100% found this document useful (1 vote)

560 views38 pages

Cisco Nexus 7000 Introduction To NX-OS Lab Guide

Uploaded by

razzzzzzzzzzz

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

100% found this document useful (1 vote)

560 views38 pages

Cisco Nexus 7000 Introduction To NX-OS Lab Guide

Uploaded by

razzzzzzzzzzz

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

Cisco dCloud

Cisco Nexus 7000: Introduction to NX-OS

dCloud: The Cisco Demo Cloud
Last Updated: 06-APRIL-2016

About This Cisco solution

The Cisco NX-OS software for the Cisco Nexus 7000 Series switches fulfills the routing, switching, and storage networking
requirements of data centers and provides an Extensible Markup Language (XML) interface and a command-line interface (CLI)
similar to Cisco IOS software.

About This Demonstration

Nexus 7000

The Cisco Nexus 7000 Series is a modular, data center class series of switching systems designed for highly scalable end-to-end
10 Gigabit Ethernet networks. The Cisco Nexus 7000 Series is purpose built for the data center and has many unique features a nd
capabilities designed specifically for the most mission critical place in the network, the data center.

Cisco NX-OS

Cisco NX-OS, a state-of-the-art operating system, powers the Cisco Nexus 7000 Platform. Cisco NX-OS is a data center-class
operating system built with modularity, resiliency, and serviceability at its foundation. Drawing on its Cisco IOS and Cisco SAN-OS
heritage, Cisco NX-OS helps ensure continuous availability and sets the standard for mission-critical data center environments.

Titanium

For this demo, we will be using Titanium instead of real Nexus 7000 hardware. The Titanium project allows NX-OS software to run
natively on Intel-based machines (using its Linux kernel). It is currently considered a best effort side-project with the DCBU
engineering team. Only control-plane features and functions are possible in a Titanium image, and obviously the hardware
forwarding functionality is not possible at all. The ability to run NX-OS in a Titanium-based computer allows Cisco employees to run
demos and to offer training on at least a portion of the NX-OS based products. Therefore, within the scope of this hands-on demo
the Titanium boxes will deliver an equal experience as using real Nexus 7000 hardware.

Demo Objectives

This self-paced hands-on demonstration will introduce the users to the new NX-OS, the operating system powering the Nexus
family switches. The participants will be exposed to the configuration of some of the new features present in NX -OS. The demo will
also focus on some of the aspects that differentiate NX-OS from the classical IOS. At the end of this demo session, the attendees
should have gained some degree of familiarity with NX-OS. They should also be able to describe some of the main differences
between NX-OS and the classical IOS.

Demonstration Requirements
The table below outlines the requirements for this preconfigured demo.

Table 1. Demo Requirements

Required Optional
● Laptop ● Cisco AnyConnect

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 38
Cisco dCloud

Demonstration Configuration
This demonstration contains preconfigured users and components to illustrate the scripted scenarios and features of this Cisco
dCloud: The Cisco Demo Cloud
solution. All access information needed to complete the demonstration scenario, is located in the Topology and Servers menus of
your active demonstration, and throughout this script.

 Topology Menu. Click on any server in the topology to display the available server options and credentials.

 Servers Menu. Click on or next to any server name to display the available server options and credentials.

Figure 1. Demonstration Topology

Demonstration Preparation
BEFORE DEMONSTRATING

We strongly recommend that you go through this process at least once, before presenting in front of a live audience. This will allow
you to become familiar with the structure of the document and the demonstration.

PREPARATION IS KEY TO A SUCCESSFUL CUSTOMER PRESENTATION.

Follow the steps below to schedule and configure your demonstration environment.

1. Browse to [Link], choose the location closest to you, and then login with your [Link] credentials.

2. Schedule a session. [Show Me How].

3. Test your bandwidth from the demo location before performing any scenario. [Show Me How]

4. Verify your session has a status of Active under My Demonstrations on the My Dashboard page in the Cisco dCloud UI.

 It may take up to 10 minutes for your demo to become active.

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 38
Cisco dCloud

5. Access the demonstration workstation named wkst1 and log in using the following credentials: IP Address: [Link],
Username: dcloud\demouser, Password: C1sco12345.
dCloud: The Cisco Demo Cloud
o Recommended method: Use Cisco AnyConnect [Show Me How] and the local RDP client on your laptop.
[Show Me How]

o Alternate method: Use the Cisco dCloud Remote Desktop client with HTML5. [Show Me How]

o Accept any certificates or warning.

Cisco dCloud
This demonstration is hosted in Cisco’s dCloud. Within this demo, you are provided with your personal dedicated virtual pod
(vPod). You connect via RDP to a so-called “Cisco dCloud workstation” within this host and walk through the demo steps below. All
necessary tools to complete this demo can be found in the “Cisco dCloud workstation”. Refer to the “Demonstration Preparation”
section for details on how to reach the “Cisco dCloud workstation” within your demo session.

Figure 2. Logical Demo Topology

The username and password to access the Cisco dCloud Workstation of this vPod are listed below:

 User Name: dcloud\demouser

 Password: C1sco12345

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 38
Cisco dCloud

Demo Procedure
The demo represents a typical data center setup with a Core and Aggregation layer. The Core layer consistdCloud:
of one Titanium box
The Cisco Demo Cloud
representing a Nexus 7000, while two Titanium boxes - thus representing two Nexus 7000 - compose the Aggregation layer. This
demo is designed for the configuration of the Aggregation layer devices. The Core layer device is already pre-configured.

During this demo, the participants will go through the following scenarios:

 System Configuration

 Management VRF Concept and Basic Connectivity

 CLI Familiarization

 Role Based Access Control (RBAC)

 Configuration Rollback

 Configuration Session

 OSPF Configuration

 Process Restartability

 Licensing

 Hot Standby Router Protocol (HSRP)

Additional Information
For details of the loopback interfaces refer to the table below.

Table 2. Loopback Interfaces

Router Loopback Interface Address

N7k-1 [Link]/24

N7k-2 [Link]/24

N7k-3 [Link]/24

The default gateway is: [Link]/18

The default gateway is reachable only through the management interfaces.

Access
The Titanium boxes are reachable via SSH. The PuTTY SSH client is available on the desktop and has been pre-configured for
each router. Refer to the table below for details.

Table 3. Management Interface Addresses

Router Management Interface Address

N7k-1 [Link] ([Link])

N7k-2 [Link] ([Link])

N7k-3 [Link] ([Link])

 User Name: admin

 Password: C1sco12345

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 4 of 38
Cisco dCloud

Scenario 1: System Configuration

During the entire duration of this demo, we will just use the management interface. However, it is good to keep in mind that the
dCloud: The Cisco Demo Cloud
Nexus 7000 requires console access to perform the initial configuration of the system. After performing the initial configura tion, the
system can be completely managed from the management and/or the CMP interfaces.

Use PuTTY to SSH into the management interface of the Nexus 7000 Access.

Layer device “[Link]” with the username “admin” and the password “C1sco12345”.

Now we are ready to go!

These are the steps for this scenario:

 Verify the hardware configuration

 Check the software version

 Check running-config and running-config all

Verify the Hardware Configuration

Let us start by checking the hardware of the system. Please remember that this is a Titanium box. Therefore, the displayed
hardware will look slightly different from a real Nexus 7000.

show module

n7k-2(config)# sh mod
Mod Ports Module-Type Model Status
--- ----- ----------------------------------- ------------------ ----------
1 0 Unknown Module TITANIUM active *
2 9 Titanium Ethernet Module ok

Mod Sw Hw World-Wide-Name(s) (WWN)

--- -------------- ------ --------------------------------------------------
1 6.1(2) 0.14081 --
2 NA 0.0 --

Mod MAC-Address(es) Serial-Num

--- -------------------------------------- ----------
1 00-19-07-6c-5a-a8 to 00-19-07-6c-62-a7 T505
2 2 02-00-0c-00-02-00 to 02-00-0c-00-02-7f NA

Check the Software Version

Next, we will check the software version. Currently it is NX-OS 6.1(2).

show version
n7k-2(config)# sh ver
Cisco Nexus Operating System (NX-OS) Software
TAC support: [Link]
Documents: [Link]
Copyright (c) 2002-2012, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 5 of 38
Cisco dCloud

License. A copy of the license is available at

[Link]

Software dCloud: The Cisco Demo Cloud

loader: version N/A
kickstart: version 6.1(2) [gdb]
system: version 6.1(2) [gdb]
kickstart image file is: bootflash:/[Link]
kickstart compile time: 12/25/2020 [Link] [10/26/2012 [Link]
system image file is: bootflash:/[Link]
system compile time: 9/7/2012 [Link] [10/26/2012 [Link]

Hardware
cisco Nexus 7000 Unknown Chassis ("Unknown Module")
Intel(R) Xeon(R) CPU E7- 283 with 1548192 kB of memory.
Processor Board ID T5056BAE577

Device name: n7k-2

bootflash: 0 kB
Kernel uptime is 0 day(s), 2 hour(s), 20 minute(s), 7 second(s)

plugin
Core Plugin, Ethernet Plugin

NOTE: NX-OS is composed of two images: a kickstart image that contains the Linux Kernel and a system image that contains
most of the NX-OS software components. They both show up in the configuration.

Currently the modular NX-OS only includes the plug-ins Core and Ethernet. In future releases there will be additional plug-ins, like
the "Storage" plug-in for FCoE.

Running-config and Running-config All

Now it is time to display the currently running configuration.

show running-config
n7k-2(config)# show running-config

!Command: show running-config

!Time: Wed Feb 12 [Link] 2014

version 6.1(2)
license grace-period

hostname n7k-2
vdc n7k-2 id 1
limit-resource module-type m1 f1 m1xl m2xl
allocate interface Ethernet2/1-9
limit-resource vlan minimum 16 maximum 4094
limit-resource vrf minimum 2 maximum 4096
limit-resource port-channel minimum 0 maximum 768
limit-resource u4route-mem minimum 96 maximum 96
limit-resource u6route-mem minimum 24 maximum 24
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 6 of 38
Cisco dCloud

feature telnet

username adminbackup password 5 ! role network-operator dCloud: The Cisco Demo Cloud
username admin password 5 $1$jCPcWfz0$vAWNe70hz7omDHTFwffFt0 role network-admin
no password strength-check
ip domain-lookup
vlan dot1Q tag native
system default switchport
system jumbomtu 0
no logging event trunk-status enable
copp profile strict
snmp-server user admin auth md5 0x6d86012eb8219a8c68031c974492a8bc priv 0x6d8601
2eb8219a8c68031c974492a8bc localizedkey engineID [Link]
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO
snmp-server enable traps link

vrf context management

ip route [Link]/0 [Link]
vlan 1

hardware forwarding unicast trace

interface Ethernet2/1
shutdown
no switchport
mac-address 0050.56ba.e522

interface Ethernet2/2
shutdown
no switchport
mac-address 0050.56ba.e523

interface Ethernet2/3
shutdown
no switchport
mac-address 0050.56ba.e525

interface Ethernet2/4
shutdown
no switchport
mac-address 0050.569f.0015

interface Ethernet2/5
shutdown
no switchport
mac-address 0050.569f.0015

interface Ethernet2/6
shutdown
no switchport
mac-address 0050.569f.0015

interface Ethernet2/7

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 7 of 38
Cisco dCloud

shutdown
no switchport
mac-address 0050.569f.0015
dCloud: The Cisco Demo Cloud
interface Ethernet2/8
shutdown
no switchport
mac-address 0050.569f.0015

interface Ethernet2/9
shutdown
no switchport
mac-address 0050.569f.0015

interface mgmt0
ip address [Link]/18
line console
line vty
boot kickstart bootflash:/[Link]
boot system bootflash:/[Link]
no system default switchport shutdown

NX-OS allows also seeing the defaults of the running config:

show running-config all | section mgmt0

N7k-2# show running-config all | section mgmt0
interface mgmt0
no description
speed auto
duplex auto
snmp trap link-status
no shutdown
cdp enable
ip address [Link] /18
ip port-unreachable
ip arp gratuitous update
ip arp gratuitous request

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 8 of 38
Cisco dCloud

Scenario 2: Management VRF Concept and Basic Connectivity

As specified earlier, the default gateway is connected through the management interface. The managementdCloud:
interface is by defau lt
The Cisco Demo Cloud
part of the management VRF. This particular VRF is part of the default configuration and the management interface "mgmt0" is the
only interface allowed to be part of this VRF.

The philosophy behind Management VRF is to provide total isolation to the management traffic from the rest of the traffic flowing
through the box by confining the former to its own forwarding table.

These are the steps for this scenario:

 Verify that only the mgmt0 interface is part of the management VRF

 Verify that no other interface can be part of the management VRF

 Verify that the default gateway is reachable only using the management VRF

Verify that only the mgmt0 Interface is part of the Management VRF
Display the current mapping of interfaces to VRFs as follows.

show vrf interface

N7k-2# show vrf interface
Interface VRF-Name VRF-ID Site-of-Origin
Ethernet2/1 default 1 --
Ethernet2/2 default 1 --
Ethernet2/3 default 1 --
Ethernet2/4 default 1 --
Ethernet2/5 default 1 --
Ethernet2/6 default 1 --
Ethernet2/7 default 1 --
Ethernet2/8 default 1 --
Ethernet2/9 default 1 --
mgmt0 management 2 --
N7k-2#

NOTE: The management VRF interface is part of the default configuration and the management interface "mgmt0" is the only
interface that can be made a member of this VRF.

Verify that no Other Interface can be part of the Management VRF

As we have seen in the previous step, only mgmt0 is part of the management VRF. Now we will check to ensure that another
interface cannot be added to this VRF.

We will try to add the interface eth2/1 to the management VRF.

N7k-2# conf t
N7k-2(config)# interface eth2/1

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 9 of 38
Cisco dCloud

NOTE: As you may have noticed when entering in the interface configuration mode, we omitted the kind of the Ethernet interface
(meaning FastEthernet, GigabitEthernet, etc.). In fact in NX-OS there is just "Ethernet".
N7k-2(config-if)# vrf member ? dCloud: The Cisco Demo Cloud
WORD VRF name (Max Size 32)
management (no abbrev) Configurable VRF name
N7k-2(config-if)# vrf member management
% VRF management is reserved only for mgmt0
N7k-2(config-if)# end

Very good! As expected that did not work. Now we will take a look at the mgmt0 interface before we move on.

N7k-2# conf t

n7k-2(config)# sh ip inter mgmt 0 vrf management

IP Interface Status for VRF "management"(2)

mgmt0, Interface status: protocol-up/link-up/admin-up, iod: 2,

IP address: [Link], IP subnet: [Link]/18

IP broadcast address: [Link]

IP multicast groups locally joined: none

IP MTU: 1500 bytes (using link MTU)

IP primary address route-preference: 0, tag: 0

IP proxy ARP : disabled

IP Local Proxy ARP : disabled

IP multicast routing: disabled

IP icmp redirects: enabled

IP directed-broadcast: disabled

IP icmp unreachables (except port): disabled

IP icmp port-unreachable: enabled

IP unicast reverse path forwarding: none

IP load sharing: none

IP interface statistics last reset: never

IP interface software stats: (sent/received/forwarded/originated/consumed)

Unicast packets : 1630/2498/0/1630/0

Unicast bytes : 221790/181276/0/221790/0

Multicast packets : 0/1008/0/0/0

Multicast bytes : 0/61692/0/0/0

Broadcast packets : 0/102/0/0/0

Broadcast bytes : 0/11634/0/0/0

Labeled packets : 0/0/0/0/0

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 10 of 38
Cisco dCloud

Labeled bytes : 0/0/0/0/0

WCCP Redirect outbound: disabled

dCloud: The Cisco Demo Cloud
WCCP Redirect inbound: disabled
WCCP Redirect exclude: disabled

end

Verify that the Default Gateway is Reachable only Using the Management VRF
First, we will try to reach the default gateway with a ping by using the default VRF, which is not the management VRF as we have
seen before. Try to reach the default gateway with a ping.

ping [Link]
N7k-2# ping [Link]
PING [Link] ([Link]): 56 data bytes
ping: sendto [Link] 64 chars, No route to host
Request 0 timed out
ping: sendto [Link] 64 chars, No route to host
Request 1 timed out
ping: sendto [Link] 64 chars, No route to host
Request 2 timed out
ping: sendto [Link] 64 chars, No route to host
Request 3 timed out
ping: sendto [Link] 64 chars, No route to host
Request 4 timed out

--- [Link] ping statistics ---

5 packets transmitted, 0 packets received, 100.00% packet loss

NOTE: The ping fails because the default gateway is reachable only from the management interface, w hile we just used the default
VRF.

We will now try again with the correct VRF. Try to reach the default gateway with a ping, specifying the VRF management.

ping [Link] vrf management

N7k-2# ping [Link] vrf management
PING [Link] ([Link]): 56 data bytes
64 bytes from [Link]: icmp_seq=0 ttl=127 time=0.498 ms
64 bytes from [Link]: icmp_seq=1 ttl=127 time=0.337 ms
64 bytes from [Link]: icmp_seq=2 ttl=127 time=0.319 ms
64 bytes from [Link]: icmp_seq=3 ttl=127 time=0.33 ms
64 bytes from [Link]: icmp_seq=4 ttl=127 time=0.306 ms

--- [Link] ping statistics ---

5 packets transmitted, 5 packets received, 0.00% packet loss round-trip min/avg/max = 0.306/0.358/0.498 ms

end

NOTE: The output of the ping is very Linux-like.

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 11 of 38
Cisco dCloud

Scenario 3: CLI Familiarization

NX-OS CLI is very IOS-like. As you may have already noticed NX-OS gives the user a very IOS look and feel sensation when
dCloud: The Cisco Demo Cloud
configuring the system. However, there are differences, which should be considered improvements. One of the main differences
consists in NX-OS implementing a hierarchy independent CLI. Every command can in fact be issued from anywhere in the
configuration. This short scenario will show you this.

These are the steps for this scenario:

 Verify the CLI hierarchy independence

 Verify the CLI piping functionality

 Usage of the [TAB] button

Verify the CLI Hierarchy Independence

We will now demonstrate the CLI hierarchy independence by issuing a ping from different places in the chain.

First, we will do so from within the config mode.

N7k-2# conf t
Enter configuration commands, one per line. End with CNTL/Z.
N7k-2(config)# ping ?
*** No matching command found in current mode, matching in (exec) mode ***
<CR>
A.B.C.D or Hostname IP address of remote system
WORD Enter Hostname
multicast Multicast ping

N7k-2(config)# ping [Link] vrf management

PING [Link] ([Link]): 56 data bytes
64 bytes from [Link]: icmp_seq=0 ttl=127 time=0.617 ms
64 bytes from [Link]: icmp_seq=1 ttl=127 time=0.318 ms
64 bytes from [Link]: icmp_seq=2 ttl=127 time=0.387 ms
64 bytes from [Link]: icmp_seq=3 ttl=127 time=0.372 ms
64 bytes from [Link]: icmp_seq=4 ttl=127 time=0.359 ms

--- [Link] ping statistics ---

5 packets transmitted, 5 packets received, 0.00% packet loss round-trip min/avg/max = 0.318/0.41/0.617 ms

That worked just fine. Now we will try the same from within the interface mode.
N7k-2(config)# int eth2/1
N7k-2(config-if)# ping ?
*** No matching command found in current mode, matching in (exec) mode ***
<CR> A.B.C.D or Hostname IP address of remote system
WORD Enter Hostname
multicast Multicast ping
N7k-2(config-if)# ping [Link] vrf management

PING [Link] ([Link]): 56 data bytes

64 bytes from [Link]: icmp_seq=0 ttl=127 time=0.684 ms
64 bytes from [Link]: icmp_seq=1 ttl=127 time=0.282 ms
64 bytes from [Link]: icmp_seq=2 ttl=127 time=0.838 ms
64 bytes from [Link]: icmp_seq=3 ttl=127 time=0.379 ms
64 bytes from [Link]: icmp_seq=4 ttl=127 time=0.38 ms

--- [Link] ping statistics ---

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 12 of 38
Cisco dCloud

5 packets transmitted, 5 packets received, 0.00% packet loss round-trip min/avg/max = 0.282/0.512/0.838 ms

NOTE: You can use the up-arrow and get the command history from the exec mode.
dCloud: The Cisco Demo Cloud

This short demonstration just showed you, that you can ping from everywhere.

Verify the CLI Piping Functionality

The output piping has also been improved. It can now be used in a similar way to Linux.
N7k-2# show running-config ?
<CR>
> Redirect it to a file
>> Redirect it to a file in append mode
aaa Display aaa configuration
acllog Show running config for acllog
aclmgr Show running config for aclmgr
all Current operating configuration with defaults
am Display am information
arp Display arp information
callhome Display callhome configuration
cdp Display cdp configuration
cert-enroll Display certificates configuration
cfs Display cfs configurations
city Display city information
copp Show running config for copp
diff Show the difference between running and startup configuration
eem Show the event manager running configuration
exclude Exclude running configuration of specified features expand-port-profile Expand port profile
icmpv6 Display icmpv6 information
igmp Display igmp information
interface Interface configuration
ip Display ip information ipv6 Display ipv6 information
l2pt Show running configuration for L2PT
l3vm Display l3vm information
license Display licensing configuration
ntp Show NTP information
port-profile Display port-profile configuration
radius Display radius configuration
routing Display routing information
rpm Display Route Policy Manager (RPM) information
security Display security configuration
snmp Display snmp configuration
spanning-tree Show spanning tree information
track Show track running configuration
vdc Show Virtual Device Contexts
vdc-all Display config from all VDC
vlan Vlan commands
vshd Show running config for vshd
| Pipe command output to filter

N7k-2# show running-config | grep ?

WORD Search for the expression
count Print a total count of matching lines only
ignore-case Ignore case difference when comparing strings
invert-match Print only lines that contain no matches for <expr>
line-exp Print only lines where the match is a whole line
line-number Print each match preceded by its line number

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 13 of 38
Cisco dCloud

next Print <num> lines of context after every matching line

prev Print <num> lines of context before every matching line
word-exp Print only lines where the match is a complete word
dCloud: The Cisco Demo Cloud
The following command will grab all instances of lines matching "mgmt0" and print it along with the next three subsequent lin es
and the line number.

sh running-config | grep -A 3 -n mgmt0

N7k-2# sh running-config | grep -A 3 -n mgmt0
114:interface mgmt0
115- ip address [Link]/18
116-line console

Usage of the [TAB] Button

The [TAB] button does not only complete the command, but also it shows the keywords that are available.
N7k-2# conf t
Enter configuration commands, one per line. End with CNTL/Z.
N7k-2(config)# int eth2/1
N7k-2(config-if)#

[TAB]
bandwidth end lacp medium snmp
beacon errdisable link mtu speed
cdp exit load-interval no storm-control
channel-group flowcontrol logging pop switchport
delay inherit mac push this
description ip mac-address rate-mode vrf
duplex ipv6 mdix shutdown where

end

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 14 of 38
Cisco dCloud

Scenario 4: RBAC
RBAC stands for Role Based Access Control. Every account is assigned to a role which defines the privileges of the user who will
dCloud: The Cisco Demo Cloud
access the system with the corresponding account. NX-OS, through the RBAC feature, provides a very flexible and powerful
framework to create roles for any type of user. In this context, a role can be seen as a group of rules that permit or deny a set of
operations on NX-OS components. These are the steps for this scenario:

 Display the default role

 Display the role features and the feature-groups

 Create a new role and apply the role to a newly created user

 Test the role

Display the Default Role

We will now take a look at the pre-defined default roles.

show role
N7k-2# show role

Role: network-admin
Description: Predefined network admin role has access to all commands on the switch
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
1 permit read-write

Role: network-operator
Description: Predefined network operator role has access to all read commands on the switch
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
1 permit read

Role: vdc-admin
Description: Predefined vdc admin role has access to all commands within a VDC instance
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
1 permit read

Role: vdc-operator
Description: Predefined vdc operator role has access to all read commands within a VDC instance
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
1 permit read

Role: priv-15
Description: This is a system defined privilege role.
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)

Role: priv-14
Description: This is a system defined privilege role.
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 15 of 38
Cisco dCloud

-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
1 permit read-write
dCloud: The Cisco Demo Cloud

Role: priv-13
Description: This is a system defined privilege role.
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)

Role: priv-12
Description: This is a system defined privilege role.
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)

Role: priv-11
Description: This is a system defined privilege role.
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)

Role: priv-10
Description: This is a system defined privilege role.
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)

Role: priv-9
Description: This is a system defined privilege role.
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)

Role: priv-8
Description: This is a system defined privilege role.
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)

Role: priv-7
Description: This is a system defined privilege role.
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)

Role: priv-6
Description: This is a system defined privilege role.
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)

Role: priv-5
Description: This is a system defined privilege role.
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)

Role: priv-4
Description: This is a system defined privilege role.

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 16 of 38
Cisco dCloud

Vlan policy: permit (default)

Interface policy: permit (default)
Vrf policy: permit (default)
dCloud: The Cisco Demo Cloud
Role: priv-3
Description: This is a system defined privilege role.
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)

Role: priv-2
Description: This is a system defined privilege role.
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)

Role: priv-1
Description: This is a system defined privilege role.
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)

Role: priv-0
Description: This is a system defined privilege role.
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
10 permit command traceroute6 *
9 permit command traceroute *
8 permit command telnet6 *
7 permit command telnet *
6 permit command ping6 *
5 permit command ping *
4 permit command ssh6 *
3 permit command ssh *
2 permit command enable *
1 permit read

Display the Role Features and the Feature-groups

All users when they login are associated to a particular role. It can be one of the default pre-configured roles or a user-made role. A
role is a set of rules that define what operations the user can perform on individual CLI commands, features, and feature -groups
basis. Feature-groups are essentially groups of related features, such as the L3 feature group (defined by default). You can group
features in feature-groups and assign read/read-write permission to the whole group of features.

To see the set of features and the feature groups available to be defined as part of a role, issue the following commands.

show role feature

N7k-2# show role feature
aaa (AAA service related commands)
access-list (IP access list related commands)
arp (ARP protocol related commands)
callhome (Callhome configuration and show commands)
cdp (Cisco Discovery Protocol related commands)
crypto (Security related commands)
diagnostics (Gold diagnostics related commands)

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 17 of 38
Cisco dCloud

install (Software install related commands)

l3vm (Layer 3 virtualization related commands)
license (License related commands)
ping (Network reachability test commands) dCloud: The Cisco Demo Cloud
platform (Platform configuration and show commands)
radius (Radius configuration and show commands)
scheduler (Scheduler configuration and show commands)
snmp (SNMP related commands)
syslog (Syslog related commands)
tacacs (TACACS configuration and show commands)
tcap (Terminal settings related commands)
tcpudp (TCP/UDP related commands)
dot1x (DOT1X related commands)
eou (EAP over UDP related commands)
eth-port-sec (Ethernet port security related commands)
glbp (Gateway Load Balancing Protocol related commands)
hsrp (Hot Standby Router Protocol related commands)
igmp (Internet Group Management Protocol related commands)
Interface (Interface configuration commands)
ipfib (IP Forwarding Information Base related commands)
msdp (Multicast Source Discovery Protocol related commands)
pong (Pong related commands)
ptp (PTP (IEEE 1588) related commands
qbridge (Q-Bridge-MIB access control)
qosmgr (Quality of Service related commands)
router-bgp (Border Gateway Protocol related commands)
router-eigrp (Enhanced Interior Gateway Routing Protocol related commands)
router-isis (ISIS protocol related commands)
router-ospf (Open Shortest Path First protocol related commands)
router-rip (Routing Information Protocol related commands)
spanning-tree (Spanning Tree protocol related commands)
svi (Interface VLAN related commands)
vlan (Virtual LAN related commands)
vtp (Cisco-VTP-MIB access control)
vtpmib-auth (Cisco-VTP-MIB vtpAuthenticationTable access control)
wccp (Web Cache Communication Protocol related commands)
acl (FC ACL related commands)
cloud (Cloud discovery related commands)
fc-qos (FC Quality of Service related commands)
fcanalyzer (FC analyzer related commands)
fcns (Fibre Channel Name Server related commands)
fcsp (Fibre Channel Security Protocol related commands)
ficon (Ficon related commands)
fspf (Fabric Shortest Path First protocol related commands)
iscsi (ISCSI related commands)
isns (Internet Storage Name Service related commands)
ivr (InterVsan Routing protocol related commands)
mpls-tunnel (FC tunnel related commands)
rlir (Registered Link Incident Report related commands)
rscn (Registered State Change Notification related commands)
san-ext-tuner (IP Network Simulator related commands)
sme (Storage Media Encryption feature related commands)
sme-kmc-admin (SME Commands authorized to kmc admin)
sme-recovery-officer(SME commands authorize to recovery officer)
sme-stg-admin (SME commands authorize to storage admin)
span (SPAN session related commands)
vsan (VSAN configuration and show commands)
vsan-assign-intf(Assign interfaces to vsan)
wwnm (World Wide Name related commands)

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 18 of 38
Cisco dCloud

zone (Zone related commands)

show role feature-group

N7k-2# show role feature-group dCloud: The Cisco Demo Cloud
feature group: L3
router-bgp (Border Gateway Protocol related commands)
router-eigrp (Enhanced Interior Gateway Routing Protocol related commands)
router-isis (ISIS protocol related commands)
router-ospf (Open Shortest Path First protocol related commands)
router-rip (Routing Information Protocol related commands)

Create and Apply a Role

Creating a role is very easy. We will create a new role named nx-os-lab-role that is allowed to issue all the show commands, to
check basic connectivity using ping and to configure just the Cisco Discovery Protocol: cdp. After creating the role, we will define a
new user nx-os-lab-user and associate the role to the newly created user.
N7k-2# conf t
Enter configuration commands, one per line. End with CNTL/Z.
N7k-2(config)# role name nx-os-lab-role
N7k-2(config-role)# ?
description Add a description for the role
interface Configure the interface policy for this role
no Negate a command or set its defaults
rule Enter the rule number
this Shows info about current object (mode's instance)
vlan Configure the vlan policy for this role
vrf Configure the vrf policy for this role
end Go to exec mode
exit Exit from command interpreter
pop Pop mode from stack or restore from name
push Push current mode to stack or save it under name
where Shows the cli context you are in

N7k-2(config-role)# rule 1 permit read

N7k-2(config-role)# rule 2 permit read-write feature cdp
N7k-2(config-role)# rule 3 permit command ping *

NOTE: You can use the “up” arrow and get the command history from the exec mode.

end

A role can also specify what resources in terms of Interfaces, VLANs and VRFs the user is entitled to access. For now we are not
going to configure any restriction on these resources. We will verify the role and create a user to attach the role to.

show role name <role-name>

N7k-2# show role name nx-os-lab-role

Role: nx-os-lab-role
Description: new role
Vlan policy: permit (default) Interface policy: permit (default) Vrf policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
3 permit command ping *
2 permit read-write feature cdp
1 permit read

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 19 of 38
Cisco dCloud

Create a new user and attach the role. After that, please log out and login as the nx-os-lab-user user and test the RBAC
configuration.
dCloud: The Cisco Demo Cloud
username <username> password <password> role <rolename>
N7k-2# conf t
Enter configuration commands, one per line. End with CNTL/Z.
N7k-2(config)# username nx-os-lab-user password C1sco12345 role nx-os-lab-role
N7k-2(config)#

exit

Test the Role

Use PuTTY to SSH into the management interface of the Nexus 7000 Aggregation layer device [Link] with the
username nx-os-lab-user and the password C1sco12345.
login as: nx-os-lab-user
User Access Verification
Using keyboard-interactive authentication. Password:
Cisco NX-OS Software
Copyright (c) 2002-2012, Cisco Systems, Inc. All rights reserved.

<some output omitted>

[Link] and
[Link]

n7k-2#

NOTE: Most of the commands are missing; however, the ping functionality is available to this user as previously specified.

We will now test if the ping is really working as specified in the role.
N7k-2# ping [Link] vrf management
PING [Link] ([Link]): 56 data bytes
64 bytes from [Link]: icmp_seq=0 ttl=127 time=0.689 ms
64 bytes from [Link]: icmp_seq=1 ttl=127 time=0.354 ms
64 bytes from [Link]: icmp_seq=2 ttl=127 time=0.348 ms
64 bytes from [Link]: icmp_seq=3 ttl=127 time=0.378 ms
64 bytes from [Link]: icmp_seq=4 ttl=127 time=0.329 ms

--- [Link] ping statistics ---

5 packets transmitted, 5 packets received, 0.00% packet loss round-trip min/avg/max = 0.329/0.419/0.689 ms

What about the debug mode? Only the CDP debug is actually available.
N7k-2# debug ?
cdp Configure CDP debugging
N7k-2# debug

What about the conf mode? Only the cdp, conf commands are actually available.
N7k-2# conf t
Enter configuration commands, one per line. End with CNTL/Z.
N7k-2(config)# ?
cdp Configure CDP parameters
end Go to exec mode

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 20 of 38
Cisco dCloud

exit Exit from command interpreter

N7k-2(config)# cdp ?
advertise Highest CDP version supported on the switch dCloud: The Cisco Demo Cloud
enable Enable/disable CDP on all interfaces
format Device ID format for CDP
holdtime CDP hold time advertised (in seconds)
timer CDP refresh time interval (in seconds)

Log off from the current session. Use PuTTY to SSH into the management interface of the Nexus7000 Aggregation layer device
[Link] with the username admin and the password C1sco12345.

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 21 of 38
Cisco dCloud

Scenario 5: Configuration Rollback

NX-OS fully supports Configuration Rollback. This functionality allows you to revert to a previous configuration state, effectively
dCloud: The Cisco Demo Cloud
rolling back configuration changes. We will verify its functionality within NX-OS.

These are the steps for this scenario:

 Create a checkpoint for the current configuration

 Modify the configuration for an interface

 Rollback the configuration and verify the interface configuration

Create a Checkpoint for the Current Configuration

We will now create a checkpoint called nx-os-lab and verify its creation.
N7k-2# checkpoint ?
<CR>
WORD Checkpoint name (Max Size 80)
description Checkpoint description for the given checkpoint
file Create configuration rollback checkpoint to file

N7k-2# checkpoint nx-os-lab

.Done
N7k-2# show checkpoint summary
User Checkpoint Summary
----------------------------------------------------------------------------
1) nx-os-lab:
Created by admin
Created at Sat, [Link] 25 Sep 2010
Size is 2,781 bytes
Description: None

Modify the Configuration for an Interface

We will now modify the configuration by, for example, configuring an interface.
N7k-2# conf t
Enter configuration commands, one per line. End with CNTL/Z.
N7k-2(config)# int eth2/1
N7k-2(config-if)# ip address [Link]/24
N7k-2(config-if)# no shutdown
N7k-2(config-if)# end
N7k-2# sh running-config int eth2/1

!Command: show running-config interface Ethernet2/1

!Time: Sat Sep 25 [Link] 2010

version 6.1(2)

interface Ethernet2/1
no switchport
mac-address 0050.56ba.e522
ip address [Link]/24
no shutdown

NOTE: With NX-OS finally the slash notation is available for the IP address configuration.

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 22 of 38
Cisco dCloud

Rollback the Configuration and Verify the Interface Configuration

We will now rollback the configuration. dCloud: The Cisco Demo Cloud

rollback running-config checkpoint <checkpoint name>

N7k-2# rollback running-config checkpoint nx-os-lab
Note: Applying config parallelly may fail Rollback verification
Collecting Running-Config
#Generating Rollback Patch
Executing Rollback Patch
Generating Running-config for verification
Generating Patch for verification
Verification is Successful.

Rollback completed successfully.

NX-OS will generate and apply a rollback patch, which reverts to the previously issued commands.

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 23 of 38
Cisco dCloud

Scenario 6: Configuration Session

NX-OS offers a new way of configuring ACLs and QoS: the Configuration Session mode. This new mode allows to "dry-run" the
dCloud: The Cisco Demo Cloud
configuration against the system resources availability. For "dry-run" we mean a process that allows the user to check whether the
hardware resources are available without actually performing any modification on them.

In this scenario, you will get familiar with the new configuration session process by configuring an ACL for a particular interface.

These are the steps for this scenario:

 Create a new configuration session

 Create a simple access-list and apply the access list to an interface

 "Verify" the configuration

 "Commit" the configuration

Create a new Configuration Session

First, we will create a new configuration session.

configure session <session name>

N7k-2# configure session ?
WORD Enter the name of the session (Max Size 64)

N7k-2# configure session nx-os-lab

Config Session started, Session ID is 1
Enter configuration commands, one per line. End with CNTL/Z. N7k-2(config-s)#

NOTE: The "s" in the prompt indicates that the user is in configuration session.

Create a Simple Access List and Apply the Access List to an Interface
From within the session mode we will now configure a simple access list and apply it to an interface.
N7k-2(config-s)# ?
abort Abort the current configuration session
access-list Configure access control list parameters
arp ARP access-list configuration commands

commit Commit the current configuration session

errdisable Error disable
interface Configure interfaces
ip Configure IP features
ipv6 Configure IPv6 features
line Configure a terminal line
logging Modify message logging facilities
mac MAC configuration commands
no Negate a command or set its defaults
object-group Configure ACL object groups
policy-map Configure a policy map
qos QoS Global Commands
resequence Resequence a list with sequence numbers
save Save the current configuration session to uri
system System management controls
table-map Configure a table map

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 24 of 38
Cisco dCloud

this Shows info about current object (mode's instance)

time-range Define time range entries
verify Verify the current configuration session
vlan Vlan commands dCloud: The Cisco Demo Cloud
end Go to exec mode
exit Exit from command interpreter
pop Pop mode from stack or restore from name
push Push current mode to stack or save it under name
where Shows the cli context you are in
N7k-2(config-s)# ip access-list 1 ?
<CR>

N7k-2(config-s)# ip access-list 1
N7k-2(config-s-acl)# permit tcp [Link]/24 any
N7k-2(config-s-acl)# permit tcp [Link]/24 any
N7k-2(config-s-acl)# permit tcp [Link]/24 any
N7k-2(config-s-acl)# exit

NOTE: NX-OS introduces some ACL syntax improvements for better usability and manageability: The slash notation for IP
addresses; there are not ACL types anymore. No standard/extended and named/numbered ACLs... just ACLs. You can use either
a number or string of characters or a mix of them, NX-OS will treat them seamlessly just as a name.

Let's now attach the access-group to an interface

N7k-2(config-s)# int eth2/1
N7k-2(config-s-if)# ip access-group 1 in

"Verify" the Configuration

Remember that the access-list has not been programmed into the hardware yet. Let us see our configuration within the config
session.

show configuration session

N7k-2(config-s-if)# show configuration session

config session nx-os-lab

0001 ip access-list 1
0002 permit tcp [Link]/24 any
0003 permit tcp [Link]/24 any
0004 permit tcp [Link]/24 any
0005 interface Ethernet2/1
0006 ip access-group 1 in

Number of active configuration sessions = 1

Let us now verify our configuration. During the verification process, the system checks the configuration against the hardware and
software resources for their availability.

verify
N7k-2(config-s-if)# verify
Verification Successful

N7k-2(config-s)# show running-config int eth2/1

!Command: show running-config interface Ethernet2/1

!Time: Thurs May 15 [Link] 2014

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 25 of 38
Cisco dCloud

Version 6.1(20)

interface Ethernet2/1
shutdown dCloud: The Cisco Demo Cloud
no switchport
mac-address 0050.56ba.e522

The configuration can fit in the hardware table. Again, until this point the ACL TCAM has not been touched yet.

"Commit" the Configuration

We are now ready to commit the configuration. If the commit process will succeed, the session will be considered completed an d
will be terminated.

commit
N7k-2(config-s)# commit
Commit Successful

N7k-2# show running-config int eth2/1

!Command: show running-config interface Ethernet2/1

!Time: Thurs May 15 [Link] 2014

Version 6.1(2)

interface Ethernet2/1
shutdown
no switchport
ip access-group 1 in
mac-address 0050.56ba.e522

N7k-2# show configuration session

There are no active configuration sessions

Before continuing, remove the ACL from the interface.

N7k-2# conf t
Enter configuration commands, one per line. End with CNTL/Z.
N7k-2(config)# interface eth2/1
N7k-2(config-if)# no ip access-group 1 in
N7k-2(config-if)# exit
N7k-2(config)#

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 26 of 38
Cisco dCloud

Scenario 7: OSPF Configuration

OSPF is fully implemented in NX-OS as part of the "Enterprise License" (which we will see in the next step). In this step, we will
dCloud: The Cisco Demo Cloud
configure OSPFv2 and we will see how the configuration is interface centric versus the network centric IOS based OSPF
configuration.

These are the steps for this scenario:

 Turn the OSPFv2 service on

 Configure the Loopback interfaces

 Instantiate an OSPF process

 Configure the interface towards N7k-1 (Core Layer)

 Verify OSPF configuration by issuing show commands

Turn the OSPFv2 Service on

Let us start the traditional way and configure the router functionality.
N7k-2(config)# router ?
^
% Invalid command at '^' marker.

The CLI to configure OSPF seems not to be there. NX-OS is a fully modular operating system; most software modules do not run
unless the correspondent service is enabled. We have not enabled the OSPF service so its code is not running and its CLI is not
linked into the system. Now we will enable the OSPF service so that we can proceed with its configuration. We like to refer to these
features that need to be specifically enabled as "conditional services".

We will now enable the OSPF service:

N7k-2(config)# feature ?
bfd Bfd
bgp Enable/Disable Border Gateway Protocol (BGP)
cts Enable/Disable CTS
dhcp Enable/Disable DHCP Manager
dot1x Enable/Disable dot1x
eigrp Enable/Disable Enhanced Interior Gateway Routing Protocol(EIGRP)
glbp Enable/Disable Gateway Load Balancing Protocol (GLBP)
hsrp Enable/Disable Hot Standby Router Protocol (HSRP)
interface-vlan Enable/Disable interface vlan
isis Enable/Disable IS-IS Unicast Routing Protocol (IS-IS)
lacp Enable/Disable LACP
ldap Enable/Disable ldap
lldp Enable/Disable LLDP
msdp Enable/Disable Multicast Source Discovery Protocol (MSDP)
netflow Enable/Disable NetFlow
ntp Enable/Disable NTP
ospf Enable/Disable Open Shortest Path First Protocol (OSPF)
ospfv3 Enable/Disable Open Shortest Path First Version 3 Protocol(OSPFv3)
otv Enable/Disable Overlay Transport Virtualization (OTV)
password Credential(s) for the user(s)/device(s)
pbr Enable/Disable Policy Based Routing(PBR)
pim Enable/Disable Protocol Independent Multicast (PIM)
pim6 Enable/Disable Protocol Independent Multicast (PIM) for IPv6
pong Enable/Disable Pong
port-security Enable/Disable port-security

private-vlan Enable/Disable private-vlan

privilege Enable/Disable IOS type privilege level support
ptp Enable/Disable PTP
rip Enable/Disable Routing Information Protocol (RIP) dCloud: The Cisco Demo Cloud
scheduler Enable/Disable scheduler
scp-server Enable/Disable SCP server
sftp-server Enable/Disable SFTP server
sla Enable/Disable SLA
ssh Enable/Disable ssh
tacacs+ Enable/Disable tacacs+ telnet Enable/Disable telnet
tunnel Enable/Disable Tunnel Manager
udld Enable/Disable UDLD
vpc Enable/Disable VPC (Virtual Port Channel)
vrrp Enable/Disable Virtual Router Redundancy Protocol (VRRP)
vtp Enable/Disable VTP
wccp Enable/Disable Web Cache Communication Protocol (WCCP)

N7k-2(config)# feature ospf

LAN_ENTERPRISE_SERVICES_PKG license not installed. ospf feature will be shutdown after grace period of
approximately 120 day(s)

NOTE: As you may have noticed, you are now running OSPF in "grace period". We will talk about that later in another step.

Configure the Loopback Interfaces

Let us configure the loopback interface before we can move on to do the actual configuration of OSPF.
N7k-2(config)# interface loopback0
N7k-2(config-if)# ip address [Link]/24

Instantiate an OSPF Process

Now let us configure the OSPF area 0.

N7k-2(config-if)# router ospf 1
N7k-2(config-router)# area 0 authentication message-digest
N7k-2(config-router)# log-adjacency-changes
N7k-2(config-router)# auto-cost reference-bandwidth 1000000
N7k-2(config-router)# exit

NOTE: As you may have noticed the "network x.x.x.x area y" configuration lines are not present. This is a major difference from
IOS. OSPF, as well as other IGP protocols, are interface centric, as we will see with the next few commands.

Configure the Interface Towards N7k-1 (Core Layer)

Let us now configure the interface towards N7k-1 (Core Layer).
N7k-2(config)# interface eth2/1
N7k-2(config-if)# description To N7k-1 (Core)
N7k-2(config-if)# ip address [Link]/24
N7k-2(config-if)# ip ospf message-digest-key 1 md5 C1sco12345
N7k-2(config-if)# ip ospf dead-interval 6
N7k-2(config-if)# ip ospf hello-interval 2
N7k-2(config-if)# ip router ospf 1 area 0
N7k-2(config-if)# no shutdown
N7k-2(config-if)#

NOTE: In the NX-OS the OSPF configuration is interface centric. The membership to an OSPF area is specified at the interface
configuration level. This approach is more intuitive and manageable.
dCloud: The Cisco Demo Cloud
Verify OSPF Configuration by Issuing Show Commands
Let us check if the system was able to establish the adjacency status with the Core layer switch. First, we can check the OSPF
configuration we have been working on.
n7k-2(config-if)# show running-config ospf

!Command: show running-config ospf

!Time: Thu May 15 [Link] 2014

feature ospf

router ospf 1
area [Link] authentication message-digest
log-adjacency-changes
auto-cost reference-bandwidth 1000000

interface Ethernet2/1
ip ospf message-digest-key 1 md5 3 ef6a8875f8447eac
ip ospf dead-interval 6
ip ospf hello-interval 2
ip router ospf 1 area [Link]

NOTE: NX-OS is able to show the running config related to a particular feature without the need to show the complete
configuration.

Now we will check if the system was able to establish the adjacency and to exchange routes.
n7k-2(config)# sh ip ospf neighbors
OSPF Process ID 1 VRF default
Total number of neighbors: 1
Neighbor ID Pri State Up Time Address Interface
[Link] 1 FULL/DR [Link] [Link] Eth2/1
N7k-2(config-if)# show ip route ?
*** No matching command found in current mode, matching in (exec) mode ***
<CR>
> Redirect it to a file
>> Redirect it to a file in append mode
A.B.C.D Display single route longest match lookup
A.B.C.D/LEN Display single exact match route
WORD Display single route longest match lookup
am Display routes owned by adjacency manager
broadcast Display connected routes owned by broadcast
detail Display routes in full detail
direct Display connected routes owned by direct
interface Display routes with this output interface only
ip Display information
ipv4 Display information
l3vm-info Display corresponding L3VM information
local Display connected routes owned by local
mstatic Display routes owned by mstatic
next-hop Display routes with this next-hop only
ospf-1 Display routes owned by ospf-1
rpf Display RPF information for multicast source

sal Display connected routes owned by sal

static Display routes owned by static
summary Display route counts
updated Display routes filtered by last updated time dCloud: The Cisco Demo Cloud
vrf Display per-VRF information
| Pipe command output to filter

n7k-2(config)# sh ip route ospf-1

IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

[Link]/24, ubest/mbest: 1/0

*via [Link], Eth2/1, [110/2000], [Link], ospf-1, intra

NOTE: The same output can be displayed issuing the command: "show routing ospf-1".
n7k-2(config-if)# sh ip ospf database
OSPF Router with ID ([Link]) (Process ID 1 VRF default)

Router Link States (Area [Link])

Link ID ADV Router Age Seq# Checksum Link Count

[Link] [Link] 232 0x80000008 0x1cc7 2
[Link] [Link] 228 0x80000003 0x148e 1
[Link] [Link] 322 0x80000007 0x1684 1

Network Link States (Area [Link])

Link ID ADV Router Age Seq# Checksum

[Link] [Link] 232 0x80000002 0xe70c
[Link] [Link] 325 0x80000006 0xec02

n7k-2(config-if)# sh ip ospf interface

Ethernet2/1 is up, line protocol is up
IP address [Link]/24, Process ID 1 VRF default, area [Link]
Enabled by interface configuration
State BDR, Network type BROADCAST, cost 1000
Index 1, Transmit delay 1 sec, Router Priority 1
Designated Router ID: [Link], address: [Link]
Backup Designated Router ID: [Link], address: [Link]
1 Neighbors, flooding to 1, adjacent with 1
Timer intervals: Hello 2, Dead 6, Wait 6, Retransmit 5
Hello timer due in [Link]
Message-digest authentication, using key id 1
Number of opaque link LSAs: 0, checksum sum 0

Congratulations, your OSPF routing is working.

Scenario 8: Process Restartability

NX-OS is a modern operating system. NX-OS continuously checks the health of each software module making sure that if a
dCloud: The Cisco Demo Cloud
process crashes or hangs the right action is taken to allow service continuity and availability. NX-OS has been designed around
the concept of zero service destruction.

In this scenario we will demonstrate the non-stop forwarding capabilities of OSPF:

 In a first step, a crash of the OSPF process will be simulated. This will cause a stateful restart, which uses our PSS
(Persistent Storage Service) architecture, so that the system recovers in a seamless way. You will see how the connected
Core Layer router will not notice that the process has crashed and been restarted.

 In a second step, we will perform a graceful restart of OSPF. This will utilize the Non-Stop Forwarding (NSF) feature of
OSPF, as defined in RFC 3623, to recover the routing table on the local node by resynchronizing it with the neighbor.

NOTE: The process monitoring feature of NX-OS will also constantly monitor the number and frequency of process restarts and
will escalate the situation accordingly:

 Should the OSPF process crash a second time within four minutes a graceful restart will be performed instead of a stateful
restart.

 Should you trigger a second graceful restart within four minutes a supervisor switchover will be triggered. As our Titanium boxes
only have one simulated Supervisor, this will render the machine that you are using unusable. So please do not do that.

Please perform the steps as stated below and do not repeat them as the results may be different from what you expect or it might
render the boxes unusable for subsequent use.

These are the steps for this scenario:

 Prepare the switches for observing the NSF feature

 Simulate a crash of the OSPF process

 Verify that the OSPF process has been restarted statefully

 Perform a graceful restart

 Observe NSF updates from the peer for the graceful restart

Prepare the Switches for Observing the NSF Feature

Before simulating a failure of the OSPF process on your local switch, we will prepare two more terminal sessions, which will display
status information for making sure that the switch behaves as expected.

Use PuTTY to open a SSH session to the Core Layer switch N7k-1. Use the username admin and the password C1sco12345 to
login.

NOTE: In order to observe the debug output from SSH console, execute the following command on both, N7k-1 and N7k-2:

N7k-1# terminal monitor

On N7k-1 enable that the OSPF adjacency debugging:

N7k-1# debug ip ospf adjacency

Leave the SSH session open to observe OSPF adjacency debug messages.

Use PuTTY to open a SSH session to the Aggregation layer switch N7k-2. Use the username admin and the password
C1sco12345 to login.
dCloud: The Cisco Demo Cloud
Start a ping to the interface of the Aggregation layer switch N7K-3 with an infinite number of packages and a very short repeat
time.
N7k-2# ping
Vrf context to use [default] :
No user input: using default context
Target IP address or Hostname: [Link]
Repeat count [5] : unlimited
Datagram size [56] :
Timeout in seconds [2] :
Sending interval in seconds [0] :
Extended commands [no] :
Sweep range of sizes [no] :
Sending 0, 56-bytes ICMP Echos to [Link]
Timeout is 2 seconds, data pattern is 0xABCD

64 bytes from [Link]: icmp_seq=0 ttl=254 time=0.794 ms

64 bytes from [Link]: icmp_seq=1 ttl=254 time=0.606 ms
64 bytes from [Link]: icmp_seq=2 ttl=254 time=0.47 ms
64 bytes from [Link]: icmp_seq=3 ttl=254 time=0.662 ms
64 bytes from [Link]: icmp_seq=4 ttl=254 time=0.6 ms
...

This way you will be able to observe the behavior of the setup during the following steps. The debug on N7k-1 will show you the
presence or absence of OSPF adjacency updates while the ping shows you the continuous forwarding capabilities.

Now continue working on your Aggregation Layer switch N7k-2 while monitoring the two other SSH sessions in the background.
Open another PuTTY session, to N7K-2.

Simulate a Crash of the OSPF Process

First, we will display the current OSPF process ID. We will then use the displayed information to simulate a process crash by
explicitly killing the current OSPF process. Furthermore, we will check the restart of the service by comparing the new OSPF
process ID.
N7k-2# show processes | inc ospf
9934 S 775d327b 1 - ospf
- NR - 0 - ospfv3
- NR - 0 - ospf
- NR - 0 - ospfv3
- NR - 0 - ospf
- NR - 0 - ospfv3
- NR - 0 - ospf
- NR - 0 - ospfv3

NOTE: Take note of the OSPF process ID in your switch as you will need it in a subsequent step.

We will invoke a script on your access layer switch that enables us to enter a debug mode in which we can issue a kill command to
stop the OSPF process.

First, we need to create a copy of this special debug script, as it will self-destruct.

dCloud: The Cisco Demo Cloud

While issuing the kill command, observe the SSH window of the Core Layer switch, N7K-1, for the absence of OSPF adjacency
updates and the SSH window of the Aggregation layer switch for no disruption in the ping sequence.
N7k-2# load bootflash:[Link]
Loading plugin version 6.1(2)
###############################################################
Warning: debug-plugin is for engineering internal use only!
For security reason, plugin image has been deleted.
###############################################################
Successfully loaded debug-plugin!!!

Enter Commands:

Linux(debug)# kill 9934

Linux(debug)# 2014 Feb 12 [Link] n7k-2 %LIBSYSMGR-3-SIGTERM_FORCE_EXIT: Service "__inst_001__ospf" (PID
5674) is forced exit.N7k-2#

IMPORTANT: The number in the “kill” command should be OSPF process ID in your switch

Verify that the OSPF Process has been Restarted Statefully

Killing the OSPF process simulates the crash of this process. Therefore, NX-OS should have done a stateful restart of the OSPF.
To verify this we will check if the OSPF process has been restarted on your local switch:
N7k-2# show processes | inc ospf
12026 S 775d327b 2 - ospf
- NR - 0 - ospfv3
- NR - 0 - ospf
- NR - 0 - ospfv3
- NR - 0 - ospf
- NR - 0 - ospfv3
- NR - 0 - ospf
- NR - 0 - ospfv3
N7k-2#

Notice how the OSPF process has now a new process ID and how, looking at the N7K-1 terminal, the neighbor did not even
realized that our OSPF process was killed and restarted. So there should be no debug message on N7k -1.
N7k-1#

The ping sequence between N7k-2 and N7k-3 should not be affected.
...
64 bytes from [Link]: icmp_seq=320 ttl=254 time=0.794 ms
64 bytes from [Link]: icmp_seq=321 ttl=254 time=0.606 ms
64 bytes from [Link]: icmp_seq=322 ttl=254 time=0.47 ms
64 bytes from [Link]: icmp_seq=323 ttl=254 time=0.662 ms
64 bytes from [Link]: icmp_seq=324 ttl=254 time=0.6 ms
...

Perform a Graceful Restart

Now we will perform a graceful restart of OSPF. NX-OS will use Non-Stop Forwarding (NFS), which is enabled byThe
dCloud: default alongCloud
Cisco Demo

with OSPF, to acquire the OSPF routing table from the neighbor. This graceful restart will also be non-disruptive to the forwarding
plane.

While performing the graceful restart on your Aggregation layer switch N7k-2, observe the second terminal window of the Core
layer switch for the OSPF adjacency debug messages.
N7k-2# restart ospf 1

Observe NSF Updates from the Peer for the Graceful Restart

On the N7K-1 Core layer switch, you can see the OSPF adjacency debug output.

At the same time, the ping sequence between N7k-2 and N7k-3 is still not affected.
...
64 bytes from [Link]: icmp_seq=320 ttl=254 time=0.794 ms
64 bytes from [Link]: icmp_seq=321 ttl=254 time=0.606 ms
64 bytes from [Link]: icmp_seq=322 ttl=254 time=0.47 ms
64 bytes from [Link]: icmp_seq=323 ttl=254 time=0.662 ms
64 bytes from [Link]: icmp_seq=324 ttl=254 time=0.6 ms
...

NOTE: The state changes from FULL to EXSTART and not to DOWN as NFS is used to acquire the OSPF routing table.

Before moving on, please interrupt the ping sequence by pressing [Ctrl] + C and close this SSH session. Also close the SSH
session to the Core layer switch N7k-1.

Scenario 9: Licensing
NX-OS enforces licensing for some of its features. However, the licensing scheme has been made very easy to understand and
dCloud: The Cisco Demo Cloud
simple to use. There are three levels of enforced software licensing:

 The Base license which contains a complete set of Layer2 and management features

 The Enterprise Services license which contains the Layer3 routing protocols

 The Advanced Services license for Virtual Device Context (VDC) and Cisco Trusted Security (CTS)

The Base license is free and comes with the Nexus hardware. The Enterprise Services and Advance Services licenses can be
purchased and used independently.

There is a grace period of 120 days, so the users can test out the features before buying. The grace period is calculated on active
features instead of absolute time. So, if a user tries out a licensed feature for a few days and then disabled it, the countdown of the
grace period will stop until a licensed feature within the same license gets turned on again.

These are the steps for this scenario:

 Enable the grace period feature

 Show current license usage

Enable the Grace Period Feature

The grace period feature needs to be enabled first. As we have already used features that require the Enterprise Services Lic ense,
we have already done this for you.

You can still verify the steps for enabling the grace period.
N7k-2# conf t
Enter configuration commands, one per line. End with CNTL/Z.
N7k-2(config)# license grace-period

Show Current License Usage

Display the current license usage.

show license usage

N7k-2(config)# show license usage
Feature Ins Lic Status Expiry Date Comments
Count
--------------------------------------------------------------------------------
MPLS_PKG No - Unused -
STORAGE-ENT No - Unused -
VDC_LICENSES No 0 Unused -
ENTERPRISE_PKG No - Unused -
FCOE-N7K-F132XP No 0 Unused -
FCOE-N7K-F248XP No 0 Unused -
ENHANCED_LAYER2_PKG No - Unused -
SCALABLE_SERVICES_PKG No - Unused -
TRANSPORT_SERVICES_PKG No - Unused -
LAN_ADVANCED_SERVICES_PKG No - Unused -
LAN_ENTERPRISE_SERVICES_PKG No - In use Grace 119D 23H

To install a license the customer will use the install license bootflash:<[Link]> CLI command. The licenses can be downloadable
from CCO.

Scenario 10: Hot Standby Router Protocol

In this scenario we will configure Hot Standby Router Protocol (HSRP) between N7k-2 on Eth2/2 and N7k-3 on Eth2/1.
dCloud: The Cisco Demo Cloud

These are the steps for this scenario:

 Open one SSH session to N7K-2 and another one to N7K-3

 Enable the HSRP feature on N7K-2

 Verify operation of HSRP on N7K-3

Open SSH sessions

Use PuTTY to SSH into the management interface of the Nexus 7000 Access. If not open yet, open one session to device n7k-
[Link] and one session with device [Link] with username admin and the password
C1sco12345.

Enable the HSRP Feature on N7K-2

You will now see that in NX-OS the HSRP configuration is done in a HSRP sub-interface mode. In your SSH session with N7K-2,
execute the following commands:
N7k-2(config)# feature hsrp
N7k-2(config)# interface eth2/2
N7k-2(config-if)# description HSRP with N7k-3 - eth2/1
N7k-2(config-if)# ip address [Link]/24
N7k-2(config-if)# hsrp 1
N7k-2(config-if-hsrp)# preempt delay minimum 180
N7k-2(config-if-hsrp)# priority 110
N7k-2(config-if-hsrp)# timers 1 3
N7k-2(config-if-hsrp)# ip [Link]
N7k-2(config-if-hsrp)# exit
N7k-2(config-if)# no shutdown
N7k-2(config-if)#

NOTE: In order to observe the debug output from SSH console, execute the following command on both, N7k-2 and N7k-3

N7k-2# terminal monitor

Verify Operation of HSRP

Enable the HSRP debug to see the exchange of hello packets between N7k-2 and N7k-3. In your SSH session with N7K-3,
execute the following commands:
N7k-3(config-if)# debug hsrp engine packet hello

The output should be similar to the text captured below:

2010 Sep 25 [Link].001059 hsrp: Eth2/1[1/V4] : Hello out Standby pri 110 ip [Link]
2010 Sep 25 [Link].001098 hsrp: Eth2/1[1/V4] : hel 1 hol 3 auth cisco
2010 Sep 25 [Link].619057 hsrp: Eth2/1[1/V4] : Hello in from [Link] state Active pri 110 ip
[Link]
2010 Sep 25 [Link].619087 hsrp: Eth2/1[1/V4] : hel 1 hol 3 auth cisco
2010 Sep 25 [Link].000980 hsrp: Eth2/1[1/V4] : Hello out Standby pri 110 ip [Link]
2010 Sep 25 [Link].001031 hsrp: Eth2/1[1/V4] : hel 1 hol 3 auth cisco
2010 Sep 25 [Link].619031 hsrp: Eth2/1[1/V4] : Hello in from [Link]

State Active pri 110 ip [Link]

2010 Sep 25 [Link].619058 hsrp: Eth2/1[1/V4] : hel 1 hol 3 auth cisco undebug all
N7k-3(config-if)#
dCloud: The Cisco Demo Cloud

NOTE: When disabling the debug (by issuing for example “undebug all”) the debug messages will stop instantaneously. NX -OS
uses a preemptive scheduler and even simple proof like this underlines the robustness of our control plane.

As a last step, we will verify that for [Link] the device N7k-2 is the active router on [Link] while N7k-3 is the standby
router on [Link]. In your SSH session with N7K-2, execute the following command:

show hsrp group 1

The output should be similar to the text captured below:

N7k-2(config-if)# show hsrp group 1
Ethernet2/2 - Group 1 (HSRP-V1) (IPv4)
Local state is Active, priority 110 (Cfged 110), may preempt
Forwarding threshold(for vPC), lower: 1 upper: 110
Preemption Delay (Seconds) Minimum:180
Hellotime 1 sec, holdtime 3 sec
Next hello sent in 0.809000 sec(s)
Virtual IP address is [Link] (Cfged)
Active router is local
Standby router is [Link] , priority 110 expires in 2.191000 sec(s)
Authentication text "cisco"
Virtual mac address is 0000.0c07.ac01 (Default MAC)
2 state changes, last state change [Link]
IP redundancy name is hsrp-Eth2/2-1 (default)

Results
Once you have gone successfully through the above steps you have concluded the demonstration.

Summary
In this demonstration you:

 Have got familiar with the NX-OS Operating System which will power the Nexus7000 switch.

 Learned some of the aspects of NX-OS and some of its difference from classical IOS.

These differences are:

o General

 OS Images: NX-OS consists of two images: Kickstart + System

 Management VRF: Separate Management VRF for total isolation of management traffic

 Modular OS: Non-core Features - called Conditional Services need to be enabled

 Process Restart ability: Monitoring of system service health and stateful/graceful restarts

 Licensing: Enforced Licensing with grace-period for testing features

o CLI

 Hierarchy Independence: Non-config commands can be issued from everywhere. E.g. ping, show
running-config
dCloud: The Cisco Demo Cloud
 Default Config: Display defaults of the running-config

 Interface Types: Only one interface type Ethernet. No distinction between 10MB, 100MB, 1GB, 10GB
interface type

 Slash Notation: For the IP address configuration the slash notation (e.g. x.x.x.x/24) can be used

 Rollback Mode: Rollback of the entire configuration to pre-defined checkpoints

o ACLs & QoS

 ACL Types: No more ACL types such as Standard or Extended

 Configuration Sessions: "Dry-run" mode for checking hard- and software capabilities

o Access-Control

 RBAC: Role-based-access-control

o L3 Forwarding/Protocols

 IGP routing protocols: Interface centric configuration (e.g. for OSPF)

o Interface

 HSRP - Sub-Interface: Configuration for HSRP is performed in a sub- interface mode

For More Information

For more information about the Cisco Nexus 7000, visit [Link] or contact your local Cisco account
representative.

8.3.6 Lab - Use NETCONF To Access An IOS XE Device - ILM
No ratings yet
8.3.6 Lab - Use NETCONF To Access An IOS XE Device - ILM
16 pages
Nexus Document
No ratings yet
Nexus Document
140 pages
Nexus 7000 Lab Guide
0% (1)
Nexus 7000 Lab Guide
46 pages
Cisco Hybrid Multi-Cloud Networking Guide
No ratings yet
Cisco Hybrid Multi-Cloud Networking Guide
92 pages
Cisco Nexus Dashboard User Guide 211
No ratings yet
Cisco Nexus Dashboard User Guide 211
130 pages
Centurylink Sdwan Network User Guide
No ratings yet
Centurylink Sdwan Network User Guide
155 pages
LABDCT 2001 (Guide) Nexus.7000
No ratings yet
LABDCT 2001 (Guide) Nexus.7000
44 pages
Binder1pdf Orhan 58ed20f4d872c
100% (1)
Binder1pdf Orhan 58ed20f4d872c
562 pages
Cisco Sdwan Design Guide
No ratings yet
Cisco Sdwan Design Guide
102 pages
BRKRST 2377
No ratings yet
BRKRST 2377
111 pages
CLI Ref Guide 2019v1 HPE Aruba Cisco CX From Carolina Advanced Digtial
No ratings yet
CLI Ref Guide 2019v1 HPE Aruba Cisco CX From Carolina Advanced Digtial
143 pages
ASD Self-Paced 8.1.6 Lab Manual v2.14 PDF
No ratings yet
ASD Self-Paced 8.1.6 Lab Manual v2.14 PDF
164 pages
RESTCONF Lab for Networking Instructors
No ratings yet
RESTCONF Lab for Networking Instructors
14 pages
Cisco VXLAN Configuration Lab Using Nexus 9000V DCNM & Ansible
No ratings yet
Cisco VXLAN Configuration Lab Using Nexus 9000V DCNM & Ansible
28 pages
IOS XE 16.9 - Programmability - CG
No ratings yet
IOS XE 16.9 - Programmability - CG
204 pages
BRKACI-2001 - Integration and Interoperation of Existing Nexus Networks Into An ACI Architecture (2015 Melbourne)
No ratings yet
BRKACI-2001 - Integration and Interoperation of Existing Nexus Networks Into An ACI Architecture (2015 Melbourne)
115 pages
Switch VSS Guide
100% (1)
Switch VSS Guide
76 pages
IPE DC Lab
No ratings yet
IPE DC Lab
251 pages
Design and Automate With NDFC
No ratings yet
Design and Automate With NDFC
131 pages
ACIFundamentalsLabGuide2 2
No ratings yet
ACIFundamentalsLabGuide2 2
99 pages
Cisco Anyconnect Posture With Asa, Ise and Amp V1.1: About This Demonstration
No ratings yet
Cisco Anyconnect Posture With Asa, Ise and Amp V1.1: About This Demonstration
29 pages
Network Configuration Guide
No ratings yet
Network Configuration Guide
103 pages
ACI Troubleshooting
No ratings yet
ACI Troubleshooting
309 pages
C9800 Module 1 9800 Family Deployment Options
No ratings yet
C9800 Module 1 9800 Family Deployment Options
38 pages
Cisco Dcuci v40 Student Guide Volume 2
No ratings yet
Cisco Dcuci v40 Student Guide Volume 2
346 pages
Solution Design Guide For Cisco Unified Contact Center Enterprise
No ratings yet
Solution Design Guide For Cisco Unified Contact Center Enterprise
526 pages
Cisco IOS XE SD-WAN Qualified Command Reference
No ratings yet
Cisco IOS XE SD-WAN Qualified Command Reference
880 pages
B BGP CG 74x ncs540
No ratings yet
B BGP CG 74x ncs540
186 pages
Nexus 7000 Training Docs
No ratings yet
Nexus 7000 Training Docs
12 pages
Tni Sda Design Final Perjensen
No ratings yet
Tni Sda Design Final Perjensen
17 pages
Nexus Aci Practice
No ratings yet
Nexus Aci Practice
7 pages
Data Center Automation Using Juniper Apstra Freeform (APSTRAFF)
No ratings yet
Data Center Automation Using Juniper Apstra Freeform (APSTRAFF)
3 pages
SLG BOOK ASR9KE v4.0.1 PDF
100% (1)
SLG BOOK ASR9KE v4.0.1 PDF
196 pages
Cisco SD-Access Workbook
100% (1)
Cisco SD-Access Workbook
29 pages
Nexus 7000 Lab Guide PDF
No ratings yet
Nexus 7000 Lab Guide PDF
46 pages
LLC Firepower
No ratings yet
LLC Firepower
36 pages
CDI-AOS-CX 10.4 Switching Portfolio Launch - Lab V4.01
No ratings yet
CDI-AOS-CX 10.4 Switching Portfolio Launch - Lab V4.01
152 pages
MPLS Segment Routing
No ratings yet
MPLS Segment Routing
347 pages
ACS 5 X To ISE Migration Guide
100% (1)
ACS 5 X To ISE Migration Guide
45 pages
Versa Training Lab Guide: Groups 1 - 2
No ratings yet
Versa Training Lab Guide: Groups 1 - 2
20 pages
BRKSEC 3432 Design
100% (1)
BRKSEC 3432 Design
230 pages
CNS 220 2I en StudentExerciseWorkbook 4 5 Days v05 PDF
No ratings yet
CNS 220 2I en StudentExerciseWorkbook 4 5 Days v05 PDF
193 pages
Brkcrs-3035 - Vss - Advanced
No ratings yet
Brkcrs-3035 - Vss - Advanced
93 pages
Sdwan-17.9 - Workshop
No ratings yet
Sdwan-17.9 - Workshop
38 pages
Policies Book Xe Sdwan
No ratings yet
Policies Book Xe Sdwan
230 pages
Lab Guide: Advanced Network Automation Solutions Using Cisco Ios Eem
No ratings yet
Lab Guide: Advanced Network Automation Solutions Using Cisco Ios Eem
30 pages
CCIE DevNet Tech Guide: Terraform & NSO
No ratings yet
CCIE DevNet Tech Guide: Terraform & NSO
38 pages
ACSA Fast Track (Cisco) Lab Guide-V1.6-updated 4hr CXF System
No ratings yet
ACSA Fast Track (Cisco) Lab Guide-V1.6-updated 4hr CXF System
124 pages
Sample SWITCH Labs
No ratings yet
Sample SWITCH Labs
24 pages
Fab1 - Lumos Lab Guide - 5day - APT-1
No ratings yet
Fab1 - Lumos Lab Guide - 5day - APT-1
435 pages
Cisco Identity Services Engine User Guide, Release 1.2
No ratings yet
Cisco Identity Services Engine User Guide, Release 1.2
786 pages
Cisco Sda Design Guide PDF
No ratings yet
Cisco Sda Design Guide PDF
143 pages
Infoblox Deployment Guide Deploy Infoblox Vnios Instances For Aws
No ratings yet
Infoblox Deployment Guide Deploy Infoblox Vnios Instances For Aws
92 pages
Apstra User Guide
No ratings yet
Apstra User Guide
1,254 pages
VPC Lab Instructions
No ratings yet
VPC Lab Instructions
75 pages
Cisco Nexus 7000 NX-OS Demo Guide
No ratings yet
Cisco Nexus 7000 NX-OS Demo Guide
39 pages
Cisco DevNet Express Cisco DNA Sandbox V3.0a
No ratings yet
Cisco DevNet Express Cisco DNA Sandbox V3.0a
8 pages
Getting Started With Cisco DCloud
No ratings yet
Getting Started With Cisco DCloud
1 page
Ansible For Cisco Nexus Switches v1
No ratings yet
Ansible For Cisco Nexus Switches v1
22 pages
Lab Guide - 02 - CST2 - End Point Lab Guide
No ratings yet
Lab Guide - 02 - CST2 - End Point Lab Guide
55 pages
Cisco APIC Password Recovery Guide
No ratings yet
Cisco APIC Password Recovery Guide
4 pages
Brkaci 1001 PDF
No ratings yet
Brkaci 1001 PDF
162 pages
Configure Ethernet Traffic Monitoring in UCS
No ratings yet
Configure Ethernet Traffic Monitoring in UCS
10 pages
Trinity Grade 1 Music Theory Exam 2009
33% (3)
Trinity Grade 1 Music Theory Exam 2009
8 pages
VM Fex Best Practices Deployment Guide
No ratings yet
VM Fex Best Practices Deployment Guide
19 pages
Bluetooth - Wikipedia PDF
No ratings yet
Bluetooth - Wikipedia PDF
162 pages
India Workshop
No ratings yet
India Workshop
69 pages
Overview of Mobile Computing Concepts
No ratings yet
Overview of Mobile Computing Concepts
13 pages
How To Load Test TCP Protocol Services With JMeter
No ratings yet
How To Load Test TCP Protocol Services With JMeter
11 pages
EcoStruxure Panel Server - PAS600L
No ratings yet
EcoStruxure Panel Server - PAS600L
3 pages
Aerohive Datasheet AP650 Family
No ratings yet
Aerohive Datasheet AP650 Family
2 pages
SYMAP A1 Communication v2.21 EN
No ratings yet
SYMAP A1 Communication v2.21 EN
90 pages
Cisco WLAN Setup Guide
No ratings yet
Cisco WLAN Setup Guide
80 pages
An Overview of Telecommunications
No ratings yet
An Overview of Telecommunications
14 pages
Media Access Control
No ratings yet
Media Access Control
26 pages
Wireless Security Policy Guidelines
100% (1)
Wireless Security Policy Guidelines
8 pages
Cisco Expressway Basic Configuration Deployment Guide X8 1
No ratings yet
Cisco Expressway Basic Configuration Deployment Guide X8 1
57 pages
CSS Training Progress Sheet
No ratings yet
CSS Training Progress Sheet
11 pages
Test Review Ccna2
No ratings yet
Test Review Ccna2
48 pages
Routing Algorithms Explained
No ratings yet
Routing Algorithms Explained
14 pages
Edward Gatebu Resume
No ratings yet
Edward Gatebu Resume
10 pages
ARC3000H-W2 (868) Datasheet 20220628
No ratings yet
ARC3000H-W2 (868) Datasheet 20220628
2 pages
True of False: H12-111-Enu Hcia-Iot V2.5 Exam
100% (4)
True of False: H12-111-Enu Hcia-Iot V2.5 Exam
20 pages
Email Protocols
No ratings yet
Email Protocols
4 pages
Itu-T: Procedures For Real-Time Group 3 Facsimile Communication Over IP Networks
No ratings yet
Itu-T: Procedures For Real-Time Group 3 Facsimile Communication Over IP Networks
124 pages
VOIP Asterisk PDF
No ratings yet
VOIP Asterisk PDF
37 pages
Huawei 3
No ratings yet
Huawei 3
61 pages
Create AWS Network for CyberArk PAM
No ratings yet
Create AWS Network for CyberArk PAM
18 pages
SARA-R5 Series: Application Development Guide
100% (1)
SARA-R5 Series: Application Development Guide
41 pages
Nexus 1000V Deployment Scenarios
No ratings yet
Nexus 1000V Deployment Scenarios
30 pages
User Manual of DS-6101HFI-IP V2.0
No ratings yet
User Manual of DS-6101HFI-IP V2.0
28 pages
AMC 1000-P Wiring Overview
No ratings yet
AMC 1000-P Wiring Overview
38 pages
Osi Model
No ratings yet
Osi Model
22 pages
Eap Chaining With Teap
No ratings yet
Eap Chaining With Teap
7 pages
Microsoft Support Case 802.1x
No ratings yet
Microsoft Support Case 802.1x
26 pages