This blog post outlines the main differences for the configuration basics between the Cisco NX-OS software and the Cisco IOS Software.
Cisco NX-OS Overview
The Cisco NX-OS is a data center class operating system designed for maximum scalability and application availability. The CLI interface for the NX-OS is very similar to Cisco IOS, so if you understand the Cisco IOS you can easily adapt to the Cisco NX-OS. However, a few key differences should be understood prior to working with the Cisco NX-OS. Important Cisco NX-OS and Cisco IOS Software Differences
In Cisco NX-OS:
When you first log into the NX-OS, you go directly into EXEC mode.
Role Based Access Control (RBAC) determines a user’s permissions by default. NX-OS 5.0(2a) introduced privilege levels and two-stage authentication using an enable secret that can be enabled with the globalfeature privilege configuration command.
By default, the admin user has network-admin rights that allow full read/write access. Additional users can be created with very granular rights to permit or deny specific CLI commands.
The Cisco NX-OS has a Setup Utility that allows a user to specify the system defaults, perform basic configuration, and apply a pre-defined Control Plane Policing (CoPP) security policy.
The Cisco NX-OS uses a feature based license model. An Enterprise Services, Advanced Services, Transport Services, Scalable Feature and Enhanced Layer 2 license is required depending on the features required. Additional licenses may be required in the future.
A 120 day license grace period is supported for testing, but features are automatically removed from the running configuration after the expiration date is reached. Some features such as Cisco Trustsec that require an Advanced Services license cannot be configured with a grace period.
The Cisco NX-OS has the ability to enable and disable features such as OSPF, BGP, etc… using the feature configuration command. Configuration and verification commands are not available until you enable the specific feature.
Interfaces are labeled in the configuration as Ethernet. There aren’t any speed designations.
The Cisco NX-OS supports Virtual Device Contexts (VDCs), which allow a physical device to be partitioned into logical devices. When you log into the console port, you are in the default VDC (VDC 1).
The Cisco NX-OS has two preconfigured VRF instances by default (management, default). The management VRF is applied to the supervisor module out-of-band Ethernet port (mgmt0), and the default VRF instance is applied to all other I/O module Ethernet ports. The mgmt0 port is the only port permitted in the management VRF instance and cannot be assigned to another VRF instance.
SSHv2 server/client functionality is enabled by default. TELNET server functionality is disabled by default. (The TELNET client is enabled by default and cannot be disabled.)
VTY and Auxiliary port configurations do not show up in the default configuration unless a parameter is modified (The Console port is included in the default configuration). The VTY port supports 32 simultaneous sessions and the timeout is disabled by default for all three port types
The Console and VTY ports always prompt the user for a username/password pair for authentication before granting access to the CLI. The Cisco IOS applies the login command to the Console and VTY ports by default to enable password authentication (If the no login command is applied, a user can gain access without a password.).
A user can execute show commands in configuration mode without using the do command as in Cisco IOS Software.
When executing a show command, a user has several more options when using the pipe (|) option such as grep for parsing the output, perl for activating a script, and xml to format the output for network management applications.
Things You Should Know
The following list provides some additional Cisco NX-OS information that should be helpful when configuring and maintaining the Cisco NX-OS.
The default administer user is predefined as admin. An admin user password has to be specified when the system is powered up for the first time, or if the running configuration is erased with the write erasecommand and system is repowered.
The license grace-period can be disabled without any impact if the proper license is installed for a feature within the 120 day grace period.
If you remove a feature with the global no feature configuration command, all relevant commands related to that feature are removed from the running configuration. Some features such as LaCP and vPC will not allow you to disable the feature if they are configured.
The NX-OS uses a kickstart image and a system image. Both images are identified in the configuration file as the kickstart and system boot variables. The boot variables determine what version of NX-OS is loaded when the system is powered on. (The kickstart and system boot variables have to be configured for the same NX-OS version.)
The show running-config command accepts several options, such as OSPF, BGP, etc… that will display the runtime configuration for a specific feature.
The show tech command accepts several options that will display information for a specific feature.
The NX-OS has a configuration checkpoint/rollback feature that should be used when making changes to a production network. A checkpoint configuration can be saved in EXEC mode with the globalcheckpoint command and the rollback procedure can be executed with the rollback command.
The following sample code show similarities and differences between the Cisco NX-OS software and the Cisco IOS Software CLI.
Cisco IOS CLI
Cisco NX-OS CLI
Default User Prompt
Entering Configuration Mode
c6500# configure terminal
n7000# configure terminal
Saving the Running Config to the Startup Config (nvram)
c6500# write memory
c6500# copy running-config startup-config
n7000# copy running-config startup-config
Erasing the startup config (nvram)
c6500# write erase
n7000# write erase
Installing a License
Cisco IOS Software does not require a license file installation.
n7000# install license bootflash:license_file.lic
Interface Naming Convention
interface Ethernet 1/1
interface FastEthernet 1/1
interface GigabitEthernet 1/1
interface TenGigabitEthernet 1/1
interface Ethernet 1/1
Default VRF Configuration (management)
Cisco IOS Software doesn’t enable VRFs by default.
vrf context management
Configuring the Software Image Boot Variables
boot system flash sup-bootdisk:s72033-ipservicesk9_wan-mz.122-33.SXH1.bin