Nexus_7000 product detail for mantaincing and oprating

© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Presentation_ID 1
Nexus 7000
NX-OS:用于数据中心
的操作系统

Presentation_ID 2
目录
 基本概述
 初步启动系统验证
 命令行界面（CLI）概述
 接口配置
 2层交换和生成树配置
 路由协议配置
 FHRP配置
 验证IP转发
 安全协议配置
 系统管理协议配置
 疑难解答工具

Presentation_ID 3
Nexus 产品线概述
数据中心方面
VM 1 VM 2 VM 3
VM 1 VM 2 VM 3
• 高可用性
• 高性能(10GE)
• 40/100 GE Ready
• 统一的IO/DCB (Future)
• 高性能
• 小体形
• 统一的 IO/DCB (FCoE)
• 虚拟交换机(FEX)
• IBM 刀片交换机
• 10 GE连通性
• 统一的IO/DCB (FCoE)
• 远程连接卡(FEX)
• 连接到Nexus 5000
• 1GE to 10GE过渡
• 简化的Mgmt
• 虚拟交换机
• VMWare综合应用
• NX-OS奇偶特征
• 简化Mgmt

Presentation_ID 4
Typical Nexus 7000 部署
万兆以太网
Nexus 7000 端到端

Presentation_ID 5
基本概述
 Nexus 7010 (10-槽) 概述
 Nexus 7018 (18-槽) 概述
 管理引擎
 以太网模块
 交换矩阵
 电源

Presentation_ID 6
Nexus 7010 - 10 槽概述
 Nexus系列之一
 针对数据中心做优化
 高密度
多达256个万兆接口，384 1G的接口
 高性能
高达1.4 Tbps的系统总带宽
高达80 Gbps的每插槽带宽
每插槽高达60 Mpps的吞吐量
高达480 Mpps的系统总吞吐量
 未来可实现
高达4.1 Tbps的系统带宽（每槽230G）的初始功
能模块
可扩展到8 + Tbps的系统带宽（500 + G每槽）
 由前至后气流
 所有组件冗余并支持热插拔
 用于综合布线的专用组建
 21 U

Presentation_ID 7
Nexus 7010 –正面和背面视图
进气口（前/底）
线卡插槽(8)
管理引擎(2)
风扇过滤器（可选）
模块顶掣
系统状态LEDs
线缆盖
出风口（后/顶）
交换矩阵（最多5）
电源（最多3）
矩阵风扇
模块顶掣
系统风扇

Presentation_ID 8
Nexus 7018 - 18 槽概述
 Nexus系列二
 针对数据中心环境做优化
 最高密度
多达512个万兆接口，768 1G的接口
 高性能
高达2.8 Tbps的系统总带宽
高达80 Gbps的每插槽带宽
每插槽高达60 Mpps的吞吐量
高达960 Mpps的系统总吞吐量
 未来可支持的
高达8.2 Tbps的系统带宽（每槽230克）的功能模
块
可扩展到16 + Tbps的系统带宽
 侧侧气流
 所有组件冗余并支持热插拔
 25U

Presentation_ID 9
Nexus 7018 –正面和背面视图
线卡插槽 (1-8)
线卡插槽 (11-18)
管理引擎 (9-10)
系统状态LEDs
交换矩阵（最多5）
电源（最多4个）
系统风扇托盘
电源进气
线卡散热孔
电源排气

Presentation_ID 10
设备尺寸和重量
描述重量
Nexus 7010 (空) 200 磅
Nexus 7010 (满载) 500 磅
Nexus 7018 (空) 187 磅
Nexus 7018 (满载) 684 磅
17.3 in 17.3 in
21 RU 25 RU
36.5 in
33.1 in
43.5 in
33.1 in

Presentation_ID 11
模块顶杠杆
 管理引擎
 交换矩阵
 以太网
模块包含驱动杠杆，不仅帮助协调和安装模块，而且具有开关模块的功能
。如果两个模块同时按下，自动关闭模块的供电。
支持杠杆的模块:
验证:
n7000# show module 1
Mod Ports Module-Type Model Status
--- ----- -------------------------------- ------------------ ------------
1 32 10 Gbps Ethernet Module N7K-M132XP-12 ok
<Text Omitted>
Chassis Ejector Support: Enabled
Ejector Status:
Top ejector CLOSE, Bottom ejector CLOSE, Module HW does support ejector based shutdown.

Presentation_ID 12
管理模块
 双核心Intel Xeon处理器
 4 GB的内存
 2 GB的闪存（8 GB的日志和2 GB的扩展）
 2 MB NVRAM
 1 10/100/1000自适应以太网口
 1控制端口和辅助端口
 1 CMP 10/100/1000 以太网口
 3 USB 口 (2 host – 1 device)
管理引擎 I
前面板
控制口
辅助口
以太口 CMP 口
USB device口
USB host口
Reset 按钮
状态灯 Log & Exp. Flash

Presentation_ID 13
管理引擎连接方式
Sup 1
Sup 2
IP Address A (Shared IP) IP Address B
IP Address C
IP Network
IP Network
RS-232
Terminal Server
“Active” 状态内带外以太网端口
内带外管理选项
Note: The chassis can be managed in-band using IPv4 or IPv6 (Loopback’s, SVI’s, Physical Interfaces)
“mgmt 0”端口在自
己的VRF中 (管理)

Presentation_ID 14
以太网模块
 32个万兆以太网端口(SFP+ Optics)
 80个千兆光纤连接
 60 Mpps的IPv4转发
 128K MAC, 128K FIB, 512K NetFlow
 QoS Queues (RX:8q2t) (TX:1p7q4t)
 巨型帧(9216)
 48个10/100/1000 M端口（双绞线）
 巨型帧(9216)
48端口10/100/1000（双绞线）模块
32端口万兆以太网模块
 48 个G口(光口)
 巨型帧(9216)
48口千兆光模块

Presentation_ID 15
交换矩阵
 每机箱最多5个模块
 5模块提供230Gbps的I/O插槽
 46Gbps的I/O插槽每模块
 全矩阵模块均分负载
 热插拔 (非破坏性的)
交换矩阵I
 每个功能模块都带来带宽的增加
 1G模块需要2块交换矩阵做N+1冗余
 10G模块需要3块交换矩阵做N+1冗余
 第四五块 provide additional level of redundancy
 未来将利用额外的模块结构带宽
 Fabric failure results in reduction of overall system bandwidth
交换矩阵能力和冗余
Nexus 7010 Fabric module

Presentation_ID 16
用于光纤连接的2个I / O模块
46 Gbps
138 Gbps
184 Gbps
230 Gbps
92 Gbps
230
230
46
46
46
46
46
46
46
46
46
46
48 Port 1GE SFP
32 Port 10GE SFP+
Requires
43Gbps
Requires
80Gbps
Fabric 1
Fabric 2
Fabric 3
Fabric 4
Fabric 5

Presentation_ID 17
电源
通用的普通电源!
双20安培电路（110伏及220伏）
 IEC C19 电缆 (16A)
 10 电缆可用(见数据表)
双30安培电路（110伏及220伏）
综合12'电缆（24A）
 IEC 60309 or NEDA L6-30 Plug
7010所需的最大功率 = ~9Kw - 7018 = ~15Kw

Presentation_ID 18
电源输入/输出功率
输入源输入电压输出功率
单 110v 1200w
单 220v 3000w
双 110v 2400w
双 220v 6000w
双 110v & 220v 4200w
7,500瓦电源
6000瓦电源
输入源输入电压输出功率
单 110v 1800w
单 220v 3750w
双 110v 3600w
双 220v 7500w
双 110v & 220v 5500w

Presentation_ID 19
每个组件需要的功率
组件最大功率一般功率
10插槽风扇架 1680w 300w
18插槽风扇架 1273w 569w
10槽光纤模块 60w 55w
18槽光纤模块 100w 90w
管理引擎 210w 190w
32口万兆以太网模块 750w 611w
48口10/100/1000M模块 400w 358w
48口SFP模块 400w 358w
7010 需要2400w 启动
7018 需要2193w 启动
电源需求:
下表列出了一般情况下的最大功率和每个组件需要的功率。在一般的
情况下，组件用不到最大功率。

Presentation_ID 20
电源冗余模式综述
全冗余
N+1 冗余
GRID 冗余
组合型
没有冗余!
Can Lose 1 PS
Can Lose 1 PS
or 1 GRID
Can Lose 1 GRID
X
X
X
X
可用功率= ~9Kw
可用功率= ~12Kw
备用功率= ~6Kw
可用功率= ~18Kw
备用功率= 0Kw
可用功率= ~9Kw
备用功率= ~9Kw
备用功率= ~9Kw
(6x 220v = 18Kw)
(6x 220v = 18Kw)
用于Nexus 7010的6Kw电源
默认状态
(6x 220v = 18Kw)
(6x 220v = 18Kw)

Presentation_ID 21
通用的 7010/7018 基本零件
• 管理引擎
• I/O模块（以太网）
•电源（两种模式）

Presentation_ID 22
系统验证
配置
 NX-OS版本综述
 I/O模块、功能模块和风扇状态
 可编程逻辑器件和BIOS版本
 功率预算和环境温度监测
 管理冗余和替换

Presentation_ID 23
验证软件版本
n7000# show version
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2008, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
Software
BIOS: version 3.15.0
loader: version N/A
kickstart: version 4.0(1)
system: version 4.0(1)
BIOS compile time: 03/04/08
kickstart image file is: bootflash:/n7000-s1-kickstart.4.0.1.bin
kickstart compile time: 3/6/2008 2:00:00 [04/02/2008 08:12:57]
system image file is: bootflash:/n7000-s1-dk9.4.0.1.bin
system compile time: 3/6/2008 2:00:00 [04/02/2008 08:58:14]
Hardware
cisco Nexus7000 C7010 (10 Slot) Chassis ("Supervisor module-1X")
Intel(R) Xeon(R) CPU with 4129620 kB of memory.
Processor Board ID JAB114000CC
Device name: n7000
bootflash: 2030616 kB
slot0: 0 kB (expansion flash)
Kernel uptime is 0 day(s), 15 hour(s), 9 minute(s), 39 second(s)
<Text Omitted>
文件位置
系统版本
Bootflash (Size)
扩展flash – 不存在
系统内存(KB)
NX-OS software
使用show version命令以获取软件/硬件的信息。
系统正常运行时间

Presentation_ID 24
验证模块状态
n7000# show module
Mod Ports Module-Type Model Status
--- ----- -------------------------------- ------------------ ------------
1 48 10/100/1000 Mbps Ethernet Module N7K-M148GT-11 ok
2 48 10/100/1000 Mbps Ethernet Module N7K-M148GT-11 ok
5 0 Supervisor module-1X N7K-SUP1 active *
6 0 Supervisor module-1X N7K-SUP1 ha-standby
Mod Sw Hw World-Wide-Name(s) (WWN)
--- -------------- ------ --------------------------------------------------
1 4.0(1) 0.902 --
2 4.0(1) 0.902 --
3 4.0(1) 0.504 --
4 4.0(1) 0.504 --
5 4.0(1) 0.801 --
6 4.0(1) 0.801 --
Mod MAC-Address(es) Serial-Num
--- -------------------------------------- ----------
1 00-1b-54-c1-00-38 to 00-1b-54-c1-00-6c JAB114100WE
2 00-1b-54-c0-fe-cc to 00-1b-54-c0-ff-00 JAB114100WK
3 00-1b-54-c1-0b-cc to 00-1b-54-c1-0b-f0 JAB114602F7
4 00-1b-54-c1-0a-64 to 00-1b-54-c1-0a-88 JAB114602FD
5 00-1b-54-c0-fe-b8 to 00-1b-54-c0-fe-c0 JAB114000CC
6 00-1b-54-c0-ff-18 to 00-1b-54-c0-ff-20 JAB114000R1
* this terminal session
模块状态
其他状态:
powered-dn
powered-up
pwr-cycld
pwr-denied
testing
initializing
模块类型和模式#
模块 #
#每个模块的端口
使用show module的命令，以确定每个模块状态.
在Sup-1上的当前用户终端会话
n7000# reload module 1
n7000(config)# poweroff module 1
“重启” 或 “关闭” 模块
Powering down Modules:

Presentation_ID 25
验证模块“正常运行时间”
n7000# show module uptime
------ Module 1 -----
Module Start Time: Fri Dec 12 07:05:33 2008
Up Time: 6 days, 17 hours, 31 minutes, 8 seconds
------ Module 2 -----
Module Start Time: Sun Nov 9 00:58:28 2008
------ Module 3 -----
Module Start Time: Fri Dec 12 06:21:38 2008
------ Module 5 -----
Module Start Time: Tue Nov 11 01:04:46 2008
------ Module 6 -----
Module Start Time: Tue Nov 11 01:34:10 2008
------ Xbar 1 -----
Xbar Start Time: Sun Nov 9 00:55:57 2008
------ Xbar 2 -----
------ Xbar 3 -----
使用show module uptime命令，以确定每个模块已开始运作多久。
32端口万兆以太网模块
管理引擎
交换矩阵

Presentation_ID 26
验证功能模块状态
n7000# show module fabric
Xbar Ports Module-Type Model Status
--- ----- -------------------------------- ------------------ ------------
1 0 Xbar N7K-C7010-FAB-1 ok
Xbar Sw Hw World-Wide-Name(s) (WWN)
--- -------------- ------ --------------------------------------------------
1 NA 0.404 --
2 NA 0.404 --
3 NA 0.404 --
Xbar MAC-Address(es) Serial-Num
--- -------------------------------------- ----------
1 NA JAB114700X6
2 NA JAB114700WQ
3 NA JAB114700WZ
模块状态
插槽 #
使用show module fabric命令以确定每个功能模块的状态
Note: Only 3 out of 5 功能模块 are present

Presentation_ID 27
验证模块的使用情况
Use the show hardware fabric-utilization命令来查看当前模块的使用情
况。
n7000# show hardware fabric-utilization
-----------------------------
Slot Direction Utilization
-----------------------------
1 ingress 0%
1 egress 0%
2 ingress 0%
2 egress 0%
5 ingress 0%
5 egress 0%
-----------------------------
每个模块入口/出口利用的百分比
n7000# show hardware fabric-utilization detail module 1
----------------------------------------------------------------------
Fabric Planes:
A -- Unicast fabric interface
B -- Multicast/Multidestination fabric interface
----------------------------------------------------------------------
I/O Fabric Fabric Fabric Fabric
Slot Mod Instance Channel ID Plane Direction Utilization
----------------------------------------------------------------------
1 1 1 5 A ingress 0%
1 1 1 5 A egress 0%
1 1 1 5 B ingress 0%
1 1 1 5 B egress 0%
1 1 1 3 A ingress 0%
1 1 1 3 A egress 0%
1 1 1 3 B ingress 0%
1 1 1 3 B egress 0%
<Text Omitted>
非常详细
的分类

Presentation_ID 28
验证机箱风扇
n7000# show environment fan
Fan:
------------------------------------------------------
Fan Model Hw Status
------------------------------------------------------
Fan1(sys_fan1) N7K-C7010-FAN-S 0.409 Ok
Fan2(sys_fan2) N7K-C7010-FAN-S 0.409 Ok
Fan3(fab_fan1) N7K-C7010-FAN-F 0.209 Ok
Fan4(fab_fan2) N7K-C7010-FAN-F 0.209 Ok
Fan_in_PS1 -- -- Ok
Fan_in_PS2 -- -- Ok
Fan_in_PS3 -- -- Absent
Fan Air Filter : Absent
使用show environment fan命令来验证机箱风扇和电源风扇的状态。
风扇状态
可选的空气过滤器未安装
电源风扇状态
Note: 4/4个电源板被安装，2/3个电源被安装。
可选的空气过滤器没有安装。

Presentation_ID 29
验证功率的预算及使用
n7000# show environment power
Power Supply:
Voltage: 50 Volts
Power Actual Total
Supply Model Output Capacity Status
(Watts ) (Watts )
------- ------------------- ----------- ----------- --------------
1 N7K-AC-6.0KW 0 W 0 W Shutdown
2 N7K-AC-6.0KW 712 W 3000 W Ok
3 N7K-AC-6.0KW 1539 W 6000 W Ok
Actual Power
Module Model Draw Allocated Status
(Watts ) (Watts )
------- ------------------- ----------- ----------- --------------
1 N7K-M132XP-12 N/A 750 W Powered-Up
2 N7K-M132XP-12 N/A 750 W Powered-Up
3 N7K-M148GT-11 N/A 400 W Powered-Up
4 N7K-M148GT-11 N/A 400 W Powered-Up
5 N7K-SUP1 N/A 210 W Powered-Up
6 N7K-SUP1 N/A 210 W Powered-Up
Xb1 N7K-C7010-FAB-1 N/A 60 W Powered-Up
Xb4 xbar N/A 60 W Absent
Xb5 xbar N/A 60 W Absent
fan1 N7K-C7010-FAN-S N/A 720 W Powered-Up
fan2 N7K-C7010-FAN-S N/A 720 W Powered-Up
fan3 N7K-C7010-FAN-F N/A 120 W Powered-Up
fan4 N7K-C7010-FAN-F N/A 120 W Powered-Up
N/A - Per module power not available
Power Usage Summary:
--------------------
Power Supply redundancy mode (configured) PS-Redundant
Power Supply redundancy mode (operational) Non-Redundant
Total Power Capacity (based on configured mode) 9000 W
Total Power of all Inputs (cumulative) 9000 W
Total Power Output (actual draw) 2251 W
Total Power Allocated (budget) 4700 W
Total Power Available for additional modules 4300 W
电力供应#
每个组件的
电源需求
* I/O模块
* 功能模块
*风扇
电源冗余状态
每个电源总发电量和
实际用电量
总容量及使用情况
未来功能

Presentation_ID 30
验证机箱温度
n7000# show environmental temperature
Temperature:
--------------------------------------------------------------------
Module Sensor MajorThresh MinorThres CurTemp Status
(Celsius) (Celsius) (Celsius)
--------------------------------------------------------------------
1 Crossbar(s5) 105 95 35 Ok
1 CTSdev1 (s6) 115 105 67 Ok
1 CTSdev2 (s7) 115 105 59 Ok
1 CTSdev3 (s8) 115 105 54 Ok
1 CTSdev4 (s9) 115 105 50 Ok
1 CTSdev5 (s10) 115 105 47 Ok
1 CTSdev6 (s11) 115 105 51 Ok
1 CTSdev7 (s12) 115 105 46 Ok
1 CTSdev8 (s13) 115 105 48 Ok
1 CTSdev9 (s14) 115 105 43 Ok
1 CTSdev10(s15) 115 105 42 Ok
1 CTSdev11(s16) 115 105 39 Ok
1 CTSdev12(s17) 115 105 40 Ok
1 QEng1Sn1(s18) 115 110 44 Ok
1 QEng1Sn2(s19) 115 110 42 Ok
1 QEng1Sn3(s20) 115 110 40 Ok
1 QEng1Sn4(s21) 115 110 42 Ok
<text omitted>
状态
Note: CLI omitted due to the number of temperature sensors per component.
模块 #
使用show env temp命令来验证每个模块温度值。
如果minor或者major的数值相同，那么SNMP将会发送报警消息。
组件

Presentation_ID 31
验证和管理设备冗余情况
n7000# show system redundancy status
Redundancy mode
---------------
administrative: HA
operational: HA
This supervisor (sup-1)
-----------------------
Redundancy state: Active
Supervisor state: Active
Internal state: Active with HA standby
Other supervisor (sup-2)
------------------------
Redundancy state: Standby
Supervisor state: HA standby
Internal state: HA standby
n7000# show system uptime
System start time: Tue May 24 03:37:31 2005
System uptime: 0 days, 15 hours, 26 minutes, 10 seconds
Kernel uptime: 0 days, 15 hours, 28 minutes, 5 seconds
Active supervisor uptime: 0 days, 15 hours, 26 minutes, 10 seconds
用show system redundancy status 命令来查看“Active/Standby” 和高可用性
(HA) 管理状态.
系统正常运行时间
Sup-1 = Slot 5 “Active”
Sup-2 = Slot 6 “Standby”
“Active” 状态时间

Presentation_ID 32
Supervisor Switchover
Redundancy mode
---------------
administrative: HA
operational: HA
-----------------------
------------------------
n7000# system switchover
Redundancy mode
---------------
administrative: HA
operational: HA
-----------------------
------------------------
system switchover命令强制“Standby” 状态转换成 “Active” 状态，反之依
然。
交换前: 交换后:
应用在特权模式下

Presentation_ID 33
CLI 概述及配置
 CLI 概述
 许可 NX-OS Software
 激活 NX-OS 功能
 NX-OS升级选项(ISSU or Cold Start)
 配置检查点 / 回滚
 配置会话管理器

Presentation_ID 34
CLI 概述
NX-OX 共享了很多IOS的概念, 所以初始配置很简单.命令可以缩写, ? 提供在
线帮助, 使用 <TAB> 键自动补充命令。.
进入配置模式:
用户特权模式:
n7000# configure terminal
n7000(config)#
n7000#
储蓄当前配置到启动配置:
n7000# copy running-config startup-config
删除启动配置:
n7000# write erase
没有 “write memory” 命令
默认提示- 输入“exit” 登出
登陆到一个模块:
输入 “exit” 或者 “$” 来登出模块
n7000# attach module 1
Attaching to module 1 ...
module-1#
用户被提示是否继续
查看运行和启动配置:
n7000# show running-config
n7000# show startup-config
有几个其他选项，用来查看有关特定功能
的配置

Presentation_ID 35
授权的NX-OS 功能集
许可
• OSPF
• BGP
• ISIS (L3 Only)
• EIGRP
• Policy Based Routing (PBR)
• PIM (SM, BiDr, SSM)
• Generic Route Encapsulation (GRE)
企业服务
高级服务
功能
NX-OS 使用基于功能的授权. 它需要一个基本的授权，但是一旦需要其他
附加功能，需要单独购买其他授权并且安装。
• Virtual Device Contexts (VDC)
• Cisco Trustsec (CTS)

Presentation_ID 36
安装许可证密钥文件
一旦从cisco.com获得许可证文件，并送到FLASH, 它就能安装在设备上
。也可以启用一个宽限期测试功能，高达120天.
n7000# install license bootflash:license_file.lic
Installing license ..done
n7000(config)# license grace-period 启用宽限期许可证
安装许可证
显示host-id 用于在cisco.com创建许可文件。
安装许可文件:
启用120天宽限期:
n7000# show license host-id
License hostid: VDH=TBM12234305
设备编号

Presentation_ID 37
验证许可证
n7000# show license usage LAN_ENTERPRISE_SERVICES_PKG
Application
-----------
bgp
ospf
-----------
n7000# show license usage
Feature Ins Lic Status Expiry Date Comments
Count
--------------------------------------------------------------------------------
LAN_ADVANCED_SERVICES_PKG No - Unused -
LAN_ENTERPRISE_SERVICES_PKG No - In use Grace 119D 23H
--------------------------------------------------------------------------------
验证安装的许可证:
目前使用的功能要求“企业服务”类许可
宽限期许可证启用
显示一个许可证文件(如果已经安装):
n7000# show license file mds20080623110250757.lic
SERVER this_host ANY
VENDOR cisco
INCREMENT LAN_ENTERPRISE_SERVICES_PKG cisco 1.0 21-sep-2008 uncounted
VENDOR_STRING=<LIC_SOURCE>MDS_SWIFT</LIC_SOURCE><SKU>N7K-LAN1K9=</SKU>
HOSTID=VDH=TBM11420261
NOTICE="<LicFileID>20080623110250757</LicFileID><LicLineID>1</LicLineID>
<PAK></PAK>" SIGN=02E993382A7A
“企业服务许可” 被安装

Presentation_ID 38
激活 NX-OS 功能
n7000(config)# feature ?
bgp Enable/Disable Border Gateway Protocol (BGP)
cts Enable/Disable CTS
dhcp Enable/Disable DHCP Snooping
dot1x Enable/Disable dot1x
eigrp Enable/Disable Enhanced Interior Gateway Routing Protocol (EIGRP)
eou Enable/Disable eou(l2nac)
glbp Enable/Disable Gateway Load Balancing Protocol (GLBP)
hsrp Enable/Disable Hot Standby Router Protocol (HSRP)
interface-vlan Enable/Disable interface vlan
isis Enable/Disable IS-IS Unicast Routing Protocol (IS-IS)
lacp Enable/Disable LACP
msdp Enable/Disable Multicast Source Discovery Protocol (MSDP)
netflow Enable/Disable NetFlow
ospf Enable/Disable Open Shortest Path First Protocol (OSPF)
ospfv3 Enable/Disable Open Shortest Path First Version 3 Protocol (OSPFv3)
pbr Enable/Disable Policy Based Routing(PBR)
pim Enable/Disable Protocol Independent Multicast (PIM)
pim6 Enable/Disable Protocol Independent Multicast (PIM) for IPv6
port-security Enable/Disable port-security
private-vlan Enable/Disable private-vlan
rip Enable/Disable Routing Information Protocol (RIP)
scheduler Enable/Disable scheduler
ssh Enable/Disable ssh
tacacs+ Enable/Disable tacacs+
telnet Enable/Disable telnet
tunnel Enable/Disable Tunnel Manager
udld Enable/Disable UDLD
vpc Enable/Disable VPC (Virtual Port Channel)
vrrp Enable/Disable Virtual Router Redundancy Protocol (VRRP)
vtp Enable/Disable VTP
wccp Enable/Disable Web Cache Communication Protocol (WCCP)
针对NX-OS提供的功能，通过“feature”启用和禁用功能命令。对于一个
功能如果它没有被激活则不提供show命令。

Presentation_ID 39
验证 NX-OS 功能
n7000# show feature
Feature Name Instance State
-------------------- -------- --------
amt 1 disabled
bgp 1 disabled
cts 1 disabled
dhcp-snooping 1 disabled
dot1x 1 disabled
eigrp 1 disabled
eigrp 2 disabled
eigrp 3 disabled
eigrp 4 disabled
eou 1 disabled
eth_port_sec 1 disabled
glbp 1 disabled
hsrp_engine 1 disabled
interface-vlan 1 enabled
isis 1 disabled
isis 2 disabled
isis 3 disabled
isis 4 disabled
lacp 1 disabled
lisp 1 disabled
lldp 1 disabled
msdp 1 disabled
netflow 1 disabled
ospf 1 enabled
ospf 2 enabled (not-running)
EIGRP 没有被激活
VLAN接口被启用(IE: interface vlan x)
OSPF被启用，但是只有1/4
的进程在运行。
show feature 命令验证那些功能被激活，每个路由协议下有多少进程正在
运行。

Presentation_ID 40
软件升级功能#1 - ISSU
服务中软件升级服务(ISSU) 提供能力用冗余的管理平台做透明的升级.
因此，可在没有任何停机或数据包丢失的情况下完成升级，实现新功能
和修复问题。
这是生产网络中的首选升级功能!
Only 1 command required
n7000# install all kickstart bootflash:n7000-s1-kickstart.4.0.3.bin system bootflash:n7000-
s1-dk9.4.0.3.bin
Note: The CLI command wrapped due to the length
1. 拷贝NX-OS 系统镜象到FLASH
2. 验证NX-OS 系统镜象存在
3. 使用install all 命令来启动升级
升级过程:

Presentation_ID 41
软件升级功能#2:冷启动
n7000# show boot
sup-1
kickstart variable = bootflash:/n7000-s1-kickstart.4.0.1.bin
system variable = bootflash:/n7000-s1-dk9.4.0.1.bin
sup-2
kickstart variable = bootflash:/n7000-s1-kickstart.4.0.1.bin
system variable = bootflash:/n7000-s1-dk9.4.0.1.bin
No module boot variable set
n7000# dir
49152 Mar 29 00:07:42 2005 lost+found/
80850712 May 23 18:14:46 2005 n7000-s1-dk9.4.0.1.bin
9791207 May 23 21:32:52 2005 n7000-s1-epld.4.0.1.img
22593024 May 23 18:13:11 2005 n7000-s1-kickstart.4.0.1.bin
4096 Jan 01 00:14:52 2005 routing-sw/
Usage for bootflash://
553099264 bytes used
1365549056 bytes free
1918648320 bytes total
Sup1 & Sup2 引导变量
验证引导参数:
配置引导变量:
默认为bootflash:
本系统现用镜象及kickstar镜象
验证bootflash:
配置Sup1 & Sup2
n7000(config)# boot kickstart bootflash:n7000-s1-kickstart.4.0.1.bin sup1 sup2
n7000(config)# boot system bootflash:n7000-s1-kickstart.4.0.1.bin sup1 sup2
可用空间
n7000# reload
手动重启:
系统会询问你是否继续

Presentation_ID 42
模块EPLD 版本
验证模块版本(BIOS and EPLD)
n7000# show version module 1
ModNo Image Type SW Version SW Interim Version BIOS Version
1 SLC 4.0(1) 4.0(1) 1.10.5
n7000# show version module 1 epld
EPLD Device Version
---------------------------------------
Power Manager 5.3
IO 2.10
Forwarding Engine 1.6
n7000# show version fan 1 epld
EPLD Device Version
---------------------------------------
Fan Controller (BUS A) 0.7
Fan Controller (BUS B) 0.7
n7000# show version xbar 1 epld
EPLD Device Version
---------------------------------------
Power Manager 2.8
模块 BIOS 版本
风扇EPLD 版本
交换矩阵EPLD 版本
下面显示的命令是很有用的，他们用来验证BIOS和EPLD的版本。通常他
们不是日常故障排除所需要用到的.

Presentation_ID 43
EPLD的升级实例
n7000# install module 1 epld bootflash:n7000-s1-epld.4.0.1.img
EPLD image file , built on Mon Mar 31 10:31:48 2008
EPLD Curr Ver New Ver
-------------------------------------------------------
Power Manager 4.1 5.3
IO 2.6 2.10
Forwarding Engine 1.4 1.6
WARNING: Upgrade process could take upto 30 minutes.
Module could be powered down and up.
Module 1 will be powered down now!!
Do you want to continue (y/n) ? [n] y
Module 1 EPLD upgrade is successful.
下面的例子是为模块1升级EPLD镜象。在FLASH里装载EPLD的镜象，在本
地升级。
“install” 指令将加亮显示EPLD 版
本的不同。
EPLD升级过程将是不可中断的，并且每个模块将花费30分钟！
提示用户继续
此过程通常在系统升级中是不必要的。

Presentation_ID 44
配置回滚过程
n7000# checkpoint
Processing the Request... Please Wait
................................. Done
n7000# show checkpoint summary
-------------------------------------------------------------------------------
Name UserName Created at
-------------------------------------------------------------------------------
auto-2 admin Tue May 24 22:24:01 2005
n7000# config t
n7000(config)# no vlan 20, 30
n7000# rollback running-configuration checkpoint auto-2
Generating the Rollbackpatch... Please Wait
Executing the patch... Please Wait
`conf t`
`vlan 20, 30`
n7000# clear checkpoint database
.................................. Done
注意! 此操作将清楚所有检查点配置
清除检查点数据库:
自动将 VLAN 20 & 30 放回running configuration
回滚配置“auto-2”
手动删除的VLAN 20＆30
回滚配置:
创建和验证检查点配置:
创建检查点配置（默认名称=“auto-＃”）您可以每个VDC创建

Presentation_ID 45
配置会话管理器
n7000# configure session test-acl
Config Session started, Session ID is 1
n7000(config-s)# ip access-list ipv4-test-acl
n7000(config-s-acl)# deny icmp any any
n7000(config-s-acl)# permit ip any any
n7000(config-s-acl)# interface eth 1/13
n7000(config-s-if)# ip access-group ipv4-test-acl in
n7000(config-s-if)# exit
n7000(config-s)# verify
Verification Successful
n7000(config-s)# commit
Commit Successful
会话管理器允许你用“批处理”的模式更改配置。目前只支持ACL应用.一共
可以同时配置32个会话。
提交会话
n7000(config-s)# save bootflash:test-acl
创建会话– 命名为“test-acl”
验证 CLI (可选的)
保存会话:
删除一个会话:
n7000(config-s)# abort
添加ACL配置

Presentation_ID 46
接口配置
 接口配置(Routed, Switchport, Trunk, SVI, Sub-interface)
 Interface Port-Profiles
 10GE “共享” vs. “专用” 模式
 邻居发现协议(CDP)
 基于链接访问控制协议的端口聚合

Presentation_ID 47
接口配置概述
n7000(config)# feature interface-vlan
n7000(config)# interface vlan 10
n7000(config-if)# ip address 192.168.10.1 255.255.255.0
n7000(config)# interface ethernet 1/15
n7000(config-if)# switchport
n7000(config-if)# switchport mode access
n7000(config-if)# switchport access vlan 10
n7000(config-if)# switchport mode trunk
n7000(config-if)# switchport trunk allowed vlan 20,30
n7000(config-if)# switchport trunk native vlan 2
Routed 接口:
SVI 接口:
Switchport 接口:
Switchport Trunk:
Routed Trunk:
先激活VLAN接口功能！
接口模式为“access”
“access” VLAN 10 – 默认为VLAN 1
默认– 无必要
创建一个802.1q trunk
允许VLANs 20 and 30
配置VLAN2为Native VLAN
创建VLAN接口
n7000(config)# interface ethernet 1/25.50
n7000(config-if)# encapsulation dot1q 50
n7000(config-if)# ip address 192.168.50.3/24 配置子接口封装dot1q
NX的操作系统支持多种类型的L2和L3接口，满足各种要求。所有接口的默认
状态为“shutdown” 。

Presentation_ID 48
验证接口状态
n7000# show interface brief
--------------------------------------------------------------------------------
Port VRF Status IP Address Speed MTU
--------------------------------------------------------------------------------
mgmt0 -- up 10.205.225.43 1000 1500
--------------------------------------------------------------------------------
Ethernet VLAN Type Mode Status Reason Speed Port
Interface Ch #
--------------------------------------------------------------------------------
Eth1/1 -- eth routed down Administratively down auto(D) --
Eth1/13 2 eth trunk up none a-1000(D) --
Eth1/14 -- eth routed up none a-1000(D) --
Eth1/15 1 eth access up none a-1000(D) --
Eth1/16 -- eth routed down Administratively down auto(D) –
<text omitted>
n7000# show interface switchport
n7000# show interface trunk
显示接口详细信息
其他有用的命令:
查看端口的
“mode”, “status”,
“speed”,”VLAN”
管理端口
Note: CMP接口没有包含在此输出中。

Presentation_ID 49
配置Port-Profile
n7000(config)# port-profile type ethernet Email-Template
n7000(config-ppm)# switchport
n7000(config-ppm)# switchport access vlan 10
n7000(config-ppm)# spanning-tree port type edge
n7000(config-ppm)# no shutdown
n7000(config-ppm)# description Email Server Port
n7000(config-ppm)# state enabled
n7000(config)# interface ethernet 2/1-2
n7000(config-if-range)# inherit port-profile Email-Template
配置示例(Email-Template):
Port Profile的类型:
n7000(config)# port-profile type ?
ethernet Ethernet type
interface-vlan Interface-vlan type
port-channel Port-channel type
port-profile的类型为“ethernet”
激活port-profile
在端口上应用 Port-Profile
当大量的接口需要分配相同的参数时,Port-Profile是非常有用的。Unique
parameters can also be assigned to individual interfaces in the event there
are additional configuration requirements for interfaces that share the
same Port-Profile.

Presentation_ID 50
验证Port-Profile
n7000# show port-profile brief
----------------------------------------------------------
Port Profile Conf Eval Assigned Child
Profile State Items Items Intfs Profs
----------------------------------------------------------
Email-Template 1 4 4 2 0
n7000# show port-profile name Email-Template
port-profile Email-Template
type: Ethernet
description: Email Server Port
status: enabled
max-ports: 512
inherit:
config attributes:
switchport
switchport access vlan 10
spanning-tree port type edge
no shutdown
evaluated config attributes:
switchport
switchport access vlan 10
spanning-tree port type edge
no shutdown
assigned interfaces:
Ethernet2/1
Ethernet2/2
两个接口应用了“Email-Template”
状态 = “enabled” or “disabled”
应用到Ethernet 2/1 and 2/2
应用到接口的所有指令

Presentation_ID 51
10GE “共享” vs. “专用” 模式
32口的10GE模块拥有80G的带宽，所以在“共享”模式下，端口超额占用了
4倍的资源。默认情况下，4个端口共享10G带宽。而在“专用”模式下，
8个端口可以被配置成线速性能以及独享QoS缓存。
Port 1
Port 2
Port 9
Port 10
Port 17
Port 18
Port 25
Port 26
n7000(config-if)# rate mode dedicated
在端口上激活“专用”模式
“共享”模式允许4个接口共享10G带宽。
前面板
Note: 在更改接口模式前，请先shutdown掉同组的四个接口。

Presentation_ID 52
CDP概述
n7000# show cdp global
Global CDP information:
CDP enabled globally
Refresh time is 60 seconds
Hold time is 180 seconds
CDPv2 advertisements is enabled
DeviceID TLV in Default Format
默认情况下会在所有端口开启
在接口下禁用CDP:
n7000(config-if)# no cdp enable
n7000(config)# cdp ?
advertise Highest CDP version supported on the switch
enable Enable/disable CDP on all interfaces
format Device ID format for CDP
holdtime CDP hold time advertised (in seconds)
timer CDP refresh time interval (in seconds)
在全局下的配置项:
思科设备发现协议(CDP) 在网络安装和排错时非常有用的一个协议。CDP在
所有接口下是默认开启的。它可以在全局下禁用，或在某个端口下禁用。
在全局下禁用或起用所有接口的CDP
默认情况下启动的是CDP版本2

Presentation_ID 53
验证CDP
n7000# show cdp neighbors
Capability Codes: R - Router, T - Trans-Bridge, B - Source-Route-Bridge
S - Switch, H - Host, I - IGMP, r - Repeater,
V - VoIP-Phone, D - Remotely-Managed-Device,
s - Supports-STP-Dispute
Device-ID Local Intrfce Hldtme Capability Platform Port ID
dc3-c1(TBA10440123) Eth1/1 162 R S I s N7K-C7010 Eth2/1
6k1 Eth10/5 128 R S WS-C6503-E Gig2/1
n7000# clear cdp ?
counters Clear CDP counters on all interfaces
table Clear CDP cache on all interfaces
n7000# show cdp neighbor interface ethernet 1/1 detail
----------------------------------------
Device ID:dc3-c1(TBA10440123)
System Name: dc3-c1
Interface address(es):
Platform: N7K-C7010, Capabilities: Router Switch IGMP Filtering Supports-STP-Dispute
Interface: Ethernet1/1, Port ID (outgoing port): Ethernet2/1
Holdtime: 156 sec
Version:
Cisco Nexus Operating System (NX-OS) Software, Version 4.0(3)
Advertisement Version: 2
Duplex: full
MTU: 1500
Mgmt address(es):
IPv4 Address: 10.10.10.13
清空CDP统计信息

Presentation_ID 54
端口聚合概述
端口聚合将多个以太网连接聚合成一个单独的逻辑以太网连接。
端口聚合常用于提高可用性和带宽。
每台设备所有的VDC支持最多256条端口聚合。
运行模式:
 静态模式(无协议)
链接访问控制协议(LaCP) – 802.3ad
Up to 8 Physical Links
1 Logical Link
Layer 2 or 3 Port-Channel

Presentation_ID 55
Port-Channel负载平衡选项
负载平衡选项:
dest-ip-port Destination IP address and L4 port
dest-ip-port-vlan Destination IP address, L4 port and VLAN
destination-ip-vlan Destination IP address and VLAN
destination-mac Destination MAC address
destination-port Destination L4 port
source-dest-ip-port Source & Destination IP address and L4 port
source-dest-ip-port-vlan Source & Destination IP address, L4 port and VLAN
source-dest-ip-vlan Source & Destination IP address and VLAN (Default for IP)
source-dest-mac Source & Destination MAC address (Default for Non-IP)
source-dest-port Source & Destination L4 port
source-ip-port Source IP address and L4 port
source-ip-port-vlan Source IP address, L4 port and VLAN
source-ip-vlan Source IP address and VLAN
source-mac Source MAC address
source-port Source L4 port
端口汇聚的负载均衡是通过数据帧的地址来进行的，你可以配置单个模块或整
个设备的负载均衡模式。
n7000(config)# port-channel load-balance ethernet source-dest-ip-port ?
<CR>
module Optionally specify a module number 可选的: 基于模块的负载均衡
配置:

Presentation_ID 56
端口汇聚(LaCP) 配置
n7000(config)# feature lacp
n7000(config)# interface ethernet 1/13-14
n7000(config-if-range)# channel-group 1 mode active
n7000(config-if-range)# interface port-channel 1
interface port-channel1
ip address 192.168.10.1/24
interface Ethernet1/13
channel-group 1 mode active
interface Ethernet1/14
channel-group 1 mode active
首先激活LaCP 功能!
配置Eth 1/13 and 1/14
Channel Group = 1 - 4096
LaCP Mode = Active or Passive
配置汇聚接口
最终配置:
端口汇聚可以是静态模式或使用协议LACP. 下面的例子说明配置一个基于
LaCP的端口汇聚。汇聚端口可以配置成2层或3层接口。
显示为 “mode on” 时，端口汇聚没有配
置LaCP.
默认情况下为“mode on”

Presentation_ID 57
验证端口汇聚(LaCP)
n7000# show port-channel summary
Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
S - Switched R - Routed
U - Up (port-channel)
--------------------------------------------------------------------------------
Group Port- Type Protocol Member Ports
Channel
--------------------------------------------------------------------------------
1 Po1(RU) Eth LACP Eth1/13(P) Eth1/14(P)
n7000# show port-channel traffic
ChanId Port Rx-Ucst Tx-Ucst Rx-Mcst Tx-Mcst Rx-Bcst Tx-Bcst
------ --------- ------- ------- ------- ------- ------- -------
1 Eth1/13 100.00% 100.00% 94.16% 71.15% 100.00% 100.00%
1 Eth1/14 0.0% 0.0% 5.83% 28.84% 0.0% 0.0%
n7000# show port-channel usage
Totally 1 port-channel numbers used
====================================
Used : 1
Unused: 2 - 4096
使用中的端口号:
流量分布:
查看端口汇聚的汇总:
接收和发送的百分比
在2个端口上启动了LACP端口汇聚功能

Presentation_ID 58
查看端口汇聚(LaCP) 统计
n7000# show lacp neighbor
Flags: S - Device is sending Slow LACPDUs F - Device is sending Fast LACPDUs
A - Device is in Active mode P - Device is in Passive mode
port-channel1 neighbors
Partner's information
Partner Partner Partner
Port System ID Port Number Age Flags
Eth1/13 32768,0-18-ba-d8-58-250x10d 365 SA
LACP Partner Partner Partner
Port Priority Oper Key Port State
32768 0x0 0x3d
Partner's information
Partner Partner Partner
Port System ID Port Number Age Flags
Eth1/14 32768,0-18-ba-d8-58-250x10e 284 SA
LACP Partner Partner Partner
Port Priority Oper Key Port State
32768 0x0 0x3d
n7000# show lacp counters
LACPDUs Marker Marker Response LACPDUs
Port Sent Recv Sent Recv Sent Recv Pkts Err
---------------------------------------------------------------------
port-channel1
Ethernet1/13 34 21 0 0 0 0 0
Ethernet1/14 20 19 0 0 0 0 0
错误的PDU
成功的 PDU’s
邻居设备被配置为“Active”
PDU’s发送则为“Slow”

Presentation_ID 59
路由协议配置
 增强内部网关路由协议(EIGRP)
 开放式最短路径优先(OSPFv2)
 中间系统到中间系统(ISIS)
 多协议边界网关协议(MP-BGP)
 静态路由
 基于策略的路由(PBR)
 路由重发布
 多VRF的路由

Presentation_ID 60
配置EIGRP
n7000(config)# feature eigrp
n7000(config)# router eigrp 10
n7000(config-router)# router-id 192.168.1.1
n7000(config-if)# ip router eigrp 10
激活EIGRP 功能!
在接口下起用EIGRP，并指定EIGRP
的进程号＃
创建路由进程，并指定一个32位的路由器ID
EIGRP是思科专有的路由协议。在配置EIGRP进程和接口前，EIGRP功能
必须被激活。EIGRP应在接口下配置而不是在路由进程内配置。其他命令
，如ip passive-interface eigrp也应在接口下起用。
Note: Configuring the router-id is optional, but recommended
n7000(config-if)# ip address 192.168.11.1/24
n7000(config-if)# ip router eigrp 10
n7000(config-if)# ip passive-interface eigrp 10
配置一个被动端口:
宣告网段的同时抑制eigrp邻居的建立

Presentation_ID 61
常见的EIGRP配置选项
n7000(config-router)# ?
address-family Configure an address-family
authentication Configures EIGRP authentication subcommands
autonomous-system Specify AS number for Address Family
default-information Control origination of a default route
default-metric Set metric of redistributed routes
distance Define an administrative distance
exit Exit from command interpreter
flush-routes Flush routes in RIB during restart
graceful-restart Peer resync without adjancency reset
log-adjacency-changes Log changes in adjacency state
log-neighbor-warnings Enable/Disable IP-EIGRP neighbor warnings
maximum-paths Forward packets over multiple paths
metric Modify EIGRP routing metrics and parameters
no Negate a command or set its defaults
redistribute Redistribute information from another routing protocol
router-id router-id for this EIGRP process
shutdown Shutdown this instance of EIGRP
stub Set IP-EIGRP as stubbed router
timers Set EIGRP timers
vrf Configure VRF information
接口选项
进程选项
n7000(config-if)# ip ?
authentication Configures EIGRP authentication subcommands
bandwidth Set bandwidth for interface used in EIGRP metric calculation
bandwidth-percent Configures IP-EIGRP bandwidth limit
delay Set delay for interface used in EIGRP metric calculation
distribute-list Filter networks in routing updates
eigrp EIGRP interface configuration commands
hello-interval Configures IP-EIGRP hello interval
hold-time Configures IP-EIGRP hold time
load-sharing Style of load sharing
next-hop-self Configures IP-EIGRP next-hop-self
offset-list Add or subtract offset from EIGRP metrics
passive-interface Suppress routing updates on an interface
split-horizon Configures IP-EIGRP split-horizon on interface
summary-address Configures IP-EIGRP summary address on interface

Presentation_ID 62
验证EIGRP进程
使用show ip eigrp命令来验证EIGRP进程配置。
EIGRP 10 启用“默认” VRF
状态 = “running” or “shutdown”
EIGRP邻居数
进程10下有3个 “Active”接口
n7000# show ip eigrp
IP-EIGRP AS 10 ID 192.168.1.1 VRF default
Process-tag: 10
Status: running
Authentication mode: none
Authentication key-chain: none
Metric weights: K1=1 K2=0 K3=1 K4=0 K5=0
IP proto: 88 Multicast group: 224.0.0.10
Int distance: 90 Ext distance: 170
Max paths: 8
Number of EIGRP interfaces: 3 (1 loopbacks)
Number of EIGRP peers: 2
n7000# show ip eigrp 10 ?
<CR>
> Redirect it to a file
accounting IP-EIGRP Accounting
interfaces IP-EIGRP interfaces
internal Show internal information
neighbors IP-EIGRP neighbors
route IP-EIGRP internal routes
route-map Route-map related information
topology IP-EIGRP Topology Table
traffic IP-EIGRP Traffic Statistics
vrf Display per-VRF information
| Pipe command output to filter
查看进程选项

Presentation_ID 63
验证EIGRP路由表和邻居表
n7000# show ip eigrp neighbors
IP-EIGRP neighbors for process 10 VRF default
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 192.168.11.2 Eth2/2 14 00:07:52 8 300 0 24
0 192.168.10.2 Eth2/1 13 00:07:52 6 300 0 23
n7000# show ip eigrp neighbor detail
IP-EIGRP neighbors for process 10 VRF default
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 192.168.11.2 Eth2/2 13 00:10:20 8 300 0 24
Version 12.4/1.2, Retrans: 1, Retries: 0, Prefixes: 2
0 192.168.10.2 Eth2/1 12 00:10:21 6 300 0 23
Version 12.4/1.2, Retrans: 1, Retries: 0, Prefixes: 2
验证邻居表:
详细的信息
验证EIGRP路由:
n7000# show ip eigrp route
IP-EIGRP Topology Table for AS(10)/ID(192.168.1.1) VRF default
P 192.168.1.1/32, 1 successors, FD is 128320
via Connected, loopback0
P 192.168.2.1/32, 2 successors, FD is 130816
via 192.168.10.2 (130816/128320), Ethernet2/1
via 192.168.11.2 (130816/128320), Ethernet2/2
接下来的SHOW命令用于验证EIGRP路由表和邻居表。
2个EIGRP邻居
EIGRP 10 进程使用默认的VRF

Presentation_ID 64
EIGRP 排错命令
n7000# restart eigrp 10
n7000# debug ip eigrp ?
<CR>
10 EIGRP process tag
A.B.C.D Network to display information about
A.B.C.D/LEN IP prefix <network>/<length>
all Enable all EIGRP debugs
fsm EIGRP Dual Finite State Machine events/actions
graceful-restart EIGRP Graceful-Restart
neighbor IP-EIGRP neighbor debugging
notifications IP-EIGRP event notifications
packets EIGRP packets
route-map EIGRP route-map
summary IP-EIGRP summary route processing
transmit EIGRP transmission events
urib IP-EIGRP URIB interaction event debugging
vrf-events IP-EIGRP VRF event debugging
Debug选项
重启进程
清空邻居
n7000# clear ip eigrp ?
10 EIGRP process tag
accounting Clear IP-EIGRP accounting statistics
neighbors Clear EIGRP neighbors
route-map Route-map related information
traffic Clear IP-EIGRP traffic statistics

Presentation_ID 65
OSPFv2配置
n7000(config)# feature ospf
n7000(config)# router ospf 10
n7000(config-if)# ip router ospf 10 area 0
首先激活OSPF功能!
在端口下开启OSPF并指定进程号和区域号
创建路由进程并指定一个32位的router-ID
OSPFv2是一个在RFC2328中定义的标准路由协议。在启动OSPF进程或
在端口下启动OSPF前，首先应该激活OSPF功能。OSPF应该在接口下配
置而不是在进程中配置。 ip ospf passive-interface命令应该应用在接口下
。
Note:配置路由器的ID是可选的，但建议培上它。
n7000(config)# interface eth 1/1
n7000(config-if)# ip router ospf 10 area 0
n7000(config-if)# ip ospf passive-interface
配置被动接口:
抑制邻居的形成但通告该接口所在网段

Presentation_ID 66
OSPFv2常见配置选项
n7000(config-if)# ip ospf ?
authentication Authentication on the interface
authentication-key Configure the authentication key for the interface
cost Cost associated with interface
dead-interval Dead interval
hello-interval Hello interval
message-digest-key Message digest authentication password (key)
mtu-ignore Disable OSPF MTU mismatch detection
network Network type
passive-interface Suppress routing updates on the interface
priority Router priority
retransmit-interval Packet retransmission interval
shutdown shutdown ospf on this interface
transmit-delay Packet transmission delay
area Configure area properties
auto-cost Calculate OSPF cost according to bandwidth
default-information Control distribution of default route
default-metric Specify default metric for redistributed routes
distance OSPF administrative distance
flush-routes Flush routes on a non-graceful controlled restart
graceful-restart Configure graceful restart
max-metric Maximize the cost metric
maximum-paths Maximum paths per destination
policy Policy related information
protocol OSPF protocol
router-id Set OSPF process router-id
summary-address Configure route summarization for redistribution
timers Configure timer related constants
vrf Display per-VRF information
接口选项
进程选项

Presentation_ID 67
验证OSPFv2进程
n7000# show ip ospf
Routing Process 10 with ID 192.168.1.1 VRF default
Stateful High Availability enabled
Graceful-restart is configured
grace period: 60, state: (null)
Last graceful restart exit status: None
Supports only single TOS(TOS0) routes
Supports opaque LSA
Administrative distance 110
Reference Bandwidth is 40000 Mbps
Initial SPF schedule delay 200.000 msecs,
minimum inter SPF delay of 1000.000 msecs,
maximum inter SPF delay of 5000.000 msecs
Minimum hold time for Router LSA throttle 5000.000 ms
Minimum hold time for Network LSA throttle 5000.000 ms
Minimum LSA arrival 1000.000 msec
Maximum paths to destination 8
Number of external LSAs 0, checksum sum 0
Number of opaque AS LSAs 0, checksum sum 0
Number of areas is 1, 1 normal, 0 stub, 0 nssa
Number of active areas is 1, 1 normal, 0 stub, 0 nssa
Area BACKBONE(0)
Area has existed for 00:05:55
Interfaces in this area: 2 Active interfaces: 2
No authentication available
SPF calculation has run 6 times
Last SPF ran for 0.000588s
Area ranges are
Number of LSAs: 3, checksum sum 0x16114
<Text Omitted>
使用show ip ospf 命令来验证OSPF相关配置。
OSPF 10 在“default” VRF被激活
默认最大的目的地路径为8条– 最高可配置为16条
Area 0 信息
Stateful HA和Graceful-Restart 功能状态为“enabled“
Area 0下有2个活动接口

Presentation_ID 68
验证OSPFv2的路由表个邻居表
n7000# show ip ospf neighbor
OSPF Process ID 10 VRF default
Total number of neighbors: 1
Neighbor ID Pri State Up Time Address Interface
192.168.2.1 1 FULL/DR 00:00:27 192.168.10.2 Eth1/13
n7000# show ip ospf neighbor detail
Neighbor 192.168.2.1, interface address 192.168.10.2
Process ID 10 VRF default, in area 0 via interface Ethernet1/13
State is FULL, 6 state changes, last change 00:00:57
Neighbor priority is 1
DR is 192.168.10.2 BDR is 192.168.10.1
Hello options 0x2, dbd options 0x42
Last non-hello packet received 00:00:49
Dead timer due in 00:00:37
验证邻居表:
详细的邻居信息
验证OSPFv2路由表:
n7000# show ip ospf route
OSPF Process ID 10 VRF default, Routing Table
(D) denotes route is directly attached (R) denotes route is in RIB
192.168.1.1/32 (intra)(D) area 0
via 192.168.1.1/Lo0*, cost 1
192.168.10.0/24 (intra)(D) area 0
via 192.168.10.1/Eth1/13*, cost 40
下面的SHOW命令是用于查看和核实OSPF的路由表和邻居关系。
1个OSPF邻居
OSPF 10 process in the “default” VRF

Presentation_ID 69
OSPFv2排错指令
n7000# restart ospf 10
n7000# debug ip ospf ?
10 Process tag
adjacency Adjacency events
all All OSPF debugging
database OSPF LSDB changes
database-timers OSPF LSDB timers
events OSPF related events
flooding LSA flooding
graceful-restart OSPF graceful restart related debugs
ha OSPF HA related events
hello Hello packets and DR elections
lsa-generation Local OSPF LSA generation
packets OSPF packets
policy OSPF RPM policy debug information
redist OSPF redistribution
retransmission OSPF retransmission events
spf SPF calculations
spf-trigger Show SPF triggers
Debug相关选项
重启进程
清除邻居关系
n7000# clear ip ospf 10 neighbor ?
* Clear all neighbors
A.B.C.D Source IP address, or router ID of the neighbor
ethernet Ethernet IEEE 802.3z
loopback Loopback interface
port-channel Port Channel interface

Presentation_ID 70
ISIS概述
n7000(config)# feature isis
n7000(config)# router isis 10
n7000(config-router)# net 49.0001.0000.0001.00
n7000(config-router)# interface ethernet 2/1
n7000(config-if)# ip router isis 10
n7000(config-if)# interface loopback 0
n7000(config-if)# ip router isis 10
首先激活ISIS功能!
添加端口到ISIS进程
n7000(config)# interface ethrnet 2/1
n7000(config-if)# isis passive ?
level-1 Suppress level-1 PDU
level-1-2 Suppress level-1 and level-2 PDU
level-2 Suppress level-2 PDU
n7000(config-if)# isis passive level-1-2
选择要抑制的ISIS PDU类型
配置一个被动接口:
ISIS路由协议是基于ISO/IEC 10589建立的，并且在RFC1142和1195重新制
定. ISIS的配置和EIGRP、OSPF非常相似。ISIS功能应该先被激活，并在
ISIS进程创建过程中添加需要应用的接口。
创建路由进程并指定NET ID

Presentation_ID 71
ISIS配置的相关选项
authentication Set authentication keychain string
authentication-check Check authentication on received PDUs
authentication-type Set authentication type
default-information Control origination of a default route
distance Administrative distance
distribute Distribute routes between ISIS levels
flush-routes Flush routes on non-graceful controlled restart
graceful-restart Enable graceful restart for IS-IS process
hostname Dynamic hostname for IS-IS
is-type IS type for this IS-IS process
lsp-gen-interval Configure LSP generation interval
lsp-mtu Set LSP MTU
max-lsp-lifetime Set maximum LSP lifetime
maximum-paths Set maximum paths per destination
metric-style Configure metric style used in advertised LSPs
net Network Entity Title for this IS-IS process
reference-bandwidth Change reference bandwidth used for setting interface metric
set-overload-bit Signal other routers not to use us for transit
shutdown Shutdown this IS-IS process
spf-interval Configure SPF interval
summary-address Configure IP address summaries
vrf Configure ISIS VRF information
接口选项
进程选项
n7000(config-if)# isis ?
authentication Set hello authentication keychain
authentication-check Check authentication on received PDUs
authentication-type Set hello authentication type
circuit-type Configure circuit type for interface
csnp-interval Set CSNP interval in seconds
hello-interval Set Hello interval in seconds
hello-multiplier Set multiplier for Hello holding time
hello-padding Pad IS-IS hello PDUs to full MTU
lsp-interval Set LSP transmission interval
mesh-group Set IS-IS mesh group
metric Configure the metric for interface
passive Suppress IS-IS PDU
priority Set priority for DIS election

Presentation_ID 72
验证ISIS进程
使用show isis来验证相关配置。
ISIS 10 在“default” VRF下被激活
Graceful-Restart功能状态为“enabled”
n7000# show isis
ISIS process : 10
VRF: default
System ID : 0001.0000.0001 IS-Type : L1-L2
SAP : 412 Queue Handle : 11
Graceful Restart enabled
Metric-style : advertise(wide), accept(narrow, wide)
Area address(es) :
49
Process is up and running
VRF ID: 1
Stale routes during non-graceful controlled restart
Interfaces supported by IS-IS :
loopback0
Ethernet2/1
Address family IPv4 unicast :
Number of interface : 2
Distance : 115
Address family IPv6 unicast :
Number of interface : 0
Distance : 115
L1 Next SPF: Inactive
L2 Next SPF: Inactive
ISIS 10进程下的接口
Area 地址为 “49”

Presentation_ID 73
验证ISIS的路由表和邻居关系
n7000# show isis adjacency
IS-IS process: 10 VRF: default
IS-IS adjacency database:
System ID SNPA Level State Hold Time Interface
N7K-2 0030.487d.df33 2 UP 00:00:06 Ethernet2/1
n7000# show isis adjacency detail
IS-IS adjacency database:
System ID SNPA Level State Hold Time Interface
N7K-2 0030.487d.df33 2 UP 00:00:08 Ethernet2/1
Up/Down transitions: 1, Last transition: 00:26:31 ago
Circuit Type: L2
IPv4 Address: 192.168.10.2
IPv6 Address: 0::
Circuit ID: N7K-2.01, Priority: 64
验证邻居关系:
每个邻居的详细信息
验证路由表:
n7000# show isis route
IS-IS IPv4 routing table
192.168.1.1/32, L1, direct
*via loopback0, metric 1, L1, direct
via loopback0, metric 1, L2, direct
192.168.2.1/32, L2
*via 192.168.10.2, Ethernet2/1, metric 41, L2 (I,U)
<Text Omitted>
下面的SHOW命令用来查看ISIS的路由表和邻居关系。
一个L2的ISIS 邻居
ISIS 10 在“default” VRF下被激活

Presentation_ID 74
ISIS排错指令
n7000# restart isis 10
n7000# debug isis ?
10 Routing process tag
adjacency IS-IS adjacency information
all Set all IS-IS debugs
csnp IS-IS CSNP information
dis IS-IS DIS election information
esis IS-IS ESIS information
event IS-IS event information
iih IS-IS hello information
lsp IS-IS LSP information
psnp IS-IS PSNP information
redistribute IS-IS redistribute information
route-map IS-IS route-map policy information
spf IS-IS SPF information
timer IS-IS timer information
urib IS-IS URIB route Add/Delete notify events
Debug选项
重启进程
刷新邻居
n7000# clear isis adjacency ?
* IS-IS adjacencies on all interfaces
ethernet Ethernet IEEE 802.3z
loopback Loopback interface
system-id Hostname or System ID

Presentation_ID 75
BGP (基于IPv4 IBGP的相关配置)
n7000(config)# feature bgp
n7000(config)# router bgp 10
n7000(config-router)# neighbor 192.168.2.1 remote-as 10
n7000(config-router-neighbor)# update-source loopback0
n7000(config-router-neighbor)# address-family ipv4 unicast
n7000(config-router-neighbor-af)# exit
n7000(config-router-neighbor)# exit
n7000(config-router)# address-family ipv4 unicast
n7000(config-router-af)# network 159.142.1.1/32
首先激活BGP功能!
创建路由进程并指定一个32位的router ID
1.配置邻居
2. 为邻居设置好相关配置
3. 设置地址类型为“ipv4 unicast”
在全局下配置发布的地址类型，并不是根据邻居的地
址类型来决定。
最终配置:
n7000# show run bgp
version 4.0(1)
feature bgp
router bgp 10
router-id 192.168.1.1
address-family ipv4 unicast
network 159.142.1.1/32
neighbor 192.168.2.1 remote-as 10
update-source loopback0
address-family ipv4 unicast
BGPv4是一种外部网关路由协议，由RFC 4271定义。 BGP是在进程下配置
而不是在接口下. BGP功能必须被首先激活, 到每个目的协议的地址类型必须
定义(IE: IPv4 / IPv6 - unicast or multicast)
IPv4 地址类型

Presentation_ID 76
BGP的全局配置选项
全局地址类型(IPv4) 选项:
n7000(config-router-af)# ?
aggregate-address Configure BGP aggregate prefixes
client-to-client Configure client-to-client route reflection
dampening Configure route flap dampening
default-metric Set metric of redistributed routes
distance Configure administrative distance
maximum-paths Forward packets over multipath paths
network Configure an IP prefix to advertise
redistribute Configure redistribution
suppress-inactive Advertise only active routes to peers
bestpath Change default bestpath selection algorithm
cluster-id Configure Route Reflector Cluster-ID
confederation AS confederation parameters
enforce-first-as Enforce neighbor AS is the first AS in AS-PATH
attribute (EBGP)
fast-external-fallover Immediately reset the session if the link to a
directly connected BGP peer goes down
graceful-restart Configure Graceful Restart functionality
graceful-restart-helper Configure Graceful Restart Helper mode functionality
log-neighbor-changes Log a message for neighbor up/down event
neighbor Configure a BGP neighbor
router-id Specify the IP address to use as router-id
template Enter template command mode
timers Configure bgp related timers
vrf Virtual Router Context

Presentation_ID 77
BGP邻居相关的配置选项
n7000(config-router-neighbor)# address ipv4 unicast
n7000(config-router-neighbor-af)# ?
default-originate Originate a default toward this peer
filter-list Apply AS-PATH filter-list
inherit Inherit a template
maximum-prefix Maximum number of prefixes from this neighbor
next-hop-self Set our peering address as nexthop
next-hop-third-party Compute a third-party nexthop if possible
prefix-list Apply prefix-list
route-map Apply route-map to neighbor
route-reflector-client Configure a neighbor as Route reflector client
send-community Send community attribute to this neighbor
soft-reconfiguration Soft reconfiguration
suppress-inactive Advertise only active routes to peer
n7000(config-router-neighbor)# ?
address-family Configure an address-family for peer
description Neighbor specific description
disable-connected-check Disable check for directly connected peer
dont-capability-negotiate Don't negotiate capability with this neighbor
dynamic-capability Dynamic capability
ebgp-multihop Specify multihop TTL for remote peer
inherit Inherit a template
password Configure a password for neighbor
remove-private-as Remove private AS number from outbound updates
shutdown Administratively shutdown this neighbor
timers Configure keepalive and hold timers
transport BGP transport connection
update-source Specify source of BGP session and updates
邻居地址类型(IPv4) 的相关选项:

Presentation_ID 78
BGP路由反射器的相关配置
n7000(config)#router bgp 10
n7000(config-router)# cluster-id 1
n7000(config-router-neighbor-af)# route-reflector-client
n7000(config-router-neighbor-af)# route-reflector-client
n7000(config-router-neighbor-af)# exit
n7000(config-router-neighbor)# exit
n7000(config-router-af)# network 192.168.100.1/32
配置反射器的cluster-ID (可选)
路由反射器客户端
Note: Route-Reflector Clients Don’t require any unique configuration
路由反射器是为了减少BGP对IBGP全网状连接要求而设计的下面是一个配置
示例：
n7000# show ip bgp neighbor
BGP neighbor is 192.168.2.1, remote AS 10, ibgp link, Peer index 1
<Text Omitted>
For address family: IPv4 Unicast
<Text Omitted>
Route reflector client
验证路由反射器:
根据“对于地址类型”部分

Presentation_ID 79
配置BGP对等摸板
建立对等摸板和对等组在IOS中是非常相似的. 它用来集成一些配置和属性以便
客户端路由器继承。
n7000(config)# router bgp 10
n7000(config-router)# template peer IBGP-Peers
n7000(config-router-neighbor)# description Template for All IBGP Peers
n7000(config-router-neighbor)# password xxxxx
n7000(config-router-neighbor-af)# neighbor 192.168.2.1 remote-as 10
n7000(config-router-neighbor)# inherit peer IBGP-Peers
n7000(config-router-neighbor)# neighbor 192.168.3.1 remote-as 10
n7000(config-router-neighbor)# inherit peer IBGP-Peers
定义一个对等模板并配置
配置邻居继承对等摸板
n7000# show bgp peer-template IBGP-Peers
BGP peer-template is IBGP-Peers
Description: Template for All IBGP Peers
Using loopback0 as update source for this peer
TCP MD5 authentication is enabled
Hold time = 0, keepalive interval is 0 seconds
<Statistics Omitted>
For address family: IPv4 Unicast
Third-party Nexthop will not be computed.
Members of peer-template IBGP-Peers:
default:192.168.2.1 192.168.3.1
验证对等模板:

Presentation_ID 80
验证BGP
n7000# show ip bgp summary
BGP summary information for VRF default, address family IPv4 Unicast
BGP router identifier 192.168.1.1, local AS number 10
BGP table version is 4, IPv4 Unicast config peers 1, capable peers 1
2 network entries and 2 paths using 208 bytes of memory
BGP attribute entries [2/240], BGP AS path entries [0/0]
BGP community entries [0/0], BGP clusterlist entries [0/0]
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.2.1 4 10 6 6 4 0 0 00:01:02 1
n7000# show ip bgp
BGP routing table information for VRF default, address family IPv4 Unicast
BGP table version is 4, local router ID is 192.168.1.1
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>l159.142.1.1/32 0.0.0.0 100 32768 i
*>i159.142.2.1/32 192.168.2.1 100 0 i
n7000# show ip route bgp
IP Route Table for VRF "default"
'*' denotes best ucast next-hop '**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
159.142.2.1/32, 1 ucast next-hops, 0 mcast next-hops
*via 192.168.10.2, Ethernet2/1, [200/0], 00:00:01, bgp-10, internal, tag 10
BGP邻居汇总:
BGP表:
路由表(BGP):

Presentation_ID 81
BGP排错指令
n7000# restart bgp 10
n7000# debug ip bgp ?
all All BGP debugging
brib BGP BRIB processing
dampening Route flap dampening events
events BGP special events
keepalives BGP keepalive debugging
lib BGP BRIB and ULIB interaction
packets BGP packet contents
policy RPM API events
rib BGP BRIB and URIB/U6RIB interaction
updates BGP update messages
Debug相关选项
重启进程
刷新邻居表
n7000# clear ip bgp ?
* Clear all neighbors
<1-65535>[.<0-65535>] Clear all neighbors in an AS
A.B.C.D IP address of the neighbor to clear
A.B.C.D/LEN Clear all neighbors matching the prefix
all Clear all address-families
dampening Clear route flap dampening information
flap-statistics Clear flap statistics
ipv4 Clear IPv4 address-family
peer-template Clear all neighbors in a peer-template
vrf Virtual Router Context

Presentation_ID 82
配置静态路由
n7000# show ip route static
IP Route Table for VRF "default"
*via 192.168.10.2, Ethernet1/13, [1/0], 00:00:13, static
n7000(config)# ip route 192.168.2.1/32 192.168.10.2 ?
<CR>
<1-255> Route preference
*Default value is 1
tag Supply tag value with static route
n7000(config)# ip route 192.168.2.1/32 192.168.10.2
在默认VRF下的静态路由
标志此条路由为静态的
可配置的“管理距离”优先分配一个路
由
验证静态路由:
为默认VRF配置静态路由是在全局下进行的，对于其他VRF则要在其他vrf
context模式下进行。
默认VRF范例:
n7000(config)# vrf context production
n7000(config-vrf)# ip route 0.0.0.0 0.0.0.0 192.168.1.1
非默认VRF的范例:
VRF context模式下配置静态路由

Presentation_ID 83
配置路由重发布
n7000(config)# ip prefix-list static-ospf permit 192.168.100.0/24
n7000(config)# route-map static-ospf
n7000(config-route-map)# match ip address prefix-list static-ospf
n7000(config-router)# redistribute static route-map static-ospf
n7000# show route-map
route-map static-ospf, permit, sequence 10
Match clauses:
ip address prefix-lists: static-ospf
Set clauses:
• 配置重发布时需要指定一个route-map。
•如果“match”不存在，那么默认会将所有的路由重发布。
•配置“前缀列表”，以指定哪些路由应该被再发布。
通用原则:
在NX-OS下配置路由重发布的规则与IOS稍有不同。“route-map”是在路由进
程下配置并引用的。
示例配置:
验证Route-Map:
默认动作为“permit”
匹配“static-ospf” 前缀列表
如果你不指定一个“匹
配”的声明，所有路由
将重发布

Presentation_ID 84
基于策略的路由配置
n7000(config)# feature pbr
n7000(config)# ip access-list pbr-sample
n7000(config-acl)# permit icmp host 159.142.1.10 host 192.168.2.1
n7000(config)# route-map pbr-sample
n7000(config-route-map)# match ip address pbr-sample
n7000(config-route-map)# set ip next-hop 192.168.1.1
n7000(config-route-map)# route-map pbr-sample pbr-statistics
n7000(config-if)# ip policy route-map pbr-sample
PBR匹配选项:
首先激活PBR功能!
可选：起用PBR统计
定义匹配ACL的流量
Match and Set 声明
创建一个Route-Map
Note: 当我们创建一个route-map时候，默认动作为permit / sequence 10
下面的演示说明了配置一个路由策略的意义，那就是根据ACL来决定下一跳
地址，而不是根据路由表来选路。
n7000(config-route-map)# match ?
as-path Match BGP AS path list
community Match BGP community list
ip Configure IP features
ipv6 Configure IPv6 features
length Packet length
route-type Match route-type of route
tag Match metric of route
附加的 IP 选项:
address
multicast
next-hop
route-source

Presentation_ID 85
验证基于策略的路由配置
n7000# show route-map pbr-sample pbr-statistics
route-map pbr-sample, permit, sequence 10
Policy routing matches: 84 packets
Default routing: 233 packets
n7000# show route-map pbr-sample
route-map pbr-sample, permit, sequence 10
Match clauses:
ip address (access-lists): pbr-sample
Set clauses:
ip next-hop 192.168.1.1
PBR 统计:
PBR Route-Map的配置:
经过PBR重新定向的数据包
通过路由表转发的数据包
Note: The ACL associated with the “match” statement does not show “hit” statistics.
IP address 用于转发的下一跳
Match = IP Access-List
下面介绍的SHOW命令是非常有用的，它可以看到基于PBR转发的数据包
和基于路由转发的数据包的对比。

Presentation_ID 86
多VRF概述
VRF-1
VRF-2
802.1q Trunk
WWW
WWW WWW
WWW
WWW
WWW WWW
WWW
Routing Tables
Nexus 7000
VRF-1
VRF-2
Routing Tables
Nexus 7000
默认VRF实例:
The NX-OS支持虚拟路由和转发(VRF) 实例，用来定义一个公共的L3路由域.
每个VRF中包含它自己的地址空间，单播和多播路由表，使相互独立的决策
。
管理预留给管理引擎的以太网接口(mgmt0)
默认分配给其他的以太网口 (I/O Module Ports)

Presentation_ID 87
多VRF配置
n7000(config)# vrf context Test-VRF
n7000(config-vrf)# ip ?
auto-discard Auto 0.0.0.0/0 discard route
domain-list Add additional domain names
domain-name Specify default domain name
igmp IGMP global configuration commands
mroute Configure multicast RPF static route
name-server Specify nameserver address
route Route information
n7000(config-router-vrf)# interface ethernet 1/13
n7000(config-if)# vrf member Test-VRF
n7000(config-if)# int loop 10
n7000(config-if)# vrf member Test-VRF
n7000(config-vrf)# feature ospf
n7000(config-router)# vrf Test-VRF
n7000(config-router-vrf)# router-id 159.142.10.1
创建VRF Context:
分派接口到VRF:
创建VRF路由进程:
创建VRF context
分派给该接口的VRF的实例
创建VRF路由进程
Note: Don’t forget to enable routing on the VRF interfaces
下面的步骤是创建一个功能VRF的实例。
可选：在VRF下配置静态路由

Presentation_ID 88
验证多VRF配置
n7000# show vrf
VRF-Name VRF-ID State Reason
Test-VRF 3 Up --
default 1 Up --
management 2 Up --
n7000# show vrf interface
Interface VRF-Name VRF-ID
mgmt0 management 2
loopback10 Test-VRF 3
Ethernet1/1 default 1
<Text Omitted>
Ethernet1/13 Test-VRF 3
VRF context “Test-VRF”
分派到“Test-VRF”的接口
VRF context “management”
分派到“management”的接口
n7000# show ip route vrf Test-VRF
IP Route Table for VRF "Test-VRF"
*via Null0, [220/0], 00:04:17, local, discard
159.142.1.0/24, 1 ucast next-hops, 0 mcast next-hops, attached
*via 159.142.1.1, Ethernet1/13, [0/0], 00:01:08, direct
159.142.1.0/32, 1 ucast next-hops, 0 mcast next-hops, attached
使用选项“vrf”查看在特定VRF下的路由
验证VRF Context:
验证VRF 接口:
验证VRF 路由:

Presentation_ID 89
配置HSRP
热备份路由协议(HSRP)
网关负载均衡协议(GLBP)
虚拟路由器冗余协议(VRRP)
对象跟踪

Presentation_ID 90
配置HSRP (IPv4)
n7000-1(config-if)# hsrp ?
<0-4095> Group number
delay HSRP initialisation delay
use-bia HSRP uses interface's burned in address
version HSRP version
n7000-1(config-if-hsrp)# ?
authentication Authentication
ip Enable HSRP IPv4 and set the virtual IP address
mac-address Virtual MAC address
name Redundancy name string
preempt Overthrow lower priority Active routers
priority Priority level
timers Hello and hold timers
track Associates track object to HSRP group
n7000-1(config)# feature hsrp
n7000-1(config)# interface ethernet 1/13
n7000-1(config-if)# hsrp 0
n7000-1(config-if-hsrp)# ip 192.168.10.1
n7000-1(config-if-hsrp)# priority 110
n7000-1(config-if-hsrp)# preempt
首先激活HSRP功能!
在每个接口下配置HSRP组# <1 – 255>
附加接口选项:
附加HSRP组选项:
支持V1 V2– 默认为V1
默认计时器= Hello:3s Hold:10s
热备用路由协议是思科专有协议用于第一跳冗余. HSRP的是最常用的
FHRP。

Presentation_ID 91
验证HSRP (IPv4)
n7000-1# show hsrp
Ethernet1/13 - Group 0
Local state is Active, priority 110, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 2.199000 sec(s)
Virtual IP address is 192.168.10.1 (Configured)
Active router is local
Standby router is 192.168.10.3
Virtual mac address is 0000.0C07.AC00 (Default MAC)
1 state changes, last state change 00:01:46
IP redundancy name is hsrp-Eth1/13-0 (default)
n7000-1# show hsrp brief
P indicates configured to preempt.
|
Interface Grp Prio P State Active addr Standby addr Group addr
Eth1/13 0 110 P Active local 192.168.10.3 192.168.10.1
n7000-2# show hsrp brief
P indicates configured to preempt.
|
Interface Grp Prio P State Active addr Standby addr Group addr
Eth1/13 0 100 Standby 192.168.10.2 local 192.168.10.1
HSRP = “Active” 因为较高的优先级
HSRP = “Standby” – 活动的设备为192.168.10.2
验证Nexus 7000’s下的HSRP:
计时器
基于组的虚拟MAC地址
组号
状态改变的最后时间
使用show hsrp和show hsrp brief 命令来验证HSRP配置。

Presentation_ID 92
配置GLBP (IPv4)
n7000-1(config-if-glbp)# ?
authentication Configure authentication
forwarder Forwarder Configuration
ip Set Virtual IP address
load-balancing Load balancing method
name Redundancy name
preempt Overthrow lower priority designated routers
priority Priority level
timers Adjust GLBP timers
weighting Gateway weighting and tracking
n7000-1(config)# feature glbp
n7000-1(config)# interface ethernet 2/1
n7000-1(config-if)# glbp 0
n7000-1(config-if-glbp)# ip 192.168.1.1
n7000-1(config-if-glbp)# priority 110
n7000-1(config-if-glbp)# preempt
首先激活GLBP功能!
在每个接口下起用GLBP组<0 – 4095>
附加的GLBP组选项:
负载均衡选项:
Host-Dependent
Round-Robin (Default)
Weighted
默认计时器= 3s Hello and 10s Hold
网关负载均衡协议是另一个思科专有协议，它可以作为HSRP或者VRRP的一
种替代办法. 和HSRP、VRRP不同，GLBP提供动态负载平衡功能。
配置 Weights & Tracking

Presentation_ID 93
验证GLBP (IPv4)
n7000-1# show glbp brief
Interface Grp Fwd Pri State Address Active rtr Standby rtr
Eth2/1 0 - 110 Active 192.168.1.1 local 192.168.1.3
Eth2/1 0 1 7 Listen 0007.B400.0001 192.168.1.3 -
Eth2/1 0 2 7 Active 0007.B400.0002 local -
n7000-2# show glbp brief
Interface Grp Fwd Pri State Address Active rtr Standby rtr
Eth2/1 0 - 100 Standby 192.168.1.1 192.168.1.2 local
Eth2/1 0 1 7 Active 0007.B400.0001 local -
Eth2/1 0 2 7 Listen 0007.B400.0002 192.168.1.2 -
验证GLBP ：
组号
最后一次状态改变的时间
使用show glbp和show glbp brief来验证GLBP的状态。
组2状态“Active”
组1状态“Active”
n7000-1# show glbp
Ethernet2/1 - Group 0
State is Active
4 state change(s), last state change(s) 00:23:34
Virtual IP address is 192.168.1.1
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.700 sec
Redirect time 600 sec, forwarder time-out 14400 sec
Preemption enabled, min delay 0 sec
Active is local
Standby is 192.168.1.3, priority 100 (expires in 8.701 sec)
Priority 110 (configured)
Weighting 100 (default 100), thresholds: lower 1, upper 100
Load balancing: round-robin
Group members:
0030.487D.A055 (192.168.1.2) local
0030.487D.DF33 (192.168.1.3)
There are 2 forwarders (1 active)
<Text Omitted>
配置计时器
组成员
优先级 –默认为100

Presentation_ID 94
配置VRRP (IPv4)
n7000-1(config-if-vrrp)# ?
address Add an IP address to the vr
advertisement-interval Set the time interval between advertisement
authentication Select authentication method
preempt Enable preemption of lower priority master
priority Configure the vr priority
shutdown Enable or disable a VR
track Track the availability of another interface
n7000-1(config)# feature vrrp
n7000-1(config)# int eth 2/1
n7000-1(config-if)# vrrp 1
n7000-1(config-if-vrrp)# address 192.168.1.1
n7000-1(config-if-vrrp)# preempt
n7000-1(config-if-vrrp)# priority 110
n7000-1(config-if-vrrp)# no shut
首先激活VRRP!
在每个端口下配置VRRP组号# <1 – 255>
附加的VRRP组选项:
虚拟路由器冗余协议是一个标准的协议在RFC 3768中定义。 VRRP可成为
HSRP或GLBP的另外一个选择。
启用或禁用VRRP组
默认计数器= 1s Advertise and
a 3s Down Timer
激活VRRP组

Presentation_ID 95
验证VRRP (IPv4)
n7000-1# show vrrp
Interface VR IpVersion Pri Time Pre State VR IP addr
---------------------------------------------------------------------------
Ethernet2/1 1 IPv4 110 1 s Y Master 192.168.1.1
n7000-2# show vrrp
Interface VR IpVersion Pri Time Pre State VR IP addr
---------------------------------------------------------------------------
Ethernet2/1 1 IPv4 100 1 s Y Backup 192.168.1.1
在Nexus 7000’s验证VRRP:
组号
主路由
n7000-1# show vrrp vr 1 interface ethernet 2/1 status
IPv4 vr id 1 status
MAC address 00:00:5e:00:01:01
Operational state: Master
Up time 9 min, 43 sec
Master IP address: 192.168.1.2
VRRP组正常运行时间
备份路由
使用show vrrp vr和show vrrp 来验证VRRP状态。

Presentation_ID 96
对象跟踪概述
被跟踪的对象:
“IP routing”接口
Flow Exporter
“line protocol”接口
“route”接口
跟踪一个接口所配置的IP地址。
跟踪一条路由是否存在。
跟踪一个接口链路层状态。
对象跟踪用来缩短网络故障恢复的时间。对于HSRP它提供了一个额外的故障
转移机制，如果跟踪的目标符合条件，它将降低该对象的优先级。GLBP,
HSRP, and VRRP支持对象跟踪。
“Standby” 路由变成“Active”
客户端 Network
上行线路
X

Presentation_ID 97
配置对象跟踪
n7000# show track
Track 1
Interface Ethernet1/1 Line Protocol
Line Protocol is UP
1 changes, last change 00:03:44
Tracked by:
HSRP Ethernet2/1 0
n7000# show track brief
Track Type Instance Parameter State
Last Change
1 Interface Ethernet1/1 Line Protocol UP
n7000# track 1 interface ethernet 1/1 line-protocol
n7000(config)# interface Ethernet2/1
n7000(config-if)# ip address 192.168.10.2/24
n7000(config-if)# hsrp 0
n7000(config-if-hsrp)# track 1 decrement 20
n7000(config-if-hsrp)# ip 192.168.10.1
配置:
验证:
配置HSRP的 Ethernet 2/1为跟踪目标
跟踪接口状态
下面的配置示例演示了如何配置针对“line protocol”的HSRP跟踪如果被跟踪
的接口出现故障则优先将减少20. 如果另外一台路由器具有更高的优先级，并
且配置了强占，那么它的状态将变成“active”.
在HSRP下配制被跟踪的对象，并设置被减
少的优先值(1-255)
创建跟踪对象
跟踪接口状态

Presentation_ID 98
多波配置
 独立组播协议(PIM)
 Internet组管理协议(IGMP)
 IGMP Snooping

Presentation_ID 99
PIM配置(基础)
n7000(config)# feature pim
n7000(config)# ip pim sparse-mode
n7000(config)# ip pim rp-address 192.168.1.1
在全局下激活PIM:
在接口下激活PIM:
在每个端口下激活PIM-只有“sparse-
mode”被支持。PIM自动在接口上启用
IGMP。
首先激活PIM功能!
配置RP’s:
静态RP – Group-List 默认发送到224.0.0.0/4
PIM是用于跨多波路由域宣告多组组成员信息。下面的实例是配置一个支
持组波的简单网络。
Note: 其他的RP选项包括: BSR, Auto-RP和Anycast RP

Presentation_ID 100
附加的PIM配置选项
n7000(config-if)# ip pim ?
border Configures interface to be a boundary of a PIM domain
dr-priority Configures priority for PIM DR election on interface
hello-authentication Add AH header option to Hellos
hello-interval Configures the Hello interval for interface
jp-policy Specify policy for receiving Join-Prune messages
neighbor-policy Configures a neighbor policy for filtering adjacencies
sparse-mode Configures sparse-mode PIM on interface
n7000(config)# ip pim ?
anycast-rp Configure an RP in an Anycast-RP set (using PIM)
auto-rp Auto-RP protocol RP-distribution configuration
bidir-rp-limit Configures maximum Bidir RPs for IPv4 PIM in this VRF
bsr Bootstrap protocol RP-distribution configuration
bsr-candidate Configure router as a Bootstrap Router candidate
flush-routes Remove routes when restarting PIM
log-neighbor-changes Log up/down PIM neighbor transitions
register-policy Specify policy for receiving Register messages
register-rate-limit Rate limit for PIM data registers
rp-address Configure static RP for group range
rp-candidate Configure router as a Rendezvous Point (RP) candidate
send-rp-announce Configures router to send Auto-RP Announce messages
send-rp-discovery Configures router to send Auto-RP Discovery messages
spt-threshold Source-tree switching threshold
ssm Source Specific Multicast (SSM) groups
state-limit Configures State limit
use-shared-tree-only Use (*,G) only state, no source state is created
PIM 接口选项:
PIM 全局选项:

Presentation_ID 101
验证PIM配置
n7000# show ip pim neighbor
PIM Neighbor Status for VRF "default"
Neighbor Interface Uptime Expires DR Bidir-
Priority Capable
192.168.10.1 Ethernet2/1 00:35:17 00:01:20 1 yes
n7000# show ip pim rp
PIM RP Status Information for VRF "default"
BSR disabled
Auto-RP disabled
BSR RP Candidate policy: None
BSR RP policy: None
Auto-RP Announce policy: None
Auto-RP Discovery policy: None
RP: 192.168.1.1, (0), uptime: 00:36:42, expires: never,
priority: 0, RP-source: (local), group ranges:
224.0.0.0/4
全组有1饿静态RP
验证PIM的RP相关配置:
验证PIM 邻居:
n7000# show ip pim route 224.1.1.1
PIM Routing Table for VRF "default" - 2 entries
(*, 224.1.1.1/32), RP 192.168.1.1, expires 00:02:30, RP-bit
Incoming interface: Ethernet2/1, RPF nbr 192.168.10.1
Oif-list: (0) 00000000, timeout-list: (0) 00000000
Timeout-interval: 2, JP-holdtime round-up: 3
<Text Omitted>
验证PIM路由表:
(*,G) 条目 – 如果有流量，
那么你也应该在(S,G) 看到
该条目
1个邻居在线了35分钟

Presentation_ID 102
验证PIM多波路由
n7000# show ip mroute summary
IP Multicast Routing Table for VRF "default"
Total number of routes: 3
Total number of (*,G) routes: 1
Total number of (S,G) routes: 1
Total number of (*,G-prefix) routes: 1
Group count: 1, rough average sources per group: 1.0
Group: 224.1.1.1/32, Source count: 1
Source packets bytes aps pps bit-rate oifs
(*,G) 1 84 84 0 0 bps 1
192.168.10.1 118 9912 84 0 660 bps 1
Group: 232.0.0.0/8, Source count: 0
Source packets bytes aps pps bit-rate oifs
(*,G) 0 0 0 0 0 bps 0
(*,G) 和(S,G) 条目统计
多波路由表信息汇总
n7000# show ip mroute
IP Multicast Routing Table for VRF "default"
(*, 224.1.1.1/32), uptime: 00:19:30, igmp ip pim
Incoming interface: Ethernet2/1, RPF nbr: 192.168.10.1
Outgoing interface list: (count: 1)
Ethernet2/2, uptime: 00:19:30, igmp
(192.168.10.1/32, 224.1.1.1/32), uptime: 00:00:04, ip mrib pim
Incoming interface: Ethernet2/1, RPF nbr: 192.168.10.1
Outgoing interface list: (count: 1)
Ethernet2/2, uptime: 00:00:04, mrib
<Text Omitted>
多波路由表汇总:
多波路由表:
(*,G) 条目
(S,G) 在使用的条目

Presentation_ID 103
IGMP协议
IGMP是由路由器使用的协议，用于建立IP主机的多波组员关系。IGMP
进程是默认运行的。当PIM, a Local Multicast Group, 或者Link Local
Group Reports被激活，那么在接口上IGMP是默认启动的。
n7000(config-if)# ip igmp ?
access-group IGMP access-group
group-timeout Configures group membership timeout for IGMPv2
join-group Configures local group membership for router
last-member-query-count Configures number of group-specific Queries sent
last-member-query-response-time Configures last member query response time
querier-timeout Configures querier timeout for IGMPv2
query-interval Configures interval between Query transmission
query-max-response-time Configures MRT for query messages
query-timeout Configures querier timeout for IGMPv2
report-link-local-groups Send Reports for groups in 224.0.0.0/24
report-policy IGMP Report Policy
robustness-variable Configures RFC defined Robustness Variable
startup-query-count Configures number of queries sent at startup
startup-query-interval Configures query interval at startup
state-limit Configures State limit
static-oif Configures static oif for a multicast forwarding entry
version Configures IGMP version number for interface
支持IGMP V2 V3版本– 默认是v2
IGMP 接口配置选项:

Presentation_ID 104
IGMP Snooping概述
n7000(config)# vlan 1
n7000(config-vlan)# no ip igmp snooping
n7000(config)# no ip igmp snooping
在VLAN下禁用IGMP Snooping:
全局模式下禁用IGMP Snooping:
在所有VLAN下禁止 IGMP Snooping
验证IGMP Snooping:
n7000# show ip igmp snooping
Global IGMP Snooping Information:
IGMP Snooping enabled
IGMPv1/v2 Report Suppression enabled
IGMPv3 Report Suppression disabled
IGMP Snooping information for vlan 1
IGMP snooping enabled
IGMP querier none
Switch-querier disabled
IGMPv3 Explicit tracking enabled
IGMPv2 Fast leave disabled
IGMPv1/v2 Report suppression enabled
IGMPv3 Report suppression disabled
Router port detection using PIM Hellos, IGMP Queries
Number of router-ports: 0
Number of groups: 0
IGMP Snooping它是运行在二层设备上的组播约束机制，用于管理和控制
组播组。IGMP Snooping默认是开启的。
全局下IGMP Snooping 被启动
在VLAN1下IGMP Snooping被起用

Presentation_ID 105
验证IGMP 接口和组
n7000# show ip igmp groups
IGMP Group Membership Internal Cache for VRF "default" - 1 total entries
Type: S - Static, D - Dynamic, L - Local, T - SSM Translated
Group Address Type Interface Uptime Expires Last Reporter
224.1.1.1 L Ethernet2/2 00:31:47 00:02:35 192.168.11.2
n7000# show ip igmp interface ethernet 2/2
IGMP Interfaces for VRF "default"
Ethernet2/2, Interface status: protocol-up/link-up/admin-up
IP address: 192.168.11.2, IP subnet: 192.168.11.0/24
Active querier: 192.168.11.2, version: 2, next query sent in: 00:00:43
Membership count: 1
IGMP version: 2, host version: 2
IGMP query interval: 125 secs, configured value: 125 secs
IGMP max response time: 10 secs, configured value: 10 secs
IGMP startup query interval: 31 secs, configured value: 31 secs
IGMP startup query count: 2
IGMP last member mrt: 1 secs
IGMP last member query count: 2
IGMP group timeout: 260 secs, configured value: 260 secs
IGMP querier timeout: 255 secs, configured value: 255 secs
IGMP unsolicited report interval: 10 secs
IGMP robustness variable: 2, configured value: 2
IGMP reporting for link-local groups: disabled
IGMP interface enable refcount: 2
IGMP Report Policy: None
IGMP State Limit: None
IGMP interface statistics:
General (sent/received):
v1-reports: 0/0
v2-queries: 20/20, v2-reports: 20/0, v2-leaves: 0/0
v3-queries: 0/0, v3-reports: 0/0
Errors:
Checksum errors: 0, Packet length errors: 0
Bogus source IPs: 0, Query from non-querior:0
Report version mismatch: 0, Query version mismatch: 0
Unknown IGMP message type: 0
Invalid v1 reports: 0, Invalid v2 reports: 0, Invalid v3 reports: 0
IGMP v2统计
1组成员
IGMP 主动问询
IGMP version 2

Presentation_ID 106
安全配置
 TELNET & SSH 服务
 基于角色的访问控制(RBAC)
 AAA RADIUS (验证，计费)
 AAA TACACS+ (验证, 授权, 计费)
 IPv4 ACL (扩展)

Presentation_ID 107
配置验证SSH/TELNET
n7000(config)# feature telnet
n7000# show telnet server
telnet service enabled
n7000(config)# feature ssh
n7000# show ssh server
ssh is enabled
version 2 enabled
n7000# show users
NAME LINE TIME IDLE PID COMMENT
admin ttyS0 Apr 4 18:22 . 5113
admin pts/0 Apr 4 19:12 . 31448 (192.168.10.1)* TELNET/SSH 用户
控制台用户
验证用户状态:
SSH: 激活并验证
SSHv2 服务默认是开启的，我们可以通过no feature
来关闭它。
SSHv2默认情况下是开启的，是被推荐使用的CLI远程访问协议。TELNET
是默认关闭的，因为它缺乏安全性。TELNET和SSHv2都能被很好的支持
。
TELNET:激活并验证
TELNET 服务被激活

Nexus_7000 product detail for mantaincing and oprating

Nexus_7000 product detail for mantaincing and oprating

Recommended

Recommended

More Related Content

Similar to Nexus_7000 product detail for mantaincing and oprating

Similar to Nexus_7000 product detail for mantaincing and oprating (20)

Recently uploaded

Recently uploaded (20)

Nexus_7000 product detail for mantaincing and oprating