Learn Nexus

Learn Nexus
In Comparison with IOS

By: Prashant Phirke (CCIE R&S)
Table of Contents
Configuration Fundamentals.................................................................................................................... 3
Interface Configuration .......................................................................................................................... 10
Port-Channel ......................................................................................................................................... 15
HSRP...................................................................................................................................................... 20
DHCP Relay ............................................................................................................................................ 25
STP ........................................................................................................................................................ 28
EIGRP .................................................................................................................................................... 32
OSPF ...................................................................................................................................................... 37
BGP ....................................................................................................................................................... 42
BGP (Advanced) ..................................................................................................................................... 48
Multicast ............................................................................................................................................... 54
Netflow ................................................................................................................................................. 65
SPAN ..................................................................................................................................................... 70
TACACS+, RADIUS, and AAA ................................................................................................................... 74
Layer-3 Virtualization............................................................................................................................. 79
Learn Nexus Page 2

Configuration Fundamentals
The Cisco NX-OS is a data center class operating system designed for maximum scalability and
application availability. The CLI interface for the NX-OS is very similar to Cisco IOS, so if you
understand the Cisco IOS you can easily adapt to the Cisco NX-OS. However, a few key
differences should be understood prior to working with the Cisco NX-OS.
Important Cisco NX-OS and Cisco IOS Software Differences

In Cisco NX-OS:
• When you first log into the NX-OS, you go directly into EXEC mode.
• Role Based Access Control (RBAC) determines a user’s permissions by default. NX-OS
5.0(2a) introduced privilege levels and two-stage authentication using an enable secret
that can be enabled with the global feature privilege configuration command.
• By default, the admin user has network-admin rights that allow full read/write access.
Additional users can be created with very granular rights to permit or deny specific CLI
commands.
• The Cisco NX-OS has a Setup Utility that allows a user to specify the system defaults,
perform basic configuration, and apply a pre-defined Control Plane Policing (CoPP)
security policy.
• The Cisco NX-OS uses a feature based license model. An Enterprise or Advanced
Services license is required depending on the features required. Additional licenses may
be required in the future.
• A 120 day license grace period is supported for testing, but features are automatically
removed from the running configuration after the expiration date is reached.
• The Cisco NX-OS has the ability to enable and disable features such as OSPF, BGP,
etc… using the feature configuration command. Configuration and verification
commands are not available until you enable the specific feature.
• Interfaces are labeled in the configuration as Ethernet. There aren’t any speed
designations.
• The Cisco NX-OS supports Virtual Device Contexts (VDCs), which allow a physical
device to be partitioned into logical devices. When you log in for the first time You are in
the default VDC (VDC 1).
• The Cisco NX-OS has two preconfigured VRF instances by default (management,
default). The management VRF is applied to the supervisor module out-of-band Ethernet
port (mgmt0), and the default VRF instance is applied to all other I/O module Ethernet
ports.
• SSHv2 server/client functionality is enabled by default. TELNET server functionality is
disabled by default. (The TELNET client is enabled by default and cannot be disabled.)
• VTY and Auxiliary port configurations do not show up in the default configuration
unless a parameter is modified (The Console port is included in the default
configuration). The VTY port supports 32 simultaneous sessions and the timeout is
disabled by default for all three port types.
Learn Nexus Page 3

Things You Should Know
The following list provides some additional Cisco NX-OS information that should be helpful
when configuring and maintaining the Cisco NX-OS.
• The default administer user is predefined as admin. An admin user password has to be
specified when the system is powered up for the first time, or if the running configuration
is erased with the write erase command and system is repowered.
• If you remove a feature with the global no feature configuration command, all relevant
commands related to that feature are removed from the running configuration.
• The NX-OS uses a kickstart image and a system image. Both images are identified in the
configuration file as the kickstart and system boot variables. The boot variables
determine what version of NX-OS is loaded when the system is powered on. (The
kickstart and system boot variables have to be configured for the same NX-OS version.)
• The show running-config command accepts several options, such as OSPF, BGP, etc…
that will display the runtime configuration for a specific feature.
• The show tech command accepts several options that will display information for a
specific feature.
Configuration Comparison
The following sample code show similarities and differences between the Cisco NX-OS software
and the Cisco IOS Software CLI.
Cisco IOS CLI Cisco NX-OS CLI

Default User Prompt
c6500> n7000#
Entering Configuration Mode
c6500# configure terminal n7000# configure terminal
Saving the Running Config to the Startup Config (nvram)
c6500# write memory
or n7000# copy running-config startup-config
c6500# copy running-config startup-config
Erasing the startup config (nvram)
c6500# write erase n7000# write erase
Learn Nexus Page 4

Installing a License
Cisco IOS Software does not require a

n7000# install license bootflash:license_file.lic
license file installation.
Interface Naming Convention
interface Ethernet 1/1
interface FastEthernet 1/1

interface Ethernet 1/1
interface GigabitEthernet 1/1
interface TenGigabitEthernet 1/1
Default VRF Configuration (management)
Cisco IOS Software doesn’t enable VRFs by

vrf context management
default.
Configuring the Software Image Boot Variables
boot kickstart bootflash:/n7000-s1-

kickstart.4.0.4.bin sup-1
boot system bootflash:/n7000-s1-

dk9.4.0.4.bin sup-1
boot system flash sup-bootdisk:s72033-
ipservicesk9_wan-mz.122-33.SXH1.bin
boot kickstart bootflash:/n7000-s1-
kickstart.4.0.4.bin sup-2
boot system bootflash:/n7000-s1-

dk9.4.0.4.bin sup-2
Enabling Features
Cisco IOS Software does not have the

feature ospf
functionality to enable or disable features.
Enabling TELNET (SSHv2 is recommended)
Cisco IOS Software enables TELNET by

feature telnet
default.
Configuring the VTY Timeout and Session
Limit
line vty 0 9 line vty
Learn Nexus Page 5

exec-timeout 15 0 session-limit 10
login exec-timeout 15
Verification Command Comparison

The following table compares some useful show commands for verifying the initial system
startup and running configuration.
Cisco NX-OS Cisco IOS Software Command Description

show running-config show running-config Displays the running configuration
show startup-config show startup-config Displays the startup configuration
- - -
show interface show interface Displays the status for all of the interfaces
show interface show interface <int
Displays the status for a specific interface
ethernet <x/x> type>
- - -
show boot show boot Displays the current boot variables
- - -
Displays the system clock and time zone
show clock show clock
configuration
show clock detail show clock detail Displays the summer-time configuration
- - -
show environment show environment Displays all environment parameters
show environment show environment
Displays clock status for A/B and active clock
clock status clock
show environment
show environment fan Displays fan status
cooling fan-tray
show environment
show power Displays power budget
power
show environment show environment
Displays environment data
temperature temperature
- - -
show log logfile show log Displays the local log
Learn Nexus Page 6

Displays persistent log messages (severity 0-2)
show log nvram -
stored in NVRAM
show module show module Displays installed modules and their status
Displays how long each module has be
show module uptime -
powered up
Displays fabric modules and their current
show module fabric -
status
show platform fabric-
show fabric utilization Displays the % of fabric utilized per module
utilization
show process cpu show process cpu Displays the processes running on the CPU
show process cpu show process cpu Displays the process history of the CPU in
history history chart form
show process cpu show process cpu
Displays sorted processes running on the CPU
sorted sorted
- - -
show system cores - Displays the core dump files if present
show system
show exception Displays last exception log
exception-info
show system Displays the supervisors High Availability
show redundancy
redundancy status status
show system resources show process cpu Displays CPU and memory usage data
Displays system and kernel start time
show system uptime -
(Displays active supervisor uptime)
- - -
Displays system technical information for
show tech-support show tech-support
Cisco TAC
show tech-support show tech-support Displays feature specific technical information
<name> <name> for Cisco TAC
- - -
Displays running software version, basic
show version show version
hardware, CMP status and system uptime
- - -
Displays console and auxiliary port
show line show line
information
show line com1 - Displays auxiliary port information
show line console show line console 0 Displays console port information
Learn Nexus Page 7

show line console States if the console port is physically
-
connected connected
show terminal show terminal Displays terminal settings
show users show users Displays current virtual terminal settings
- - -
show vrf show ip vrf Displays a list of all configured VRFs
show vrf <name> show ip vrf <name> Displays an specified VRF
show vrf <name> show vrf detail
Displays details for a specified
detail <name>
show vrf <name> Displays interface assignment for a specified
-
interface VRF
show vrf default - Displays a summary of the default VRF
show vrf detail show vrf detail Displays details for all VRF's
show vrf interface show ip vrf interface Displays VRF interface assignment
show vrf management - Displays a summary of the management VRF
- - -
show license - Displays all license file information
show license brief - Displays the license file names installed
show license file Displays license contents based on a specified
-
<name> name
Displays the chassis Host-ID used for creating
show license host-id -
a license
show license usage - Displays all licenses used by the system
show license usage Displays all licenses used by the system per
-
<license-type> type
show license usage Displays all licenses used by the system for all
-
vdc-all VDCs
- - -
show vdc - Displays a list of the configured VDC's
show vdc <name> - Displays a summary of the individual VDC
show vdc <name> Displays configuration details for a specific
-
detail VDC
show vdc <name> Displays interface membership for a specific
-
membership VDC
show vdc <name> - Displays resource allocation for a specific
Learn Nexus Page 8

resource VDC
show vdc current-vdc - Displays the VDC that the user is currently in
show vdc detail - Displays details information for all VDCs
show vdc membership - Displays interface membership for all VDCs
show vdc resources - Displays resource allocation for all VDCs
Learn Nexus Page 9

Interface Configuration
The NX-OS supports different physical and virtual interface types to meet various network connectivity
requirements. The different interface types include: layer-2 switched (access or trunk), layer-3 routed,
layer-3 routed (sub-interface trunk), switched virtual interface (SVI), port-channel, loopback, and tunnel
interfaces.

In Cisco NX-OS:
• SVI command-line interface (CLI) configuration and verification commands are not
available until you enable the SVI feature with the feature interface-vlan command.
• Tunnel interface command-line interface (CLI) configuration and verification commands
are not available until you enable the Tunnel feature with the feature tunnel command.
• Interfaces support stateful and stateless restarts after a supervisor switchover for high
availability.
• Only 802.1q trunks are supported, so the encapsulation command isn't necessary when
configuring a layer-2 switched trunk interface. (Cisco ISL is not supported)
• An IP subnet mask can be applied using /xx or xxx.xxx.xxx.xxx notation when
configuring an IP address on a layer-3 interface.
• The CLI syntax for specifying multiple interfaces is different in Cisco NX-OS Software.
The range keyword has been omitted from the syntax (IE: interface ethernet 1/1-2)
• The out-of-band management ethernet port located on the supervisor module is
configured with the interface mgmt 0 CLI command.

The following list provides some additional facts about the Cisco NX-OS that should be helpful
when configuring interfaces.
• An interface can only be configured in 1 VDC at a time.

• All 4 interfaces in a port group must be assigned to the same VDC when assigning
interfaces on the 32 port 10GE module. There are not any restrictions for the 48 port 1GE
modules.
• 10 GE interfaces can be configured in dedicated mode using the rate-mode dedicated
interface CLI command.
• The default port type is configurable for L3 routed or L2 switched in the setup startup
script. (L3 is the default port type prior to running the script)
• A layer-2 switched trunk port sends and receives traffic for all VLANs by default (This is
the same as Cisco IOS Software). Use the switchport trunk allowed vlan interface CLI
command to specify the VLANs allowed on the trunk.
• The clear counters interface ethernet x/x CLI command resets the counters for a
specific interface.
Learn Nexus Page 10

The following sample code shows configuration similarities and differences between the Cisco
NX-OS and Cisco IOS Software CLIs. The CLI is very similar between Cisco IOS and Cisco
NX-OS Software.

Configuring a Routed Interface
interface gigabitethernet 1/1 interface ethernet 1/1
ip address 192.168.1.1 255.255.255.0 ip address 192.168.1.1/24
no shutdown no shutdown
Configuring a Switched Interface (VLAN 10)
vlan 10 vlan 10
switchport switchport
switchport mode access switchport mode access
switchport access vlan 10 switchport access vlan 10
Configuring a Switched Virtual Interface (SVI)
Cisco IOS Software does not have the ability

to enable or disable SVI interfaces using the feature interface-vlan
feature command.
interface vlan 10
interface vlan 10
ip address 192.168.1.1./24
ip address 192.168.1.1 255.255.255.0
no shutdown
no shutdown
Configuring a Switched Trunk Interface
Learn Nexus Page 11

interface GigabitEthernet 1/1
switchport interface ethernet 1/1
switchport trunk encapsulation dot1q switchport mode trunk
switchport trunk native vlan 2 switchport trunk allowed vlan 10,20
switchport trunk allowed vlan 10,20 switchport trunk native vlan 2
switchport mode trunk no shutdown
no shutdown
Configuring a Routed Trunk Sub-Interface
interface gigabitethernet 1/1

interface ethernet 1/1
no switchport
no switchport
no shutdown
no shutdown
interface ethernet 1/1.10

interface gigabitethernet1/1.10
encapsulation dot1q 10
encapsulation dot1Q 10
ip address 192.168.1.1/24
ip address 192.168.1.1 255.255.255.0
no shutdown
no shutdown
Configuring a Loopback Interface
interface loopback 1 interface loopback 1
Configuring a Tunnel Interface
Cisco IOS Software does not have the ability feature tunnel
to enable or disable Tunnel interfaces using
the feature command.
Learn Nexus Page 12

interface tunnel 1
interface Tunnel 1 ip address 192.168.1.1/24
ip address 192.168.1.1 255.255.255.0 tunnel source 172.16.1.1
tunnel source 172.16.1.1 tunnel destination 172.16.2.1
tunnel destination 172.16.2.1 no shutdown
no shutdown
Configuring an Interface Description

description Test Interface description Test Interface
Configuring Jumbo Frames

mtu 9216 mtu 9216
Configuring Multiple Interfaces (Examples)

interface range gigabitethernet 1/1-2
interface ethernet 1/1-1
or
or
interface range gigabitethernet 1/1,
interface ethernet 1/1, ethernet 2/1
gigabitethernet 2/1

The following table lists some useful show commands for verifying the status and
troubleshooting an interface.
Cisco NX-OS Cisco IOS Software

Command Description
Interface Interface
Displays the status and statistics for all interfaces
show interface show interface
or a specific interface
show interface brief - Displays a brief list of the interfaces (type, mode,
Learn Nexus Page 13

status, speed, MTU)
Displays interface capabilities
capabilities capabilities
show interface show interface Displays interface counters (input/output unicast,
counters counters multicast & broadcast)
show interface Displays the de-bounce status and time in ms for all
-
debounce interfaces
show interface
- Displays all interfaces with configured descriptions
description
Displays status and statistics for a specific interface
ethernet interface-type
show interface show interface Displays Flow Control (802.1p) status and state for
flowcontrol flowcontrol all interfaces
show interface show interface Displays status and statistics for a specific
loopback loopback loopback interface
show interface mac- Displays all interfaces and their associated MAC
-
address Addresses
show interface Displays status and statistics for the management
-
mgmt interface located on the supervisor
show interface port- show interface port- Displays status and statistics for a specific port-
channel channel channel
show interface
show interface status Displays all interfaces and their current status
status
show interface show interface Displays a list of all interfaces that are configured
switchport switchport as switchports
show interface show interface Displays a list of all interfaces and optic
transceiver transceiver information (calibrations, details)
show interface
show interface trunk Displays a list of all interfaces configured as trunks
trunk
show interface show interface Displays status and statistics for a specific tunnel
tunnel <#> tunnel <#> interface
show interface vlan show interface vlan Displays status and statistics for a specific VLAN
<#> <#> interface
Learn Nexus Page 14

Port-Channel
Port-Channels provide a mechanism for aggregating multiple physical Ethernet links into a
single logical Ethernet link. Port-Channels are typically used to increase availability and
bandwidth, while simplifying the network topology. Port-Channels can be configured in Static
Mode (no protocol) or in conjunction with a protocol such as LaCP defined in IEEE 802.3ad or
PaGP for dynamic negotiations and keep-alive detection for failover.

In Cisco NX-OS:
• 256 Port-Channels are supported per chassis

• LaCP and Static Mode Port-Channels are supported (PaGP is not supported in Cisco NX-
OS Software).
• LaCP command-line interface (CLI) configuration and verification commands are not
available until you enable the LaCP feature with the feature lacp command.
• The CLI syntax for specifying multiple interfaces is different in Cisco NX-OS Software.
The range keyword has been omitted from the syntax (IE: interface ethernet 1/1-2)
• A Port-Channel can be converted between a layer-2 and layer-3 Port-Channel without
removing the member ports.
• The force keyword can be used when adding an interface to an existing Port-Channel to
force the new interface to inherit all of the existing Port-Channel compatibility
parameters.

when designing, configuring, and maintaining a network using Port-Channels.
• A single Port-Channel cannot connect to two different VDCs in the same chassis.
• You cannot disable LaCP with the no feature lacp command if LaCP is configured for a
Port-Channel. LaCP must be disabled on all Port-Channels prior to disabling LaCP
globally.
• The show port-channel compatibility-parameters CLI command is very useful for
verifying interface parameters when configuring Port-Channels.
• The show port-channel load-balance forwarding-path CLI command can be used to
determine the individual link a flow traverses over a specific Port-Channel.
Learn Nexus Page 15

NX-OS and Cisco IOS Software CLIs. The CLI is very similar between Cisco IOS and Cisco
NX-OS. Cisco NX-OS does not use the range keyword when specifying multiple interfaces.
Cisco NX-OS also has the ability to force an interface to inherit existing Port-Channel
compatibility parameters using the force keyword.

Enabling the LaCP Feature

feature lacp
to enable or disable LaCP.
Configuring LACP Active Mode
interface range gigabitethernet 1/1-2 interface ethernet 1/1-2
channel-group 1 mode active channel-group 1 mode active
Configuring LaCP Passive Mode
channel-group 1 mode passive channel-group 1 mode passive
Configuring Static Mode (no protocol)
channel-group 1 mode on channel-group 1 mode on
Enabling a Port Channel
interface port-channel 1 interface port-channel 1
Layer-2 Port-Channel Example
Learn Nexus Page 16

Layer-3 Port-Channel Example
no switchport no switchport
Adding an Interface to an Existing Port-Channel
Cisco IOS Software does not have the force

option, so all interface parameters have to be
compatible prior to adding the interface to an
existing Port-Channel.
interface ethernet 1/3
interface range gigabitethernet 1/3 channel-group 1 force mode active
no switchport
channel-group 1 mode active[
Configuring the System Load-Balance Algorithm
port-channel load-balance ethernet

port-channel load-balance dst-mac
destination-mac
Configuring the Load-Balance Algorithm per Module
port-channel per-module load-balance

port-channel load-balance ethernet
port-channel load-balance dst-mac module destination-mac module 1
1
Learn Nexus Page 17

The following table lists some useful show commands for verifying and troubleshooting a Port-
Channel configuration.
Cisco IOS Software

Cisco NX-OS Port-Channels Command Description
Port-Channels
Displays statistics all interfaces or a
specific interface
show interface port-channel show interface port- Displays statistics for a specific port-
<#> channel <#> channel
- - -
Displays port-channel resources (total,
show port-channel capacity -
used, free)
show port-channel Displays the compatibility-parameters
-
compatibility-parameters (IE: speed, duplex, etc)
Displays the aggregation state for one
show port-channel database -
or more port-channels
show port-channel load- show etherchannel load- Displays the load-balancing algorithm
balance balance (hash) configured
show port-channel load- show etherchannel load- Displays packet forwarding
balance forwarding-path balance hash-result information
show etherchannel Displays a summarized list of all port-
show port-channel summary
summary channels
Displays the load per link in a port-
show port-channel traffic -
channel (Based in interface counters)
Displays the range of used and unused
show port-channel usage -
port-channel numbers
- - -
Displays the LaCP PDU and error
show lacp counters show lacp counters
counters
Displays detailed LaCP information
show lacp interface -
per interface
Displays detailed LaCP information
show lacp neighbors show lacp neighbors
per neighbor
show lacp <port- Displays the port-channel LaCP
show lacp port-channel
channel-#> configuration
Learn Nexus Page 18

Displays the LaCP system ID
show lacp system-identifier show lacp sys-id
(Priority / MAC address)
Learn Nexus Page 19

HSRP
HSRP is a Cisco proprietary First Hop Redundancy Protocol (FHRP) designed to allow
transparent failover for an IP client’s default gateway (first-hop router).

In Cisco NX-OS:
• HSRP command-line interface (CLI) configuration and verification commands are not
available until you enable the HSRP feature with the feature hsrp command.
• HSRP is hierarchical. All related commands for an HSRP group are configured under the
group number.
• The HSRP configuration commands use the format hsrp <option> instead of standby
<option>.
• The HSRP verification commands use the format show hsrp <option> instead of show
standby <option>.
• HSRP supports stateful process restart by default.
• The hello and hold-time timer ranges for the millisecond options are different. In Cisco
NX-OS, hello = 250 to 999 milliseconds, and hold time = 750 to 3000 milliseconds. In
Cisco IOS Software, hello = 15 to 999 milliseconds, and hold time = 50 to 3000
milliseconds.

The following list provides some additional facts about Cisco NX-OS that should be helpful
when designing, configuring, and maintaining HSRP-enabled networks.
• If you remove the feature hsrp command, all relevant HSRP configuration information
is also removed.
• HSRPv1 is enabled by default (HSRPv2 can be enabled per interface).
• HSRPv1 supports 256 group numbers (0 to 255). HSRPv2 supports 4096 group numbers
(0 to 4095).
• HSRPv1 and HSRPv2 are not compatible. However, a device can be configured to run a
different version on different interfaces.
• The show running-config hsrp command displays the current HSRP configuration.
• Configuration of more than one FHRP on an interface is not recommended.
• Object tracking is supported. Tracking can be configured for an interface’s line protocol
state, IP address state, and for IP route reachability (determining whether a route is
available in the routing table).
Learn Nexus Page 20

• An interface can track multiple objects.
• Secondary IP addresses are supported in the same or a different group as the interface’s
primary IP address.
• Load sharing can be accomplished by using multiple HSRP groups per interface.
NX-OS and Cisco IOS Software CLIs. There are two significant differences: Cisco NX-OS uses
a hierarchical configuration, and it uses the hsrp keyword instead of the standby keyword for
configuration and verification commands. Both enhancements make the configuration easier to
read.

Enabling the HSRP Feature

feature hsrp
to enable or disable HSRP.
Configuring HSRP on an Interface
interface Ethernet2/1
ip address 192.168.10.2/24
ip address 192.168.10.2 255.255.255.0
hsrp 0
standby 0 ip 192.168.10.1
ip 192.168.10.1
Configuring the priority and preempt Options
ip address 192.168.10.2/24
ip address 192.168.10.2 255.255.255.0
hsrp 0
standby 0 ip 192.168.10.1
preempt
standby 0 priority 110
priority 110
standby 0 preempt
Learn Nexus Page 21

ip 192.168.10.1
Modifying the Hello and Holdtime Timers (Seconds)
ip address 192.168.10.2/24
ip address 192.168.10.2 255.255.255.0
hsrp 0
standby 0 ip 192.168.10.1
timers 1 3
standby 0 timers 1 3
ip 192.168.10.1
Modifying the Hello and Holdtime Timers (Milliseconds)
ip address 192.168.10.2/24
ip address 192.168.10.2 255.255.255.0
hsrp 0
standby 0 ip 192.168.10.1
timers msec 250 msec 750
standby 0 timers msec 250 msec 750
ip 192.168.10.1
Configuring MD5 Authentication
ip address 192.168.10.2/24
ip address 192.168.10.2 255.255.255.0
hsrp 0
standby 0 ip 192.168.10.1
authentication md5 key-string cisco123
standby 0 authentication md5 key-string
cisco123
ip 192.168.10.1
Configuring HSRP Version 2 on an Interface
interface Ethernet2/1 interface Ethernet2/1
standby version 2 hsrp version 2
Configuring Minimum and Reload Initialization Delay
Learn Nexus Page 22

standby delay minimum 5 reload 10 hsrp delay minimum 5 reload 10
Configuring Object Tracking (Interface Line-Protocol)
track 1 interface ethernet 2/2 line-protocol

track 1 interface Ethernet2/2 line-protocol
ip address 192.168.10.2/24
ip address 192.168.10.2 255.255.255.0
hsrp 0
standby 0 ip 192.168.10.1
track 1 decrement 20
standby 0 track 1 decrement 20
ip 192.168.10.1

The following table compares some useful show commands for verifying and troubleshooting an
HSRP configuration.
Cisco IOS Software

Cisco NX-OS HSRP Command Description
HSRP
Displays detailed information for all HSRP
show hsrp show standby <#>
groups
show hsrp active - Displays all of the groups in the “active” state
show hsrp brief show standby brief Displays a summary of all the HSRP groups
Displays minimum and maximum delay times
show hsrp delay -
for preempting
Displays detailed information for a specified
show hsrp group -
group
show hsrp init - Displays all the groups in the "init" state
Learn Nexus Page 23

Displays detailed information for a specific
show hsrp interface -
interface
show hsrp learn - Displays all the groups in the "learn" state
show hsrp listen - Displays all the groups in the "listen" state
show hsrp speak - Displays all the groups in the "speak" state
show hsrp standby - Displays all the groups in the "standby" state
Displays summary information for HSRP
show hsrp summary -
groups
- - -
show track show track Displays the configured tracked objects
show track brief show track brief Displays a brief list of tracked objects
show track interface show track interface Displays the status of tracked interfaces
Displays the IP protocol objects that are
show track ip show track ip
tracked
Learn Nexus Page 24

DHCP Relay
The DHCP Relay feature was designed to forward DHCP broadcast requests as unicast packets
to a configured DHCP server or servers for redundancy.

In Cisco NX-OS:
• DHCP command-line interface (CLI) configuration and verification commands are not
available until you enable the DCHP feature with the feature dhcp command.
• The DHCP service is not enabled by default, whereas it is enabled by default in Cisco
IOS Software.
• The DHCP-Relay command ip dchp relay address is equivalent to the ip helper-
address command in Cisco IOS Software.
• Only packets destined to User Datagram (UDP) port 67 (Bootps) and 68 (Bootpc) are
forwarded by the relay, whereas Cisco IOS Software forwards additional protocols
(Trivial File Transfer Protocol [TFTP], Domain Name System [DNS], Time, NetBios,
and Neighbor Discovery).
• The Cisco NX-OS cannot act as a DHCP server.

when designing, configuring, and maintaining networks with the DHCP-Relay feature.
• If you remove the feature dhcp command, all relevant DHCP configuration information
is also removed.
• Prior to NX-OS 4.2(1), the service dhcp command enabled the DHCP Relay feature. In
NX-OS 4.2(1) the command was changed to ip dhcp relay.
• Sixteen DHCP Relay addresses can be configured per interface.
• DHCP packets are always forwarded through DHCP Relay in the same Virtual Route
Forwarding (VRF) instance assigned to the interface.
• Assign a DHCP Relay to every interface that may have a client, even if the server resides
in the same Layer-2 broadcast domain (VLAN). - This has been fixed in 4.2(1) software.
• DHCP Option 82 information can be configured with the ip dhcp relay information
option global command.
• The DHCP Relay configuration can be verified with the show ip dhcp relay address
command.
Learn Nexus Page 25

NX-OS and Cisco IOS Software CLIs. There are two significant differences: in Cisco NX-OS,
the DHCP feature must be enabled, and the DHCP service is not enabled by default.

Enabling the DHCP Feature

feature dhcp
to enable or disable DHCP.
Enabling the DHCP Service
Cisco IOS Software enables service dhcp by

ip dhcp relay
default.
Configuring DHCP Relay for an Interface
ip helper-address 1.1.1.1 ip dhcp relay address 1.1.1.1
Configuring Option 82 Information
ip dhcp relay information option ip dhcp relay information option

The following table compares some useful show commands for verifying and troubleshooting
the DHCP-Relay feature.
Cisco NX-OS DHCP- Cisco IOS Software

Command Description
Relay DHCP-Relay
show ip dhcp relay Displays a list of DHCP-Relay(s)
-
address configured for all interfaces
show ip dhcp relay - Displays the DHCP-Relay(s) configured
Learn Nexus Page 26

address interface for a specific interface
Learn Nexus Page 27

STP
STP is a standards based link-layer protocol originally defined in IEEE 802.1d that runs on
switches to prevent forwarding loops when using redundant layer-2 network topologies. Newer
variants of STP have been developed called Rapid Spanning Tree protocol (RSTP) defined in
IEEE 802.1w and Multiple Spanning Tree protocol (MST) defined in IEEE 802.1s that are
enhanced for better scalability and converge faster than the original version.

In Cisco NX-OS:
• Rapid-PVST+ and the MST protocols are supported.

• Rapid-PVST+ is enabled by default.
• High availability is achieved with stateful switchover when two supervisors are installed
in a chassis.
• The STP port types are identified with the port type designation as opposed to the
portfast designation in Cisco IOS Software.

when designing, configuring, and maintaining a network configured with the STP.
• Rapid-PVST+ is interoperable with the 802.1d STP.

• Rapid-PVST+ is interoperable with MST. (This is enabled by default)
• Only one STP can be enabled per VDC.
• Bridge Assurance is enabled globally by default, but is disabled on an interface by
default.
• Bridge Assurance can be enabled for an interface using the spanning-tree port type
network interface command.
• The clear spanning-tree counters command clears the counters for an STP interface or a
VLAN.
• STP enhancements such as BPDU Guard, Loop Guard, Root Guard, and BPDU Filtering
are supported.
Spanning-Tree best practices are applicable to both Cisco NX-OS and Cisco IOS Software
Learn Nexus Page 28

• Do not disable STP. Even if the layer-2 topology does not require STP, it should always
be enabled as a safeguard for configuration and/or cabling errors.
• Changing the STP mode can disrupt traffic.
• Enabling Bridge Assurance is recommended. However, only enable Bridge Assurance on
layer-2 links if both devices on each end of the link support it.
• Typically the core/backbone devices should be configured as the primary and secondary
root bridges.
• The default bridge priority is 32,768 (plus the VLAN #). The lower the value, the more
likely it will become the root bridge.
• Configure 802.1q trunk ports as edge trunk port type when connecting to L3 hosts such
as firewalls, load-balancers, or servers for faster convergence.
NX-OS and Cisco IOS Software CLIs. The CLI is identical with the exception of the port type
terminology. The Cisco IOS uses the portfast designation, whereas Cisco NX-OS uses the port
type designation.

Configuring VLANs
vlan 10,20 vlan 10,20
Configuring Rapid PVST+
Rapid-PVST is enabled by default.

spanning-tree mode rapid-pvst
spanning-tree mode rapid-pvst
Configuring the Rapid-PVST+ Bridge Priority
spanning-tree vlan 10 root primary spanning-tree vlan 10 root primary
spanning-tree vlan 20 root secondary spanning-tree vlan 20 root secondary
Configuring MST
spanning-tree mode mst spanning-tree mode mst
Configuring a MST Instance
Learn Nexus Page 29

spanning-tree mst configuration spanning-tree mst configuration
instance 1 vlan 10 instance 1 vlan 10
instance 2 vlan 20 instance 2 vlan 20
Configuring the MST Bridge Priority
spanning-tree mst 1 root primary spanning-tree mst 1 root primary
spanning-tree mst 2 root secondary spanning-tree mst 2 root secondary
Configuring STP Port Types Globally
spanning-tree portfast edge default spanning-tree port type edge default
or or
spanning-tree portfast network default spanning-tree port type network default
Configuring STP Port Types per Interface
interface GigabitEthernet1/1 interface ethernet 1/1
spanning-tree portfast edge spanning-tree port type edge
or or
spanning-tree portfast network spanning-tree port type network
or or
spanning-tree portfast disable spanning-tree port type normal
Configuring a Trunk as an Edge Port Type
spanning-tree portfast edge trunk spanning-tree port type edge trunk
Disabling PVST Simulation Globally
no spanning-tree mst simulate pvst global no spanning-tree mst simulate pvst global
Learn Nexus Page 30

Disabling PVST Simulation per Port
spanning-tree mst simulate pvst disable spanning-tree mst simulate pvst disable

The following table lists some useful show commands for verifying and troubleshooting a STP
network configuration. The show commands are identical for Cisco IOS and Cisco NX-OS
Software.
Cisco NX-OS STP Cisco IOS Software STP Command Description

Displays high level STP process
show spanning-tree show spanning-tree
information
show spanning-tree active show spanning-tree active Displays all ports in the active state
Displays all ports in the blocked state
blockedports blockedports
Displays detailed information per STP
show spanning-tree detail show spanning-tree detail
instance
show spanning-tree show spanning-tree Displays detailed STP information for
interface interface a specific interface
Displays high-level MST
show spanning-tree mst show spanning-tree mst
configuration
show spanning-tree mst show spanning-tree mst Displays the MST instance
configuration configuration configuration
show spanning-tree mst show spanning-tree mst
Displays detailed MST information
detail detail
show spanning-tree root show spanning-tree root Displays STP root information
Displays STP summary information
summary summary
show spanning-tree vlan show spanning-tree vlan Displays per VLAN STP information
Learn Nexus Page 31

EIGRP
EIGRP is a Cisco proprietary hybrid distance vector routing protocol used to exchange network
reachability information within an autonomous system.

In Cisco NX-OS:
• EIGRP command-line interface (CLI) configuration and verification commands are not
available until you enable the EIGRP feature with the feature eigrp command.
• The EIGRP protocol requires the Enterprise Services license.
• The EIGRP instance can consist of 20 characters. Cisco IOS Software supports numbers
1- 65536.
• Eight equal-cost paths are supported by default; Cisco NX-OS supports up to 16.
• Route auto-summarization is disabled by default.
• Networks and interfaces are added to an EIGRP instance under the interface
configuration mode.
• If a router ID is not manually configured, the loopback-0 IP address is always preferred.
If loopback 0 does not exist, Cisco NX-OS selects the IP address for the first loopback
interface in the configuration. If no loopback interfaces exist, Cisco NX-OS selects the IP
address for the first physical interface in the configuration.
• A default route can be generated with the default-information originate command,
whereas Cisco IOS Software requires additional CLI commands to achieve similar
results.
• When interface authentication is configured, the EIGRP key is encrypted with Data
Encryption Standard 3 (3DES) in the configuration. Cisco IOS Software requires the
service password command.
• Distribute-lists used to filter routes from routing updates are applied under the interface
with the ip distribute-list eigrp command, as opposed to under the EIGRP router
instance.

when designing, configuring, and maintaining an EIGRP network.
• Four EIGRP instances can be configured per virtual device context (VDC).
• Numerous Virtual Route Forwarding (VRF) instances can be associated with an EIGRP
instance.
Learn Nexus Page 32

• If the feature eigrp command is removed, all relevant EIGRP configuration information
is also removed.
• The shutdown command can be used to disable an EIGRP instance while retaining the
configuration. This feature can also be applied per interface with the ip eigrp <instance
#> shutdown command.
• The show running-config eigrp command displays the current EIGRP configuration.
• An EIGRP instance can be restarted with the restart eigrp <instance #> command.
• Graceful restart (RFC 3623) is enabled by default.
• Multiple EIGRP instances can be configured on the same interface.
• Secondary IP addresses are advertised by default and cannot be suppressed per interface.
NX-OS and Cisco IOS Software CLIs. There are three significant differences: Cisco NX-OS
allows EIGRP to be enabled and disabled globally, and it has a more interface-centric
configuration that makes it easier to read. In addition, Cisco NX-OS has the capability to
generate a default route, whereas Cisco IOS Software requires additional CLI commands to
achieve similar results.

Enabling the EIGRP Feature

feature eigrp
to enable or disable EIGRP.
Configuring an EIGRP Instance and Router ID
router eigrp 10 router eigrp 10
eigrp router-id 192.168.1.1 router-id 192.168.1.1
Associating a Network with an EIGRP Instance
router eigrp 10
ip address 192.168.10.1/24
network 192.168.10.0
ip router eigrp 10
Configuring a Passive Interface
Learn Nexus Page 33

router eigrp 10
ip address 192.168.10.1/24
network 192.168.10.0 passive-interface
ip router eigrp 10
GigabitEthernet2/1
ip passive-interface eigrp 10
Configuring Interface Authentication (MD5)
key chain eigrp-key
key 1 key-string 7 070c285f4d06485744

key chain eigrp-key
key 1 key-string cisco123 interface Ethernet2/1
ip address 192.168.10.1/24
interface GigabitEthernet2/1 ip address
192.168.10.1 255.255.255.0 ip authentication ip router eigrp 10
mode eigrp 10 md5 ip authentication key-
chain eigrp 10 eigrp-key ip authentication mode eigrp 10 md5
ip authentication key-chain eigrp 10 eigrp-

key
Configuring an EIGRP Distribution List to Filter Routes
ip prefix-list eigrp-10-list seq 5 permit

ip prefix-list eigrp-10-list seq 5 permit 159.142.1.0/24
159.142.1.0/24
router eigrp 10
ip address 192.168.10.1/24
network 192.168.10.0
ip router eigrp 10
distribute-list prefix eigrp-10-list out
GigabitEthernet2/1 ip distribute-list eigrp 10 prefix-list eigrp-
10-list out
Configuring Route Summarization
interface GigabitEthernet2/1 interface Ethernet2/1
Learn Nexus Page 34

ip summary-address eigrp 10 159.142.0.0 ip router eigrp 10

255.255.0.0 5
ip summary-address eigrp 10 159.142.0.0/16
Generating A Default Route (Conditional)
Cisco IOS Software doesn’t have the same

CLI to generate a default route, but router eigrp 10
redistribution or the ip summary address
command can be used to achieve similar default-information originate
results.

EIGRP network configuration.
Cisco IOS Software

Cisco NX-OS EIGRP Command Description
EIGRP
Displays all EIGRP information for a
show ip eigrp show ip eigrp <#>
specified process
show ip eigrp Displays the number of prefixes that each
-
accounting neighbor advertised
show ip eigrp
show ip eigrp interfaces Displays interfaces configured for EIGRP
interfaces
show ip eigrp show ip eigrp interfaces
Displays detailed interface information
interfaces detail detail
show ip eigrp show ip eigrp
Displays currently connected neighbors
neighbors neighbors
show ip eigrp show ip eigrp Displays connected neighbors and associated
neighbors detail neighbors detail details
Displays redistribution statistics for the
show ip eigrp policy -
specified protocol
Learn Nexus Page 35

show ip eigrp route - Displays EIGRP routes
show ip eigrp topology show ip eigrp topology Displays the EIGRP topology table
show ip eigrp traffic show ip eigrp traffic Displays statistics related to EIGRP
Learn Nexus Page 36

OSPF
OSPFv2 is an IETF (RFC 2328) standards-based dynamic link-state routing protocol used to
exchange network reachability within an autonomous system.

In Cisco NX-OS:
• OSPF command-line interface (CLI) configuration and verification commands are not
available until you enable the OSPF feature with the feature ospf command.
• The OSPF protocol requires the Enterprise Services license.
• The OSPF instance can consists of 20 characters, whereas the IOS supports numbers 1 –
65536.
• Eight equal-cost paths are supported by default. You can configure up to sixteen.
• The default reference bandwidth used in the OSPF cost calculation is 40 Gbps.
• Networks and interfaces are added to an OSPF instance under the interface configuration
mode.
• An OSPF area can be configured using decimal or decimal dotted notation, but it is
always displayed in decimal dotted notation in the configuration and in the show
command output.
• Passive interfaces are applied to the interface as opposed to under the OSPF router
instance.
• If a router ID is not manually configured, the loopback 0 IP address is always preferred.
• Neighbor adjacency changes are not logged by default. The log-adjacency-changes CLI
command is required under the OSPF instance.
• When interface authentication is configured, the OSPF key is encrypted with Data
Encryption Standard 3 (3DES) in the configuration. Cisco IOS Software requires the
service password command.
• When you rollover an OSPF authentication key in a combined Cisco NX-OS/Cisco IOS
network, you should configure both keys on the Cisco NX-OS router to ensure that there
is sufficient overlap between the old key and the new key for a smooth transition to the
new key. You should configure the new key as a valid accept key on all the NX-OS and
IOS routers before the new key becomes a valid generation key in the keychain. During
the overlap period, Cisco NX-OS transmits the new OSPF key and accepts OSPF
authenticated packets from both the old key and the new key.
• The NX-OS does not support distribute-lists used to remove OSPF routes from the
routing table. The NX-OS does support inter-area LSA/route filtering using the filter-list
command configured under the OSPF routing instance.
Learn Nexus Page 37

when designing, configuring, and maintaining an OSPF network.
• Four OSPF instances can be configured per virtual device context (VDC).
• Numerous Virtual Route Forwarding (VRF) instances can be associated to an OSPF
instance.
• If you remove the feature ospf command, all relevant OSPF configuration information is
also removed.
• The shutdown command under the OSPF process can be used to disable OSPF while
retaining the configuration. Similar functionality can also be applied per interface with
the ip ospf shutdown command.
• The show running-config ospf command displays the current OSPF configuration.
• An OSPF instance can be restarted with the restart ospf <instance #> command.
• Graceful Restart (RFC 3623) is enabled by default.
• OSPF supports stateful process restarts if two supervisors are present.
• You cannot configure multiple OSPF instances on the same interface.
• An interface can support multi-area adjacencies using the multi-area option with the ip
router ospf interface command.
• Secondary IP addresses are advertised by default, but can be suppressed per interface
with the ip router ospf <instance> area <#> secondaries none interface command.
• By default all loopback IP address subnet masks are advertised in an LSA as a /32. The
loopback interface command ip ospf advertise-subnet can be configured to advertise the
primary IP address subnet mask. (This command does not apply to secondary IP
addresses. They will still be advertised as a /32.)
NX-OS and Cisco IOS Software CLIs. There are two significant differences: Cisco NX-OS
allows OSPF to be enabled and disabled globally, and it has a more interface-centric
configuration that makes it easier to read.

Enabling the OSPF Feature
Cisco IOS Software does not have the ability feature ospf
Learn Nexus Page 38

to enable or disable OSPF.
Configuring an OSPF Instance and Router ID
router ospf 10 router ospf 10
router-id 192.168.1.1 router-id 192.168.1.1
Associating a Network with an OSPF Instance and Area
router ospf 10
ip address 192.168.10.1/24
network 192.168.1.0 0.0.0.255 area 1
ip router ospf 10 area 1
Configuring a Passive Interface
router ospf 10
ip address 192.168.11.1/24
passive-interface GigabitEthernet2/1
ip ospf passive-interface
network 192.168.1.0 0.0.0.255 area 1
Configuring Interface Authentication (MD5)
interface GigabitEthernet2/1
ip address 192.168.10.1/24
ip address 192.168.10.1 255.255.255.0
ip ospf authentication message-digest
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 3
a667d47acc18ea6b
ip ospf message-digest-key 1 md5 cisco123
Configuring a Stub Area with the no summary Option
area 2 stub no-summary area 2 stub no-summary
Creating a Not-So-Stubby Area (NSSA) and Generating a Default Route
Learn Nexus Page 39

area 3 nssa default-information-originate area 3 nssa default-information-originate
Configuring Inter-Area and External Summarization
area 0 range 159.142.0.0 255.255.0.0 area 0 range 159.142.0.0/16 summary-

summary-address 172.16.0.0 255.255.0.0 address 172.16.0.0/16
Generating a Default Route (Conditional)
default-information originate default-information originate
Generating a Maximum Metric (Max-Metric) Value
max-metric router-lsa max-metric router-lsa

OSPFv2 network configuration.
Cisco IOS Software

Cisco NX-OS OSPFv2 Command Description
OSPFv2
show ip ospf show ip ospf Displays the running configuration
show ip ospf border- show ip ospf border-
Displays a list of border routers
routers routers
show ip ospf database show ip ospf database Displays OSPF database information
show ip ospf interface
show ip ospf interface Displays OSPF database information
<int type>
show ip ospf interface Displays additional packet statistics for each
-
detail interface
Learn Nexus Page 40

show ip ospf memory - Displays the memory allocated for OSPF
show ip ospf
show ip ospf neighbor Displays neighbor-specific information
neighbors
show ip ospf neighbor show ip ospf neighbor
Displays details for each OSPF neighbor
detail detail
show ip ospf policy Displays redistribution statistics for a
-
statistics specified protocol
show ip ospf request show ip ospf request Displays a list of link-state advertisements
list list (LSAs) that have been requested
show ip ospf
show module Displays installed modules and their status
retransmission list
show ip ospf route - Displays all routes learned through OSPF
show ip ospf statistics show ip ospf statistics Displays OSPF LSA statistics
show ip ospf summary- show ip ospf
Displays OSPF-summarized networks
address summary-address
show ip ospf traffic show ip ospf traffic Displays OSPF-related packet counters
Displays information for a specified OSPF
show ip ospf vrf -
VRF instance
Learn Nexus Page 41

BGP
BGPv4 is a standard Exterior Routing Protocol defined in RFC 4271, commonly used to
exchange network reachability information between autonomous systems. This document covers
the features required for basic connectivity.

In Cisco NX-OS:
• BGP CLI configuration and verification commands are not available until you enable the
BGP feature with the feature bgp command.
• The BGP protocol requires an Enterprise Services license.
• Autonomous system numbers can be configured as 16 or 32 bit values.
• Address families need to be explicitly enabled (IE: IPv4 unicast, IPv6 unicast, etc…)
• By default, eBGP supports 8 Equal Cost Paths and iBGP supports 1. The Cisco NX-OS
supports up to 16 Equal Cost Paths for both eBGP and iBGP.
• Automatic Route Summarization and Synchronization are disabled by default.
• BGP consists of a hierarchical configuration based on neighbors and address families.
• If a router ID is not manually configured, the loopback 0 IP address is always preferred.
• Neighbor logging is not enabled by default under the BGP instance. Neighbor logging
can be enabled with the log-neighbor-changes command.
• When neighbor authentication is configured, the BGP key is 3DES encrypted in the
configuration. Cisco IOS Software requires the service password command to encrypt it
in the configuration.

when designing, configuring, and maintaining a BGP network.
• One BGP instances can be configured per Virtual Device Context (VDC).
• Numerous Virtual Route Forwarding (VRF) instances can be associated to a BGP
instance.
• If the feature bgp command is removed, all relevant BGP configuration information is
also removed.
• Network statements must be configured under their respective address-family
configuration mode when advertising them via BGP.
Learn Nexus Page 42

• The shutdown command under the BGP instance can be used to disable BGP while
retaining the configuration.
• The show running-config bgp command displays the current BGP configuration.
• A BGP instance can be restarted with the restart bgp <instance #> command.
• Graceful Restart (RFC 3623) is enabled by default.
The following sample configuration code similarities and differences between the Cisco NX-OS
and Cisco IOS Software CLIs. There are three significant differences: The Cisco NX-OS allows
BGP to be enabled and disabled globally. It utilizes a hierarchical configuration that makes it
easier to read. The Cisco NX-OS does not enable any address families by default. Each address-
family needs to be explicitly enabled. The following examples demonstrate this using the IPv4
unicast address family.

Enabling the BGP Feature

feature bgp
functionality to enable or disable BGP.
Configuring a BGP Instance and Router ID
router bgp 10 router bgp 10
bgp router-id 192.168.1.1 router-id 192.168.1.1
Configuring a BGP Neighbor (Internal)
router bgp 10
router bgp 10
neighbor 192.168.2.1 remote-as 10
update-source loopback0
neighbor 192.168.2.1 update-source
Loopback0
address-family ipv4 unicast
Configuring a BGP Neighbor (External)
router bgp 10
router bgp 10
Learn Nexus Page 43

Advertising a Network in an Address Family (IPv4)
router bgp 10
router bgp 10 address-family ipv4 unicast
network 159.142.1.0 mask 255.255.255.0 network 159.142.1.0/24
neighbor 192.168.10.2 remote-as 11 neighbor 192.168.10.2 remote-as 11
Configuring Neighbor Authentication (MD5)
router bgp 10
router bgp 10
password 3 a667d47acc18ea6b
neighbor 192.168.10.2 password cisco123
Configuring an Aggregate Address (Summary-Only)
router bgp 10
router bgp 10 address-family ipv4 unicast
aggregate-address 159.142.0.0 255.255.0.0 aggregate-address 159.142.0.0/16 summary-

summary-only only
Learn Nexus Page 44

Generating a Default Route for a Neighbor
router bgp 10
router bgp 10
neighbor 192.168.10.2 default-originate
default-originate

The following table compares some useful show commands for verifying and troubleshooting a
BGP network configuration.
Cisco IOS Software

Cisco NX-OS BGP Command Description
BGP
Displays BGP Process and BGP table
show ip bgp <option> show ip bgp
entries
Displays a specific network in the BGP
show ip bgp x.x.x.x show ip bgp x.x.x.x
table
Displays a network in a specified VRF
show ip bgp x.x.x.x vrf -
BGP table
Displays a specific prefix in the BGP
show ip bgp x.x.x.x/len show ip bgp x.x.x.x mask
table
show ip bgp x.x.x.x/len show ip bgp x.x.x.x mask Displays a prefix in the table with
longer-prefix longer-prefix longer prefixes
Displays the BGP table for all protocol
show ip bgp all show ip bgp all
families
show ip bgp community show ip bgp community Displays routes with a specific regular
<word> <#> expression
show ip bgp community Displays routes with a specific
-
<aa:nn> community value
show ip bgp community Displays BGP routes advertised to the
-
internet Internet
Learn Nexus Page 45

show ip bgp community show ip bgp community Displays BGP routes not advertised to
no-advertise no-advertise peers
show ip bgp community show ip bgp community Displays BGP routes not exported to
no-export no-export next AS
show ip bgp community Displays BGP routes not sent to outside
-
no-export-spoofed local AS
show ip bgp dampening show ip bgp dampening
Displays all Dampened paths
dampened-paths dampened-paths
Displays flap statistics for BGP routes
flap-statistics flap-statistics
show ip bgp dampening
- Displays all history paths
history-paths
show ip bgp dampening show ip bgp dampening Displays all of the Dampening
parameters parameters parameters
Displays all routes matching a specified
show ip bgp filter-list show ip bgp filter-list
filter list
show ip bgp flap-statistics - Displays all BGP route flap statistics
show ip bgp ipv4 multicast show ip bgp ipv4 Displays BGP IPv4 multicast address
<option> multicast <option> families
show ip bgp ipv4 unicast show ip bgp ipv4 unicast Displays BGP IPv4 unicast address
<option> <option> families
show ip bgp neighbors show ip bgp neighbors Displays detailed neighbor information
show ip bgp neighbors show ip bgp neighbors Displays detailed information for a
x.x.x.x x.x.x.x neighbor
show ip bgp nexhop x.x.x.x -
next-hop
show ip bgp paths show ip bgp paths Displays all BGP paths
Displays BGP peer policy by specified
show ip bgp peer-policy -
name
Displays information about a peer
show ip bgp peer-session -
session
show ip bgp unicast ipv4 Displays information about a peer
show ip bgp peer-template
template template
Displays routes matching a specified
show ip bgp prefix-list show ip bgp prefix-list
prefix-list
Displays routes matching a regular-
show ip bgp regexp show ip bgp regexp
expression
Learn Nexus Page 46

Displays BGP routes matching a route-
show ip bgp route-map show ip bgp route-map
map
Displays a summary list of neighbors
show ip bgp summary show ip bgp summary
and statistics
Displays information for a specified
show ip bgp vrf show ip bgp vpnv4 vrf
BGP VRF
Learn Nexus Page 47

BGP (Advanced)
BGPv4 is a standard exterior routing protocol defined in RFC 4271, commonly used to exchange
network reachability information between autonomous systems. This document discusses route
reflectors, confederations, peer templates, route-map policies and the prefix-lists feature.

In Cisco NX-OS:
• When configuring route reflectors, the route-reflector-client command is assigned per

neighbor under the neighbor-specific address family.
• When configuring confederations, the confederation is configured under the autonomous
system without the leading bgp keyword.
• Cisco NX-OS uses a peer template instead of a peer group to reuse common BGP
policies.
• Multiple policy templates can be applied to a single neighbor. Cisco IOS Software allows
only one policy template per neighbor.
• Cisco NX-OS does not require a manual reset for a neighbor when its routing policy is
modified. Cisco IOS Software requires a hard or soft reset depending on the neighbor
capabilities exchanged.

when designing, configuring, and maintaining an advanced BGP network configuration.
• Peer and session templates define neighbor attributes such as security passwords, timers,
and transport options.
• Peer templates and session templates have identical configuration capabilities with one
exception: peer templates can configure address families.
• Peer and session templates are inherited by a neighbor through the BGP neighbor
configuration mode.
• Only one peer template and session template can be inherited by a single BGP neighbor.
• Peer templates can inherit session templates.
• Session templates can inherit other session templates.
• Policy templates define address-family policies for inbound or outbound polices,
including default-route origination, filter lists, route-map polices, prefix lists, etc.
• Multiple policy templates can be assigned per neighbor. Policy templates are executed in
order based on the configured sequence number.
Learn Nexus Page 48

• Policy templates are inherited by a neighbor through the neighbor and address-family
configuration mode.
• Route-map polices can configure BGP attributes such as as-path, community lists,
community attributes, dampening, local preference, metric type, origin, and weight.
• Route-map polices can be applied per neighbor for inbound and outbound routing
policies.
The following sample code shows the configuration similarities and differences between the
Cisco NX-OS and Cisco IOS Software CLIs. The configurations are very similar with the
exception of the hierarchy used in Cisco NX-OS.

Configuring a Route-Reflector
router bgp 10
router bgp 10
no synchronization
network 192.168.11.1 mask 255.255.255.255
network 192.168.11.1/32
neighbor 192.168.2.1 update-source
Loopback0
neighbor 192.168.2.1 route-reflector-client
route-reflector-client
no auto-summary
Configuring Confederations
router bgp router bgp 65534
no synchronization confederation identifier 10
bgp confederation identifier 10 confederation peers 65535
Learn Nexus Page 49

bgp confederation peers 65535 address-family ipv4 unicast
no auto-summary address-family ipv4 unicast
Configuring a Peer Template
router bgp 10
router bgp 10
no synchronization
network 192.168.11.1 mask 255.255.255.255
network 192.168.11.1/32
neighbor IBGP-Template peer-group
template peer IBGP-Template
neighbor IBGP-Template password
cisco123
password 3 a667d47acc18ea6b
neighbor IBGP-Template update-source
Loopback0
neighbor 192.168.2.1 peer-group IBGP-
Template
inherit peer IBGP-Template
no auto-summary
Configuring a Policy Template
router bgp 10
router bgp 10
template peer-policy EBGP-Policy
default-originate
network 192.168.11.1/32
send-community
template peer-policy EBGP-Policy
exit-peer-policy
send-community
default-originate
no synchronization
Learn Nexus Page 50

network 192.168.11.1 mask 255.255.255.255 neighbor 192.168.10.2 remote-as 20
neighbor 192.168.10.2 remote-as 20 address-family ipv4 unicast
neighbor 192.168.10.2 inherit peer-policy inherit peer-policy EBGP-Policy 10

EBGP-Policy
no auto-summary
Configuring an Outbound Neighbor Route-Map Policy
route-map EBGP-Policy permit 10

route-map EBGP-Policy permit 10
set as-path prepend 10 10 10
set as-path prepend 10 10 10
router bgp 10
router bgp 10
no synchronization
network 192.168.11.1 mask 255.255.255.255
network 192.168.11.1/32
neighbor 192.168.10.2 route-map EBGP-
Policy out
route-map EBGP-Policy out
no auto-summary
Configuring an Outbound Prefix-List
ip prefix-list EBGP-Policy seq 5 permit

192.168.11.1/32
ip prefix-list EBGP-Policy seq 5 permit
192.168.11.1/32
router bgp 10
router bgp 10
no synchronization
neighbor 192.168.10.2 prefix-list EBGP-
Policy out
prefix-list EBGP-Policy out
no auto-summary
Learn Nexus Page 51

The following table compares some useful show commands for verifying and troubleshooting a
BGP network configuration.
Cisco IOS Software

Cisco NX-OS BGP Command Description
BGP
Displays BGP Process and BGP table
show ip bgp <option> show ip bgp
entries
Displays a specific network in the BGP
show ip bgp x.x.x.x show ip bgp x.x.x.x
table
Displays a network in a specified VRF
show ip bgp x.x.x.x vrf -
BGP table
Displays a specific prefix in the BGP
show ip bgp x.x.x.x/len show ip bgp x.x.x.x mask
table
show ip bgp x.x.x.x/len show ip bgp x.x.x.x mask Displays a prefix in the table with
longer-prefix longer-prefix longer prefixes
Displays the BGP table for all protocol
show ip bgp all show ip bgp all
families
show ip bgp community show ip bgp community Displays routes with a specific regular
<word> <#> expression
show ip bgp community Displays routes with a specific
-
<aa:nn> community value
show ip bgp community Displays BGP routes advertised to the
-
internet Internet
show ip bgp community show ip bgp community Displays BGP routes not advertised to
no-advertise no-advertise peers
show ip bgp community show ip bgp community Displays BGP routes not exported to
no-export no-export next AS
show ip bgp community Displays BGP routes not sent to outside
-
no-export-spoofed local AS
Displays all Dampened paths
dampened-paths dampened-paths
Displays flap statistics for BGP routes
flap-statistics flap-statistics
show ip bgp dampening
- Displays all history paths
history-paths
Learn Nexus Page 52

show ip bgp dampening show ip bgp dampening Displays all of the Dampening
parameters parameters parameters
show ip bgp filter-list show ip bgp filter-list
filter list
show ip bgp flap-statistics - Displays all BGP route flap statistics
show ip bgp ipv4 multicast show ip bgp ipv4 Displays BGP IPv4 multicast address
<option> multicast <option> families
show ip bgp ipv4 unicast show ip bgp ipv4 unicast Displays BGP IPv4 unicast address
<option> <option> families
show ip bgp neighbors show ip bgp neighbors Displays detailed neighbor information
show ip bgp neighbors show ip bgp neighbors Displays detailed information for a
x.x.x.x x.x.x.x neighbor
show ip bgp nexhop x.x.x.x -
next-hop
show ip bgp paths show ip bgp paths Displays all BGP paths
Displays BGP peer policy by specified
show ip bgp peer-policy -
name
Displays information about a peer
show ip bgp peer-session -
session
show ip bgp unicast ipv4 Displays information about a peer
show ip bgp peer-template
template template
Displays routes matching a specified
show ip bgp prefix-list show ip bgp prefix-list
prefix-list
Displays routes matching a regular-
show ip bgp regexp show ip bgp regexp
expression
Displays BGP routes matching a route-
show ip bgp route-map show ip bgp route-map
map
Displays a summary list of neighbors
show ip bgp summary show ip bgp summary
and statistics
Displays information for a specified
show ip bgp vrf show ip bgp vpnv4 vrf
BGP VRF
Learn Nexus Page 53

Multicast
Multicast transmission (one-to-many) provides the capability for a source host to forward IP
packets to an interested group of destination hosts , as opposed to using unicast transmission
(one-to-one) or broadcast transmission (one-to-everyone in the broadcast domain). Multicast
functionally is typically enabled using multiple protocols. This tech note includes the following
Cisco NX-OS protocols: Protocol Independent Multicast (PIM), Internet Group Membership
Protocol (IGMP) and Multicast Source Discovery Protocol (MSDP).

In Cisco NX-OS:
• PIM and MSDP protocols require a LAN Enterprise Services license.

• The global ip multicast-routing command does not exist and is not required to enable
multicast forwarding/routing. (It is required in Cisco IOS Software to enable multicast
forwarding/routing)
• PIM command-line interface (CLI) configuration and verification commands are not
available until you enable the PIM feature with the feature pim command.
• MSDP CLI configuration and verification commands are not available until you enable
the MSDP feature with the feature msdp command.
• IGMP versions 2 and 3 are supported. IGMP version 1 and Version 3 Lite are not
supported.
• An IGMP Snooping Querier is configured under the layer-2 VLAN with the ip igmp
snooping querier CLI command (Physical L3 interfaces cannot be configured as IGMP
Snooping Queriers). In Cisco IOS Software, an IGMP Snooping Querier is configured
under the layer-3 interface.
• PIM version 2 Sparse Mode is supported. Cisco NX-OS does not support PIM version 1
Sparse Mode or Dense Mode. The NX-OS cannot fallback to Dense Mode operation.
• PIM is not supported on IP Tunnel interfaces.
• When configuring a PIM Auto-RP Candidate or BSR RP-Candidate the NX-OS requires
a configured group-list (i.e. x.x.x.x/x), whereas Cisco IOS Software defaults to
224.0.0.0/4. An optional standard ACL can be configured to specify multicast groups in
Cisco IOS Software.
• When configuring PIM Auto-RP Mapping-Agent's or Candidate-RP's, Cisco NX-OS uses
a default scope of 32, whereas Cisco IOS Software requires it to be specified with the
scope option (1-255).
• When configuring PIM Auto-RP, Cisco NX-OS multicast devices must be enabled to
listen and/or forward RP advertisements with the ip pim auto-rp forward listen global
CLI configuration command. Cisco IOS Software has to be configured for Sparse-Dense
Mode or Sparse Mode with the global ip pim autorp listener CLI configuration
command.
• When configuring PIM BSR, Cisco NX-OS multicast devices must be enabled to listen
and/or forward RP advertisements with the ip pim bsr forward listen global CLI
Learn Nexus Page 54

configuration command. Cisco IOS Software doesn’t require additional configuration,
but does not have the ability to enable/disable RP forwarding and listening capabilities.
• BSR-Candidate routers have a default priority of 64. Cisco IOS Software defaults to 0.
The priority value can be configured between 0 – 255 in both operating systems using the
priority option. A higher numeric value is preferred when comparing priorities.
• BSR RP-Candidate routers have a default priority of 192. Cisco IOS Software defaults to
0. The priority value can be configured between 0 – 255 in both operating systems using
the priority option. The lower numeric value is preferred when comparing priorities.
• When configuring a Static-RP, the NX-OS does not have an override option like Cisco
IOS Software that forces the Static-RP to be elected for it’s specified multicast group list.
Cisco IOS Software prefers dynamically learned RP’s over Static RP’s if the override
option is not configured.
• When comparing PIM Static-RP’s to dynamically learned RP’s (Auto-RP and BSR)
during the election process: The RP with the most specific multicast group-list is elected.
If the group-lists are identical, the router with the highest RP IP address is elected.
• When configuring a PIM domain border, the ip pim border interface CLI command
prevents BSR and Auto-RP packets from being sent or received on an interface. The
Cisco IOS Software command equivalent (ip pim bsr-border) only prevents BSR
packets. Cisco IOS Software requires the ip multicast boundary interface command to
prevent Auto-RP packets.
• PIM neighbor authentication (IPSec ah-md5) can be enabled to authenticate directly
connected neighbors to increase security. Cisco IOS Software does not support this
functionality.
• PIM neighbor logging can be enabled with the global ip pim log-neighbor-changes CLI
command. (Cisco IOS Software enables PIM neighbor logging by default)
• The data in the MSDP Source-Active (SA) messages are cached by default, whereas
Cisco IOS Software requires the global ip msdp cache-sa-state and ip msdp cache-
rejected-sa CLI commands.
• PIM is configured with the Source Specific Multicast (SSM) group range 232.0.0.0/8 by
default (ip pim ssm range 232.0.0.0/8).
• Beginning with NX-OS 5.0(2a), PIM supports Bidirectional Forwarding Detection (BFD)
for rapid failure detection.

when designing, configuring, and maintaining multicast enabled networks.
• If you remove the feature pim command, all relevant PIM configuration information is
also removed.
• If you remove the feature msdp command, all relevant MSDP configuration information
is also removed.
Learn Nexus Page 55

• IGMP Snooping is enabled globally by default. It can be disabled globally, or per layer-2
VLAN with the no igmp snooping command.
• IGMP version 2 is enabled by default when PIM Sparse Mode is configured on an
interface.
• PIM supports three modes of operation: Any Source Multicast (ASM), Single Source
Multicast (SSM), Bidirectional Shared Tree (Bidr). The default mode is ASM. Bidr can
be configured with the bidr option when configuring a RP.
• The Cisco NX-OS supports four types of PIM Rendezvous Points: Static, Bootstrap
router (BSR), Auto-RP and Anycast-RP. (Do not configure Auto-RP and BSR in the
same network)
• When configuring a PIM Static-RP, the group-list defaults to 224.0.0.0/4 if one is not
specified.
• The Cisco NX-OS has two different CLI syntax options when configuring BSR and Auto
RP's (New Cisco NX-OS syntax, and backwards compatible Cisco IOS Software syntax).
• The Cisco NX-OS supports multicast routing per layer-3 Virtual Routing and Forwarding
(VRF) instance.
• PIM SSM and Bidr are not supported on Virtual Port-Channels (vPCs).
NX-OS and Cisco IOS Software CLIs. There are few significant differences: Cisco NX-OS does
not require the global ip multicast-routing command, but does require PIM and MSDP to be
enabled individually with the global feature CLI commands. The Cisco NX-OS has backwards
compatible syntax with Cisco IOS Software when configuring PIM BSR and Auto-RP, but Cisco
NX-OS requires RP forwarding and/or listening to be configured prior to learning or forwarding
dynamic RP information. Both Cisco NX-OS and Cisco IOS Software support multicast routing
within a VRF instance, but Cisco NX-OS requires global commands to be configured under the
VRF context as opposed to using the vrf option as with Cisco IOS Software.

Enabling Multicast Forwarding
The Cisco NX-OS does not have a single global

ip multicast-routing command to enable multicast
forwarding/routing.
Enabling the PIM Feature
Learn Nexus Page 56

feature pim
to enable or disable PIM.
Configuring PIM Sparse Mode on an Interface
interface TenGigabitEthernet1/1 interface Ethernet1/1
ip pim sparse-mode ip pim sparse-mode
Configuring a PIM Auto-RP
interface loopback10
ip address 172.16.1.1/32
interface Loopback10 ip pim sparse-mode
ip address 172.16.1.1 255.255.255.255

ip pim auto-rp rp-candidate loopback10
ip pim sparse-mode group-list 224.0.0.0/4
ip pim auto-rp mapping-agent loopback10

ip pim send-rp-announce Loopback10 scope
32 ip pim auto-rp forward listen
ip pim send-rp-discovery Loopback10 scope or

32
ip pim send-rp-announce loopback10
ip pim autorp listener group-list 224.0.0.0/4
ip pim send-rp-discovery loopback10
ip pim auto-rp forward listen
Configuring a PIM BSR RP
interface Loopback10 interface loopback10
Learn Nexus Page 57

ip pim bsr-candidate Loopback10 ip pim bsr bsr-candidate loopback10
ip pim rp-candidate Loopback10 ip pim bsr rp-candidate loopback10 group-

list 224.0.0.0/4
ip pim bsr forward listen
or
ip pim bsr-candidate loopback10
ip pim rp-candidate loopback10 group-list

224.0.0.0/4
Configuring a PIM Static-RP
ip pim rp-address 172.16.1.1 ip pim rp-address 172.16.1.1
Configuring a PIM Anycast-RP (BSR Example)
interface loopback0
ip address 192.168.10.1/32
ip pim sparse-mode
description Anycast-RP-Address
ability to enable the PIM Anycast RP ip address 172.16.1.1/32
feature.
ip pim sparse-mode
ip pim bsr bsr-candidate loopback0
ip pim bsr rp-candidate loopback10 group-list

224.0.0.0/4
ip pim anycast-rp 172.16.1.1 192.168.10.1
Learn Nexus Page 58

ip pim anycast-rp 172.16.1.1 192.168.10.2
Configuring PIM Neighbor Authentication
ip address 192.168.10.1/24
ability to enable neighbor authentication. ip pim sparse-mode
ip pim hello-authentication ah-md5 3

a667d47acc18ea6b
Configuring a PIM BSR Border on an Interface
interface TenGigabitEthernet1/1
ip address 192.168.10.1 255.255.255.0
ip pim bsr-border
ip pim sparse-mode
ip address 192.168.10.1/24
ip multicast boundary 10
ip pim sparse-mode
ip pim border
access-list 10 deny 224.0.1.39
access-list 10 deny 224.0.1.40
access-list 10 permit 224.0.0.0 15.255.255.255
Configuring PIM in a Non-Default VRF Instance
vrf context production

ip vrf production
ip pim rp-address 172.16.1.1 group-list
ip multicast-routing vrf production
224.0.0.0/4
interface Loopback10
ip vrf forwarding production
vrf member production
Learn Nexus Page 59

ip pim sparse-mode
interface TenGigabitEthernet1/1 vrf member production
ip vrf forwarding production ip address 192.168.10.1/24
ip address 192.168.10.1 255.255.255.0 ip pim sparse-mode
ip pim sparse-mode
ip pim vrf production rp-address 172.16.1.1
Configuring IGMP Version 3 for an Interface
interface TenGigabitEthernet1/1 interface Ethernet1/1
ip igmp version 3 ip igmp version 3
Configuring an IGMP Snooping Querier for a VLAN
interface Vlan10
vlan 10
ip address 192.168.10.1 255.255.255.0
ip igmp snooping querier 192.168.10.1
ip igmp snooping querier
Configuring MSDP (Anycast-RP)
description MSDP Peer Address description MSDP Peer Address
Learn Nexus Page 60

description PIM RP Address description PIM RP Address
ip pim rp-address 1.1.1.1 ip pim rp-address 1.1.1.1 group-list

224.0.0.0/4
ip msdp peer 192.168.2.1 connect-source
Loopback0 ip msdp peer 192.168.2.1 connect-source
loopback0
ip msdp cache-sa-state

multicast network configurations.
Cisco NX-OS Cisco IOS Software

Command Description
Multicast Multicast
Displays all IGMP attached group
show ip igmp groups show ip igmp groups
membership information
Displays IGMP information for all
show ip igmp interface show ip igmp interface
interfaces
show ip igmp interface Displays a one line summary status per
-
brief interface
show ip igmp interface show ip igmp interface int- Displays IGMP information for a specific
int-type type interface
show ip igmp interface Displays IGMP information for a specific
show ip igmp vrf name
vrf name VRF instance
show ip igmp local- Displays IGMP local groups associated to
-
groups int-type a specific interface
show ip igmp local- Displays IGMP local groups associated to
-
groups vrf name a specific VRF instance
Displays IGMP attached group
show ip igmp route -
membership information
show ip igmp route - Displays IGMP attached group
Learn Nexus Page 61

x.x.x.x membership for a specific group
show ip igmp route Displays IGMP attached group
-
int-type membership for a specific interface
show ip igmp route Displays IGMP attached group
-
vrf name membership for a specific VRF instance
show ip igmp Displays global and per interface IGMP
-
snooping Snooping information
show ip igmp
show ip igmp snooping Displays explicit tracking information for
snooping explicit-
explicit-tracking IGMPv3
tracking
show ip igmp show mac-address-table Displays IGMP Snooping groups
snooping groups multicast igmp-snooping information
show ip igmp show ip igmp snooping
Displays detected multicast routers
snooping mrouter mrouter
show ip igmp Displays IGMP Snooping OTV
-
snooping otv information
show ip igmp Displays IGMP Snooping querier
-
snooping querier information
show ip igmp show ip igmp snooping
Displays packet/error counter statistics
snooping statistics statistics
show ip igmp Displays IGMP Snooping information per
-
snooping vlan # specific VLAN
- - -
show ip msdp count show ip msdp count Displays MSDP SA cache counters
show ip msdp mesh-
- Displays MSDP Mesh-Group members
group
show ip msdp peer show ip msdp peer Displays all MSDP peers
show ip msdp peer
show ip msdp peer x.x.x.x Displays a specific MSDP peer
x.x.x.x
show ip msdp peer vrf Displays MSDP peers related to a specific
show ip msdp vrf name
name VRF instance
show ip msdp peer
- Displays the MSDP peer policies
policy
show ip msdp peer
- Displays the MSDP route-cache
route
show ip msdp sa-cache show ip msdp sa-cache Displays the MSDP SA route-cache
show ip msdp source - Displays the MSDP learned sources and
Learn Nexus Page 62

associated statistics
show ip msdp
show ip msdp summary Displays the MSDP peer summary
summary
- - -
show ip pim df show ip pim interface df Displays Bidr designated forwarders
show ip pim interface df Displays Bidr designated forwarders for a
show ip pim df x.x.x.x
x.x.x.x specific RP or group
show ip pim df vrf Displays Bidr designated forwarders for a
-
name specific VRF instance
show ip pim group-
- Displays the PIM group-ranges
range
show ip pim group-
- Displays a specific PIM group-range
range x.x.x.x
show ip pim group- Displays the PIM group-ranges for a
-
range vrf name specific VRF instance
show ip pim interface - Displays all PIM enabled interfaces
show ip pim interface Displays a one line summary of all PIM
-
brief x.x.x.x enabled interfaces
show ip pim interface show ip pim interface int- Displays information for a specific PIM
int-type type interface
show ip pim interface Displays the PIM interfaces for a specific
-
show ip pim neighbor show ip pim neighbor Displays all PIM neighbors
show ip pim neighbor show ip pim neighbor Displays a specific PIM neighbor for a
x.x.x.x x.x.x.x specific IP address
show ip pim neighbor show ip pim neighbor int- Displays a specific PIM neighbor for a
interface int-type type specific interface
show ip pim neighbor Displays PIM neighbors for a specific
-
show ip pim oif-list Displays PIM OIF-List for a specific
-
x.x.x.x multicast group address
show ip pim policy
- Displays PIM statistics
statistics
show ip pim route - Displays PIM routes
show ip pim route
- Displays a specific PIM route
x.x.x.x
show ip pim route vrf - Displays PIM routes for a specific VRF
Learn Nexus Page 63

name instance
show ip pim rp show ip pim rp mapping Displays PIM RP information
Displays information for a specific PIM
show ip pim rp x.x.x.x show ip pim rp x.x.x.x
group address
show ip pim rp vrf Displays information for PIM RP's in a
-
show ip pim rp-hash show ip pim rp-hash Displays PIM RP-Hash value for a specific
x.x.x.x x.x.x.x group
show ip pim statistics - Displays PIM packet statistics
show ip pim statistics Displays per packet statistics for a specific
-
Displays detailed PIM information per
show ip pim vrf name show ip pim vrf name
specific VRF instance
- - -
show ip mroute show ip mroute Displays the multicast routing table
show ip mroute Displays the multicast routing table with
show ip mroute summary
summary packet counts and bit rates
show ip mroute x.x.x.x show ip mroute x.x.x.x Displays a specific multicast route
show ip mroute vrf Displays the multicast routing table for a
show ip mroute vrf name
- - -
Displays the Reverse Path Forwarding
show ip route rpf show ip rpf (RPF) table used for multicast source
lookup
Learn Nexus Page 64

Netflow
NetFlow provides flow-based statistics collection that is useful for troubleshooting, traffic
analysis, performance monitoring, and security threat prevention. Cisco NX-OS supports a
flexible architecture that allows a user to collect different data for different applications per
interface, whereas the Cisco IOS Software supports one flow mask and export pair for the entire
chassis.

In Cisco NX-OS:
• NetFlow command-line interface (CLI) configuration and verification commands are not
available until you enable the NetFlow feature with the feature netflow command.
• Two flow modes are supported: full and sampled.
• Sampled mode supports packet-based sampling (1-64 out of 1-8192).
• In sampled mode, the sampling occurs before the NetFlow cache is populated.
• Each line-card module supports 512,000 NetFlow cache entries.
• Layer 2 NetFlow based on MAC addresses is not supported at this time.
• A flexible architecture is used that consist of flow records, flow exports, and flow
monitors.
• Cisco NX-OS supports more key and non-key fields for creating flow records and can
collect additional information such as TCP flags and system uptime.
• NetFlow Versions 5 and 9 Export features are supported (Version 9 is recommended).
• A source interface must be configured for each flow export.
• Cisco NX-OS defaults to User Datagram Protocol (UDP) port 9995 for NetFlow Data
Export.
• Cisco NX-OS provides more granular aging timers (session timer and aggressive
threshold).
• The default aging timer values are different than in Cisco IOS Software.
• The NetFlow feature supports stateful process restarts.

when configuring and managing NetFlow.
• If the feature netflow command is removed, all relevant NetFlow configuration

information is also removed.
Learn Nexus Page 65

• NetFlow consumes hardware resources (ternary content-addressable memory [TCAM],
CPU, etc.), so understanding the resource utilization on a device is important before
enabling NetFlow.
• Sampling mode preserves CPU and NetFlow cache entries in high-traffic environments.
• A traffic direction needs to be specified when a flow monitor is applied to an interface.
• The active-aging flow timeout is 1800 seconds by default
• The inactive-aging flow timeout is 15 seconds by default.
• The fast-aging flow timeout is disabled by default.
• The aggressive-aging flow threshold is disabled by default.
• TCP session aging is disabled by default.
NX-OS and Cisco IOS Software CLIs. There are several significant differences: Cisco NX-OS
allows NetFlow to be enabled and disabled globally, and it uses a more flexible architecture that
allows different statistics to be collected for different applications. The Cisco IOS Software
syntax shown here is from Cisco IOS Software Release 12.2(18)SXH.

Enabling the NetFlow Feature

feature netflow
to enable or disable NetFlow.
Configuring a NetFlow Flow Record (Custom)
flow record Netflow-Record-1

Cisco IOS Softfware does not have the
ability to create custom NetFlow records. A description Custom-Flow-Record
system wide flow mask is defined. The
following example uses interface-full. match ipv4 source address
match ipv4 destination address

mls netflow interface
match transport destination-port
mls flow ip interface-full
collect counter bytes
mls nde sender version 5
collect counter packets
Configuring a NetFlow Flow Export
Learn Nexus Page 66

flow exporter Netflow-Exporter-1
ip flow-export source GigabitEthernet2/2 description Production-Netflow-Exporter
ip flow-export version 9 destination 192.168.11.2
ip flow-export destination 192.168.11.2 2000 source Ethernet2/2
version 9
Configuring a NetFlow Monitor with a Custom Record
flow monitor Netflow-Monitor-1
Cisco IOS Software does not have the ability description Applied Inbound-Eth-2/1
to create flow monitors that associate
NetFlow records to NetFlow exporters. record Netflow-Record-1
exporter Netflow-Exporter-1
Configuring a NetFlow Monitor with an Original Record
flow monitor Netflow-Monitor-2
description Use Predefined “Original-

Netflow-Record”
to create flow monitors that associate
NetFlow records to NetFlow exporters.
record netflow-original
exporter Netflow-Exporter-1
Applying a NetFlow Monitor to an Interface
interface gigabitethernet 6/1 interface Ethernet2/1
ip flow ingress ip flow monitor Netflow-Monitor-1 input
Adjusting NetFlow Timers
flow timeout active 120

mls aging fast
flow timeout inactive 32
mls aging long 120
flow timeout fast 32 threshold 100
mls aging normal 32
Learn Nexus Page 67

flow timeout session
flow timeout aggressive threshold 75
Configuring a NetFlow Sampler
mls sampling packet-based 64 8000 sampler NF-Sampler-1
mls flow int-full description Sampler-for-Int-Eth-2/1
mls nde sender version 5 mode 1 out-of 1000
Applying a NetFlow Sampler to an Interface
ip flow monitor NF-Mntr-1 input sampler
mls netflow sampling
NF-Sampler-1

NetFlow.
Cisco IOS Software

Cisco NX-OS Netflow Command Description
Netflow
show flow exporter show mls nde Displays the configured exporter maps
show flow interface - Displays interfaces configured for NetFlow
show flow monitor - Displays information about monitor maps
show flow record - Displays information about record maps
show flow timeout - Displays the NetFlow timeout value
show hardware flow show mls netflow Displays the NetFlow table aging timeout
aging aging value
show hardware flow show mls netflow ip
Displays flow-specific information
entry flow
show hardware flow ip show mls netflow ip Displays the IP NetFlow table
Learn Nexus Page 68

show hardware flow Displays the NetFlow sampling
show mls sampling
sampler configuration
show hardware flow show mls netflow Displays NetFlow table utilization per
utilization module table summary module
show sampler show flow-sampler Displays information about sampler maps
Learn Nexus Page 69

SPAN
The SPAN feature allows traffic to be mirrored from within a switch from a source port to a
destination port. This feature is typically used when detailed packet information is required for
troubleshooting, traffic analysis, and security-threat prevention.

In Cisco NX-OS:
• Only Local SPAN is supported.

• Remote SPAN (RSPAN) VLANs can be configured only as SPAN sources.
• 18 monitor sessions can be configured. Only two sessions can be active simultaneously.
• Cisco NX-OS uses a hierarchical configuration based on the monitor session <#>
command, whereas Cisco IOS Software has the option for flat for hierarchical
configuration in Cisco IOS Software Release 12.2(18)SXH and later.
• A single SPAN session can include mixed sources (Ethernet ports, Ethernet Port-
Channels, RSPAN sources, VLANs, and the CPU control-plane interface).
• Destination SPAN ports must be configured as Layer 2 ports with the switchport
command.
• Destination SPAN ports require the switchport monitor interface configuration
command.
• The SPAN feature supports stateful and stateless process restarts.

when configuring the SPAN feature.
• Two active SPAN sessions are supported for all virtual device contexts (VDCs).
• Monitor sessions are disabled by default. They can be enabled with the no shut
command.
• The source traffic direction can be configured as rx, tx, or both. The default is both.
• When a VLAN is specified as the source, traffic to and from the Layer 2 ports in the
specified VLAN are sent to the destination.
• The in-band control-plane interface to the CPU can be monitored only from the default
VDC. (All VDC traffic is visible.)
• By default, SPAN does not copy the IEEE 802.1q tag from trunk sources.
• A destination port can be configured in switchport access or trunk mode. (Trunk mode
allows you to tag traffic toward a destination or to perform destination VLAN filtering.)
• A destination port does not participate in a spanning-tree instance.
• A destination port can be configured in only one SPAN session at a time.
Learn Nexus Page 70

• A port cannot be configured as both a source and destination port.
• 128 source interfaces can be configured per session.
• 32 source VLANs can be configured per session.
• 2 destination interfaces can be configured per session.
The following sample code shows the configuration similarities and differences between the
Cisco NX-OS and Cisco IOS Software command-line interfaces (CLIs). The Cisco IOS Software
syntax shown here is from Cisco IOS Software Release 12.2(18)SXH, so its hierarchy is similar
to that of as the Cisco NX-OS. Older versions of Cisco IOS Software support only a flat
configuration.

Configuring the Destination Switchport
Mode
Cisco IOS Software does not require any
switchport
destination port configuration.
switchport monitor
Configuring Destination Port Ingress Forwarding and Learning
monitor session 1 type local
switchport
destination interface Gi2/2 ingress learning
switchport monitor ingress learning
Configuring a SPAN Monitor (Ethernet Source and Destination)
monitor session 1
source interface Ethernet2/1 both
source interface Gi2/1
destination interface Ethernet2/2
destination interface Gi2/2
no shut
Configuring a SPAN Monitor (VLAN Source)
Learn Nexus Page 71

monitor session 1
source vlan 10,20 both
source vlan 10 , 20
no shut
Filtering VLANs for IEEE 802.1q Trunk Sources
switchport
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10-20
switchport trunk allowed vlan 10-20
switchport mode trunk
monitor session 1
source interface Ethernet2/1 both
filter vlan 15 - 20
source interface Gi2/1
filter vlan 15-20
no shut
no shutdown
Configuring a SPAN Monitor (CPU Source)
monitor session 1 type local monitor session 1
source cpu rp rx source interface sup-eth0 rx
destination interface Gi2/2 destination interface Ethernet2/2
no shutdown no shut
Learn Nexus Page 72

the SPAN feature.
Cisco IOS Software

Cisco NX-OS SPAN Command Description
SPAN
show interface show interface Displays destination port characteristics
- - -
show monitor session show monitor session
Displays a specific SPAN and monitor session
<#> <#>
show monitor session show monitor session
Displays all SPAN and monitor sessions
all all
show monitor range show monitor range
Displays a range of specified SPAN sessions
<#-#> <#-#>
Learn Nexus Page 73

TACACS+, RADIUS, and AAA
AAA used in combination with TACACS+ or RADIUS provides remote authentication,
authorization and accounting security services for centralized system management. AAA
services improve scalability and simplify network management because they use a central
security database rather than local databases.

In Cisco NX-OS:
• TACACS+ command-line interface (CLI) configuration and verification commands are

not available until you enable the TACACS+ feature with the feature tacacs+ command.
• The aaa new-model command is not required to enable AAA authentication,
authorization, or accounting.
• The RADIUS vendor-specific attributes (VSA) feature is enabled by default.
• Local command authorization can be performed when using role-based access control
(RBAC) without a AAA server. User roles can be associated with users configured on the
AAA server using VSAs. Remote command authorization can be performed on a AAA
server when using AAA with TACACS+.
• If no AAA server is available for authentication, the local database is automatically used
for device access.
• The TACACS+ and RADIUS host keys are Triple Data Encryption Standard (3DES)
encrypted in the configuration. Cisco IOS Software requires the service password
command.

when configuring and maintaining TACACS+, RADIUS, and AAA services.
• Different AAA, TACACS+, and RADIUS policies can be applied per virtual device
context (VDC). However, the console login policy only applies to the default VDC.
• If you remove the feature tacacs+ command, all relevant TACACS+ configuration
information is also removed.
• 64 TACACS+ and 64 RADIUS servers can be configured per device.
• AAA server groups are associated with the default Virtual Route Forwarding (VRF)
instance by default. Associate the proper VRF instance with the AAA server group if you
are using the management port on the supervisor or if the AAA server is in a non default
VRF instance.
• An IP source interface can be associated with AAA server groups.
• TACACS+ and RADIUS server keys can be specified for a group of servers or per
individual server.
Learn Nexus Page 74

• By default, TACACS+ uses TCP port 49, and RADIUS uses UDP ports 1812
(authentication) and 1813 (accounting).
• Directed server requests are enabled by default for TACACS+ and RADIUS.
• The local option can be used with AAA authorization to fallback to RBAC in the event a
AAA server is not available for command authorization.
• Use the show running-config command with the aaa, tacacs+, or radius option to
display the current AAA configuration.
NX-OS and Cisco IOS Software CLIs. The configurations for the two operating systems are very
similar.

Enabling TACACS+

feature tacacs+
to enable or disable TACACS+.
Configuring a TACACS+ Server with a Key
tacacs-server host 192.168.1.1 key 7

tacacs-server host 192.168.1.1 key cisco123
"fewhg123"
Specifying a Nondefualt TACACS+ TCP Port
tacacs-server host 192.168.1.1 port 85 tacacs-server host 192.168.1.1 port 85
Specifying the TACACS+ Timeout Value (Global)
tacacs-server timeout 10 tacacs-server timeout 10
Configuring a RADIUS Server with a Key
radius-server host 192.168.1.1 key 7

radius-server host 192.168.1.1 key cisco123
"fewhg123"
Specifying Nondefualt RADIUS UDP Ports
radius-server host 192.16.1.1 auth-port 1645 radius-server 192.168.1.1 auth-port 1645

acct-port 1646 acct-port 1646
Learn Nexus Page 75

Specifying the RADIUS Timeout Value (Global)
radius-server host 192.168.1.1 timeout 10 radius-server timeout 10
Configuring an AAA Server Group (TACACS+)
aaa group server tacacs+ AAA-Servers aaa group server tacacs+ AAA-Servers
server 192.168.1.1 server 192.168.1.1
Configuring an AAA Server Group (RADIUS)
aaa group server radius AAA-Servers aaa group server radius AAA-Servers
server 192.168.1.1 server 192.168.1.1
Configuring an AAA Server Group for a VRF Instance (RADIUS)
server 192.168.1.1 server 192.168.1.1
ip vrf forwarding management use-vrf management
Configuring the AAA Server Group Dead Time (RADIUS)
deadtime 5 deadtime 5
Enabling AAA Authentication with an AAA Server Group
aaa new-model
aaa authentication login default group AAA-
aaa authentication login default group AAA- Servers
Servers
Enabling AAA Authorization with an AAA Server Group
aaa new-model
aaa authorization config-commands default
group AAA-Servers
aaa authorization config-commands
aaa authorization commands default group
aaa authorization commands 1 default
AAA-Servers
group AAA-Servers
Enabling AAA Accounting with an AAA Server Group
Learn Nexus Page 76

aaa new-model
aaa accounting default group AAA-Servers
aaa accounting exec default start-stop group
AAA-Servers

AAA, TACACS+, and RADIUS.
Cisco IOS
Cisco NX-OS AAA Command Description
Software AAA
Displays the TACACS+ server configuration for
show tacacs show tacacs
all servers
Displays a specific TACACS+ server
show tacacs <x.x.x.x> -
configuration
show tacacs server Displays the status of the directed-request feature
-
directed-request (enabled or disabled)
show tacacs server
- Displays TACACS+ server groups
groups
show tacacs statistics
- Displays TACACS+ statistics for a specific server
<x.x.x.x>
- - -
Displays the RADIUS server configuration for all
show radius -
servers
show radius <x.x.x.x> - Displays a specific RADIUS server configuration
show radius server Displays the status of the directed-request feature
-
directed-request (enabled or disabled)
show radius server show radius
Displays RADIUS server groups
groups server-group
show radius statistics show radius
Displays RADIUS statistics for a specific server
<x.x.x.x> statistics
- - -
show aaa accounting - Displays the status of AAA accounting
show aaa authentication - Displays the default and console login methods
Learn Nexus Page 77

show aaa authentication Displays the login error message status (enabled
-
login error-enable or disabled)
Displays the status of the Microsoft Challenge
show aaa authentication
- Handshake Authentication Protocol (MS-CHAP;
login mschap
enabled or disabled)
show aaa authorization - Displays the AAA authorization configuration
show aaa groups - Displays the AAA groups that are configured
- - -
show user-account - Displays a list of locally configured users
show users show users Displays the users who are logged in
Learn Nexus Page 78

Layer-3 Virtualization
Virtual Routing and Forwarding (VRF) provides an additional layer of network virtualization on
top of virtual device contexts (VDCs). VRF provides separate unicast and multicast address
space and associated routing protocols that make independent forwarding decisions. All unicast
and multicast protocols support VRF.

In Cisco NX-OS:
• Cisco NX-OS supports 200 VRF instances per VDC.

• Two VRF instances are configured by default. The management port on the supervisor
module is assigned to the management VRF, and all I/O module ports are assigned to the
default VRF.
• The default VRF is the default routing context for all show commands.
• VRF instances can be enabled without any command-line interface (CLI) prerequisites.
Cisco IOS Software requires ip cef to be enabled globally before VRF instances can be
configured.
• Multicast routing/forwarding can be configured per VRF instance without having to
globally enable the VRF instance for multicast . Cisco IOS Software requires the global
ip multicast-routing vrf <name> command per VRF instance.
• The CLI for enabling VRF routing for a protocol is consistent for all routing protocols,
whereas Cisco IOS Software uses address families for Border Gateway Protocol (BGP),
Routing Information Protocol (RIP), and Enhanced Interior Gateway Routing Protocol
(EIGRP) and requires unique routing process IDs per VRF for Integrated Intermediate
System-to-Intermediate System (ISIS) and Open Shortest Path First (OSPF).
• In Cisco NX-OS, numerous VRF instances can be assigned to a single routing protocol
instance.
• IP static routes are configured under the specified vrf context. In Cisco IOS Software, all
static routes are configured in global configuration mode with the vrf option.
• A VRF instance can be manually disabled with the shutdown command. Cisco IOS
Software does not have the CLI capability to manually disable a VRF instance.
• If a VRF context is removed with the no vrf context <name> configuration command,
the VRF context commands will be removed from the running configuration making the
VRF non-functional, but all non context related VRF commands will remain in the
running configuration. When a VRF is removed in Cisco IOS Software, the VRF instance
and all related VRF commands are automatically removed from the running
configuration, including any interface IP addresses previously associated to the VRF.
Learn Nexus Page 79

when configuring and maintaining VRF instances.
• When you assign a VRF instance to an interface with an IP address previously

configured, the interface IP address is automatically removed.
• Static routes or dynamic routing protocols can be configured for routing in a VRF
instance (BGP, EIGRP, ISIS, OSPF, static routes, and RIPv2).
• IP troubleshooting tools such as ping and traceroute are VRF aware and require the name
of a specific VRF instance if testing in the default VRF instance is not desired.
• The routing-context vrf command can be executed in EXEC mode to change the routing
context to a non-default VRF instance. For example, typing routing-context vrf
management changes the routing context, so all VRF related commands are executed in
the management VRF as opposed to the default VRF.
• Network management–related services such as authentication, authorization and
accounting (AAA), Call Home, Domain Name System (DNS), FTP, HTTP, NetFlow
Network Time Protocol (NTP), RADIUS, Simple Network Management Protocol
(SNMP), SSH, syslog, TACACS+, Telnet, Trivial File Transfer Protocol (TFTP), and
XML are VRF aware.
NX-OS and Cisco IOS Software CLIs. Sample code is provided only to illustrate how to enable
VRF routing. The Cisco NX-OS CLI is simpler and more consistent since it allows multiple VRF
instances to be assigned to a single routing protocol instance, whereas Cisco IOS Software uses
different techniques depending on the routing protocol.

Creating a VRF
ip cef
vrf context vrf-1
ip vrf vrf-1
Assigning an Interface to a VRF
Learn Nexus Page 80

ip vrf forwarding vrf-1 vrf member vrf-1
Enabling BGP in a VRF
router bgp 10
router bgp 10
vrf vrf-1
address-family ipv4 vrf vrf-1
network 192.168.1.1/32
neighbor 192.168.10.2 activate
network 192.168.1.1 mask 255.255.255.255
exit-address-family
Enabling EIGRP in a VRF
router eigrp 10 interface Ethernet2/1
vrf member vrf-1

ip address 192.168.10.1/24
network 192.168.10.0
ip router eigrp 10
auto-summary
autonomous-system 10 router eigrp 10
exit-address-family! vrf vrf-1
Enabling ISIS in a VRF
vrf member vrf-1
ip vrf forwarding vrf-1
ip address 192.168.10.1/24
ip address 192.168.10.1 255.255.255.0
ip router isis 10
ip router isis 10
Learn Nexus Page 81

router isis 10
router isis 10 vrf vrf-1
vrf vrf-1 net 49.0001.0000.0001.00
net 49.0001.0000.0001.00
Enabling OSPF in a VRF
vrf member vrf-1
ip vrf forwarding vrf-1
ip address 192.168.10.1/24
ip address 192.168.10.1 255.255.255.0
ip router ospf 10
router ospf 10 vrf vrf-1
router ospf 10
network 192.168.10.0 0.0.0.255 area 0
vrf vrf-1
Enabling RIPv2 in a VRF
ip vrf forwarding vrf-1 interface Ethernet2/1
ip address 192.168.10.1 255.255.255.0 vrf member vrf-1
ip address 192.168.10.1/24
router rip
ip router rip 10
network 192.168.10.0 router rip 10
version 2 vrf vrf-1
exit-address-family
Configuring Static Routes in a VRF
ip route vrf vrf-1 192.168.2.0 255.255.255.0

vrf context vrf-1
192.168.10.2
Learn Nexus Page 82

ip route 192.168.2.0/24 192.168.10.2

VRF instances.
Cisco IOS Software

Cisco NX-OS VRF Command Description
VRF
show vrf show ip vrf Displays a list of all configured VRF instances
show vrf <name> show ip vrf <name> Displays a specific VRF instance
show vrf <name> show ip vrf detail
Displays details for a specific VRF instance
detail <name>
show vrf <name> Displays the interface assignment for a specific
-
interface VRF instance
Displays a summary of the default VRF
show vrf default -
instance
show vrf detail show ip vrf detail Displays details for all VRF instances
show vrf interface show ip vrf interface Displays VRF interface assignments
Displays a summary of the management VRF
show vrf management -
instance
- - -
show ip route vrf all - Displays routes for all VRF instances
show ip route vrf
- Displays routes for the default VRF instance
default
show ip route vrf Displays routes for the management VRF
-
management instance
show ip route vrf show ip route vrf
Displays routes for a specific VRF instance
<name> <name>
- - -
show ip arp vrf show ip arp vrf Displays Address Resolution Protocol (ARP)
<name> <name> entries for a specific VRF instance
Learn Nexus Page 83

- - -
show ip bgp vrf show ip bgp vpnv4 Displays BGP commands for a specific VRF
<name> vrf <name> instance
show ip eigrp vrf show ip eigrp vrf Displays EIGRP information for specific VRF
<name> <name> instance
show ip isis vrf Displays ISIS commands for a specific VRF
show isis <#>
<name> instance
show ip ospf vrf Displays OSPF information for a specific VRF
show ip ospf <#>
<name> instance
show ip rip vrf show ip rip database Displays RIP information for a specific VRF
<name> vrf <name> instance
show ip static-route Displays static routes for a specific VRF
-
vrf <name> instance
- - -
show forwarding vrf show ip cef vrf Displays FIB information for a specific VRF
<name> <name> (multiple sub-options)
- - -
show routing vrf - Displays a subset of the show vrf commands
show routing-context - Displays the current routing context
Learn Nexus Page 84

Learn Nexus

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Learn Nexus

Uploaded by

Copyright:

Available Formats

Learn Nexus

In Comparison with IOS

Learn Nexus Page 2

Important Cisco NX-OS and Cisco IOS Software Differences

Learn Nexus Page 3

Cisco IOS CLI Cisco NX-OS CLI

Entering Configuration Mode

c6500# configure terminal n7000# configure terminal

Saving the Running Config to the Startup Config (nvram)

c6500# write memory

or n7000# copy running-config startup-config

c6500# copy running-config startup-config

Erasing the startup config (nvram)

c6500# write erase n7000# write erase

Learn Nexus Page 4

Cisco IOS Software does not require a

Interface Naming Convention

interface Ethernet 1/1

interface FastEthernet 1/1

interface TenGigabitEthernet 1/1

Default VRF Configuration (management)

Cisco IOS Software doesn’t enable VRFs by

Configuring the Software Image Boot Variables

boot kickstart bootflash:/n7000-s1-

boot system bootflash:/n7000-s1-

boot system bootflash:/n7000-s1-

Cisco IOS Software does not have the

Enabling TELNET (SSHv2 is recommended)

Cisco IOS Software enables TELNET by

line vty 0 9 line vty

Learn Nexus Page 5

Verification Command Comparison

Cisco NX-OS Cisco IOS Software Command Description

Learn Nexus Page 6

Learn Nexus Page 7

Learn Nexus Page 8

Learn Nexus Page 9

Important Cisco NX-OS and Cisco IOS Software Differences

Things You Should Know

• An interface can only be configured in 1 VDC at a time.

Learn Nexus Page 10

Cisco IOS CLI Cisco NX-OS CLI

interface gigabitethernet 1/1 interface ethernet 1/1

ip address 192.168.1.1 255.255.255.0 ip address 192.168.1.1/24

Configuring a Switched Interface (VLAN 10)

interface gigabitethernet 1/1 interface ethernet 1/1

switchport mode access switchport mode access

switchport access vlan 10 switchport access vlan 10

Configuring a Switched Virtual Interface (SVI)

Cisco IOS Software does not have the ability

Configuring a Switched Trunk Interface

Learn Nexus Page 11

switchport interface ethernet 1/1

switchport trunk encapsulation dot1q switchport mode trunk

switchport trunk native vlan 2 switchport trunk allowed vlan 10,20

switchport trunk allowed vlan 10,20 switchport trunk native vlan 2

switchport mode trunk no shutdown

Configuring a Routed Trunk Sub-Interface

interface gigabitethernet 1/1

interface ethernet 1/1.10

interface loopback 1 interface loopback 1

ip address 192.168.1.1 255.255.255.255 ip address 192.168.1.1/32

Configuring a Tunnel Interface