Transcription
Cisco Nexus 4001I and 4005I SwitchModule for IBM BladeCenter NX-OSConfiguration GuideRelease 4.1(2)E1(1)October 2009Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comTel: 408 526-4000800 553-NETS (6387)Fax: 408 527-0883Text Part Number: OL-19953-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALLSTATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUTWARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THATSHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSEOR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s publicdomain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California.NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITHALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUTLIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OFDEALING, USAGE, OR TRADE PRACTICE.IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCOOR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco Pulse, Cisco StackPower,Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra,Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital,Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, and Flip Gift Card are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing theMeeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press,Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer,Fast Step, Follow Me Browsing, FormShare, GainMaker, GigaDrive, HomeLink, iLYNX, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LaserLink, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX,PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, TheFastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the UnitedStates and certain other countries.All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationshipbetween Cisco and any other company. (0908R)Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in thedocument are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.Cisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter NX-OS Configuration Guide 2009 Cisco Systems, Inc. All rights reserved.
S e n d f e e d b a ck t o n ex u s 4 K - d o c f e e d b a ck @ c i s c o . c o mCONTENTSPrefaceiAudienceiOrganizationiDocument ConventionsiiRelated Documentation1-iiObtaining Documentation and Submitting a Service RequestCHAPTER1Product Overview1-iii1-1Cisco NX-OS Software for the Cisco Nexus 4001I and 4005I Switch Module for IBM BladeCenterCommon Software Throughout the Data Center 1-2Modular Software Design 1-21-1Serviceability 1-2Switched Port Analyzer 1-2Ethanalyzer 1-2Call Home 1-2Online Diagnostics 1-3Manageability 1-3Simple Network Management Protocol 1-3Role-Based Access Control 1-3Cisco NX-OS Device Configuration Methods 1-3Traffic Routing, Forwarding, and ManagementEthernet Switching 1-4IP Multicast 1-4FCoE Initialization ProtocolQuality of Service1-41-41-4Network Security Features1-4Typical Deployment TopologySupported Standards1-61-6Configuration FundamentalsCHAPTER2Configuring the Switch2-1Image Files on the Switch2-1Cisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter NX-OS Configuration GuideOL-19953-01iii
ContentsS e n d f e e d b a ck t o n ex u s 4 K - d o c f e e d b a ck @ c i s c o . c o mStarting the Switch 2-2Booting Mechanism 2-2Console Settings 2-2Upgrading the Switch2-3Downgrading from a Higher Release2-6Initial Configuration 2-6Configuration Prerequisites 2-7Initial Setup 2-7Preparing to Configure the SwitchDefault Login 2-8Configuring the Switch 2-9Changing the Initial ConfigurationAccessing the Switch2-82-122-12Additional Switch Configuration 2-12Assigning a Switch Name 2-12Configuring Date, Time, and Time Zone 2-13Adjusting for Daylight Saving Time or Summer TimeNTP Configuration 2-15About NTP 2-15NTP Configuration GuidelinesConfiguring NTP 2-162-142-15Management Interface Configuration 2-17About the mgmt Interface 2-17Configuring the Management Interface 2-18Displaying Management Interface Configuration 2-19Shutting Down the Management Interface 2-19Managing the Switch Configuration 2-19Displaying the Switch Configuration 2-20Saving a Configuration 2-20Clearing a Configuration 2-20Using Switch File Systems 2-20Setting the Current Directory 2-21Displaying the Current Directory 2-21Listing the Files in a Directory 2-21Creating a Directory 2-22Deleting an Existing Directory 2-22Moving Files 2-22Copying Files 2-23Deleting Files 2-23Cisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter NX-OS Configuration GuideivOL-19953-01
ContentsS e n d f e e d b a ck t o n ex u s 4 K - d o c f e e d b a ck @ c i s c o . c o mDisplaying File Contents 2-23Saving Command Output to a File 2-23Compressing and Uncompressing Files 2-24CHAPTER3Using the Command-Line Interface3-1Accessing the Command Line Interface3-1Using the CLI 3-2Using CLI Command Modes 3-2CLI Command Hierarchy 3-3EXEC Mode Commands 3-4Configuration Mode Commands 3-5Using Commands 3-6Listing Commands and Syntax 3-6Entering Command Sequences 3-7Undoing or Reverting to Default Values or ConditionsUsing Keyboard Shortcuts 3-7Using CLI Variables 3-8User-Defined Persistent CLI VariablesUsing Command Aliases3-93-10Defining Command Aliases3-10Command Scripts 3-11Executing Commands Specified in a ScriptSetting the Delay Time 3-12CHAPTER4Managing Licenses3-114-1Licensing TerminologyLicensing Model3-74-14-2License Installation 4-2Obtaining a Factory-Installed License 4-3Performing a Manual Installation 4-3Obtaining the License Key FileInstalling the License Key FileBacking Up License Files4-34-44-5Identifying License Features in UseUninstalling LicensesGrace Period Alerts4-54-64-8License Transfers Between Switches4-8Cisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter NX-OS Configuration GuideOL-19953-01v
ContentsS e n d f e e d b a ck t o n ex u s 4 K - d o c f e e d b a ck @ c i s c o . c o mVerifying the License Configuration4-9LAN SwitchingCHAPTER5Configuring Ethernet Interfaces5-1Information About Ethernet Interfaces 5-1About the Interface Command 5-1About the Unidirectional Link Detection ParameterAbout Interface Speed 5-4About the Cisco Discovery Protocol 5-4About the Debounce Timer Parameters 5-4About MTU Configuration 5-55-2Configuring Ethernet Interfaces 5-5Configuring the UDLD Mode 5-5Configuring Interface Speed 5-6Configuring the Cisco Discovery Protocol 5-7Configuring the Debounce Timer 5-8Configuring the Description Parameter 5-9Disabling and Restarting Ethernet Interfaces 5-9Displaying Interface Information 5-10Default Physical Ethernet SettingsCHAPTER6Configuring VLANs5-136-1Information About VLANs 6-1Understanding VLANs 6-1Understanding VLAN Ranges 6-2Creating, Deleting, and Modifying VLANs6-3Configuring a VLAN 6-4Creating and Deleting a VLAN 6-4Entering the VLAN Submode and Configuring the VLANAdding Ports to a VLAN 6-6Verifying VLAN ConfigurationCHAPTER7Configuring Private VLANs6-56-67-1About Private VLANs 7-1Primary and Secondary VLANs in Private VLANs 7-2Understanding Private VLAN Ports 7-3Understanding Broadcast Traffic in Private VLANs 7-5Cisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter NX-OS Configuration GuideviOL-19953-01
ContentsS e n d f e e d b a ck t o n ex u s 4 K - d o c f e e d b a ck @ c i s c o . c o mUnderstanding Private VLAN Port Isolation7-5Configuring a Private VLAN 7-5Configuration Guidelines for Private VLANs 7-6Enabling Private VLANs 7-6Configuring a VLAN as a Private VLAN 7-7Associating Secondary VLANs with a Primary Private VLAN 7-7Configuring an Interface as a Private VLAN Host Port 7-8Configuring an Interface as a Private VLAN Promiscuous Port 7-9Verifying Private VLAN ConfigurationCHAPTER8Configuring Rapid PVST 7-108-1Information About Rapid PVST 8-1Understanding STP 8-2Understanding Rapid PVST 8-6Rapid PVST and IEEE 802.1Q Trunks 8-16Rapid PVST Interoperation with Legacy 802.1D STPRapid PVST Interoperation with 802.1s MST 8-178-16Configuring Rapid PVST 8-17Enabling Rapid PVST 8-17Enabling Rapid PVST per VLAN 8-18Configuring the Root Bridge ID 8-19Configuring a Secondary Root Bridge 8-20Configuring the Rapid PVST Port Priority 8-21Configuring the Rapid PVST Pathcost Method and Port Cost 8-21Configuring the Rapid PVST Bridge Priority of a VLAN 8-22Configuring the Rapid PVST Hello Time for a VLAN 8-23Configuring the Rapid PVST Forward Delay Time for a VLAN 8-23Configuring the Rapid PVST Maximum Age Time for a VLAN 8-23Specifying the Link Type 8-24Restarting the Protocol 8-25Verifying Rapid PVST ConfigurationsCHAPTER9Configuring MST8-259-1Information About MST 9-1MST Overview 9-2MST Regions 9-2MST BPDUs 9-3MST Configuration InformationIST, CIST, and CST 9-49-3Cisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter NX-OS Configuration GuideOL-19953-01vii
ContentsS e n d f e e d b a ck t o n ex u s 4 K - d o c f e e d b a ck @ c i s c o . c o mHop Count 9-7Boundary Ports 9-7Detecting Unidirectional Link Failure 9-8Port Cost and Port Priority 9-8Interoperability with IEEE 802.1D 9-9Interoperability with Rapid PVST : Understanding PVST Simulation9-9Configuring MST 9-9MST Configuration Guidelines 9-10Enabling MST 9-10Entering MST Configuration Mode 9-11Specifying the MST Name 9-12Specifying the MST Configuration Revision Number 9-13Specifying the Configuration on an MST Region 9-13Mapping and Unmapping VLANs to MST Instances 9-15Mapping Secondary VLANs to Same MSTI as Primary VLANs for Private VLANsConfiguring the Root Bridge 9-16Configuring a Secondary Root Bridge 9-17Configuring the Port Priority 9-18Configuring the Port Cost 9-19Configuring the Switch Priority 9-20Configuring the Hello Time 9-21Configuring the Forwarding-Delay Time 9-22Configuring the Maximum-Aging Time 9-22Configuring the Maximum-Hop Count 9-22Configuring PVST Simulation Globally 9-23Configuring PVST Simulation Per Port 9-23Specifying the Link Type 9-24Restarting the Protocol 9-25Verifying MST ConfigurationsCHAPTER10Configuring STP Extensions9-169-2510-1Information About STP Extensions 10-1Understanding STP Port Types 10-2Understanding Bridge Assurance 10-2Understanding BPDU Guard 10-3Understanding BPDU Filtering 10-3Understanding Loop Guard 10-4Understanding Root Guard 10-5Configuring STP Extensions10-5Cisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter NX-OS Configuration GuideviiiOL-19953-01
ContentsS e n d f e e d b a ck t o n ex u s 4 K - d o c f e e d b a ck @ c i s c o . c o mSTP Extensions Configuration Guidelines 10-5Configuring Spanning Tree Port Types Globally 10-6Configuring Spanning Tree Edge Ports on Specified Interfaces 10-7Configuring Spanning Tree Network Ports on Specified Interfaces 10-7Enabling BPDU Guard Globally 10-8Enabling BPDU Guard on Specified Interfaces 10-9Enabling BPDU Filtering Globally 10-10Enabling BPDU Filtering on Specified Interfaces 10-10Enabling Loop Guard Globally 10-11Enabling Loop Guard or Root Guard on Specified Interfaces 10-12Verifying STP Extension ConfigurationCHAPTER11Configuring EtherChannels10-1311-1Information About EtherChannels 11-1Understanding EtherChannels 11-2Compatibility Requirements 11-2Load Balancing Using EtherChannelsUnderstanding LACP 11-411-3Configuring EtherChannels 11-7Creating an EtherChannel 11-7Adding a Port to an EtherChannel 11-8Configuring Load Balancing Using EtherChannels 11-9Enabling LACP 11-10Configuring Port-Channel Port Modes 11-10Configuring the LACP System Priority and System ID 11-11Configuring the LACP Port Priority 11-11Verifying Port-Channel ConfigurationCHAPTER1211-12Configuring Access and Trunk Interfaces12-1Information About Access and Trunk Interfaces 12-1Understanding Access and Trunk Interfaces 12-1Understanding IEEE 802.1Q Encapsulation 12-2Understanding Access VLANs 12-3Understanding the Native VLAN ID for Trunk PortsUnderstanding Allowed VLANs 12-412-3Configuring Access and Trunk Interfaces 12-4Configuring a LAN Interface as an Ethernet Access PortConfiguring Access Host Ports 12-5Configuring Trunk Ports 12-612-4Cisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter NX-OS Configuration GuideOL-19953-01ix
ContentsS e n d f e e d b a ck t o n ex u s 4 K - d o c f e e d b a ck @ c i s c o . c o mConfiguring the Native VLAN for 802.1Q Trunking Ports 12-7Configuring the Allowed VLANs for Trunking Ports 12-7Verifying Interface ConfigurationCHAPTER1312-8Configuring the MAC Address TableInformation About MAC Addresses13-113-1Configuring MAC Addresses 13-1Configuring a Static MAC Address 13-2Configuring the Aging Time for the MAC Table 13-2Clearing Dynamic Addresses from the MAC Table 13-3Verifying the MAC Address ConfigurationCHAPTER14Configuring IGMP Snooping13-314-1Information About IGMP Snooping 14-1IGMPv1 and IGMPv2 14-2IGMPv3 14-3IGMP Snooping Querier 14-3IGMP Forwarding 14-3CHAPTER15Configuring IGMP Snooping Parameters14-4Verifying IGMP Snooping Configuration14-6Configuring Traffic Storm Control15-1Information About Traffic Storm ControlGuidelines and Limitations15-115-2Configuring Traffic Storm Control15-3Verifying Traffic Storm Control ConfigurationDisplaying Traffic Storm Control CountersTraffic Storm Control Example ConfigurationDefault SettingsCHAPTER1615-315-315-415-4Configuring Link-State Tracking16-1Understanding Link-State Tracking16-1Configuring Link-State Tracking 16-3Default Link-State Tracking Configuration 16-3Link-State Tracking Configuration Guidelines 16-3Configuring Link-State Tracking 16-3Displaying Link-State Tracking Status 16-4Cisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter NX-OS Configuration GuidexOL-19953-01
ContentsS e n d f e e d b a ck t o n ex u s 4 K - d o c f e e d b a ck @ c i s c o . c o mSwitch Security FeaturesCHAPTER17Configuring AAA17-1Information About AAA 17-1AAA Security Services 17-1Benefits of Using AAA 17-2Remote AAA Services 17-2AAA Server Groups 17-3AAA Service Configuration Options 17-3Authentication and Authorization Process for User LoginPrerequisites for Remote AAA17-417-5AAA Guidelines and Limitations17-6Configuring AAA 17-6Configuring Console Login Authentication Methods 17-6Configuring Default Login Authentication Methods 17-7Enabling Login Authentication Failure Messages 17-8Enabling MS-CHAP Authentication 17-9Configuring AAA Accounting Default Methods 17-9Using AAA Server VSAs with the Switch 17-10Displaying and Clearing the Local AAA Accounting LogVerifying AAA Configuration17-12Example AAA Configuration17-12Default SettingsCHAPTER18Configuring RADIUS17-1217-1218-1Information About RADIUS 18-1RADIUS Network Environments 18-1RADIUS Operation 18-2RADIUS Server Monitoring 18-3Vendor-Specific Attributes 18-3Prerequisites for RADIUSGuidelines and Limitations18-418-4Configuring RADIUS Servers 18-4Configuring RADIUS Server Hosts 18-5Configuring Global Preshared Keys 18-6Configuring RADIUS Server Preshared Keys 18-6Configuring RADIUS Server Groups 18-7Allowing Users to Specify a RADIUS Server at Login18-8Cisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter NX-OS Configuration GuideOL-19953-01xi
ContentsS e n d f e e d b a ck t o n ex u s 4 K - d o c f e e d b a ck @ c i s c o . c o mConfiguring the Global RADIUS Transmission Retry Count and Timeout Interval 18-9Configuring the RADIUS Transmission Retry Count and Timeout Interval for a Server 18-9Configuring Accounting and Authentication Attributes for RADIUS Servers 18-10Configuring Periodic RADIUS Server Monitoring 18-11Configuring the Dead-Time Interval 18-12Manually Monitoring RADIUS Servers or Groups 18-13Verifying RADIUS Configuration18-13Displaying RADIUS Server StatisticsExample RADIUS ConfigurationDefault SettingsCHAPTER1918-1318-1418-14Configuring TACACS 19-1Information About TACACS 19-1TACACS Advantages 19-2User Login with TACACS 19-2Default TACACS Server Encryption Type and Preshared KeyTACACS Server Monitoring 19-3Prerequisites for TACACS 19-3Guidelines and Limitations19-419-3Configuring TACACS 19-4TACACS Server Configuration Process 19-4Enabling TACACS 19-5Configuring TACACS Server Hosts 19-5Configuring Global Preshared Keys 19-6Configuring TACACS Server Preshared Keys 19-7Configuring TACACS Server Groups 19-7Specifying a TACACS Server at Login 19-8Configuring the Global TACACS Timeout Interval 19-9Configuring the Timeout Interval for a Server 19-9Configuring TCP Ports 19-10Configuring Periodic TACACS Server Monitoring 19-11Configuring the Dead-Time Interval 19-12Manually Monitoring TACACS Servers or Groups 19-12Disabling TACACS 19-12Displaying TACACS Statistics19-13Verifying TACACS Configuration19-13Example TACACS Configuration19-13Default Settings19-14Cisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter NX-OS Configuration GuidexiiOL-19953-01
ContentsS e n d f e e d b a ck t o n ex u s 4 K - d o c f e e d b a ck @ c i s c o . c o mCHAPTER20Configuring SSH and Telnet20-1Information About SSH and TelnetSSH Server 20-1SSH Client 20-2SSH Server Keys 20-2Telnet Server 20-2Prerequisites for SSH20-120-2Guidelines and Limitations20-2Configuring SSH 20-3Generating SSH Server Keys 20-3Specifying the SSH Public Keys for User AccountsStarting SSH Sessions to Remote Devices 20-5Clearing SSH Hosts 20-6Disabling the SSH Server 20-6Deleting SSH Server Keys 20-6Clearing SSH Sessions 20-7Configuring Telnet 20-7Enabling the Telnet Server 20-7Starting Telnet Sessions to Remote DevicesClearing Telnet Sessions 20-8Verifying the SSH and Telnet ConfigurationSSH Example ConfigurationDefault SettingsCHAPTER21Configuring ACLs20-320-720-820-920-921-1Information About ACLs 21-1IP ACL Types and ApplicationsRules 21-221-1Configuring IPv4 ACLs 21-4Creating an IPv4 ACL 21-5Changing an IP ACL 21-5Removing an IP ACL 21-6Changing Sequence Numbers in an IP ACL 21-7Applying an IP ACL as a Port ACL 21-7Applying an IP ACL as a VACL 21-8Verifying IP ACL Configurations 21-8Displaying and Clearing IP ACL Statistics 21-9Configuring MAC ACLs21-9Cisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter NX-OS Configuration GuideOL-19953-01xiii
ContentsS e n d f e e d b a ck t o n ex u s 4 K - d o c f e e d b a ck @ c i s c o . c o mCreating a MAC ACL 21-10Changing a MAC ACL 21-10Removing a MAC ACL 21-11Changing Sequence Numbers in a MAC ACLApplying a MAC ACL as a Port ACL 21-12Applying a MAC ACL as a VACL 21-13Verifying MAC ACL Configurations 21-13Displaying and Clearing MAC ACL Statistics21-1221-13Information About VLAN ACLs 21-14VACLs and Access Maps 21-14VACLs and Actions 21-14Statistics 21-15Configuring VACLs 21-15Creating or Changing a VACL 21-15Removing a VACL 21-16Applying a VACL to a VLAN 21-16Verifying VACL Configuration 21-17Displaying and Clearing VACL StatisticsDefault Settings21-1721-18System ManagementCHAPTER22Configuring User Accounts and RBAC22-1Information About User Accounts and RBAC 22-1About User Accounts 22-1Characteristics of Strong Passwords 22-2About User Roles 22-2About Rules 22-3About User Role Policies 22-3Guidelines and Limitations22-3Configuring User Accounts22-4Configuring RBAC 22-5Creating User Roles and Rules 22-5Creating Feature Groups 22-7Changing User Role Interface Policies 22-7Changing User Role VLAN Policies 22-8Verifying User Accounts and RBAC Configuration22-8Example User Accounts and RBAC Configuration22-9Cisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter NX-OS Configuration GuidexivOL-19953-01
ContentsS e n d f e e d b a ck t o n ex u s 4 K - d o c f e e d b a ck @ c i s c o . c o mDefault SettingsCHAPTER2322-9Configuring Session Manager23-1Information About Session Manager23-1Configuration Guidelines and Limitations23-1Configuring Session Manager 23-2Creating a Session 23-2Configuring ACLs in a Session 23-2Verifying a Session 23-3Committing a Session 23-3Saving a Session 23-3Discarding a Session 23-3Session Manager Example ConfigurationVerifying Session Manager ConfigurationCHAPTER24Configuring Online DiagnosticsOn-Board Failure Logging 24-7About OBFL 24-7Configuring OBFL for the SwitchDisplaying OBFL Logs 24-9Default Settings 24-925Configuring Call Home23-424-1Online Health Management System 24-1System Health Initiation 24-2Loopback Test Configuration FrequencyHardware Failure Action 24-2Test Run Requirements 24-3Tests for a Specified Module 24-3Clearing Previous Error Reports 24-4Interpreting the Current Status 24-4Displaying System Health 24-5CHAPTER23-324-224-825-1Information About Call Home 25-1Call Home Overview 25-1Destination Profiles 25-2Call Home Alert Groups 25-2Call Home Message Levels 25-4Obtaining Smart Call Home 25-4Cisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter NX-OS Configuration GuideOL-19953-01xv
ContentsS e n d f e e d b a ck t o n ex u s 4 K - d o c f e e d b a ck @ c i s c o . c o mPrerequisites for Call Home25-5Configuration Guidelines and Limitations25-5Configuring Call Home 25-5Guidelines for Configuring Call Home 25-6Configuring Contact Information 25-6Creating a Destination Profile 25-8Modifying a Destination Profile 25-8Associating an Alert Group with a Destination ProfileAdding show Commands to an Alert Group 25-10Configuring E-Mail 25-10Configuring Periodic Inventory Notification 25-11Disabling Duplicate Message Throttle 25-12Enabling or Disabling Call Home 25-12Testing Call Home Communications 25-12Verifying Call Home Configuration25-13Call Home Example Configuration25-13Default Settings25-925-13Additional References 25-14Message Formats 25-14Sample Test Inventory Alert Notification in Full-Text Format 25-17Sample Test Inventory Alert Notification in XML Format 25-19CHAPTER26Configuring System Message Logging26-1Information About System Message Loggingsyslog Servers 26-226-1Configuring System Message Logging 26-2Configuring System Message Logging to Terminal SessionsConfiguring System Message Logging to a File 26-3Configuring Module and Facility Messages Logged 26-4Configuring syslog Servers 26-5Displaying and Clearing Log Files 26-7CHAPTER27Verifying System Message Logging Configuration26-7System Message Logging Example Configuration26-8Default Settings26-8Configuring SNMP27-1Information About SNMP 27-1SNMP Functional Overview26-227-1Cisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter NX-OS Configuration GuidexviOL-19953-01
ContentsS e n d f e e d b a ck t o n ex u s 4 K - d o c f e e d b a ck @ c i s c o . c o mSNMP NotificationsSNMPv3 27-227-2Configuration Guidelines and Limitations27-5Configuring SNMP 27-5Configuring SNMP Users 27-5Enforcing SNMP Message Encryption 27-5Assigning SNMPv3 Users to Multiple Roles 27-6Creating SNMP Communities 27-6Configuring SNMP Notification Receivers 27-6Configuring the Notification Target User 27-7Enabling SNMP Notifications 27-8Configuring linkUp/linkDown Notifications 27-9Disabling Up/ Down Notifications on an Interface 27-10Enabling One-Time Authentication for SNMP over TCP 27-10Assigning SNMP Switch Contact and Location Information 27-10Verifying SNMP Configuration27-11SNMP Example Configuration27-11Default SettingsCHAPTER28Configuring RMON27-1128-1Information About RMON 28-1RMON Alarms 28-1RMON Events 28-2Configuration Guidelines and Limitations28-2Configuring RMON 28-2Configuring RMON Alarms 28-3Configuring RMON Events 28-3Verifying RMON Configuration28-4RMON Example Configuration28-4Default Settings28-4FIP SnoopingCHAPTER29Configuring FCoE Initialization Protocol SnoopingInformation About FCoE 29-1FCoE Overview 29-1Understanding FIP SnoopingFCoE Connectivity 29-429-129-2Cisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter NX-OS Configuration GuideOL-19953-01xvii
ContentsS e n d f e e d b a ck t o n ex u s 4 K - d o c f e e d b a ck @ c i s c o . c o mConfiguring FIP Snooping 29-5Enabling DCBXP and LLDP 29-6Configuring QoS 29-7Enabling FIP Snooping Feature 29-7Configuring VLAN 29-7Configuring VLAN and FC-MAP 29-8Configuring Port Identification 29-8Verifying FIP Snooping Configuration29-9Quality of ServiceCHAPTER30Configuring Quality of Service30-1Information About QoS Features30-2Policy Types 30-3Type network-qos 30-3Type queuing 30-3Type qos 30-4Link-Level Flow ControlPriority Flow ControlMTU30-530-530-5Trust Boundaries30-6Ingress Classification PoliciesEgress Queuing Policies30-630-6System-Defined Network QoS ObjectsQoS for Traffic Directed to the CPU30-730-8Configuration Guidelines and Limitations30-8Configuring PFC and LLC 30-8Configuring Priority Flow Control 30-9Configuring IEEE 802.3x Link-Level Flow Control30-9Configuring System Class Maps 30-10Configuring ACL Classification 30-11Configuring CoS Classification 30-11Configuring Policy Maps 30-12Configuring Type Network QoS Policies 30-14Configuring Type Queuing Policies 30-15Configuring Type QoS Policies 30-16Attaching System Service Policy30-17Cisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter NX-OS Configuration GuidexviiiOL-19953-01
ContentsS e n d f e e d b a ck t o n ex u s 4 K - d o c f e e d b a ck @ c i s c o . c o mRestoring the Default System Service PoliciesEnabling Jumbo MTU30-1730-19Configuring QoS on Interface Policy30-19QoS Configuration Examples 30-20Using Access Control List to Ethernet Traffic Configuration ExampleUsing Queuing for Bandwidth Configuration Example 30-21Setting MTU with Network QoS Example 30-21Priority Configuration Example 30-22Shaping Configuration Example 30-2230-20Verifying QoS Configuration 30-22Verifying Jumbo MTU 30-27IBM BladeCenter-Specific FeaturesCHAPTER31SoL Features and Concepts and Configuring CIN31-1Information About Serial over LAN Management VLAN31-1Configuration Restrictions 31-3CIN VLAN Configuration 31-3Verifying CIN VLAN Configuration 31-5Displaying the CIN VLAN Association 31-5Viewing SoL and CIN Traffic Counters 31-6CHAPTER32Configuring Protected ModeAbout Protected Mode32-1Configuring Protected ModeVerifying Protected ModeCHAPTER33Wake on LAN figuring SPAN34-1SPAN Sources 34-1Characteristics of Source Ports34-1SPAN Destinations 34-2Characteristics of Destination PortsConfiguring SPAN34-234-2Cisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter NX-OS Configuration GuideOL-19953-01xix
ContentsS e n d f e e d b a ck t o n ex u s 4 K - d o c f e e d b a ck @ c i s c o . c o mCreating and Deleting a SPAN Session 34-2Configuring the Destination Port 34-3Configuring Source Ports 34-4Configuring Source Port Channels or VLANs 34-4Configuring the Description of a SPAN Session 34-5Suspending or Activating a SPAN Session 34-5Displaying SPAN Information 34-5CHAPTER35Troubleshooting35-1Recovering a Lost Password 35-1Using the CLI with Network-Admin PrivilegesPower Cycling the Switch 35-2Using Ethanalyzer35-3show tech-support Command 35-5show tech-support brief Command 35-8show tech-support platform Command 35-9show tech-support platform callhome CommandCHAPTER36Configuration Limits35-135-936-1INDEXCisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter NX-OS Configuration GuidexxOL-19953-01
Se n d f e e d b a ck t o n x 4 0 0 0 - d o c f e e d b a ck @ c i s c o . c o mPrefaceThis preface describes the audience, organization, and conventions of the Cisco Nexus 4001I and 4005ISwitch Module for IBM BladeCenter NX-OS Configuration Guide. It also provides information on howto obtain related documentation.AudienceThis guide is for experienced network administrators who are responsible for configuring andmaintaining the Cisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter.OrganizationThis guide is organized as follows:ChapterTitleDescriptionChapter 1Product OverviewPresents an overview of the Cisco Nexus 4001Iand 4005I Switch Module for IBMBladeCenter.Part 1Configuration FundamentalsContains chapters on using the CLI and initialswitch configuration.Part 2LAN SwitchingContains chapters on how to configure Ethernetinterfaces, VLANs, STP, Port Channels,trunks, the MAC address table, and IGMPsnooping.Part 3Switch Security FeaturesContains chapters on how to configure AAA,Radius,
CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco Pulse, Cisco StackPower, . Cisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter NX-OS Configuration Guide OL-19953-01 Hop Count 9-7
