This blog post outlines the main differences for the configuration basics between the Cisco NX-OS software and the Cisco IOS Software.
Cisco NX-OS Overview
The Cisco NX-OS is a data center class operating system designed for maximum scalability and application availability. The CLI interface for the NX-OS is very similar to Cisco IOS, so if you understand the Cisco IOS you can easily adapt to the Cisco NX-OS. However, a few key differences should be understood prior to working with the Cisco NX-OS.
Important Cisco NX-OS and Cisco IOS Software Differences
In Cisco NX-OS:
- When you first log into the NX-OS, you go directly into EXEC mode.
- Role Based Access Control (RBAC) determines a user’s permissions by default. NX-OS 5.0(2a) introduced privilege levels and two-stage authentication using an enable secret that can be enabled with the globalfeature privilege configuration command.
- By default, the admin user has network-admin rights that allow full read/write access. Additional users can be created with very granular rights to permit or deny specific CLI commands.
- The Cisco NX-OS has a Setup Utility that allows a user to specify the system defaults, perform basic configuration, and apply a pre-defined Control Plane Policing (CoPP) security policy.
- The Cisco NX-OS uses a feature based license model. An Enterprise Services, Advanced Services, Transport Services, Scalable Feature and Enhanced Layer 2 license is required depending on the features required. Additional licenses may be required in the future.
- A 120 day license grace period is supported for testing, but features are automatically removed from the running configuration after the expiration date is reached. Some features such as Cisco Trustsec that require an Advanced Services license cannot be configured with a grace period.
- The Cisco NX-OS has the ability to enable and disable features such as OSPF, BGP, etc… using the feature configuration command. Configuration and verification commands are not available until you enable the specific feature.
- Interfaces are labeled in the configuration as Ethernet. There aren’t any speed designations.
- The Cisco NX-OS supports Virtual Device Contexts (VDCs), which allow a physical device to be partitioned into logical devices. When you log into the console port, you are in the default VDC (VDC 1).
- The Cisco NX-OS has two preconfigured VRF instances by default (management, default). The management VRF is applied to the supervisor module out-of-band Ethernet port (mgmt0), and the default VRF instance is applied to all other I/O module Ethernet ports. The mgmt0 port is the only port permitted in the management VRF instance and cannot be assigned to another VRF instance.
- SSHv2 server/client functionality is enabled by default. TELNET server functionality is disabled by default. (The TELNET client is enabled by default and cannot be disabled.)
- VTY and Auxiliary port configurations do not show up in the default configuration unless a parameter is modified (The Console port is included in the default configuration). The VTY port supports 32 simultaneous sessions and the timeout is disabled by default for all three port types
- The Console and VTY ports always prompt the user for a username/password pair for authentication before granting access to the CLI. The Cisco IOS applies the login command to the Console and VTY ports by default to enable password authentication (If the no login command is applied, a user can gain access without a password.).
- A user can execute show commands in configuration mode without using the do command as in Cisco IOS Software.
- When executing a show command, a user has several more options when using the pipe (|) option such as grep for parsing the output, perl for activating a script, and xml to format the output for network management applications.
Things You Should Know
The following list provides some additional Cisco NX-OS information that should be helpful when configuring and maintaining the Cisco NX-OS.
- The default administer user is predefined as admin. An admin user password has to be specified when the system is powered up for the first time, or if the running configuration is erased with the write erasecommand and system is repowered.
- The license grace-period can be disabled without any impact if the proper license is installed for a feature within the 120 day grace period.
- If you remove a feature with the global no feature configuration command, all relevant commands related to that feature are removed from the running configuration. Some features such as LaCP and vPC will not allow you to disable the feature if they are configured.
- The NX-OS uses a kickstart image and a system image. Both images are identified in the configuration file as the kickstart and system boot variables. The boot variables determine what version of NX-OS is loaded when the system is powered on. (The kickstart and system boot variables have to be configured for the same NX-OS version.)
- The show running-config command accepts several options, such as OSPF, BGP, etc… that will display the runtime configuration for a specific feature.
- The show tech command accepts several options that will display information for a specific feature.
- The NX-OS has a configuration checkpoint/rollback feature that should be used when making changes to a production network. A checkpoint configuration can be saved in EXEC mode with the globalcheckpoint command and the rollback procedure can be executed with the rollback command.
The following sample code show similarities and differences between the Cisco NX-OS software and the Cisco IOS Software CLI.
|Cisco IOS CLI||Cisco NX-OS CLI|
|Default User Prompt|
|Entering Configuration Mode|
|c6500# configure terminal||n7000# configure terminal|
|Saving the Running Config to the Startup Config (nvram)|
|c6500# write memory
c6500# copy running-config startup-config
|n7000# copy running-config startup-config|
|Erasing the startup config (nvram)|
|c6500# write erase||n7000# write erase|
|Installing a License|
|Cisco IOS Software does not require a license file installation.||n7000# install license bootflash:license_file.lic|
|Interface Naming Convention|
|interface Ethernet 1/1
interface FastEthernet 1/1
interface GigabitEthernet 1/1
interface TenGigabitEthernet 1/1
|interface Ethernet 1/1|
|Default VRF Configuration (management)|
|Cisco IOS Software doesn’t enable VRFs by default.||vrf context management|
|Configuring the Software Image Boot Variables|
|boot system flash sup-bootdisk:s72033-ipservicesk9_wan-mz.122-33.SXH1.bin||boot kickstart bootflash:/n7000-s1-kickstart.4.0.4.bin sup-1
boot system bootflash:/n7000-s1-dk220.127.116.11.bin sup-1
boot kickstart bootflash:/n7000-s1-kickstart.4.0.4.bin sup-2
boot system bootflash:/n7000-s1-dk18.104.22.168.bin sup-2
|Cisco IOS Software does not have the functionality to enable or disable features.||feature ospf|
|Enabling TELNET (SSHv2 is recommended)|
|Cisco IOS Software enables TELNET by default.||feature telnet|
|Configuring the Console Timeout|
|line console 0
exec-timeout 15 0
|Configuring the VTY Timeout and Session Limit|
|line vty 0 9
exec-timeout 15 0
Verification Command Comparison
The following table compares some useful show commands for verifying the initial system startup and running configuration.
|Cisco NX-OS||Cisco IOS Software||Command Description|
|show running-config||show running-config||Displays the running configuration|
|show startup-config||show startup-config||Displays the startup configuration|
|show interface||show interface||Displays the status for all of the interfaces|
|show interface ethernet <x/x>||show interface <int type>||Displays the status for a specific interface|
|show interface mgmt 0||–||Displays the status for the mgmt interface|
|show boot||show boot||Displays the current boot variables|
|show clock||show clock||Displays the system clock and time zone configuration|
|show clock detail||show clock detail||Displays the summer-time configuration|
|show environment||show environment||Displays all environment parameters|
|show environment clock||show environment status clock||Displays clock status for A/B and active clock|
|show environment fan||show environment cooling fan-tray||Displays fan status|
|show environment power||show power||Displays power budget|
|show environment temperature||show environment temperature||Displays environment data|
|show feature||–||Displays the features and routing processes enabled|
|show log logfile||show log||Displays the local log|
|show log nvram||–||Displays persistent log messages (severity 0-2) stored in NVRAM|
|show module||show module||Displays installed modules and their status|
|show module uptime||–||Displays how long each module has be powered up|
|show module fabric||–||Displays fabric modules and their current status|
|show platform fabric-utilization||show fabric utilization||Displays the % of fabric utilized per module|
|show process cpu||show process cpu||Displays the processes running on the CPU|
|show process cpu history||show process cpu history||Displays the process history of the CPU in chart form|
|show process cpu sorted||show process cpu sorted||Displays sorted processes running on the CPU|
|show system cores||–||Displays the core dump files if present|
|show system exception-info||show exception||Displays last exception log|
|show system redundancy status||show redundancy||Displays the supervisors High Availability status|
|show system resources||show process cpu||Displays CPU and memory usage data|
|show system uptime||–||Displays system and kernel start time (Displays active supervisor uptime)|
|show tech-support||show tech-support||Displays system technical information for Cisco TAC|
|show tech-support <name>||show tech-support <name>||Displays feature specific technical information for Cisco TAC|
|show version||show version||Displays running software version, basic hardware, CMP status and system uptime|
|show line||show line||Displays console and auxiliary port information|
|show line com1||–||Displays auxiliary port information|
|show line console||show line console 0||Displays console port information|
|show line console connected||–||States if the console port is physically connected|
|show terminal||show terminal||Displays terminal settings|
|show users||show users||Displays current virtual terminal settings|
|show vrf||show ip vrf||Displays a list of all configured VRFs|
|show vrf <name>||show ip vrf <name>||Displays an specified VRF|
|show vrf <name> detail||show vrf detail <name>||Displays details for a specified|
|show vrf <name> interface||–||Displays interface assignment for a specified VRF|
|show vrf default||–||Displays a summary of the default VRF|
|show vrf detail||show vrf detail||Displays details for all VRF’s|
|show vrf interface||show ip vrf interface||Displays VRF interface assignment|
|show vrf management||–||Displays a summary of the management VRF|
|show license||–||Displays all license file information|
|show license brief||–||Displays the license file names installed|
|show license file <name>||–||Displays license contents based on a specified name|
|show license host-id||–||Displays the chassis Host-ID used for creating a license|
|show license usage||–||Displays all licenses used by the system|
|show license usage <license-type>||–||Displays all licenses used by the system per type|
|show license usage vdc-all||–||Displays all licenses used by the system for all VDCs|
|show vdc||–||Displays a list of the configured VDC’s|
|show vdc <name>||–||Displays a summary of the individual VDC|
|show vdc <name> detail||–||Displays configuration details for a specific VDC|
|show vdc <name> membership||–||Displays interface membership for a specific VDC|
|show vdc <name> resource||–||Displays resource allocation for a specific VDC|
|show vdc current-vdc||–||Displays the VDC that the user is currently in|
|show vdc detail||–||Displays details information for all VDCs|
|show vdc membership||–||Displays interface membership for all VDCs|
|show vdc resources||–||Displays resource allocation for all VDCs|