Configuring Cisco Nexus 9000 Series Switches

Beginning with Release 3.10.1, Cisco Nexus Data Broker (NDB) has been renamed to Cisco Nexus Dashboard Data Broker. However, some instances of NDB are present in this document, to correspond with the GUI, and installation folder structure. References of NDB/ Nexus Data Broker/ Nexus Dashboard Data Broker can be used interchangeably.

This chapter contains the following sections:

Guidelines and Limitations for Cisco Nexus 9000 Series Switches

See the following guidelines and limitations for configuring Cisco Nexus 9000 Series switches through Cisco Nexus Dashboard Data Broker.

  • Beginning with Cisco NX-OS Release 7.0(3)I7(2), you can enable TAP aggregation for Cisco Nexus 9500 platform switches with N9K-X9700-EX and N9K-X9700-FX line card.

  • To enable TAP AGG feature on N9K-X9700-EX and N9K-X9700-FX line card, you need to configure hardware acl tap-agg globally on the Cisco Nexus 9500 switches.

  • Cisco Nexus Dashboard Data Broker supports NX-API protocol for Cisco Nexus 9000 series family of devices starting with Release 7.x.

  • The devices that are going to provisioned by Cisco Nexus Dashboard Data Broker are assumed to have LLDP enabled and the LLDP feature should not be disabled during the device association with Cisco Nexus Dashboard Data Broker. If the LLDP feature is disabled, there might be an inconsistency in Cisco Nexus Dashboard Data Broker that cannot be fixed without device deletion and re-addition.

  • Cisco Nexus Dashboard Data Broker assumes that the device interfaces configured by the port definitions are L2 switch ports and these interfaces have device configurations as switchport trunk by default.

  • Cisco Nexus 9200 Series switches do not support Q-in-Q VLAN tagging for the Edge SPAN and Edge TAP port.

  • For Cisco Nexus 9000 Series switches, upgrade the Cisco NX-OS software to Cisco NX-OS Release 7.x or above.

  • You can now add a Cisco Nexus 9000 Series switch to the Cisco Nexus Dashboard Data Broker that can be discovered through NX-API protocol. Once the connection is successful, all the line card information for chassis model 9500 is discovered.

  • Prior to deploying the Cisco Nexus 9000 Series switches for Tap/SPAN aggregation through Cisco Nexus Dashboard Data Broker with NX-API mode, the following configurations should be completed:

    • Configure the ACL TCAM region size for IPV4 port ACLs or MAC port ACLs.

    • Enable NX-API feature in the switch using the feature nxapi command.

    • Configure switchport mode trunk on all the inter-switch ports and the port-channels.

  • Cisco Nexus Dashboard Data Broker periodically rediscovers the switch inventory, the topology interconnection, and the status. This information is updated in the GUI depending on the status. The rediscovery interval can be configured and the default value for the rediscovery interval is every 10 seconds.

Configuring TCAM Hardware Sizing on Cisco Nexus 9000 Series Switches

The TCAM configuration is based on the filtering requirement. You may need to configure multiple TCAM entries based on your filtering requirement. Complete these steps to configure a TCAM:

SUMMARY STEPS

  1. Use the hardware access-list tcam region <region> <tcam-size> command to configure the following TCAM regions:

DETAILED STEPS

Command or Action Purpose

Use the hardware access-list tcam region <region> <tcam-size> command to configure the following TCAM regions:


NAT ACL[nat] size =    0
Ingress PACL [ing-ifacl] size = 1024
VACL [vacl] size =    0
Ingress RACL [ing-racl] size =    0
Ingress L2 QOS [ing-l2-qos] size =  256
Ingress L3/VLAN QOS [ing-l3-vlan-qos] size =    0
Ingress SUP [ing-sup] size =  512
Ingress L2 SPAN filter [ing-l2-span-filter] size =  256
Ingress L3 SPAN filter [ing-l3-span-filter] size =    0
Ingress FSTAT [ing-fstat] size =    0
span [span] size =  512
Egress RACL [egr-racl] size = 1792
Egress SUP [egr-sup] size =  256
Ingress Redirect [ing-redirect] size =  512
Egress L2 QOS [egr-l2-qos] size =    0
Egress L3/VLAN QOS [egr-l3-vlan-qos] size =    0
Ingress Netflow/Analytics [ing-netflow] size =  512
Ingress NBM [ing-nbm] size =    0
TCP NAT ACL[tcp-nat] size =    0
Egress sup control plane[egr-copp] size =    0
Ingress Flow Redirect [ing-flow-redirect] size =    0
Ingress PACL IPv4 Lite [ing-ifacl-ipv4-lite] size =    0
Ingress PACL IPv6 Lite [ing-ifacl-ipv6-lite] size =    0
MCAST NAT ACL[mcast-nat] size =    0
Ingress PACL Super Bridge [ing-pacl-sb] size = 1024
Ingress Storm Control [ing-storm-control] size =    0
Ingress VACL redirect [ing-vacl-nh] size =    0
Egress PACL [egr-ifacl] size =    0

See the Cisco Nexus 9000 Series NX-OS Security Configuration Guide for the step-by-step TCAM hardware sizing configuration on Cisco Nexus 9000 Series Switches.

Note

 

Cisco Nexus Dashboard Data Broker in OpenFlow mode supports Ethernet MAC source and destination addresses as match capabilities only when the OpenFlow TCAM region is configured as double wide (for example, hardware access-list tcam region openflow 512 double-wide). If the OpenFlow TCAM region is configured as non double wide, only ether type match is supported as match capabilities.

Enabling Cisco NX-API on Cisco Nexus 9000 Series Switches Using CLI

You can now manage multiple Cisco Nexus 9000 Series switches that are connected in a topology. Cisco Nexus Dashboard Data Broker plugin can discover the switch interconnections using LLDP and update the topology services within Cisco Nexus Dashboard Data Broker. The switch interconnections can be a physical link or a port-channel interface. The topology displays only the interconnections between Cisco Nexus 9000 Series switches that are added to the NDB device list. The topology interconnection is displayed in the GUI.

Complete the following steps for enabling Cisco NX-API on Cisco Nexus 9000 Series switches:

Procedure

  Command or Action Purpose

Step 1

Enable the management interface.

Enable the management interface on the switch.

Step 2

switch# conf t

Enter the configuration mode.

Step 3

switch (config) # feature nxapi

Enable the NX-API feature.

Step 4

switch (config) # nxapi http port 80

Configure the HTTP port.

Step 5

switch (config) # nxapi https port 443

Configure the HTTPS port.

For the step-by-step configuration information for enabling the NX-API feature on Cisco Nexus 9000 Series switches, see the Cisco Nexus 9000 Series NX-OS Programmability Guide.

Enabling Switch Port Mode as Trunk on the Inter-switch Ports and Port Channels

Complete the following steps to enable the switch port mode on the inter-switch ports and port-channels:

Procedure

  Command or Action Purpose

Step 1

switch(config)# config t

Enables the configuration mode.

Step 2

switch(config)# interface {{type slot/port} | {port-channel number}}

Specifies an interface to configure.

Step 3

switch(config-if)# switchport mode {access | trunk}

Configures the switchport mode as access or trunk on the inter-switch ports and the port-channels.

Step 4

switch(config)# exit

Exits the configuration mode.