Cisco NX-OS/IOS Configuration Basics Comparison

This blog post outlines the main differences for the configuration basics between the Cisco NX-OS software and the Cisco IOS Software.

Cisco NX-OS Overview

The Cisco NX-OS is a data center class operating system designed for maximum scalability and application availability. The CLI interface for the NX-OS is very similar to Cisco IOS, so if you understand the Cisco IOS you can easily adapt to the Cisco NX-OS. However, a few key differences should be understood prior to working with the Cisco NX-OS.
Important Cisco NX-OS and Cisco IOS Software Differences

In Cisco NX-OS:

  • When you first log into the NX-OS, you go directly into EXEC mode.
  • Role Based Access Control (RBAC) determines a user’s permissions by default. NX-OS 5.0(2a) introduced privilege levels and two-stage authentication using an enable secret that can be enabled with the globalfeature privilege configuration command.
  • By default, the admin user has network-admin rights that allow full read/write access. Additional users can be created with very granular rights to permit or deny specific CLI commands.
  • The Cisco NX-OS has a Setup Utility that allows a user to specify the system defaults, perform basic configuration, and apply a pre-defined Control Plane Policing (CoPP) security policy.
  • The Cisco NX-OS uses a feature based license model. An Enterprise Services, Advanced Services, Transport Services, Scalable Feature and Enhanced Layer 2 license is required depending on the features required. Additional licenses may be required in the future.
  • A 120 day license grace period is supported for testing, but features are automatically removed from the running configuration after the expiration date is reached. Some features such as Cisco Trustsec that require an Advanced Services license cannot be configured with a grace period.
  • The Cisco NX-OS has the ability to enable and disable features such as OSPF, BGP, etc… using the feature configuration command. Configuration and verification commands are not available until you enable the specific feature.
  • Interfaces are labeled in the configuration as Ethernet. There aren’t any speed designations.
  • The Cisco NX-OS supports Virtual Device Contexts (VDCs), which allow a physical device to be partitioned into logical devices. When you log into the console port, you are in the default VDC (VDC 1).
  • The Cisco NX-OS has two preconfigured VRF instances by default (management, default). The management VRF is applied to the supervisor module out-of-band Ethernet port (mgmt0), and the default VRF instance is applied to all other I/O module Ethernet ports. The mgmt0 port is the only port permitted in the management VRF instance and cannot be assigned to another VRF instance.
  • SSHv2 server/client functionality is enabled by default. TELNET server functionality is disabled by default. (The TELNET client is enabled by default and cannot be disabled.)
  • VTY and Auxiliary port configurations do not show up in the default configuration unless a parameter is modified (The Console port is included in the default configuration). The VTY port supports 32 simultaneous sessions and the timeout is disabled by default for all three port types
  • The Console and VTY ports always prompt the user for a username/password pair for authentication before granting access to the CLI. The Cisco IOS applies the login command to the Console and VTY ports by default to enable password authentication (If the no login command is applied, a user can gain access without a password.).
  • A user can execute show commands in configuration mode without using the do command as in Cisco IOS Software.
  • When executing a show command, a user has several more options when using the pipe (|) option such as grep for parsing the output, perl for activating a script, and xml to format the output for network management applications.

Things You Should Know

The following list provides some additional Cisco NX-OS information that should be helpful when configuring and maintaining the Cisco NX-OS.

  • The default administer user is predefined as admin. An admin user password has to be specified when the system is powered up for the first time, or if the running configuration is erased with the write erasecommand and system is repowered.
  • The license grace-period can be disabled without any impact if the proper license is installed for a feature within the 120 day grace period.
  • If you remove a feature with the global no feature configuration command, all relevant commands related to that feature are removed from the running configuration. Some features such as LaCP and vPC will not allow you to disable the feature if they are configured.
  • The NX-OS uses a kickstart image and a system image. Both images are identified in the configuration file as the kickstart and system boot variables. The boot variables determine what version of NX-OS is loaded when the system is powered on. (The kickstart and system boot variables have to be configured for the same NX-OS version.)
  • The show running-config command accepts several options, such as OSPF, BGP, etc… that will display the runtime configuration for a specific feature.
  • The show tech command accepts several options that will display information for a specific feature.
  • The NX-OS has a configuration checkpoint/rollback feature that should be used when making changes to a production network. A checkpoint configuration can be saved in EXEC mode with the globalcheckpoint command and the rollback procedure can be executed with the rollback command.

Configuration Comparison

The following sample code show similarities and differences between the Cisco NX-OS software and the Cisco IOS Software CLI.

Cisco IOS CLI Cisco NX-OS CLI
Default User Prompt
c6500> n7000#
Entering Configuration Mode
c6500# configure terminal n7000# configure terminal
Saving the Running Config to the Startup Config (nvram)
c6500# write memory

or

c6500# copy running-config startup-config

n7000# copy running-config startup-config
Erasing the startup config (nvram)
c6500# write erase n7000# write erase
Installing a License
Cisco IOS Software does not require a license file installation. n7000# install license bootflash:license_file.lic
Interface Naming Convention
interface Ethernet 1/1

interface FastEthernet 1/1

interface GigabitEthernet 1/1

interface TenGigabitEthernet 1/1

interface Ethernet 1/1
Default VRF Configuration (management)
Cisco IOS Software doesn’t enable VRFs by default. vrf context management
Configuring the Software Image Boot Variables
boot system flash sup-bootdisk:s72033-ipservicesk9_wan-mz.122-33.SXH1.bin boot kickstart bootflash:/n7000-s1-kickstart.4.0.4.bin sup-1

boot system bootflash:/n7000-s1-dk9.4.0.4.bin sup-1

boot kickstart bootflash:/n7000-s1-kickstart.4.0.4.bin sup-2

boot system bootflash:/n7000-s1-dk9.4.0.4.bin sup-2

Enabling Features
Cisco IOS Software does not have the functionality to enable or disable features. feature ospf
Enabling TELNET (SSHv2 is recommended)
Cisco IOS Software enables TELNET by default. feature telnet
Configuring the Console Timeout
line console 0

exec-timeout 15 0

login

line console

exec-timeout 15

Configuring the VTY Timeout and Session Limit
line vty 0 9

session-limit 10

exec-timeout 15 0

login

line vty

session-limit 10

exec-timeout 15

Verification Command Comparison

The following table compares some useful show commands for verifying the initial system startup and running configuration.

Cisco NX-OS Cisco IOS Software Command Description
show running-config show running-config Displays the running configuration
show startup-config show startup-config Displays the startup configuration
show interface show interface Displays the status for all of the interfaces
show interface ethernet <x/x> show interface <int type> Displays the status for a specific interface
show interface mgmt 0 Displays the status for the mgmt interface
show boot show boot Displays the current boot variables
show clock show clock Displays the system clock and time zone configuration
show clock detail show clock detail Displays the summer-time configuration
show environment show environment Displays all environment parameters
show environment clock show environment status clock Displays clock status for A/B and active clock
show environment fan show environment cooling fan-tray Displays fan status
show environment power show power Displays power budget
show environment temperature show environment temperature Displays environment data
show feature Displays the features and routing processes enabled
show log logfile show log Displays the local log
show log nvram Displays persistent log messages (severity 0-2) stored in NVRAM
show module show module Displays installed modules and their status
show module uptime Displays how long each module has be powered up
show module fabric Displays fabric modules and their current status
show platform fabric-utilization show fabric utilization Displays the % of fabric utilized per module
show process cpu show process cpu Displays the processes running on the CPU
show process cpu history show process cpu history Displays the process history of the CPU in chart form
show process cpu sorted show process cpu sorted Displays sorted processes running on the CPU
show system cores Displays the core dump files if present
show system exception-info show exception Displays last exception log
show system redundancy status show redundancy Displays the supervisors High Availability status
show system resources show process cpu Displays CPU and memory usage data
show system uptime Displays system and kernel start time (Displays active supervisor uptime)
show tech-support show tech-support Displays system technical information for Cisco TAC
show tech-support <name> show tech-support <name> Displays feature specific technical information for Cisco TAC
show version show version Displays running software version, basic hardware, CMP status and system uptime
show line show line Displays console and auxiliary port information
show line com1 Displays auxiliary port information
show line console show line console 0 Displays console port information
show line console connected States if the console port is physically connected
show terminal show terminal Displays terminal settings
show users show users Displays current virtual terminal settings
show vrf show ip vrf Displays a list of all configured VRFs
show vrf <name> show ip vrf <name> Displays an specified VRF
show vrf <name> detail show vrf detail <name> Displays details for a specified
show vrf <name> interface Displays interface assignment for a specified VRF
show vrf default Displays a summary of the default VRF
show vrf detail show vrf detail Displays details for all VRF’s
show vrf interface show ip vrf interface Displays VRF interface assignment
show vrf management Displays a summary of the management VRF
show license Displays all license file information
show license brief Displays the license file names installed
show license file <name> Displays license contents based on a specified name
show license host-id Displays the chassis Host-ID used for creating a license
show license usage Displays all licenses used by the system
show license usage <license-type> Displays all licenses used by the system per type
show license usage vdc-all Displays all licenses used by the system for all VDCs
show vdc Displays a list of the configured VDC’s
show vdc <name> Displays a summary of the individual VDC
show vdc <name> detail Displays configuration details for a specific VDC
show vdc <name> membership Displays interface membership for a specific VDC
show vdc <name> resource Displays resource allocation for a specific VDC
show vdc current-vdc Displays the VDC that the user is currently in
show vdc detail Displays details information for all VDCs
show vdc membership Displays interface membership for all VDCs
show vdc resources Displays resource allocation for all VDCs