NEXUS7000

Nexus7000:
VDC:virtual Device Context. By using the VDC feature, we can segment the physical
Nexus7000 in multiple logical switches each of which runs in a separate memory
space and provides total isolation between the VDCs.
NX-OS is a fully modular operating system; most software modules don't run unless
the correspondent service(which called conditional services) is enabled.
VPC:virtual port channel
the VPC functionality provides the following benefits:
.allow a single device to use a port channel across two upstream devices
.eliminates STP blocked ports
.provides a loop-free topology
.uses all available uplink bandwidth
.provides fast convergence if either the link or a device fails
.provides link-level resilency
.assures high availability
The terminology used for vPCs is as follows:
• vPC — The combined port channel between the vPC peer devices and the downstream
device.
• vPC peer device — One of a pair of devices that are connected with the special
port
channel known as the vPC peer link.
• vPC peer link — The link used to synchronize states between the vPC peer devices.
Both ends must be on 10-Gigabit Ethernet interfaces.
• vPC domain — This domain is formed by the two vPC peer link devices. It is also a
configuration mode for configuring some of the vPC peer link parameters.
• vPC peer keep-alive link — The peer keep-alive link is a Layer3 link between the
vPC
peer devices used to ensure that both devices are up. The fault-tolerant link sends
configurable, periodic keepalive messages between devices connected by the vPC peer
link on an out-of-band link.
• vPC member port — Interfaces that belong to the vPCs.

#show module
#show version
NX-OS is composed by two images: kickstart image that contains Linux Kernel and a
system image that contains most of the NX-OS software components.
#sh run all | begin mgmt0
#sh vrf interface
#sh vrf management interface
#conf t
#int mgmnt0
#vrf member management
#ping 10.1.1.1 vrf management
improved CLI piping, is similar to the one on Linux machines.
#show run | grep ?(to print lines matching a pattern)

Role Based Access Control:RBAC
#show role
#show role feature
#show role feature-group
#conf t
#role name nxos
#rule 1 permit read
#rule 2 permit read-write feature cdp
#rule 3 permit command ping * ( *=matches all)
#rule 4 permit command conf t ; interface *
a role can also specific what resources in terms of interface,vlans and vrfs the
user is entitled to access:
#interface policy deny
#permit interface e2/1
#show role name nxos
attach the role with user
#username rbac pass rbac role nxos

configuraion rollback:
NX-OS fully support configuraiton rollback, allowing you to revert to a previous
configuration state.
#checkpoint nxos
#show checkpoint summary
compare the different between the current config and the previous config:
#show diff rollback-patch checkpoint nxos running-config
rollback the config
#rollback running-config checkpoint nxos

Links up with spanning tree
default ST: rapid PVST
#feature lacp (enable the conditional service)
#vlan 1-4
#spanning-tree vlan 1-4 priority 4096
#int po 10
#switchport mode trunk
#sw tr allow vlan 1-4
#spa port type network
(enable bridge assurance, causing the switch to send BPDUs on all operational
ports)
#descri link to the other N7K
#no shutdown
#int e2/1
#shut
#rate-mode dedicated
#switchport
#sw mo tr
#sw tr allowed vlan 1-4
#no shut
#channel-group 10 mode active
#exit
#show port-channel sum
#show spanning-tree vlan 3

HSRP
#feature interface-vlan(enable SVI service)
#feature hsrp          (enable hsrp service)
#int vlan 2
#hsrp 1
#preempt delay minimum 180
#priority 20
#times 1  3
#ip 192.168.12.2
#show hsrp brief

Moving the topology from STP-based to VPC-based
config steps:
1.enable VPC service
2.create the VPC domain
3.configure the peer-link port channel and place it in VPC peer-link mode
4.configure the access layer facing port channels and place them in VPC mode
#conf t
#feature vpc
#vpc domain 1
#role priority 1000 (the lower priority wins)
#peer-keepalive dest 10.1.1.2 source 10.1.1.1
#show vpc peer-keepalive (check the status of the fault-tolerant link)
#int port-channel 10
#vpc peer-link
#show vpc brief

VDC:virtual device contexts
#show vdc
#conf t
#no vdc pod1-s1
#vdc pod2-s2
#allocate interface ethernet 2/2
restart:delete the VDC then re-create it with running configuration
bringdown:delete the VDC
reset:reset the active supervisor or force a supervisor switchover
#ha-policy single-sup restart dual-sup restart
#limit-resource vrf min 16 max 20
#show vdc pod2-s2 membership
switchto newly created VDC
#switchto vdc pod2-s2