIGRP instance can be restarted with the restart eigrp <instance #> command. • Graceful restart (RFC 3623) is enabled by default. • Multiple EIGRP instances can be configured on the same interface. • Secondary IP addresses are advertised by default and cannot be suppressed per interface.

Configuration Comparison The following sample code shows configuration similarities and differences between the Cisco NX-OS and Cisco IOS Software CLIs. There are three significant differences: Cisco NX-OS allows EIGRP to be enabled and disabled globally, and it has a more interface-centric configuration that makes it easier to read. In addition, Cisco NX-OS has the capability to generate a default route, whereas Cisco IOS Software requires additional CLI commands to achieve similar results.

Cisco IOS CLI Cisco NX-OS CLI Enabling the EIGRP Feature

Cisco IOS Software does not have the ability to enable or disable EIGRP. feature eigrp

Configuring an EIGRP Instance and Router ID router eigrp 10

eigrp router-id 192.168.1.1

router eigrp 10

router-id 192.168.1.1 Associating a Network with an EIGRP Instance

router eigrp 10

network 192.168.10.0


ip address 192.168.10.1/24

ip router eigrp 10 Configuring a Passive Interface

Learn Nexus Page 34

router eigrp 10

network 192.168.10.0 passive-interface GigabitEthernet2/1


ip address 192.168.10.1/24

ip router eigrp 10

ip passive-interface eigrp 10 Configuring Interface Authentication (MD5)

key chain eigrp-key

key 1 key-string cisco123

interface GigabitEthernet2/1 ip address 192.168.10.1 255.255.255.0 ip authentication mode eigrp 10 md5 ip authentication key-chain eigrp 10 eigrp-key

key chain eigrp-key

key 1 key-string 7 070c285f4d06485744


ip address 192.168.10.1/24

ip router eigrp 10

ip authentication mode eigrp 10 md5

ip authentication key-chain eigrp 10 eigrp-key

Configuring an EIGRP Distribution List to Filter Routes

ip prefix-list eigrp-10-list seq 5 permit 159.142.1.0/24

router eigrp 10

network 192.168.10.0

distribute-list prefix eigrp-10-list out GigabitEthernet2/1

ip prefix-list eigrp-10-list seq 5 permit 159.142.1.0/24


ip address 192.168.10.1/24

ip router eigrp 10

ip distribute-list eigrp 10 prefix-list eigrp-10-list out

Configuring Route Summarization interface GigabitEthernet2/1 interface Ethernet2/1

Learn Nexus Page 35

ip address 192.168.10.1 255.255.255.0

ip summary-address eigrp 10 159.142.0.0 255.255.0.0 5

ip address 192.168.10.1/24

ip router eigrp 10

ip summary-address eigrp 10 159.142.0.0/16 Generating A Default Route (Conditional) Cisco IOS Software doesn’t have the same CLI to generate a default route, but redistribution or the ip summary address command can be used to achieve similar results.

router eigrp 10

default-information originate

Verification Command Comparison The following table compares some useful show commands for verifying and troubleshooting an EIGRP network configuration.

Cisco NX-OS EIGRP Cisco IOS Software EIGRP Command Description

show ip eigrp show ip eigrp <#> Displays all EIGRP information for a specified process

show ip eigrp accounting - Displays the number of prefixes that each

neighbor advertised show ip eigrp interfaces show ip eigrp interfaces Displays interfaces configured for EIGRP show ip eigrp interfaces detail

show ip eigrp interfaces detail Displays detailed interface information

show ip eigrp neighbors

show ip eigrp neighbors Displays currently connected neighbors

show ip eigrp neighbors detail

show ip eigrp neighbors detail

Displays connected neighbors and associated details

show ip eigrp policy - Displays redistribution statistics for the specified protocol

Learn Nexus Page 36

show ip eigrp route - Displays EIGRP routes show ip eigrp topology show ip eigrp topology Displays the EIGRP topology table show ip eigrp traffic show ip eigrp traffic Displays statistics related to EIGRP

Learn Nexus Page 37

OSPF OSPFv2 is an IETF (RFC 2328) standards-based dynamic link-state routing protocol used to exchange network reachability within an autonomous system. Important Cisco NX-OS and Cisco IOS Software Differences In Cisco NX-OS:

• OSPF command-line interface (CLI) configuration and verification commands are not available until you enable the OSPF feature with the feature ospf command.

• The OSPF protocol requires the Enterprise Services license. • The OSPF instance can consists of 20 characters, whereas the IOS supports numbers 1 –

65536. • Eight equal-cost paths are supported by default. You can configure up to sixteen. • The default reference bandwidth used in the OSPF cost calculation is 40 Gbps. • Networks and interfaces are added to an OSPF instance under the interface configuration

mode. • An OSPF area can be configured using decimal or decimal dotted notation, but it is

always displayed in decimal dotted notation in the configuration and in the show command output.

• Passive interfaces are applied to the interface as opposed to under the OSPF router instance.

• If a router ID is not manually configured, the loopback 0 IP address is always preferred. If loopback 0 does not exist, Cisco NX-OS selects the IP address for the first loopback interface in the configuration. If no loopback interfaces exist, Cisco NX-OS selects the IP address for the first physical interface in the configuration.

• Neighbor adjacency changes are not logged by default. The log-adjacency-changes CLI command is required under the OSPF instance.

• When interface authentication is configured, the OSPF key is encrypted with Data Encryption Standard 3 (3DES) in the configuration. Cisco IOS Software requires the service password command.

• When you rollover an OSPF authentication key in a combined Cisco NX-OS/Cisco IOS network, you should configure both keys on the Cisco NX-OS router to ensure that there is sufficient overlap between the old key and the new key for a smooth transition to the new key. You should configure the new key as a valid accept key on all the NX-OS and IOS routers before the new key becomes a valid generation key in the keychain. During the overlap period, Cisco NX-OS transmits the new OSPF key and accepts OSPF authenticated packets from both the old key and the new key.

• The NX-OS does not support distribute-lists used to remove OSPF routes from the routing table. The NX-OS does support inter-area LSA/route filtering using the filter-list command configured under the OSPF routing instance.

Learn Nexus Page 38

Things You Should Know The following list provides some additional facts about Cisco NX-OS that should be helpful when designing, configuring, and maintaining an OSPF network.

• Four OSPF instances can be configured per virtual device context (VDC). • Numerous Virtual Route Forwarding (VRF) instances can be associated to an OSPF

instance. • If you remove the feature ospf command, all relevant OSPF configuration information is

also removed. • The shutdown command under the OSPF process can be used to disable OSPF while

retaining the configuration. Similar functionality can also be applied per interface with the ip ospf shutdown command.

• The show running-config ospf command displays the current OSPF configuration. • An OSPF instance can be restarted with the restart ospf <instance #> command. • Graceful Restart (RFC 3623) is enabled by default. • OSPF supports stateful process restarts if two supervisors are present. • You cannot configure multiple OSPF instances on the same interface. • An interface can support multi-area adjacencies using the multi-area option with the ip

router ospf interface command. • Secondary IP addresses are advertised by default, but can be suppressed per interface

with the ip router ospf <instance> area <#> secondaries none interface command. • By default all loopback IP address subnet masks are advertised in an LSA as a /32. The

loopback interface command ip ospf advertise-subnet can be configured to advertise the primary IP address subnet mask. (This command does not apply to secondary IP addresses. They will still be advertised as a /32.)

Configuration Comparison The following sample code shows configuration similarities and differences between the Cisco NX-OS and Cisco IOS Software CLIs. There are two significant differences: Cisco NX-OS allows OSPF to be enabled and disabled globally, and it has a more interface-centric configuration that makes it easier to read.

Cisco IOS CLI Cisco NX-OS CLI Enabling the OSPF Feature

Cisco IOS Software does not have the ability feature ospf

Learn Nexus Page 39

to enable or disable OSPF. Configuring an OSPF Instance and Router ID router ospf 10

router-id 192.168.1.1

router ospf 10

router-id 192.168.1.1 Associating a Network with an OSPF Instance and Area

router ospf 10

network 192.168.1.0 0.0.0.255 area 1


ip address 192.168.10.1/24

ip router ospf 10 area 1 Configuring a Passive Interface

router ospf 10

passive-interface GigabitEthernet2/1

network 192.168.1.0 0.0.0.255 area 1


ip address 192.168.11.1/24

ip ospf passive-interface

ip router ospf 10 area 0 Configuring Interface Authentication (MD5)

interface GigabitEthernet2/1

ip address 192.168.10.1 255.255.255.0

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 cisco123


ip address 192.168.10.1/24

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 3 a667d47acc18ea6b

ip router ospf 10 area 1 Configuring a Stub Area with the no summary Option router ospf 10

area 2 stub no-summary

router ospf 10

area 2 stub no-summary Creating a Not-So-Stubby Area (NSSA) and Generating a Default Route

Learn Nexus Page 40

router ospf 10

area 3 nssa default-information-originate

router ospf 10

area 3 nssa default-information-originate Configuring Inter-Area and External Summarization router ospf 10

area 0 range 159.142.0.0 255.255.0.0 summary-address 172.16.0.0 255.255.0.0

router ospf 10

area 0 range 159.142.0.0/16 summary-address 172.16.0.0/16

Generating a Default Route (Conditional) router ospf 10

default-information originate

router ospf 10

default-information originate Generating a Maximum Metric (Max-Metric) Value router ospf 10

max-metric router-lsa

router ospf 10

max-metric router-lsa

Verification Command Comparison The following table compares some useful show commands for verifying and troubleshooting an OSPFv2 network configuration.

Cisco NX-OS OSPFv2 Cisco IOS Software OSPFv2 Command Description

show ip ospf show ip ospf Displays the running configuration show ip ospf border-routers

show ip ospf border-routers Displays a list of border routers

show ip ospf database show ip ospf database Displays OSPF database information show ip ospf interface show ip ospf interface

<int type> Displays OSPF database information show ip ospf interface detail - Displays additional packet statistics for each

interface

Learn Nexus Page 41

show ip ospf memory - Displays the memory allocated for OSPF show ip ospf neighbor show ip ospf

neighbors Displays neighbor-specific information show ip ospf neighbor detail

show ip ospf neighbor detail Displays details for each OSPF neighbor

show ip ospf policy statistics - Displays redistribution statistics for a

specified protocol show ip ospf request list

show ip ospf request list

Displays a list of link-state advertisements (LSAs) that have been requested

show ip ospf retransmission list show module Displays installed modules and their status show ip ospf route - Displays all routes learned through OSPF show ip ospf statistics show ip ospf statistics Displays OSPF LSA statistics show ip ospf summary-address

show ip ospf summary-address Displays OSPF-summarized networks

show ip ospf traffic show ip ospf traffic Displays OSPF-related packet counters show ip ospf vrf - Displays information for a specified OSPF

VRF instance

Learn Nexus Page 42

BGP BGPv4 is a standard Exterior Routing Protocol defined in RFC 4271, commonly used to exchange network reachability information between autonomous systems. This document covers the features required for basic connectivity. Important Cisco NX-OS and Cisco IOS Software Differences In Cisco NX-OS:

• BGP CLI configuration and verification commands are not available until you enable the BGP feature with the feature bgp command.

• The BGP protocol requires an Enterprise Services license. • Autonomous system numbers can be configured as 16 or 32 bit values. • Address families need to be explicitly enabled (IE: IPv4 unicast, IPv6 unicast, etc…) • By default, eBGP supports 8 Equal Cost Paths and iBGP supports 1. The Cisco NX-OS

supports up to 16 Equal Cost Paths for both eBGP and iBGP. • Automatic Route Summarization and Synchronization are disabled by default. • BGP consists of a hierarchical configuration based on neighbors and address families. • If a router ID is not manually configured, the loopback 0 IP address is always preferred.

If loopback 0 does not exist, Cisco NX-OS selects the IP address for the first loopback interface in the configuration. If no loopback interfaces exist, Cisco NX-OS selects the IP address for the first physical interface in the configuration.

• Neighbor logging is not enabled by default under the BGP instance. Neighbor logging can be enabled with the log-neighbor-changes command.

• When neighbor authentication is configured, the BGP key is 3DES encrypted in the configuration. Cisco IOS Software requires the service password command to encrypt it in the configuration.

Things You Should Know The following list provides some additional facts about Cisco NX-OS that should be helpful when designing, configuring, and maintaining a BGP network.

• One BGP instances can be configured per Virtual Device Context (VDC). • Numerous Virtual Route Forwarding (VRF) instances can be associated to a BGP

instance. • If the feature bgp command is removed, all relevant BGP configuration information is

also removed. • Network statements must be configured under their respective address-family

configuration mode when advertising them via BGP.

Learn Nexus Page 43

• The shutdown command under the BGP instance can be used to disable BGP while retaining the configuration.

• The show running-config bgp command displays the current BGP configuration. • A BGP instance can be restarted with the restart bgp <instance #> command. • Graceful Restart (RFC 3623) is enabled by default.

Configuration Comparison The following sample configuration code similarities and differences between the Cisco NX-OS and Cisco IOS Software CLIs. There are three significant differences: The Cisco NX-OS allows BGP to be enabled and disabled globally. It utilizes a hierarchical configuration that makes it easier to read. The Cisco NX-OS does not enable any address families by default. Each address-family needs to be explicitly enabled. The following examples demonstrate this using the IPv4 unicast address family.

Cisco IOS CLI Cisco NX-OS CLI Enabling the BGP Feature

Cisco IOS Software does not have the functionality to enable or disable BGP. feature bgp

Configuring a BGP Instance and Router ID router bgp 10

bgp router-id 192.168.1.1

router bgp 10

router-id 192.168.1.1 Configuring a BGP Neighbor (Internal)

router bgp 10

neighbor 192.168.2.1 remote-as 10

neighbor 192.168.2.1 update-source Loopback0

router bgp 10


update-source loopback0

address-family ipv4 unicast Configuring a BGP Neighbor (External) router bgp 10

neighbor 192.168.10.2 remote-as 11 router bgp 10

Learn Nexus Page 44


address-family ipv4 unicast Advertising a Network in an Address Family (IPv4)

router bgp 10

network 159.142.1.0 mask 255.255.255.0

network 159.142.254.0 mask 255.255.255.0


router bgp 10

address-family ipv4 unicast

network 159.142.1.0/24

network 159.142.254.0/24


address-family ipv4 unicast Configuring Neighbor Authentication (MD5)

router bgp 10


neighbor 192.168.10.2 password cisco123

router bgp 10


password 3 a667d47acc18ea6b

address-family ipv4 unicast Configuring an Aggregate Address (Summary-Only)

router bgp 10

network 159.142.1.0 mask 255.255.255.0

network 159.142.254.0 mask 255.255.255.0

aggregate-address 159.142.0.0 255.255.0.0 summary-only


router bgp 10


network 159.142.1.0/24

network 159.142.254.0/24

aggregate-address 159.142.0.0/16 summary-only



Learn Nexus Page 45

Generating a Default Route for a Neighbor

router bgp 10


neighbor 192.168.10.2 default-originate

router bgp 10



default-originate

Verification Command Comparison The following table compares some useful show commands for verifying and troubleshooting a BGP network configuration.

Cisco NX-OS BGP Cisco IOS Software BGP Command Description

show ip bgp <option> show ip bgp Displays BGP Process and BGP table entries

show ip bgp x.x.x.x show ip bgp x.x.x.x Displays a specific network in the BGP table

show ip bgp x.x.x.x vrf - Displays a network in a specified VRF BGP table

show ip bgp x.x.x.x/len show ip bgp x.x.x.x mask Displays a specific prefix in the BGP table

show ip bgp x.x.x.x/len longer-prefix

show ip bgp x.x.x.x mask longer-prefix

Displays a prefix in the table with longer prefixes

show ip bgp all show ip bgp all Displays the BGP table for all protocol families

show ip bgp community <word>

show ip bgp community <#>

Displays routes with a specific regular expression

show ip bgp community <aa:nn> - Displays routes with a specific

community value show ip bgp community internet - Displays BGP routes advertised to the

Internet

Learn Nexus Page 46

show ip bgp community no-advertise


Displays BGP routes not advertised to peers

show ip bgp community no-export


Displays BGP routes not exported to next AS

show ip bgp community no-export-spoofed - Displays BGP routes not sent to outside

local AS show ip bgp dampening dampened-paths

show ip bgp dampening dampened-paths Displays all Dampened paths

show ip bgp dampening flap-statistics

show ip bgp dampening flap-statistics Displays flap statistics for BGP routes

show ip bgp dampening history-paths - Displays all history paths show ip bgp dampening parameters

show ip bgp dampening parameters

Displays all of the Dampening parameters

show ip bgp filter-list show ip bgp filter-list Displays all routes matching a specified filter list

show ip bgp flap-statistics - Displays all BGP route flap statistics show ip bgp ipv4 multicast <option>

show ip bgp ipv4 multicast <option>

Displays BGP IPv4 multicast address families

show ip bgp ipv4 unicast <option>


Displays BGP IPv4 unicast address families

show ip bgp neighbors show ip bgp neighbors Displays detailed neighbor information show ip bgp neighbors x.x.x.x

show ip bgp neighbors x.x.x.x

Displays detailed information for a neighbor

show ip bgp nexhop x.x.x.x - Displays all routes matching a specified next-hop

show ip bgp paths show ip bgp paths Displays all BGP paths show ip bgp peer-policy - Displays BGP peer policy by specified

name show ip bgp peer-session - Displays information about a peer

session show ip bgp peer-template show ip bgp unicast ipv4

template Displays information about a peer template

show ip bgp prefix-list show ip bgp prefix-list Displays routes matching a specified prefix-list

show ip bgp regexp show ip bgp regexp Displays routes matching a regular-expression

Learn Nexus Page 47

show ip bgp route-map show ip bgp route-map Displays BGP routes matching a route-map

show ip bgp summary show ip bgp summary Displays a summary list of neighbors and statistics

show ip bgp vrf show ip bgp vpnv4 vrf Displays information for a specified BGP VRF

Learn Nexus Page 48

BGP (Advanced) BGPv4 is a standard exterior routing protocol defined in RFC 4271, commonly used to exchange network reachability information between autonomous systems. This document discusses route reflectors, confederations, peer templates, route-map policies and the prefix-lists feature. Important Cisco NX-OS and Cisco IOS Software Differences In Cisco NX-OS:

• When configuring route reflectors, the route-reflector-client command is assigned per neighbor under the neighbor-specific address family.

• When configuring confederations, the confederation is configured under the autonomous system without the leading bgp keyword.

• Cisco NX-OS uses a peer template instead of a peer group to reuse common BGP policies.

• Multiple policy templates can be applied to a single neighbor. Cisco IOS Software allows only one policy template per neighbor.

• Cisco NX-OS does not require a manual reset for a neighbor when its routing policy is modified. Cisco IOS Software requires a hard or soft reset depending on the neighbor capabilities exchanged.

Things You Should Know The following list provides some additional facts about Cisco NX-OS that should be helpful when designing, configuring, and maintaining an advanced BGP network configuration.

• Peer and session templates define neighbor attributes such as security passwords, timers, and transport options.

• Peer templates and session templates have identical configuration capabilities with one exception: peer templates can configure address families.

• Peer and session templates are inherited by a neighbor through the BGP neighbor configuration mode.

• Only one peer template and session template can be inherited by a single BGP neighbor. • Peer templates can inherit session templates. • Session templates can inherit other session templates. • Policy templates define address-family policies for inbound or outbound polices,

including default-route origination, filter lists, route-map polices, prefix lists, etc. • Multiple policy templates can be assigned per neighbor. Policy templates are executed in

order based on the configured sequence number.

Learn Nexus Page 49

• Policy templates are inherited by a neighbor through the neighbor and address-family configuration mode.

• Route-map polices can configure BGP attributes such as as-path, community lists, community attributes, dampening, local preference, metric type, origin, and weight.

• Route-map polices can be applied per neighbor for inbound and outbound routing policies.

Configuration Comparison The following sample code shows the configuration similarities and differences between the Cisco NX-OS and Cisco IOS Software CLIs. The configurations are very similar with the exception of the hierarchy used in Cisco NX-OS.

Cisco IOS CLI Cisco NX-OS CLI Configuring a Route-Reflector

router bgp 10

no synchronization

network 192.168.11.1 mask 255.255.255.255


neighbor 192.168.2.1 update-source Loopback0

neighbor 192.168.2.1 route-reflector-client

no auto-summary

router bgp 10


network 192.168.11.1/32




route-reflector-client

Configuring Confederations router bgp

no synchronization

bgp confederation identifier 10

router bgp 65534

confederation identifier 10

confederation peers 65535

Learn Nexus Page 50

bgp confederation peers 65535

network 192.168.11.1 mask 255.255.255.255


no auto-summary


network 192.168.11.1/32


address-family ipv4 unicast Configuring a Peer Template router bgp 10

no synchronization

network 192.168.11.1 mask 255.255.255.255

neighbor IBGP-Template peer-group

neighbor IBGP-Template password cisco123

neighbor IBGP-Template update-source Loopback0


neighbor 192.168.2.1 peer-group IBGP-Template

no auto-summary

router bgp 10


network 192.168.11.1/32

template peer IBGP-Template

password 3 a667d47acc18ea6b




inherit peer IBGP-Template

Configuring a Policy Template router bgp 10

template peer-policy EBGP-Policy

default-originate

send-community

exit-peer-policy

no synchronization

router bgp 10


network 192.168.11.1/32

template peer-policy EBGP-Policy

send-community

default-originate

Learn Nexus Page 51

network 192.168.11.1 mask 255.255.255.255


neighbor 192.168.10.2 inherit peer-policy EBGP-Policy

no auto-summary



inherit peer-policy EBGP-Policy 10

Configuring an Outbound Neighbor Route-Map Policy route-map EBGP-Policy permit 10

set as-path prepend 10 10 10

router bgp 10

no synchronization

network 192.168.11.1 mask 255.255.255.255


neighbor 192.168.10.2 route-map EBGP-Policy out

no auto-summary

route-map EBGP-Policy permit 10

set as-path prepend 10 10 10

router bgp 10


network 192.168.11.1/32



route-map EBGP-Policy out

Configuring an Outbound Prefix-List ip prefix-list EBGP-Policy seq 5 permit 192.168.11.1/32

router bgp 10

no synchronization


neighbor 192.168.10.2 prefix-list EBGP-Policy out

no auto-summary

ip prefix-list EBGP-Policy seq 5 permit 192.168.11.1/32

router bgp 10



prefix-list EBGP-Policy out

Learn Nexus Page 52

Verification Command Comparison The following table compares some useful show commands for verifying and troubleshooting a BGP network configuration.

Cisco NX-OS BGP Cisco IOS Software BGP Command Description

show ip bgp <option> show ip bgp Displays BGP Process and BGP table entries

show ip bgp x.x.x.x show ip bgp x.x.x.x Displays a specific network in the BGP table

show ip bgp x.x.x.x vrf - Displays a network in a specified VRF BGP table

show ip bgp x.x.x.x/len show ip bgp x.x.x.x mask Displays a specific prefix in the BGP table

show ip bgp x.x.x.x/len longer-prefix

show ip bgp x.x.x.x mask longer-prefix

Displays a prefix in the table with longer prefixes

show ip bgp all show ip bgp all Displays the BGP table for all protocol families

show ip bgp community <word>

show ip bgp community <#>

Displays routes with a specific regular expression

show ip bgp community <aa:nn> - Displays routes with a specific

community value show ip bgp community internet - Displays BGP routes advertised to the

Internet show ip bgp community no-advertise


Displays BGP routes not advertised to peers



Displays BGP routes not exported to next AS

show ip bgp community no-export-spoofed - Displays BGP routes not sent to outside

local AS show ip bgp dampening dampened-paths

show ip bgp dampening dampened-paths Displays all Dampened paths

show ip bgp dampening flap-statistics

show ip bgp dampening flap-statistics Displays flap statistics for BGP routes

show ip bgp dampening history-paths - Displays all history paths

Learn Nexus Page 53



Displays all of the Dampening parameters

show ip bgp filter-list show ip bgp filter-list Displays all routes matching a specified filter list

show ip bgp flap-statistics - Displays all BGP route flap statistics show ip bgp ipv4 multicast <option>

show ip bgp ipv4 multicast <option>

Displays BGP IPv4 multicast address families



Displays BGP IPv4 unicast address families

show ip bgp neighbors show ip bgp neighbors Displays detailed neighbor information show ip bgp neighbors x.x.x.x

show ip bgp neighbors x.x.x.x

Displays detailed information for a neighbor

show ip bgp nexhop x.x.x.x - Displays all routes matching a specified next-hop

show ip bgp paths show ip bgp paths Displays all BGP paths show ip bgp peer-policy - Displays BGP peer policy by specified

name show ip bgp peer-session - Displays information about a peer

session show ip bgp peer-template show ip bgp unicast ipv4

template Displays information about a peer template

show ip bgp prefix-list show ip bgp prefix-list Displays routes matching a specified prefix-list

show ip bgp regexp show ip bgp regexp Displays routes matching a regular-expression

show ip bgp route-map show ip bgp route-map Displays BGP routes matching a route-map

show ip bgp summary show ip bgp summary Displays a summary list of neighbors and statistics

show ip bgp vrf show ip bgp vpnv4 vrf Displays information for a specified BGP VRF

Learn Nexus Page 54

Multicast Multicast transmission (one-to-many) provides the capability for a source host to forward IP packets to an interested group of destination hosts , as opposed to using unicast transmission (one-to-one) or broadcast transmission (one-to-everyone in the broadcast domain). Multicast functionally is typically enabled using multiple protocols. This tech note includes the following Cisco NX-OS protocols: Protocol Independent Multicast (PIM), Internet Group Membership Protocol (IGMP) and Multicast Source Discovery Protocol (MSDP). Important Cisco NX-OS and Cisco IOS Software Differences In Cisco NX-OS:

• PIM and MSDP protocols require a LAN Enterprise Services license. • The global ip multicast-routing command does not exist and is not required to enable

multicast forwarding/routing. (It is required in Cisco IOS Software to enable multicast forwarding/routing)

• PIM command-line interface (CLI) configuration and verification commands are not available until you enable the PIM feature with the feature pim command.

• MSDP CLI configuration and verification commands are not available until you enable the MSDP feature with the feature msdp command.

• IGMP versions 2 and 3 are supported. IGMP version 1 and Version 3 Lite are not supported.

• An IGMP Snooping Querier is configured under the layer-2 VLAN with the ip igmp snooping querier CLI command (Physical L3 interfaces cannot be configured as IGMP Snooping Queriers). In Cisco IOS Software, an IGMP Snooping Querier is configured under the layer-3 interface.

• PIM version 2 Sparse Mode is supported. Cisco NX-OS does not support PIM version 1 Sparse Mode or Dense Mode. The NX-OS cannot fallback to Dense Mode operation.

• PIM is not supported on IP Tunnel interfaces. • When configuring a PIM Auto-RP Candidate or BSR RP-Candidate the NX-OS requires

a configured group-list (i.e. x.x.x.x/x), whereas Cisco IOS Software defaults to 224.0.0.0/4. An optional standard ACL can be configured to specify multicast groups in Cisco IOS Software.

• When configuring PIM Auto-RP Mapping-Agent's or Candidate-RP's, Cisco NX-OS uses a default scope of 32, whereas Cisco IOS Software requires it to be specified with the scope option (1-255).

• When configuring PIM Auto-RP, Cisco NX-OS multicast devices must be enabled to listen and/or forward RP advertisements with the ip pim auto-rp forward listen global CLI configuration command. Cisco IOS Software has to be configured for Sparse-Dense Mode or Sparse Mode with the global ip pim autorp listener CLI configuration command.

• When configuring PIM BSR, Cisco NX-OS multicast devices must be enabled to listen and/or forward RP advertisements with the ip pim bsr forward listen global CLI

Learn Nexus Page 55

configuration command. Cisco IOS Software doesn’t require additional configuration, but does not have the ability to enable/disable RP forwarding and listening capabilities.

• BSR-Candidate routers have a default priority of 64. Cisco IOS Software defaults to 0. The priority value can be configured between 0 – 255 in both operating systems using the priority option. A higher numeric value is preferred when comparing priorities.

• BSR RP-Candidate routers have a default priority of 192. Cisco IOS Software defaults to 0. The priority value can be configured between 0 – 255 in both operating systems using the priority option. The lower numeric value is preferred when comparing priorities.

• When configuring a Static-RP, the NX-OS does not have an override option like Cisco IOS Software that forces the Static-RP to be elected for it’s specified multicast group list. Cisco IOS Software prefers dynamically learned RP’s over Static RP’s if the override option is not configured.

• When comparing PIM Static-RP’s to dynamically learned RP’s (Auto-RP and BSR) during the election process: The RP with the most specific multicast group-list is elected. If the group-lists are identical, the router with the highest RP IP address is elected.

• When configuring a PIM domain border, the ip pim border interface CLI command prevents BSR and Auto-RP packets from being sent or received on an interface. The Cisco IOS Software command equivalent (ip pim bsr-border) only prevents BSR packets. Cisco IOS Software requires the ip multicast boundary interface command to prevent Auto-RP packets.

• PIM neighbor authentication (IPSec ah-md5) can be enabled to authenticate directly connected neighbors to increase security. Cisco IOS Software does not support this functionality.

• PIM neighbor logging can be enabled with the global ip pim log-neighbor-changes CLI command. (Cisco IOS Software enables PIM neighbor logging by default)

• The data in the MSDP Source-Active (SA) messages are cached by default, whereas Cisco IOS Software requires the global ip msdp cache-sa-state and ip msdp cache-rejected-sa CLI commands.

• PIM is configured with the Source Specific Multicast (SSM) group range 232.0.0.0/8 by default (ip pim ssm range 232.0.0.0/8).

• Beginning with NX-OS 5.0(2a), PIM supports Bidirectional Forwarding Detection (BFD) for rapid failure detection.

Things You Should Know The following list provides some additional facts about Cisco NX-OS that should be helpful when designing, configuring, and maintaining multicast enabled networks.

• If you remove the feature pim command, all relevant PIM configuration information is also removed.

• If you remove the feature msdp command, all relevant MSDP configuration information is also removed.

Learn Nexus Page 56

• IGMP Snooping is enabled globally by default. It can be disabled globally, or per layer-2 VLAN with the no igmp snooping command.

• IGMP version 2 is enabled by default when PIM Sparse Mode is configured on an interface.

• PIM supports three modes of operation: Any Source Multicast (ASM), Single Source Multicast (SSM), Bidirectional Shared Tree (Bidr). The default mode is ASM. Bidr can be configured with the bidr option when configuring a RP.

• The Cisco NX-OS supports four types of PIM Rendezvous Points: Static, Bootstrap router (BSR), Auto-RP and Anycast-RP. (Do not configure Auto-RP and BSR in the same network)

• When configuring a PIM Static-RP, the group-list defaults to 224.0.0.0/4 if one is not specified.

• The Cisco NX-OS has two different CLI syntax options when configuring BSR and Auto RP's (New Cisco NX-OS syntax, and backwards compatible Cisco IOS Software syntax).

• The Cisco NX-OS supports multicast routing per layer-3 Virtual Routing and Forwarding (VRF) instance.

• PIM SSM and Bidr are not supported on Virtual Port-Channels (vPCs).

Configuration Comparison The following sample code shows configuration similarities and differences between the Cisco NX-OS and Cisco IOS Software CLIs. There are few significant differences: Cisco NX-OS does not require the global ip multicast-routing command, but does require PIM and MSDP to be enabled individually with the global feature CLI commands. The Cisco NX-OS has backwards compatible syntax with Cisco IOS Software when configuring PIM BSR and Auto-RP, but Cisco NX-OS requires RP forwarding and/or listening to be configured prior to learning or forwarding dynamic RP information. Both Cisco NX-OS and Cisco IOS Software support multicast routing within a VRF instance, but Cisco NX-OS requires global commands to be configured under the VRF context as opposed to using the vrf option as with Cisco IOS Software.

Cisco IOS CLI Cisco NX-OS CLI Enabling Multicast Forwarding

ip multicast-routing The Cisco NX-OS does not have a single global command to enable multicast forwarding/routing.

Enabling the PIM Feature

Learn Nexus Page 57

Cisco IOS Software does not have the ability to enable or disable PIM. feature pim

Configuring PIM Sparse Mode on an Interface interface TenGigabitEthernet1/1

ip address 192.168.10.1 255.255.255.0

ip pim sparse-mode


ip address 192.168.10.1/24

ip pim sparse-mode Configuring a PIM Auto-RP

interface Loopback10

ip address 172.16.1.1 255.255.255.255

ip pim sparse-mode

ip pim send-rp-announce Loopback10 scope 32

ip pim send-rp-discovery Loopback10 scope 32

ip pim autorp listener

interface loopback10

ip address 172.16.1.1/32

ip pim sparse-mode

ip pim auto-rp rp-candidate loopback10 group-list 224.0.0.0/4

ip pim auto-rp mapping-agent loopback10

ip pim auto-rp forward listen

or

ip pim send-rp-announce loopback10 group-list 224.0.0.0/4

ip pim send-rp-discovery loopback10

ip pim auto-rp forward listen Configuring a PIM BSR RP interface Loopback10

ip address 172.16.1.1 255.255.255.255

ip pim sparse-mode


ip address 172.16.1.1/32

ip pim sparse-mode

Learn Nexus Page 58

ip pim bsr-candidate Loopback10

ip pim rp-candidate Loopback10

ip pim bsr bsr-candidate loopback10

ip pim bsr rp-candidate loopback10 group-list 224.0.0.0/4

ip pim bsr forward listen

or

ip pim bsr-candidate loopback10

ip pim rp-candidate loopback10 group-list 224.0.0.0/4

ip pim bsr forward listen Configuring a PIM Static-RP ip pim rp-address 172.16.1.1 ip pim rp-address 172.16.1.1 Configuring a PIM Anycast-RP (BSR Example)

Cisco IOS Software does not have the ability to enable the PIM Anycast RP feature.

interface loopback0

ip address 192.168.10.1/32

ip pim sparse-mode


description Anycast-RP-Address

ip address 172.16.1.1/32

ip pim sparse-mode

ip pim bsr bsr-candidate loopback0

ip pim bsr rp-candidate loopback10 group-list 224.0.0.0/4

ip pim anycast-rp 172.16.1.1 192.168.10.1

Learn Nexus Page 59

ip pim anycast-rp 172.16.1.1 192.168.10.2

ip pim bsr forward listen Configuring PIM Neighbor Authentication

Cisco IOS Software does not have the ability to enable neighbor authentication.


ip address 192.168.10.1/24

ip pim sparse-mode

ip pim hello-authentication ah-md5 3 a667d47acc18ea6b

Configuring a PIM BSR Border on an Interface interface TenGigabitEthernet1/1

ip address 192.168.10.1 255.255.255.0

ip pim bsr-border

ip pim sparse-mode

ip multicast boundary 10

access-list 10 deny 224.0.1.39

access-list 10 deny 224.0.1.40

access-list 10 permit 224.0.0.0 15.255.255.255


ip address 192.168.10.1/24

ip pim sparse-mode

ip pim border

Configuring PIM in a Non-Default VRF Instance

ip vrf production

ip multicast-routing vrf production


ip vrf forwarding production

vrf context production

ip pim rp-address 172.16.1.1 group-list 224.0.0.0/4


vrf member production

Learn Nexus Page 60

ip address 172.16.1.1 255.255.255.255

ip pim sparse-mode

interface TenGigabitEthernet1/1

ip vrf forwarding production

ip address 192.168.10.1 255.255.255.0

ip pim sparse-mode

ip pim vrf production rp-address 172.16.1.1

ip address 172.16.1.1/32


vrf member production

ip address 192.168.10.1/24

ip pim sparse-mode

Configuring IGMP Version 3 for an Interface interface TenGigabitEthernet1/1

ip address 192.168.10.1 255.255.255.0

ip pim sparse-mode

ip igmp version 3


ip address 192.168.10.1/24

ip pim sparse-mode

ip igmp version 3 Configuring an IGMP Snooping Querier for a VLAN interface Vlan10

ip address 192.168.10.1 255.255.255.0

ip igmp snooping querier

vlan 10

ip igmp snooping querier 192.168.10.1

Configuring MSDP (Anycast-RP) interface Loopback0

description MSDP Peer Address

ip address 192.168.1.1 255.255.255.255


interface loopback0

description MSDP Peer Address

ip address 192.168.1.1/32


Learn Nexus Page 61

description PIM RP Address

ip address 1.1.1.1 255.255.255.255

ip pim rp-address 1.1.1.1

ip msdp peer 192.168.2.1 connect-source Loopback0

ip msdp cache-sa-state

description PIM RP Address

ip address 1.1.1.1/32

ip pim rp-address 1.1.1.1 group-list 224.0.0.0/4

ip msdp peer 192.168.2.1 connect-source loopback0

Verification Command Comparison The following table compares some useful show commands for verifying and troubleshooting multicast network configurations.

Cisco NX-OS Multicast

Cisco IOS Software Multicast Command Description

show ip igmp groups show ip igmp groups Displays all IGMP attached group membership information

show ip igmp interface show ip igmp interface Displays IGMP information for all interfaces

show ip igmp interface brief - Displays a one line summary status per

interface show ip igmp interface int-type

show ip igmp interface int-type

Displays IGMP information for a specific interface

show ip igmp interface vrf name show ip igmp vrf name Displays IGMP information for a specific

VRF instance show ip igmp local-groups int-type - Displays IGMP local groups associated to

a specific interface show ip igmp local-groups vrf name - Displays IGMP local groups associated to

a specific VRF instance show ip igmp route - Displays IGMP attached group

membership information show ip igmp route - Displays IGMP attached group

Learn Nexus Page 62

x.x.x.x membership for a specific group show ip igmp route int-type - Displays IGMP attached group

membership for a specific interface show ip igmp route vrf name - Displays IGMP attached group

membership for a specific VRF instance show ip igmp snooping - Displays global and per interface IGMP

Snooping information show ip igmp snooping explicit-tracking

show ip igmp snooping explicit-tracking

Displays explicit tracking information for IGMPv3

show ip igmp snooping groups

show mac-address-table multicast igmp-snooping

Displays IGMP Snooping groups information

show ip igmp snooping mrouter

show ip igmp snooping mrouter Displays detected multicast routers

show ip igmp snooping otv - Displays IGMP Snooping OTV

information show ip igmp snooping querier - Displays IGMP Snooping querier

information show ip igmp snooping statistics

show ip igmp snooping statistics Displays packet/error counter statistics

show ip igmp snooping vlan # - Displays IGMP Snooping information per

specific VLAN - - - show ip msdp count show ip msdp count Displays MSDP SA cache counters show ip msdp mesh-group - Displays MSDP Mesh-Group members show ip msdp peer show ip msdp peer Displays all MSDP peers show ip msdp peer x.x.x.x show ip msdp peer x.x.x.x Displays a specific MSDP peer show ip msdp peer vrf name show ip msdp vrf name Displays MSDP peers related to a specific

VRF instance show ip msdp peer policy - Displays the MSDP peer policies show ip msdp peer route - Displays the MSDP route-cache show ip msdp sa-cache show ip msdp sa-cache Displays the MSDP SA route-cache show ip msdp source - Displays the MSDP learned sources and

Learn Nexus Page 63

associated statistics show ip msdp summary show ip msdp summary Displays the MSDP peer summary - - - show ip pim df show ip pim interface df Displays Bidr designated forwarders show ip pim df x.x.x.x show ip pim interface df

x.x.x.x Displays Bidr designated forwarders for a specific RP or group

show ip pim df vrf name - Displays Bidr designated forwarders for a

specific VRF instance show ip pim group-range - Displays the PIM group-ranges show ip pim group-range x.x.x.x - Displays a specific PIM group-range show ip pim group-range vrf name - Displays the PIM group-ranges for a

specific VRF instance show ip pim interface - Displays all PIM enabled interfaces show ip pim interface brief x.x.x.x - Displays a one line summary of all PIM

enabled interfaces show ip pim interface int-type

show ip pim interface int-type

Displays information for a specific PIM interface

show ip pim interface vrf name - Displays the PIM interfaces for a specific

VRF instance show ip pim neighbor show ip pim neighbor Displays all PIM neighbors show ip pim neighbor x.x.x.x

show ip pim neighbor x.x.x.x

Displays a specific PIM neighbor for a specific IP address

show ip pim neighbor interface int-type

show ip pim neighbor int-type

Displays a specific PIM neighbor for a specific interface

show ip pim neighbor vrf name - Displays PIM neighbors for a specific

VRF instance show ip pim oif-list x.x.x.x - Displays PIM OIF-List for a specific

multicast group address show ip pim policy statistics - Displays PIM statistics show ip pim route - Displays PIM routes show ip pim route x.x.x.x - Displays a specific PIM route show ip pim route vrf - Displays PIM routes for a specific VRF

Learn Nexus Page 64

name instance show ip pim rp show ip pim rp mapping Displays PIM RP information show ip pim rp x.x.x.x show ip pim rp x.x.x.x Displays information for a specific PIM

group address show ip pim rp vrf name - Displays information for PIM RP's in a

specific VRF instance show ip pim rp-hash x.x.x.x

show ip pim rp-hash x.x.x.x

Displays PIM RP-Hash value for a specific group

show ip pim statistics - Displays PIM packet statistics show ip pim statistics vrf name - Displays per packet statistics for a specific

VRF instance show ip pim vrf name show ip pim vrf name Displays detailed PIM information per

specific VRF instance - - - show ip mroute show ip mroute Displays the multicast routing table show ip mroute summary show ip mroute summary Displays the multicast routing table with

packet counts and bit rates show ip mroute x.x.x.x show ip mroute x.x.x.x Displays a specific multicast route show ip mroute vrf name show ip mroute vrf name Displays the multicast routing table for a

specific VRF instance - - -

show ip route rpf show ip rpf Displays the Reverse Path Forwarding (RPF) table used for multicast source lookup

Learn Nexus Page 65

Netflow NetFlow provides flow-based statistics collection that is useful for troubleshooting, traffic analysis, performance monitoring, and security threat prevention. Cisco NX-OS supports a flexible architecture that allows a user to collect different data for different applications per interface, whereas the Cisco IOS Software supports one flow mask and export pair for the entire chassis. Important Cisco NX-OS and Cisco IOS Software Differences In Cisco NX-OS:

• NetFlow command-line interface (CLI) configuration and verification commands are not available until you enable the NetFlow feature with the feature netflow command.

• Two flow modes are supported: full and sampled. • Sampled mode supports packet-based sampling (1-64 out of 1-8192). • In sampled mode, the sampling occurs before the NetFlow cache is populated. • Each line-card module supports 512,000 NetFlow cache entries. • Layer 2 NetFlow based on MAC addresses is not supported at this time. • A flexible architecture is used that consist of flow records, flow exports, and flow

monitors. • Cisco NX-OS supports more key and non-key fields for creating flow records and can

collect additional information such as TCP flags and system uptime. • NetFlow Versions 5 and 9 Export features are supported (Version 9 is recommended). • A source interface must be configured for each flow export. • Cisco NX-OS defaults to User Datagram Protocol (UDP) port 9995 for NetFlow Data

Export. • Cisco NX-OS provides more granular aging timers (session timer and aggressive

threshold). • The default aging timer values are different than in Cisco IOS Software. • The NetFlow feature supports stateful process restarts.

Things You Should Know The following list provides some additional facts about Cisco NX-OS that should be helpful when configuring and managing NetFlow.

• If the feature netflow command is removed, all relevant NetFlow configuration information is also removed.

Learn Nexus Page 66

• NetFlow consumes hardware resources (ternary content-addressable memory [TCAM], CPU, etc.), so understanding the resource utilization on a device is important before enabling NetFlow.

• Sampling mode preserves CPU and NetFlow cache entries in high-traffic environments. • A traffic direction needs to be specified when a flow monitor is applied to an interface. • The active-aging flow timeout is 1800 seconds by default • The inactive-aging flow timeout is 15 seconds by default. • The fast-aging flow timeout is disabled by default. • The aggressive-aging flow threshold is disabled by default. • TCP session aging is disabled by default.

Configuration Comparison The following sample code shows configuration similarities and differences between the Cisco NX-OS and Cisco IOS Software CLIs. There are several significant differences: Cisco NX-OS allows NetFlow to be enabled and disabled globally, and it uses a more flexible architecture that allows different statistics to be collected for different applications. The Cisco IOS Software syntax shown here is from Cisco IOS Software Release 12.2(18)SXH.

Cisco IOS CLI Cisco NX-OS CLI Enabling the NetFlow Feature

Cisco IOS Software does not have the ability to enable or disable NetFlow. feature netflow

Configuring a NetFlow Flow Record (Custom)

Cisco IOS Softfware does not have the ability to create custom NetFlow records. A system wide flow mask is defined. The following example uses interface-full.

mls netflow interface

mls flow ip interface-full

mls nde sender version 5

flow record Netflow-Record-1

description Custom-Flow-Record

match ipv4 source address

match ipv4 destination address

match transport destination-port

collect counter bytes

collect counter packets Configuring a NetFlow Flow Export

Learn Nexus Page 67

ip flow-export source GigabitEthernet2/2

ip flow-export version 9

ip flow-export destination 192.168.11.2 2000

flow exporter Netflow-Exporter-1

description Production-Netflow-Exporter

destination 192.168.11.2

source Ethernet2/2

version 9 Configuring a NetFlow Monitor with a Custom Record

Cisco IOS Software does not have the ability to create flow monitors that associate NetFlow records to NetFlow exporters.

flow monitor Netflow-Monitor-1

description Applied Inbound-Eth-2/1

record Netflow-Record-1

exporter Netflow-Exporter-1 Configuring a NetFlow Monitor with an Original Record

Cisco IOS Software does not have the ability to create flow monitors that associate NetFlow records to NetFlow exporters.

flow monitor Netflow-Monitor-2

description Use Predefined “Original-Netflow-Record”

record netflow-original

exporter Netflow-Exporter-1 Applying a NetFlow Monitor to an Interface interface gigabitethernet 6/1

ip flow ingress


ip flow monitor Netflow-Monitor-1 input Adjusting NetFlow Timers

mls aging fast

mls aging long 120

mls aging normal 32

flow timeout active 120

flow timeout inactive 32

flow timeout fast 32 threshold 100

Learn Nexus Page 68

flow timeout session

flow timeout aggressive threshold 75 Configuring a NetFlow Sampler mls sampling packet-based 64 8000

mls flow int-full

mls nde sender version 5

sampler NF-Sampler-1

description Sampler-for-Int-Eth-2/1

mode 1 out-of 1000 Applying a NetFlow Sampler to an Interface

interface GigabitEthernet2/1

mls netflow sampling


ip flow monitor NF-Mntr-1 input sampler NF-Sampler-1

Verification Command Comparison The following table compares some useful show commands for verifying and troubleshooting NetFlow.

Cisco NX-OS Netflow Cisco IOS Software Netflow Command Description

show flow exporter show mls nde Displays the configured exporter maps show flow interface - Displays interfaces configured for NetFlow show flow monitor - Displays information about monitor maps show flow record - Displays information about record maps show flow timeout - Displays the NetFlow timeout value show hardware flow aging

show mls netflow aging

Displays the NetFlow table aging timeout value

show hardware flow entry

show mls netflow ip flow Displays flow-specific information

show hardware flow ip show mls netflow ip Displays the IP NetFlow table

Learn Nexus Page 69

show hardware flow sampler show mls sampling Displays the NetFlow sampling

configuration show hardware flow utilization module

show mls netflow table summary

Displays NetFlow table utilization per module

show sampler show flow-sampler Displays information about sampler maps

Learn Nexus Page 70

SPAN The SPAN feature allows traffic to be mirrored from within a switch from a source port to a destination port. This feature is typically used when detailed packet information is required for troubleshooting, traffic analysis, and security-threat prevention. Important Cisco NX-OS and Cisco IOS Software Differences In Cisco NX-OS:

• Only Local SPAN is supported. • Remote SPAN (RSPAN) VLANs can be configured only as SPAN sources. • 18 monitor sessions can be configured. Only two sessions can be active simultaneously. • Cisco NX-OS uses a hierarchical configuration based on the monitor session <#>

command, whereas Cisco IOS Software has the option for flat for hierarchical configuration in Cisco IOS Software Release 12.2(18)SXH and later.

• A single SPAN session can include mixed sources (Ethernet ports, Ethernet Port-Channels, RSPAN sources, VLANs, and the CPU control-plane interface).

• Destination SPAN ports must be configured as Layer 2 ports with the switchport command.

• Destination SPAN ports require the switchport monitor interface configuration command.

• The SPAN feature supports stateful and stateless process restarts.

Things You Should Know The following list provides some additional facts about Cisco NX-OS that should be helpful when configuring the SPAN feature.

• Two active SPAN sessions are supported for all virtual device contexts (VDCs). • Monitor sessions are disabled by default. They can be enabled with the no shut

command. • The source traffic direction can be configured as rx, tx, or both. The default is both. • When a VLAN is specified as the source, traffic to and from the Layer 2 ports in the

specified VLAN are sent to the destination. • The in-band control-plane interface to the CPU can be monitored only from the default

VDC. (All VDC traffic is visible.) • By default, SPAN does not copy the IEEE 802.1q tag from trunk sources. • A destination port can be configured in switchport access or trunk mode. (Trunk mode

allows you to tag traffic toward a destination or to perform destination VLAN filtering.) • A destination port does not participate in a spanning-tree instance. • A destination port can be configured in only one SPAN session at a time.

Learn Nexus Page 71

• A port cannot be configured as both a source and destination port. • 128 source interfaces can be configured per session. • 32 source VLANs can be configured per session. • 2 destination interfaces can be configured per session.

Configuration Comparison The following sample code shows the configuration similarities and differences between the Cisco NX-OS and Cisco IOS Software command-line interfaces (CLIs). The Cisco IOS Software syntax shown here is from Cisco IOS Software Release 12.2(18)SXH, so its hierarchy is similar to that of as the Cisco NX-OS. Older versions of Cisco IOS Software support only a flat configuration.

Cisco IOS CLI Cisco NX-OS CLI Configuring the Destination Switchport Mode

Cisco IOS Software does not require any destination port configuration.


switchport

switchport monitor Configuring Destination Port Ingress Forwarding and Learning

monitor session 1 type local

destination interface Gi2/2 ingress learning


switchport

switchport monitor ingress learning Configuring a SPAN Monitor (Ethernet Source and Destination)


source interface Gi2/1

destination interface Gi2/2

monitor session 1

source interface Ethernet2/1 both

destination interface Ethernet2/2

no shut Configuring a SPAN Monitor (VLAN Source)

Learn Nexus Page 72


source vlan 10 , 20


monitor session 1

source vlan 10,20 both


no shut Filtering VLANs for IEEE 802.1q Trunk Sources interface GigabitEthernet2/1

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10-20



filter vlan 15 - 20

source interface Gi2/1


no shutdown


switchport


switchport trunk allowed vlan 10-20

monitor session 1

source interface Ethernet2/1 both


filter vlan 15-20

no shut

Configuring a SPAN Monitor (CPU Source) monitor session 1 type local

source cpu rp rx


no shutdown

monitor session 1

source interface sup-eth0 rx


no shut

Verification Command Comparison

Learn Nexus Page 73

The following table compares some useful show commands for verifying and troubleshooting the SPAN feature.

Cisco NX-OS SPAN Cisco IOS Software SPAN Command Description

show interface show interface Displays destination port characteristics - - - show monitor session <#>

show monitor session <#> Displays a specific SPAN and monitor session

show monitor session all

show monitor session all Displays all SPAN and monitor sessions

show monitor range <#-#>

show monitor range <#-#> Displays a range of specified SPAN sessions

Learn Nexus Page 74

TACACS+, RADIUS, and AAA AAA used in combination with TACACS+ or RADIUS provides remote authentication, authorization and accounting security services for centralized system management. AAA services improve scalability and simplify network management because they use a central security database rather than local databases. Important Cisco NX-OS and Cisco IOS Software Differences In Cisco NX-OS:

• TACACS+ command-line interface (CLI) configuration and verification commands are not available until you enable the TACACS+ feature with the feature tacacs+ command.

• The aaa new-model command is not required to enable AAA authentication, authorization, or accounting.

• The RADIUS vendor-specific attributes (VSA) feature is enabled by default. • Local command authorization can be performed when using role-based access control

(RBAC) without a AAA server. User roles can be associated with users configured on the AAA server using VSAs. Remote command authorization can be performed on a AAA server when using AAA with TACACS+.

• If no AAA server is available for authentication, the local database is automatically used for device access.

• The TACACS+ and RADIUS host keys are Triple Data Encryption Standard (3DES) encrypted in the configuration. Cisco IOS Software requires the service password command.

Things You Should Know The following list provides some additional facts about Cisco NX-OS that should be helpful when configuring and maintaining TACACS+, RADIUS, and AAA services.

• Different AAA, TACACS+, and RADIUS policies can be applied per virtual device context (VDC). However, the console login policy only applies to the default VDC.

• If you remove the feature tacacs+ command, all relevant TACACS+ configuration information is also removed.

• 64 TACACS+ and 64 RADIUS servers can be configured per device. • AAA server groups are associated with the default Virtual Route Forwarding (VRF)

instance by default. Associate the proper VRF instance with the AAA server group if you are using the management port on the supervisor or if the AAA server is in a non default VRF instance.

• An IP source interface can be associated with AAA server groups. • TACACS+ and RADIUS server keys can be specified for a group of servers or per

individual server.

Learn Nexus Page 75

• By default, TACACS+ uses TCP port 49, and RADIUS uses UDP ports 1812 (authentication) and 1813 (accounting).

• Directed server requests are enabled by default for TACACS+ and RADIUS. • The local option can be used with AAA authorization to fallback to RBAC in the event a

AAA server is not available for command authorization. • Use the show running-config command with the aaa, tacacs+, or radius option to

display the current AAA configuration. Configuration Comparison The following sample code shows configuration similarities and differences between the Cisco NX-OS and Cisco IOS Software CLIs. The configurations for the two operating systems are very similar.

Cisco IOS CLI Cisco NX-OS CLI Enabling TACACS+

Cisco IOS Software does not have the ability to enable or disable TACACS+. feature tacacs+

Configuring a TACACS+ Server with a Key

tacacs-server host 192.168.1.1 key cisco123 tacacs-server host 192.168.1.1 key 7 "fewhg123"

Specifying a Nondefualt TACACS+ TCP Port tacacs-server host 192.168.1.1 port 85 tacacs-server host 192.168.1.1 port 85 Specifying the TACACS+ Timeout Value (Global) tacacs-server timeout 10 tacacs-server timeout 10 Configuring a RADIUS Server with a Key

radius-server host 192.168.1.1 key cisco123 radius-server host 192.168.1.1 key 7 "fewhg123"

Specifying Nondefualt RADIUS UDP Ports radius-server host 192.16.1.1 auth-port 1645 acct-port 1646

radius-server 192.168.1.1 auth-port 1645 acct-port 1646

Learn Nexus Page 76

Specifying the RADIUS Timeout Value (Global) radius-server host 192.168.1.1 timeout 10 radius-server timeout 10 Configuring an AAA Server Group (TACACS+) aaa group server tacacs+ AAA-Servers

server 192.168.1.1

aaa group server tacacs+ AAA-Servers

server 192.168.1.1 Configuring an AAA Server Group (RADIUS) aaa group server radius AAA-Servers

server 192.168.1.1

aaa group server radius AAA-Servers

server 192.168.1.1 Configuring an AAA Server Group for a VRF Instance (RADIUS) aaa group server radius AAA-Servers

server 192.168.1.1

ip vrf forwarding management


server 192.168.1.1

use-vrf management Configuring the AAA Server Group Dead Time (RADIUS) aaa group server radius AAA-Servers

deadtime 5


deadtime 5 Enabling AAA Authentication with an AAA Server Group aaa new-model

aaa authentication login default group AAA-Servers

aaa authentication login default group AAA-Servers

Enabling AAA Authorization with an AAA Server Group aaa new-model

aaa authorization config-commands

aaa authorization commands 1 default group AAA-Servers

aaa authorization config-commands default group AAA-Servers

aaa authorization commands default group AAA-Servers

Enabling AAA Accounting with an AAA Server Group

Learn Nexus Page 77

aaa new-model

aaa accounting exec default start-stop group AAA-Servers

aaa accounting default group AAA-Servers

Verification Command Comparison The following table compares some useful show commands for verifying and troubleshooting AAA, TACACS+, and RADIUS.

Cisco NX-OS AAA Cisco IOS Software AAA Command Description

show tacacs show tacacs Displays the TACACS+ server configuration for all servers

show tacacs <x.x.x.x> - Displays a specific TACACS+ server configuration

show tacacs server directed-request - Displays the status of the directed-request feature

(enabled or disabled) show tacacs server groups - Displays TACACS+ server groups show tacacs statistics <x.x.x.x> - Displays TACACS+ statistics for a specific server - - - show radius - Displays the RADIUS server configuration for all

servers show radius <x.x.x.x> - Displays a specific RADIUS server configuration show radius server directed-request - Displays the status of the directed-request feature

(enabled or disabled) show radius server groups

show radius server-group Displays RADIUS server groups

show radius statistics <x.x.x.x>

show radius statistics Displays RADIUS statistics for a specific server

- - - show aaa accounting - Displays the status of AAA accounting show aaa authentication - Displays the default and console login methods

Learn Nexus Page 78

show aaa authentication login error-enable - Displays the login error message status (enabled

or disabled) show aaa authentication login mschap -

Displays the status of the Microsoft Challenge Handshake Authentication Protocol (MS-CHAP; enabled or disabled)

show aaa authorization - Displays the AAA authorization configuration show aaa groups - Displays the AAA groups that are configured - - - show user-account - Displays a list of locally configured users show users show users Displays the users who are logged in

Learn Nexus Page 79

Layer-3 Virtualization Virtual Routing and Forwarding (VRF) provides an additional layer of network virtualization on top of virtual device contexts (VDCs). VRF provides separate unicast and multicast address space and associated routing protocols that make independent forwarding decisions. All unicast and multicast protocols support VRF. Important Cisco NX-OS and Cisco IOS Software Differences In Cisco NX-OS:

• Cisco NX-OS supports 200 VRF instances per VDC. • Two VRF instances are configured by default. The management port on the supervisor

module is assigned to the management VRF, and all I/O module ports are assigned to the default VRF.

• The default VRF is the default routing context for all show commands. • VRF instances can be enabled without any command-line interface (CLI) prerequisites.

Cisco IOS Software requires ip cef to be enabled globally before VRF instances can be configured.

• Multicast routing/forwarding can be configured per VRF instance without having to globally enable the VRF instance for multicast . Cisco IOS Software requires the global ip multicast-routing vrf <name> command per VRF instance.

• The CLI for enabling VRF routing for a protocol is consistent for all routing protocols, whereas Cisco IOS Software uses address families for Border Gateway Protocol (BGP), Routing Information Protocol (RIP), and Enhanced Interior Gateway Routing Protocol (EIGRP) and requires unique routing process IDs per VRF for Integrated Intermediate System-to-Intermediate System (ISIS) and Open Shortest Path First (OSPF).

• In Cisco NX-OS, numerous VRF instances can be assigned to a single routing protocol instance.

• IP static routes are configured under the specified vrf context. In Cisco IOS Software, all static routes are configured in global configuration mode with the vrf option.

• A VRF instance can be manually disabled with the shutdown command. Cisco IOS Software does not have the CLI capability to manually disable a VRF instance.

• If a VRF context is removed with the no vrf context <name> configuration command, the VRF context commands will be removed from the running configuration making the VRF non-functional, but all non context related VRF commands will remain in the running configuration. When a VRF is removed in Cisco IOS Software, the VRF instance and all related VRF commands are automatically removed from the running configuration, including any interface IP addresses previously associated to the VRF.

Learn Nexus Page 80

Things You Should Know The following list provides some additional facts about Cisco NX-OS that should be helpful when configuring and maintaining VRF instances.

• When you assign a VRF instance to an interface with an IP address previously configured, the interface IP address is automatically removed.

• Static routes or dynamic routing protocols can be configured for routing in a VRF instance (BGP, EIGRP, ISIS, OSPF, static routes, and RIPv2).

• IP troubleshooting tools such as ping and traceroute are VRF aware and require the name of a specific VRF instance if testing in the default VRF instance is not desired.

• The routing-context vrf command can be executed in EXEC mode to change the routing context to a non-default VRF instance. For example, typing routing-context vrf management changes the routing context, so all VRF related commands are executed in the management VRF as opposed to the default VRF.

• Network management–related services such as authentication, authorization and accounting (AAA), Call Home, Domain Name System (DNS), FTP, HTTP, NetFlow Network Time Protocol (NTP), RADIUS, Simple Network Management Protocol (SNMP), SSH, syslog, TACACS+, Telnet, Trivial File Transfer Protocol (TFTP), and XML are VRF aware.

Configuration Comparison The following sample code shows configuration similarities and differences between the Cisco NX-OS and Cisco IOS Software CLIs. Sample code is provided only to illustrate how to enable VRF routing. The Cisco NX-OS CLI is simpler and more consistent since it allows multiple VRF instances to be assigned to a single routing protocol instance, whereas Cisco IOS Software uses different techniques depending on the routing protocol.

Cisco IOS CLI Cisco NX-OS CLI Creating a VRF

ip cef

ip vrf vrf-1 vrf context vrf-1

Assigning an Interface to a VRF interface Ethernet2/1 interface Ethernet2/1

Learn Nexus Page 81

ip vrf forwarding vrf-1

ip address 192.168.10.1 255.255.255.0

vrf member vrf-1

ip address 192.168.10.1/24 Enabling BGP in a VRF router bgp 10

address-family ipv4 vrf vrf-1


neighbor 192.168.10.2 activate

network 192.168.1.1 mask 255.255.255.255

exit-address-family

router bgp 10

vrf vrf-1


network 192.168.1.1/32



Enabling EIGRP in a VRF router eigrp 10


network 192.168.10.0

auto-summary

autonomous-system 10

exit-address-family!


vrf member vrf-1

ip address 192.168.10.1/24

ip router eigrp 10

router eigrp 10

vrf vrf-1 Enabling ISIS in a VRF



ip address 192.168.10.1 255.255.255.0

ip router isis 10


vrf member vrf-1

ip address 192.168.10.1/24

ip router isis 10

Learn Nexus Page 82

router isis 10

vrf vrf-1

net 49.0001.0000.0001.00

router isis 10

vrf vrf-1

net 49.0001.0000.0001.00

Enabling OSPF in a VRF



ip address 192.168.10.1 255.255.255.0

router ospf 10 vrf vrf-1

network 192.168.10.0 0.0.0.255 area 0


vrf member vrf-1

ip address 192.168.10.1/24

ip router ospf 10

router ospf 10

vrf vrf-1 Enabling RIPv2 in a VRF interface Ethernet2/1


ip address 192.168.10.1 255.255.255.0

router rip


network 192.168.10.0

version 2

exit-address-family


vrf member vrf-1

ip address 192.168.10.1/24

ip router rip 10

router rip 10

vrf vrf-1

Configuring Static Routes in a VRF ip route vrf vrf-1 192.168.2.0 255.255.255.0 192.168.10.2 vrf context vrf-1

Learn Nexus Page 83

ip route 192.168.2.0/24 192.168.10.2

Verification Command Comparison The following table compares some useful show commands for verifying and troubleshooting VRF instances.

Cisco NX-OS VRF Cisco IOS Software VRF Command Description

show vrf show ip vrf Displays a list of all configured VRF instances show vrf <name> show ip vrf <name> Displays a specific VRF instance show vrf <name> detail

show ip vrf detail <name> Displays details for a specific VRF instance

show vrf <name> interface - Displays the interface assignment for a specific

VRF instance show vrf default - Displays a summary of the default VRF

instance show vrf detail show ip vrf detail Displays details for all VRF instances show vrf interface show ip vrf interface Displays VRF interface assignments show vrf management - Displays a summary of the management VRF

instance - - - show ip route vrf all - Displays routes for all VRF instances show ip route vrf default - Displays routes for the default VRF instance show ip route vrf management - Displays routes for the management VRF

instance show ip route vrf <name>

show ip route vrf <name> Displays routes for a specific VRF instance

- - - show ip arp vrf <name>

show ip arp vrf <name>

Displays Address Resolution Protocol (ARP) entries for a specific VRF instance

Learn Nexus Page 84

- - - show ip bgp vrf <name>

show ip bgp vpnv4 vrf <name>

Displays BGP commands for a specific VRF instance

show ip eigrp vrf <name>

show ip eigrp vrf <name>

Displays EIGRP information for specific VRF instance

show ip isis vrf <name> show isis <#> Displays ISIS commands for a specific VRF

instance show ip ospf vrf <name> show ip ospf <#> Displays OSPF information for a specific VRF

instance show ip rip vrf <name>

show ip rip database vrf <name>

Displays RIP information for a specific VRF instance

show ip static-route vrf <name> - Displays static routes for a specific VRF

instance - - - show forwarding vrf <name>

show ip cef vrf <name>

Displays FIB information for a specific VRF (multiple sub-options)

- - - show routing vrf - Displays a subset of the show vrf commands show routing-context - Displays the current routing context

Date post:	03-Apr-2015
Category:	Documents
Upload:	phirke
View:	5,166 times
Download:	14 times

Learn Nexus

Documents