Configuring Cisco Nexus 9000 Series Switches

This chapter contains the following sections:

Guidelines and Limitations for Cisco Nexus 9000 Series Switches

See the following guidelines and limitations for configuring Cisco Nexus 9000 Series switches through Cisco Nexus Data Broker.

  • Beginning with Cisco NX-OS Release 7.0(3)I7(2), you can enable TAP aggregation for Cisco Nexus 9500 platform switches with N9K-X9700-EX and N9K-X9700-FX line card.

  • To enable TAP AGG feature on N9K-X9700-EX and N9K-X9700-FX line card, you need to configure hardware acl tap-agg globally on the Cisco Nexus 9500 switches.

  • Cisco Nexus Data Broker supports NX-API protocol for Cisco Nexus 9000 series family of devices starting with Release 7.x.

  • The devices that are going to provisioned by Cisco Nexus Data Broker are assumed to have LLDP enabled and the LLDP feature should not be disabled during the device association with Cisco Nexus Data Broker. If the LLDP feature is disabled, there might be an inconsistency in Cisco Nexus Data Broker that cannot be fixed without device deletion and re-addition.

  • Cisco Nexus Data Broker assumes that the device interfaces configured by the port definitions are L2 switch ports and these interfaces have device configurations as switchport trunk by default.

  • Cisco Nexus 9200 Series switches do not support Q-in-Q VLAN tagging for the Edge SPAN and Edge TAP port.

  • For Cisco Nexus 9000 Series switches, upgrade the Cisco NX-OS software to Cisco NX-OS Release 7.x or above.

  • You can now add a Cisco Nexus 9000 Series switch to the Cisco Nexus Data Broker that can be discovered through NX-API protocol. Once the connection is successful, all the line card information for chassis model 9500 is discovered.

  • Prior to deploying the Cisco Nexus 9000 Series switches for Tap/SPAN aggregation through Cisco Nexus Data Broker with NX-API mode, the following configurations should be completed:

    • Configure the ACL TCAM region size for IPV4 port ACLs or MAC port ACLs.

    • Enable NX-API feature in the switch using the feature nxapi command.

    • Configure switchport mode trunk on all the inter-switch ports and the port-channels.

  • Cisco Nexus data broker periodically rediscovers the switch inventory, the topology interconnection, and the status. This information is updated in the GUI depending on the status. The rediscovery interval can be configured and the default value for the rediscovery interval is every 10 seconds.

Configuring TCAM Hardware Sizing on Cisco Nexus 9000 Series Switches

The TCAM configuration is based on the filtering requirement. You may need to configure multiple TCAM entries based on your filtering requirement. Complete these steps to configure a TCAM:

SUMMARY STEPS

  1. Use the hardware access-list tcam region <region> <tcam-size> command to configure the following TCAM regions:

DETAILED STEPS

Command or Action Purpose

Use the hardware access-list tcam region <region> <tcam-size> command to configure the following TCAM regions:

  • IPV4 PACL [ifacl] size = 1024

  • IPV6 PACL [ipv6-ifacl] size =    0

  • MAC PACL [mac-ifacl] size =  512

  • Egress IPV4 RACL [e-racl] size =  256

  • Egress IPV6 RACL [e-ipv6-racl] size =    0

  • Ingress System size =  256

  • Egress System size =  256

  • SPAN [span] size =  256

  • Ingress COPP [copp] size =  256

See the Cisco Nexus 9000 Series NX-OS Security Configuration Guide for the step-by-step TCAM hardware sizing configuration on Cisco Nexus 9000 Series Switches.

Note

 

Cisco NDB in OpenFlow mode supports Ethernet MAC source and destination addresses as match capabilities only when the OpenFlow TCAM region is configured as double wide (for example, hardware access-list tcam region openflow 512 double-wide). If the OpenFlow TCAM region is configured as non double wide, only ether type match is supported as match capabilities.

Enabling Cisco NX-API on Cisco Nexus 9000 Series Switches Using CLI

You can now manage multiple Cisco Nexus 9000 Series switches that are connected in a topology. Cisco Nexus Data Broker plugin can discover the switch interconnections using LLDP and update the topology services within Cisco Nexus Data Broker. The switch interconnections can be a physical link or a port-channel interface. The topology displays only the interconnections between Cisco Nexus 9000 Series switches that are added to the Cisco Nexus Data Broker device list. The topology interconnection is displayed in the GUI.

Complete the following steps for enabling Cisco NX-API on Cisco Nexus 9000 Series switches:

Procedure

  Command or Action Purpose

Step 1

Enable the management interface.

Enable the management interface on the switch.

Step 2

switch# conf t

Enter the configuration mode.

Step 3

switch (config) # feature nxapi

Enable the NX-API feature.

Step 4

switch (config) # nxapi http port 80

Configure the HTTP port.

Step 5

switch (config) # nxapi https port 443

Configure the HTTPS port.

For the step-by-step configuration information for enabling the NX-API feature on Cisco Nexus 9000 Series switches, see the Cisco Nexus 9000 Series NX-OS Programmability Guide.

Enabling Switch Port Mode as Trunk on the Inter-switch Ports and Port Channels

Complete the following steps to enable the switch port mode on the inter-switch ports and port-channels:

Procedure

  Command or Action Purpose

Step 1

switch(config)# config t

Enables the configuration mode.

Step 2

switch(config)# interface {{type slot/port} | {port-channel number}}

Specifies an interface to configure.

Step 3

switch(config-if)# switchport mode {access | trunk}

Configures the switchport mode as access or trunk on the inter-switch ports and the port-channels.

Step 4

switch(config)# exit

Exits the configuration mode.