NEXUS Tips-N-Tricks

Show running config of multiple interfaces
show run interface e3/5 – 6

The section command has been removed, however you can still see the config by sections
show run tacacs+

The show tech is 20+MB. The best way to get a show tech is to pipe the file to a directory on the Nexus and FTP it off
show tech-support > slot0:show_tech.txt

You can also compress the file directly on the Nexus
gzip slot0:filename

You can also compress it with another command. This will automatically compress the file when you redirect it to the Nexus
terminal redirection-mode zipped

You can restore it back to ASCII with
terminal redirection-mode ascii

You can also show tech-support in specific areas
show tech-support tacacs+

To view what ports are assigned to which VDC (from root VDC)
show vdc membership

To view the system uptime and when the switch came online
show system uptime

Do you have Cisco working on your switches or you’re a consultant and you want to track what has been done? The following command will log all configuration changes. The commands wil be sent to your AAA server for account logging
terminal log-all

Hate going 3 level deep into a config, then have to make a change that puts you back into the root config mode? Use push and pop! Push ‘writes’ a location and pop will put you back there.
TESTDC-NEX1# conf t
Enter configuration commands, one per line. End with CNTL/Z.
TESTDC-NEX1(config)# vrf context management
TESTDC-NEX1(config-vrf)# push jump2vrf
TESTDC-NEX1(config-vrf)# end
TESTDC-NEX1# pop jump2vrf
Enter configuration commands, one per line. End with CNTL/Z.

Configuring SSH

feature ssh
ssh key rsa 2048

Power off a linecard

poweroff module 1
poweroff xbar 4

Backup the license file

copy licenses bootflash:license_file.tar
Then copy to someplace safe

Base VTY Config example

n7000(config)# line vty
n7000(config-line)# exec-timeout 10
n7000(config-line)# session-limit 5
n7000(config)# ip access-list vty-acl-in
n7000(config-acl)# permit tcp x.x.x.x/24 any eq 22
n7000(config)# line vty
n7000(config-line)# ip access-class vty-acl-in in

Base Management port example

n7000(config)# ip access-list mgmt0-access
n7000(config-acl)# statistics per-entry
n7000(config-acl)# permit tcp x.x.x.x/x b.b.b.b/32 eq 22
n7000(config-acl)# permit udp x.x.x.x/x b.b.b.b/32 eq snmp
n7000(config-acl)# permit tcp x.x.x.x/x b.b.b.b/32 eq tacacs
n7000(config-acl)# permit udp x.x.x.x/x b.b.b.b/32 eq ntp
n7000(config)# interface mgmt0
n7000(config-if)# ip access-group mgmt0-access in
n7000(config-if)# ip address b.b.b.b/xx

Base CMP Port exmaple
n7000-cmp5(config)# ip access-list cmp-access
n7000-cmp5(config-acl)# permit tcp x.x.x.x range 1024 65535 b.b.b.b range 22 22
n7000-cmp5(config)# interface cmp-mgmt
n7000-cmp5(config-if)# ip address b.b.b.b/xx
n7000-cmp5(config-if)# ip access-group cmp-access in

Syslog example in CoPP

n7000(config)# policy-map type control-plane copp-system-policy
n7000(config-pmap)# class copp-system-class-critical
n7000(config-pmap-c)# logging drop threshold 39600000 level 5

Base NTP example
n7000(config)# ntp source-interface ethernet 2/1
n7000(config)# ntp source x.x.x.x

Logging of Link Status
n7000(config)# no logging event link-status default
n7000(config)# interface ethernet x/x
n7000(config-if)# logging event port link-status
n7000(config)# logging timestamp milliseconds

Viewing log files

n7000# show logging logfile <- Displays the contents of the default log file
n7000# show logging last 10 <- Displays the last # of lines of the default log file
n7000# show logging NVRAM <- Displays contents of the log file stored in NVRAM
n7000# show file logflash://sup-local/log/messages <- Displays contents in logflash

Session Manger allows ACL and QoS configurations to be applied to the running-configuration in batch mode. This is useful for verifying hardware resources such as TCAM space is available before applying the configuration. The Session Manager should always be used when applying ACLs or configuring QoS. The following example illustrates the process for configuring, verifying and applying an ACL to an interface.
n7000# configure session apply-acl
Config Session started, Session ID is 1
Enter configuration commands, one per line. End with CNTL/Z.
n7000(config-s)# ip access-list inbound-acl
n7000(config-s-acl)# deny ip any
n7000(config-s-acl)# deny ip any
n7000(config-s-acl)# deny ip any
n7000(config-s-acl)# interface ethernet x/x
n7000(config-s-if)# ip access-group inbound-acl in
n7000(config-s-if)# verify
Verification Successful
n7000(config-s)# commit
Commit Successful

Finding linecards, p/s, beacons

n7000# locator-led chassis
n7000# locator-led fan 1
n7000# locator-led module 1
n7000# locator-led powersupply 1
n7000# locator-led xbar 1
n7000(config)# interface ethernet 1/1
n7000(config-if)# beacon

n7000# show locator-led status
Component Locator LED Status
Chassis ON
Module 1 ON
Module 2 off
Module 5 off
Xbar 1 ON
Xbar 2 off
Xbar 3 off
PowerSupply 1 ON
PowerSupply 2 off
PowerSupply 3 off
Fan 1 ON
Fan 2 off
Fan 3 off

n7000# ethanalyzer local interface inband
Writing a Brief Capture to a File:
n7000# ethanalyzer local interface inband write bootflash:cpu.
Reading a Capture File:
n7000# ethanalyzer local read bootflash:cpu.txt
Redirecting a Detailed Capture to a File:
n7000# ethanalyzer local interface detail > cpu-1.txt
Reading a Capture File:
n7000# show file bootflash:cpu-1.txt

Debug Examples

n7000# debug logfile cdp-debug
n7000# debug cdp all
n7000# no debug cdp all
n7000# dir log:cdp-debug
14560 Nov 01 22:05:18 2010 cdp-debug
n7000# show debug logfile cdp-debug
2010 Nov 1 22:02:02.948577 cdp: Going to send CDP version 2 pkt on Ethernet7/3
2010 Nov 1 22:02:02.948662 cdp: Sent CDP packet untagged on interface 0x1a30200
2010 Nov 1 22:02:02.948696 cdp: Going to send CDP version 2 pkt on Ethernet10/1

n7000# show debug logfile cdp-debug | include Ethernet10/1

Show fabric information
show hardware fabric-utilization

Typical banner I put on the 7K’s I deploy
banner motd ^
                              READ ME                
If you will be making changes be sure to create a checkpoint. This is
in case you need to revert back to the old config.

Create a checkpoint of current config
+checkpoint STABLE-[todays date]

checkpoint STABLE-09OCT2012   

Restore saved checkpoint to running config
+rollback running-config checkpoint [check point name]

rollback running-config checkpoint STABLE-09OCT2012

View the difference between running config and the checkpoint
+show diff rollback-patch checkpoint [check point name] running-config

show diff rollback-patch checkpoint STABLE-09OCT2012 running-config

View all the checkpoints that have been created and can be restored
show checkpoint summary user

More coming soon!