A through M

aaa group server radius

To create a RADIUS server group and enter RADIUS server group configuration mode, use the aaa group server radius command in global configuration mode. To delete a RADIUS server group, use the no form of this command.

aaa group server radius group-name

no aaa group server radius group-name

Syntax Description

group-name

RADIUS server group name. The name is alphanumeric and case-sensitive. The maximum length is 64 characters.

Command Default

A RADIUS server group is not configured.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 4.0(1)

This command was introduced.

Cisco NX-OS 6.1(2)I2(2)

This command was integrated.

Cisco NX-OS 7.0(0)N1(1)

Examples

The following example shows how to create a RADIUS server group and enter RADIUS server configuration mode: 


Device# configure terminal
Device(config)# aaa group server radius RadServer
Device(config-radius)#



The following example shows how to delete a RADIUS server group: 


Device# configure terminal
Device(config)# no aaa group server radius RadServer

address-family l2vpn evpn

To configure Layer-2 VPN EVPN parameters in the VXLAN EVPN fabric, use the address-family l2vpn evpncommand in router configuration mode. To disable Layer-2 VPN EVPN configuration, use the no form of the command.

address-family l2vpn evpn

no address-family l2vpn evpn

Syntax Description

This command has no arguments or keywords.

Command Modes

Router configuration (config-router)

Command History

Release Modification

Cisco NX-OS 6.1(2)I2(2)

This command was introduced.

Cisco NX-OS 7.3(0)D1(1)

This command was integrated.

Cisco NX-OS 7.3(0)N1(1)

Usage Guidelines

Use the ? option to view the various functions available under the L2VPN EVPN address family. A sample is given below: 

switch(config-router)# address-family l2vpn evpn
switch(config-router-af)# ?
  
  advertise-pip  Advertise physical ip for type-5 route
  dampening      Configure route flap dampening
  nexthop        Nexthop tracking
  retain         Retain the routes based on Target VPN Extended Communities

Examples

The following example shows how to enable configuration of L2VPN EVPN parameters: 


switch(config)# router bgp 100
switch(config-router)# address-family l2vpn evpn
switch(config-router-af)#

advertise-gw-ip

To advertise EVPN Type-5 routes with the gateway IP set, use the advertise-gw-ip command. However, legacy peers running on NX-OS versions older than Cisco NX-OS Release 8.3(1) cannot process the gateway IP which may lead to unexpected behavior. To prevent this scenario from occurring, use the no advertise-gw-ip command to disable the Proportional Multipath for VNF feature for a legacy peer.

advertise-gw-ip

no advertise-gw-ip

Syntax Description

This command has no arguments or keywords.

Command Default

This command is enabled by default.

Command Modes

Router Neighbor Address Family configuration (config-router-neighbor-af)

Command History

Release Modification

8.3(1)

This command was introduced.

Usage Guidelines

If the no advertise-gw-ip command is used to disable the Proportional Multipath for VNF feature for a legacy peer, BGP will set the gateway IP field of the Type-5 NLRI to zero even if the path being advertised has a valid gateway IP. The no advertise-gw-ip command flaps the specified peer session as gracefully as possible. The remote peer triggers graceful restart if the peer supports this capability. When the session is reestablished, the local peer will advertise EVPN Type-5 routes with the gateway IP set or with the gateway IP as zero depending on whether the advertise-gw-ip command has been used or not. By default, this knob is enabled and the gateway IP field is populated with the appropriate next hop value.

This command does not require a license.

Examples

The following example disables the Proportional Multipath for VNF feature for a legacy peer and enables BGP to set the gateway IP field of the Type-5 NLRI to zero even if the path being advertised has a valid gateway IP: 


switch(config)# router bgp 500000
switch(config-router)# neighbor 102.102.102.102
switch(config-router-neighbor)# remote-as 2000000
switch(config-router-neighbor)# address-family l2vpn vpn
switch(config-router-neighbor-af)# no advertise-gw-ip

advertise l2vpn evpn

To advertise (L2VPN) EVPN routes within a tenant VRF in a VXLAN EVPN fabric, use the advertise l2vpn evpn command in VRF address family configuration mode. To disable this feature, use the no form of the command.

advertise l2vpn evpn

no advertise l2vpn evpn

Syntax Description

This command has no arguments or keywords.

Command Default

L2VPN EVPN routes are not advertised within a tenant VRF.

Command Modes

VRF address family configuration mode (config-router-vrf-af)

Command History

Release Modification

Cisco NX-OS 7.3(0)D1(1)

This command was introduced.

Cisco NX-OS 7.3(0)N1(1)

Examples

The following example shows how to advertise (L2VPN) EVPN routes within a tenant VRF in a VXLAN EVPN fabric: 


switch(config)# router bgp 100
switch(config-router)# vrf vni-3000
switch(config-router-vrf)# address-family ipv4 unicast 
switch(config-router-vrf-af)# advertise l2vpn evpn

advertise-pip

To advertise route type 5 routes using the primary IP address of the VTEP interface as the next hop address in the VXLAN EVPN fabric, use the advertise-pip command in the address family router configuration mode. To disable the function, use the no form of the command.

advertise-pip

no advertise-pip

Syntax Description

This command has no arguments or keywords.

Command Default

This function is disabled by default.

Command Modes

Address family router configuration (config-router-af)

Command History

Release Modification

Cisco NX-OS 7.3(0)D1(1)

This command was introduced.

Cisco NX-OS 7.3(0)N1(1)

Usage Guidelines

Enable this command on the ToR/leaf switch if the switch is part of a vPC setup and falls in one of the following scenarios:

  • The vPC leaf switch and its peer have asymmetric external Layer-3 connections and some IP prefix routes are only reachable from one of the leaf switches, and not both. For example, a pair of border leaf switches that run in vPC mode, and are connected to DCI switches asymmetrically. A symmetric topology can become asymmetric due to link failure.

  • A DHCP or DHCPv6 relay is configured on the leaf switch and the DHCP server is in the non default, non management, VRF.

  • When you need to run traffic between the leaf switch and a remote host. An example of this is to initiate a ping from the leaf switch's loopback address in a non default VRF to a remote host.

When advertise-pip is configured, the route type 5 update will advertise the next hop using the primary IP address (as the source IP address). It is required that previously a route type 2 update with virtual IP address as next hop is present. If no route type 2 is present, the configuration of a static MAC on a VXLAN enabled VLAN would satisfy this requirement. A sample configuration is given below.

Cisco Nexus 5600 Series switches 

vlan 3000
  vn-segment 1003000


 interface nve 1
  member vni 1003000 mcast-group 239.1.1.1 


evpn
  vni 1003000 l2
    rd auto
    route-target import auto
    route-target export auto


mac address-table static 0200.e111.1111 vlan 3000 interface port-channel 1

Other than the mac address-table static command which needs to be enabled on the switch where advertise-pip is enabled, the rest of the commands mentioned above need to be added in all the leaf switches that needs to communicate with the switch. In the above configuration, the VLAN value (3000) and the VNI value (1003000) needs to be unused in the fabric. The multicast group value needs to be picked from the range of multicast group addresses supported in the fabric underlay. The MAC address used is a dummy MAC address not used by any host or switch. To avoid conflict, set the universal or local bit (the second least significant bit of the most significant byte) of the MAC address to 1, to indicate that it is a locally administered MAC address. The interface should be one of the server facing ports or a port channel that is up.

On the leaf switches that advertise-pip is enabled, the VTEP interface should be shut down on both the vPC switches to avoid a potential out of sync between the two switches.

Cisco Nexus 7000 Series switches 

vni 1003000


bridge domain 200
 member vni 1003000


encapsulation profile vni cisco
  dot1q 100 vni 1003000


 interface nve 1
  member vni 1003000 mcast-group 239.1.1.1 


evpn
  vni 1003000 l2
    rd auto
    route-target import auto
    route-target export auto


mac address-table static 0200.e111.1111 vlan 100 interface port-channel 1

Examples

The following example shows how to advertise (L2VPN) EVPN routes within a tenant VRF in a VXLAN EVPN fabric: 


switch(config)# router bgp 100
switch(config-router)# address-family l2vpn evpn 
switch(config-router-af)# advertise-pip

aggregate-address

To create a summary address in a Border Gateway Protocol (BGP) routing table, use the aggregate-address command. To remove the summary address, use the no form of this command.

aggregate-address address/length [ advertise-map map-name] [ as-set ] [ attribute-map map-name] [ summary-only ] [ suppress-map map-name]

no aggregate-address address/length [ advertise-map map-name] [ as-set ] [ attribute-map map-name] [ summary-only ] [ suppress-map map-name]

Syntax Description

address/length

Specifies aggregate IP address and mask length. Valid values for length are as follows:

  • IPv4 addresses from1 to 32
  • IPv6 addresses from 1 to 128
advertise-map map-name

(Optional) Specifies the name of the route map used to select attribute information from specific routes.

as-set

(Optional) Generates the autonomous system set path information and community information from the contributing paths.

attribute-map map-name

(Optional) Specifies the name of the route map used to set the attribute information for specific routes. The map-name is an alphanumeric string up to 63 characters.

summary-only

(Optional) Filters all more-specific routes from updates.

suppress-map map-name

(Optional) Specifies the name of the route map used to conditionally filter more specific routes. The map-name is an alphanumeric string up to 63 characters.

Command Default

The atomic aggregate attribute is set automatically when an aggregate route is created with this command unless the as-set keyword is specified.

Command Modes

Address-family configuration mode

Neighbor address-family configuration mode

Router BGP configuration mode

Command History

Release Modification

Cisco NX-OS 5.0(3)N1(1)

This command was introduced in an earlier Cisco NX-OS release.

Cisco NX-OS 6.1(2)I2(2)

This command was integrated.

Usage Guidelines

You can implement aggregate routing in BGP and mBGP either by redistributing an aggregate route into BGP or mBGP, or by using the conditional aggregate routing feature.

Using the aggregate-address command with no keywords will create an aggregate entry in the BGP or mBGP routing table if any more-specific BGP or mBGP routes are available that fall within the specified range. (A longer prefix which matches the aggregate must exist in the RIB.) The aggregate route will be advertised as coming from your autonomous system and will have the atomic aggregate attribute set to show that information might be missing. (By default, the atomic aggregate attribute is set unless you specify the as-set keyword.)

Using the as-set keyword creates an aggregate entry using the same rules that the command follows without this keyword, but the path advertised for this route will be an AS_SET consisting of all elements contained in all paths that are being summarized. Do not use this form of the aggregate-address command when aggregating many paths, because this route must be continually withdrawn and updated as autonomous system path reachability information for the summarized routes changes.

Using the summary-only keyword not only creates the aggregate route (for example, 192.*.*.*) but also suppresses advertisements of more-specific routes to all neighbors. If you want to suppress only advertisements to certain neighbors, you may use the neighbor distribute-list command, with caution. If a more-specific route leaks out, all BGP or mBGP routers will prefer that route over the less-specific aggregate you are generating (using longest-match routing).

Using the suppress-map keyword creates the aggregate route but suppresses advertisement of specified routes. You can use the match clauses of route maps to selectively suppress some more-specific routes of the aggregate and leave others unsuppressed. IP access lists and autonomous system path access lists match clauses are supported.

Using the advertise-map keyword selects specific routes that will be used to build different components of the aggregate route, such as AS_SET or community. This form of the aggregate-address command is useful when the components of an aggregate are in separate autonomous systems and you want to create an aggregate with AS_SET, and advertise it back to some of the same autonomous systems. You must remember to omit the specific autonomous system numbers from the AS_SET to prevent the aggregate from being dropped by the BGP loop detection mechanism at the receiving router. IP access lists and autonomous system path access lists match clauses are supported.

Using the attribute-map keyword allows attributes of the aggregate route to be changed. This form of the aggregate-address command is useful when one of the routes forming the AS_SET is configured with an attribute such as the community no-export attribute, which would prevent the aggregate route from being exported. An attribute map route map can be created to change the aggregate attributes.

This command requires the Enterprise Services license.

Examples

AS-Set Example

In This example, an aggregate BGP address is created in router configuration mode. The path advertised for this route will be an AS_SET consisting of all elements contained in all paths that are being summarized. 

Device(config)# router bgp 64496 
Device(config-router)# aggregate-address 10.0.0.0 255.0.0.0 as-set

Summary-Only Example

In This example, an aggregate BGP address is created in address family configuration mode and applied to the multicast database (SAFI) under the IP Version 4 address family. Because the summary-only keyword is configured, more-specific routes are filtered from updates. 

Device(config)# router bgp 64496 
Device(config-router)# address-family ipv4 multicast 
Device(config-router-af)# aggregate-address 10.0.0.0 255.0.0.0 summary-only

Conditional Aggregation Example

In This example, a route map called MAP-ONE is created to match on an as-path access list. The path advertised for this route will be an AS_SET consisting of elements contained in paths that are matched in the route map. 

Device(config)# ip as-path access-list 1 deny ^1234_ 
Device(config)# ip as-path access-list 1 permit .* 
Device(config)# ! 
Device(config)# route-map MAP-ONE 
Device(config-route-map)# match ip as-path 1 
Device(config-route-map)# exit 
Device(config)# router bgp 64496 
Device(config-router)# address-family ipv4 
Device(config-router-af)# aggregate-address 10.0.0.0 255.0.0.0 as-set advertise-map MAP-ONE
Device(config-router-af)# end

apply profile

To apply a configuration profile to configure hosts, use the apply profile command in global configuration mode. To remove the configuration profile use the no form of this command.

apply profile profile-name [ include-instance include-instance ] [ param-instance instance-name ]

no apply profile profile-name [ include-instance include-instance ] [ param-instance instance-name ]

Syntax Description

profile-name

Name of the profile that is created using the configure profile command.

include-instance include-instance

(Optional) Specifies the include instance name.

param-instance instance-name

(Optional) Specifies the parameter instance name.

Command Default

The port profile is not applied.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 7.0(0)N1(1)

This command was introduced.

Cisco NX-OS 7.2(0)D1(1)

This command was integrated.

Usage Guidelines

Configuration profiles provide an infrastructure to configure hosts based on a set of user-defined templates. You can define different templates for different types of hosts and enable them appropriately based on an event, such as host discovery. You can apply different profiles to different hosts and apply different values for the configuration for different hosts.

Use the apply profile command to apply a configuration profile on a host.

Use the configure profile command to create a configuration profile and add a parameter list and a parameter-list instance. You can either create one parameterized profile for each host or create one profile with parameterized argument and apply it with host-specific arguments. The parameter-list instance provides the actual values that are added in the configuration profile before the profile is applied. The parameter name in the instance must match the parameter name in the profile.

Examples

The following example shows how to create a configuration profile and apply it to a host instance, named HOST-1, to expand the profile and configure a new host: 

Device(config)# configure profile sample
Device(conf-profile)# vlan $vlanId
Device(conf-profile-vlan)# vn-segment $segmentId
Device(conf-profile-vlan)# interface vlan $vlanId
Device(conf-profile-if-verify)# ip address $ipv4addr/$netmask1
Device(conf-profile-if-verify)# ipv6 address $ipv6addr/$netmask2
Device(conf-profile-if-verify)# ip access-group $aclnum out
Device(conf-profile-if-verify)# configure terminal
Device(config)# apply profile sample param-instance HOST-1
Device(config)# end

autodiscovery bgp signaling ldp

To enable autodiscovery using Label Distribution Protocol (LDP) in a Layer 2 virtual forwarding interface (VFI), use the autodiscovery bgp signaling ldp command in L2 VFI configuration mode. To disable autodiscovery, use the no form of this command.

autodiscovery bgp signaling ldp

no autodiscovery bgp signaling ldp

This command has no arguments or keywords.

Command Default

Layer 2 VFI autodiscovery is disabled.

Command Modes

L2 VFI configuration (config-vfi)

Command History

Release Modification

- -

This command was introduced in an earlier Cisco NX-OS release.

Examples

The following example shows how to enable Layer 2 VFI as having BGP autodiscovered pseudowire members and specify that LDP signaling should be used for autodiscovery: 

Device(config)# l2vpn vfi context vfi1
Device(config-vfi)# vpn id 100
Device(config-vfi)# autodiscovery bgp signaling ldp
Device(config-vfi-autodiscovery)#

boot poap

To reboot a device and apply the changes after you configure the device or install a new image, use the boot poap command in global configuration mode. To avoid rebooting the device, use the no form of this command.

boot poap [ enable ]

no boot poap

Syntax Description

enable

(Optional) Enables the boot POAP (Power On Auto Provisioning) functionality.

Command Modes


Global configuration (config)

Command History

Release

Modification

Cisco NX-OS 7.0(0)N1(1)

This command was introduced.

Usage Guidelines

Rebooting the device is required in the following situations:
  • If the configuration is supported only on the new image.
  • If you configure the device after rebooting it.
You can avoid rebooting the device in the following situations:
  • If there is no change in the image or in the configuration of device.
  • If you want to apply only specific configuration updates on the device.

Examples

This example shows how to reboot a device after configuring the device or installing a new image: 


Device# configure terminal
Device(config)# boot poap enable

bridge-domain

To enter bridge-domain configuration mode and configure a bridge domain, use the bridge-domain command. To remove the bridge-domain configurations, use the no form of this command.

bridge-domain domain-id

no bridge-domain domain-id

Syntax Description

domain-id

Specifies the Bridge-domain ID. The range is defined by the system-bridge-domain configuration.

Command Default

None

Command Modes

Global configuration mode

Command History

Release Modification

Cisco NX-OS 6.2.2

This command was introduced.

Cisco NX-OS 7.2(0)D1(1)

This command was integrated.

Usage Guidelines

Removing the bridge-domain configuration does not remove the underlying VLAN. If a VLAN is associated with a bridge domain, you cannot remove the VLAN without first removing the bridge domain. To remove the underlying VLAN, use the no vlan command after you remove the bridge domain. This command requires the MPLS Services license.

Examples

This example shows how to enter bridge-domain configuration mode and configure a bridge domain: 

Device# configure terminal
Device(config)# bridge-domain 200

checkpoint

To configure the rollback checkpoint, use the checkpoint command. To delete the checkpoint, use the no form of this command.

checkpoint { name | description description | file name}

no checkpoint

Syntax Description

name

Specifies the checkpoint name that is used in the checkpoint database. The name can contain any alphanumeric string up to 80 characters, without any spaces.

description description

Specifies the checkpoint description. The description can contain up to 80 alphanumeric characters, including space.

file name

Specifies the filename that is used to save the checkpoint.

Command Modes


Any command mode

Supported User Roles

network-admin

network-operator

vdc-admin

vdc-operator

Command History

Release

Modification

Cisco NX-OS 4.0(1)

This command was introduced.

Cisco NX-OS 6.1(2)I2(2)

This command was integrated.

Usage Guidelines

If you use the checkpoint command without a name, Cisco NX-OS software creates the file with the name auto-x, where x is a decimal number that increments each time you create an unnamed checkpoint file.

This command does not require a license.

Examples

This example shows how to configure the rollback checkpoint: 

Device# checkpoint stable

This example shows how to delete the checkpoint file: 

 
Device# no checkpoint

clear evb

To clear information associated with Edge Virtual Bridging (EVB), use the clear evb command in global configuration mode.

clear evb { hosts | vsi } [force-standby] [ interface ethernet slot-number ] [ ip ipv4-address ] [ ipv6 ipv6-address ] [ mac mac-address ] [ vlan vlan-id ] [ vni vni-id ]

Syntax Description

hosts

Clears information about hosts in an EVB session.

vsi

Clears information about the Virtual Station Interface (VSI) in an EVB session.

force-standby

(Optional) Forces to clear standby entries in an EVB session.

interface ethernet slot-number

(Optional) Clears hosts or VSI entries by filtering interface.

ip ipv4-address

(Optional) Clears information about hosts or the VSI by filtering the IPv4 address.

ipv6 ipv6-address

(Optional) Clears information about hosts or the VSI by filtering the IPv6 address.

mac mac-address

(Optional) Clears information about hosts or the VSI by filtering the MAC address.

vlan vlan-id

(Optional) Clears information about hosts or the VSI by filtering the VLAN.

vni vni-id

(Optional) Clears information about hosts or the VSI by filtering the Virtual Network Identifier (VNI).

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

7.0(0)N1(1)

This command was introduced.

7.2(0)D1(1)

This command was integrated.

Usage Guidelines

Use the feature evb command to enable the EVB session.

Examples

This example shows how to clear information associated with an EVB session: 


Device(config)# feature evb
Device(config)# clear evb hosts ip 192.0.2.1

clear evb statistics

To clear Edge Virtual Bridge (EVB) statistic counters, use the clear evb statistics command in global configuration mode.

clear evb statistics

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 7.0(0)N1(1)

This command was introduced.

Cisco NX-OS 7.2(0)D1(1)

This command was integrated.

Usage Guidelines

Use the feature evb command to enable the EVB session. This command does not require a license.

Examples

This example shows how to clear an EVB statistic counter: 


Device(config)# feature evb
Device(config)# clear evb statistics

clear fabric database dci

To clear the connectivity outside fabric from a Border Leaf to an Edge Router on a tenant, use the clear fabric database dci command.

clear fabric database dci vrf vrf-name node-id ipaddr peer-id ipaddr

Syntax Description

vrf vrf-name

Deletes the VRF from the node identified by node ID and associated interface and BGP configurations, which were created by the auto-pull command.

node-id ipaddr

Identifies the node ID (usually management IP address) of the node on which the command is issued.

peer-id ipaddr

Identifies the peer ID of the node specified by node ID.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 7.1(0)N1(1)

This command was introduced.

Cisco NX-OS 7.2(0)D1(1)

This command was integrated.

Examples

The following sample shows how to clear connectivity outside fabric using the clear fabric database dci command: 


Device(config)# clear fabric database dci vrf VRF1 node-id 1.1.1.1 peer-id 2.2.2.2

clear fabric database host

To clear a certain Cisco Programmable Fabric host from a Cisco Nexus switch that is configured as a tenant switch, use the clear fabric database host command in privileged EXEC mode.

clear fabric database host { dot1q dot1q_id | vni vni_id }

Syntax Description

dot1q dot1q-id

Specifies that the IEEE 802.1Q (dot1q) tag identifier of the Cisco Programmable Fabric host be removed from the tenant configuration

vni vni-id

Specifies that virtual network identifier (vni) of the Cisco Programmable Fabric host be removed from the tenant configuration on a Cisco Nexus 5500 Series switch.

The range of the vni-id argument is from 4096 to 16773119.

Note 
This keyword and argument is not supported on the Cisco Nexus 5500 Series switches.

Command Default

The host remains in the tenant configuration.

Command Modes

Privileged EXEC (#)

Command History

Release Modification

Cisco NX-OS 7.0(2)N1(1)

Support for this command was added for the Cisco Nexus 5500 Series switches.

Cisco NX-OS 7.0(0)N1(1)

This command was introduced.

Usage Guidelines

In a vPC setup, it is recommended to execute the clear fabric database host command on both the vPC peers.

Examples

The following example shows how to clear the host ID from the tenant switch: 

switch# clear fabric database host dot1q 1000
switch# clear fabric database host vni 110000

clear fabric database statistics

To clear the external database statistics such as number of messages sent or received, pending requests, access errors, and access timeouts, use the clear fabric database statistics command in privileged EXEC mode.

clear fabric database statistics [ type { network | profile } [ server-proto { ldap } { host hostname | ip ip-address } [ port port-number ] ] ]

Syntax Description

type

(Optional) Specifies the type of database.

network

(Optional) Specifies a network database.

profile

(Optional) Specifies a port or switch profile database.

server-proto

(Optional) Specifies a database protocol.

ldap

(Optional) Specifies the use of Lightweight Directory Access Protocol (LDAP).

host hostname

(Optional) Specifies the hostname of the server.

ip ip-address

(Optional) Specifies the IP address of the server.

port port-number

(Optional) Specifies the port number of the server.

Command Default

None

Command Modes

Privileged EXEC (#)

Command History

Release Modification

Cisco NX-OS 7.0(0)N1(1)

This command was introduced.

Cisco NX-OS 7.2(0)D1(1)

This command was integrated.

Usage Guidelines

The clear fabric database statistics command is used to reset the database statistics counters to zero. But this command does not delete existing statistics memory. You can use the show fabric database statistics command to display per-server statistics including number of messages sent or received, pending requests, access errors, and timeouts.

Examples

The following example shows how to clear the database statistics of ldap server: 


Device# clear fabric database statistics type network server-proto ldap host host1

clear ngoam loopback

To clear the background NGOAM loopback session, use the clear ngoam loopback command in privileged EXEC mode.

clear ngoam loopback [ session session-handle | statistics { session session-handle | all } | summary ]

Syntax Description

session session-handle

(Optional) Clears information about the NGOAM loopback for a specific session.

statistics

(Optional) Clears information about the NGOAM loopback statistics.

all

Clears stats for all ping sessions.

summary

(Optional) Clears summary information about the NGOAM loopback statistics.

Command Modes

Privileged EXEC (#)

Command History

Release Modification

Cisco NX-OS 7.3(0)D1(1)

This command was introduced.

Cisco NX-OS 7.3(0)N1(1)

Examples

The following is sample output from the clear ngoam loopback session 10 command. 

switch# clear ngoam loopback session 10

The following is sample output from the clear ngoam loopback statistics session 10 command. 

switch# clear ngoam loopback statistics session 10

The following is sample output from the clear ngoam loopback statistics session all command. 

switch# clear ngoam loopback statistics session all

The following is sample output from the clear ngoam loopback statistics summary command. 

switch# clear ngoam loopback statistics summary

configure profile

To configure a profile, use the configure profile command in privileged EXEC mode. To remove a configured profile, use the no form of this command.

configure profile profile-name

no configure profile profile-name

Syntax Description

profile-name

Name of the profile to be configured.

Command Default

A profile is not configured.

Command Modes

Privileged EXEC (#)

Command History

Release Modification

Cisco NX-OS 6.0(2)N3(1)

This command was introduced.

Cisco NX-OS 7.2(0)D1(1)

This command was integrated.

Usage Guidelines

You can specify a maximum of 80 characters for the profile-name argument. Once you configure a profile name, this profile is available in the list of profiles that can be used to configure profile parameters. Use the show running-config command to display all configured profiles and their parameters.

When you configure a profile, the command mode changes to configuration profile mode. You can configure profile parameters into a template in the configuration profile mode.

Use the show config-profile command to view the list of configured profiles.

Examples

The following example shows how to configure a profile named pname: 

Device# configure profile pname
Device(config-profile)#

The following example shows how to configure profile parameters in the configuration profile mode: 

Device# configure profile sample
Device(config-profile)# vrf context sample-vrf
Device(config-profile-vrf)# end

copy scheduled-config

To configure a file containing CLI commands that you want to apply on the next reboot of the device, use the copy scheduled-config command in any command mode.

copy filename scheduled-config

Syntax Description

filename

Name of the configuration file .

scheduled-config

Specifies the schedule of the configuration at the specified source to apply on the next reboot of the device.

Command Default

None

Command Modes


Any command mode

Supported User Roles

network-admin

vdc-admin

Command History

Release

Modification

Cisco NX-OS 6.1(2)

This command was introduced.

Usage Guidelines

The copy scheduled-config command specifies the schedule of the configuration at the specified source to apply on the next reboot of the device. This command must be called explicitly within the POAP (Power On Auto Provisioning) script to allow the POAP boot process to continue at the next reboot. When PowerOn Auto Provisioning (POAP) is in progress, any important information or errors are displayed over the serial console, aiding the administrator to troubleshoot in case of problems.

This command does not require a license.


Note
This command is used in POAP script.

Examples

This example shows how to specify that the abc file to be applied to the running configuration when the device next reloads: 

Device(config)# copy abc scheduled-config

db-security

To configure a database security, use the db-security command in fabric database server configuration mode.

db-table user username password password [ shared-secret name ]

no db-table user username password password [ shared-secret name ]

Syntax Description

user username

User ID.

password password

Password.

shared-secret name

Shared secret.

Command Default

The database security is not configured.

Command Modes

Fabric database server configuration (config-fabric-db-server)

Command History

Release Modification

Cisco NX-OS 7.0(0)N1(1)

This command was introduced.

Cisco NX-OS 7.2(0)D1(1)

This command was integrated.

Usage Guidelines

You can specify the database security mechanism by using the db-security command.

Examples


device# configure
device(config)# fabric database type network
device(config-fabric-db)# server protocol ldap host host1
device(config-fabric-db-server)# db-table ou=networks,dc=host,dc=com key-type 1
device(config-fabric-db-server)# db-security user cn=admin,dc=cisco,dc=com password cisco123

db-table

To configure a database table using Lightweight Directory Access Protocol (LDAP), use the db-table command in fabric database server configuration mode. To remove the database table, use the no form of this command.

db-table table-name [ key-type key-type-value ]

no db-table table-name [ key-type key-type-value ]

Syntax Description

table-name

Name of the database table.

key-type key-type-value

(Optional) Specifies the key type for the database queries. The valid value is 1.

Command Default

The database table is not configured.

Command Modes

Fabric database server configuration (config-fabric-db-server)

Command History

Release Modification

Cisco NX-OS 7.0(0)N1(1)

This command was introduced.

Cisco NX-OS 7.2(0)D1(1)

This command was integrated.

Usage Guidelines

You can specify the database table name to which the database manager sends search queries by using the db-table command.

Examples

The following example shows how to configure a database table using LDAP: 


Device# configure terminal
Device(config)# fabric database type network
Device(config-fabric-db)# server protocol ldap host host1
Device(config-fabric-db-server)# db-table ou=networks,dc=host,dc=com key-type 1

default-information originate (BGP)

To configure a Border Gateway Protocol (BGP) routing process to distribute a user-defined default route, use the default-information originate command. To disable the advertisement of a default route, use the no form of this command.

default-information originate always rd rd-value route-target rt

no default-information originate always rd rd-value route-target rt

Syntax Description

always

Generates the default route if the route is not in the BGP routing information base (RIB).

rd rd-value
Specifies a value for the route distinguisher (RD). The format of the rd-value argument is one of the following formats:

  • 16-bit autonomous-system-number: arbitrary 32-bit number , such as 101:3.

  • 32-bit IPaddress: arbitrary16-bit number , such as 192.02.0.15:1.

The colon (:) is required.

route-target rt-value
Specifies a value for the route target (RT). The format of the rt-value argument is one of the following formats:

  • 16-bit autonomous-system-number: arbitrary 32-bit number , such as 101:3.

  • IPaddress: arbitrary16-bit number , such as 192.02.0.15:1.

The colon (:) is required.

Command Modes

VPN address family configuration (config-router-af)

Command History

Release Modification

Cisco NX-OS 4.0(1)

This command was introduced.

Cisco NX-OS 6.1(2)I2(2)

This command was integrated.

Cisco NX-OS 7.0(0)N1(1)

Usage Guidelines

This command is used to configure a BGP routing process to advertise a default route with a user-specified route distinguisher (RD) and export route target (RT). This route is only advertised to fabric-internal peers. Because no Multiprotocol Label Switching (MPLS) label is allocated for this route, it does not get advertised to fabric-external peers.

This command does not require a license.

Examples

The following example shows how to originate and redistribute a default route in BGP for a border leaf switch: 

router bgp 100
  address-family ipv4 unicast
    default-information originate always rd 192.02.0.15:1 route-target 192.02.0.15:1
  address-family ipv6 unicast
    default-information originate always rd 192.02.0.15:1 route-target 192.02.0.15:1

To enable a leaf switch to import the configured default route into a leaf-switch VRF, you must use the route-target import command in the VRF address family configuration mode to configure a matching import RT. The following example shows how to redistribute a default route in BGP for a leaf switch: 

vrf context foo
  address-family ipv4 unicast
    route-target import 192.02.0.15:1

define

To create user-defined parameters for a parameter list, use the define command in parameter list configuration mode. To remove user-defined parameters from a parameter list, use the no form of this command.

define parameter-name [ integer | ipaddr | ipv6addr | mac-addr | string ] [ value]

no define parameter-name [ integer | ipaddr | ipv6addr | mac-addr | string ] [ value]

Syntax Description

parameter-name

Parameter name.

integer

(Optional) Specifies the data type as an integer.

ipaddr

(Optional) Specifies the address as an IPv4 address.

ipv6addr

(Optional) Specifies the address as an IPv6 address.

mac-addr

(Optional) Specifies the address as a MAC address.

string

(Optional) Specifies the data type as a string.

value

(Optional) Parameter data type or address type value or parameter description.

  • Use the value argument with the parameter name to describe the parameter.
  • Use the value argument with a data type or address type to assign a value.

Command Default

User-defined parameters are not created.

Command Modes

Parameter list configuration (config-param-list)

Command History

Release Modification

Cisco NX-OS 7.0(0)N1(1)

This command was introduced.

Cisco NX-OS 7.2(0)D1(1)

This command was integrated.

Usage Guidelines

User-defined parameters that you create using the define command are associated with a parameter list. A parameter list can be created using the param-list command.

You can use existing user-defined parameters and associate values (such as integer, IP address, and MAC address) to them.

Examples

The following example shows how to create a user-defined parameter param1 within the specified parameter list List1: 


Device# configure terminal
Device(config)# param-list List1 
Device(config-param-list)# define param1 integer 100
Device(config-param-list)# exit

encapsulation dot1Q

To enable IEEE 802.1Q encapsulation of traffic on a specified subinterface in a virtual LAN (VLAN), use the encapsulation dot1q command. To disable encapsulation, use the no form of this command.

encapsulation dot1Q vlan-id

no encapsulation dot1Q vlan-id

Syntax Description

vlan-id

Specifies the VLAN to set when the interface is in access mode. The range is from 1 to 4094 except for the VLANs reserved for internal switch use.

Command Default

No encapsulation

Command Modes

Subinterface configuration mode

Command History

Release Modification

Cisco NX-OS 4.0

This command was introduced.

Cisco NX-OS 6.1(2)I2(2)

This command was integrated.

Usage Guidelines

IEEE 802.1Q encapsulation is configurable on Ethernet interfaces. IEEE 802.1Q is a standard protocol for interconnecting multiple switches and routers and for defining VLAN topologies.

Use the encapsulation dot1q command in subinterface range configuration mode to apply a VLAN ID to the subinterface.

This command does not require a license.

Examples

This example shows how to enable dot1Q encapsulation on a subinterface for VLAN 30: 

Device(config-if)# interface fastethernet 4/1.100
Device(config-subif)# encapsulation dot1q 30

encapsulation dynamic

To enable the auto-configuration trigger on the interface for dot1q, vdp, lldp or vmtracker, use the encapsulation dynamic command in subinterface configuration mode. To disable the configuration, use the no form of this command.

encapsulation dynamic { dot1q | vdp | lldp | vmtracker }

no encapsulation dynamic { dot1q | vdp | lldp | vmtracker }

Syntax Description

dot1q

Enable do1q encapsulation.

vdp

Enable vdp encapsulation.

lldp

Enable lldp encapsulation.

vmtracker

Enable vmtracker encapsulation.

Command Default

No encapsulation

Command Modes

Subinterface configuration mode

Command History

Release Modification

Cisco NX-OS 7.2(0)D1(1)

This command was introduced.

Cisco NX-OS 7.3(0)N1(1)

This command was integrated.

Usage Guidelines

Auto-configuration trigger is not enabled on the interface by default. The auto-configuration trigger must be explicitly configured on the interface and only one auto-configuration trigger can be configured per interface. To change the trigger from one interface to another, ensure to disable the previous interface configuration.

Examples

The following example shows how to enable dot1Q encapsulation on a subinterface: 


switch(config-if)# interface fastethernet 4/1.100
switch(config-subif)# encapsulation dynamic dot1q 30

errdisable detect cause

To enable error-disable (errdisable) detection for an application, use the errdisable detect cause command in global configuration mode. To disable error-disable detection, use the no form of this command.

errdisable detect cause { acl-exception | all | link-flap | loopback }

no errdisable detect cause { acl-exception | all | link-flap | loopback }

Syntax Description

acl-exception

Enables error-disabled detection for access-list installation failures.

all

Enables error-disabled detection for all causes.

link-flap

Enables error-disabled detection on link-state flapping.

loopback

Enables error-disabled detection on loopback detected by unidirectional link detection (UDLD).

Command Default

Error-disable detection is enabled.

Command Modes

Global configuration (config)

Command History

Release Modification
Cisco NX-OS 4.0 This command was introduced.

Cisco NX-OS 6.1(2)I2(2)

This command was integrated.

Cisco NX-OS 7.0(0)N1(1)

This command was modified.

Examples

The following example shows how to enable the err-disabled detection on linkstate-flapping: 

Device# configure terminal
Device(config)# errdisable detect cause link-flap

errdisable recovery cause

To enable automatic recovery of an application from an error-disabled (errdisable) state, use the errdisable recovery cause command in global configuration mode. To return to the default setting, use the no form of this command.

errdisable recovery cause { all | bpduguard | failed-port-state | link-flap | loopback | psecure-violation | security-violation | storm-control | udld | vpc-peerlink }

errdisable recovery cause { all | bpduguard | failed-port-state | link-flap | loopback | psecure-violation | security-violation | storm-control | udld | vpc-peerlink }

Syntax Description

all

Enables the timer to recover from all causes.

bpduguard

Enables the timer to recover from the bridge protocol data unit (BPDU) guard error disable state.

failed-port-state

Enables the timer to recover from the Spanning Tree Protocol (STP) set port state failure.

link-flap

Enables the timer to recover from link-state flapping.

loopback

Enables timer to recover from the loopback error disabled state detected by Unidirectional Link Detection (UDLD).

psecure-violation

Enables the timer to recover from the psecure-violation disable state.

security-violation

Enables the timer to recover from the 802.1x violation disable state.

storm-control

Enables the timer to recover from the storm control error-disabled state.

udld

Enables the timer to recover from the UDLD error-disabled state.

vpc-peerlink

Enables the timer to recover from an inconsistent virtual port channel (vPC) peer-link error-disabled state.

Command Default

Automatic recovery of any application from an error-disabled state is disabled.

Command Modes

Global configuration (config)

Command History

Release Modification
Cisco NX-OS 4.0 This command was introduced.

Cisco NX-OS 7.0(0)N1(1)

This command was modified.

Usage Guidelines

Use the errdisable recovery cause command to enable an automatic recovery of an application on the interface from an error-disabled state. This command tries to bring the interface out of the error-disabled state once all the causes have timed out. The interface automatically tries to come up again after 300 seconds. To change this interval, use the errdisable recovery interval command.

This command does not require a license.

Examples

This example shows how to enable error disable recovery from linkstate-flapping: 

Device# configure terminal
Device(config)# errdisable recovery cause link-flap

errdisable recovery interval

To configure the error disable recovery timer, use the errdisable recovery interval in global configuration mode. To remove this configuration, use the no form of this command.

errdisable recovery interval interval

no errdisable recovery interval

Syntax Description

interval

Timer interval in seconds. The range is from 30 to 65535.

Command Default

The default is 300 seconds.

Command Modes

Global configuration (config)

Command History

Release Modification
Cisco NX-OS 4.0 This command was introduced.

Usage Guidelines

Use the errdisable recovery interval command to configure the recovery timer. This command does not require a license.

Examples

This example shows how to configure the recovery timer: 

Device# configure terminal
Device(config)# errdisable recovery interval 32

evb mac

To configure the Virtual Station Interface (VSI) Discovery and Configuration Protocol (VDP) multicast MAC address for the Edge Virtual Bridge (EVB) feature on a device, use the evb mac command in global configuration mode. To return to the default, use the no form of this command.

evb mac mac-address

no evb mac mac-address

Syntax Description

mac-address

VDP multicast MAC address.

Command Default

The VDP multicast MAC address for EVB is not configured.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 7.0(0)N1(1)

This command was introduced.

Cisco NX-OS 7.2(0)D1(1)

This command was integrated.

Usage Guidelines

To configure the device to use a VDP multicast MAC address, the EVB feature needs to be enabled globally on the device using the feature evb command.

Examples

This example shows how to configure a VDP multicast MAC address: 


Device(config)# feature evb
Device(config)# evb mac 01-23-45-67-89-ab

evb reinit-keep-alive

To configure the Virtual Station Interface (VSI) Discovery and Configuration protocol (VDP) keepalive parameter for the Edge Virtual Bridging (EVB) feature on a device, use the evb reinit-keep-alive command in global configuration mode. To return to the default, use the no form of this command.

evb reinit-keep-alive timer

no evb reinit-keep-alive timer

Syntax Description

timer

Timer exponent to calculate the keepalive time in seconds. The range is from 22 to 31.

Command Default

The default reinit-keep-alive timer exponent is 25.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 7.0(0)N1(1)

This command was introduced.

Cisco NX-OS 7.2(0)D1(1)

This command was integrated.

Usage Guidelines

Use the feature evb command to enable the EVB feature globally on the device before configuring the keepalive parameter. After a VDP request is successful, a refresh request is expected within the keep-alive time. If the refresh request is not received within the keepalive time, device revokes the configuration changes. You must configure the correct reinit-keepalive EVB parameter to align with the network scale as each virtual machine contributes a refresh message as per the keepalive time.

Examples

The following examples shows how to configure the keepalive parameter for EVB: 


Device(config)# feature evb
Device(config)# evb reinit-keep-alive 22

evb resource-wait-delay

To configure the Virtual Station Interface (VSI) Discovery and Configuration protocol (VDP) resource wait delay parameter for the Edge Virtual Bridge (EVB) feature on a device, use the evb resource-wait-delay command in global configuration mode. To return to the default, use the no form of this command.

evb resource-wait-delay timer

no evb resource-wait-delay timer

Syntax Description

timer

Timer exponent to calculate the actual delay in seconds. The range is from 22 to 31.

Command Default

The default resource wait delay timer exponent is 25.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 7.0(0)N1(1)

This command was introduced.

Cisco NX-OS 7.2(0)D1(1)

This command was integrated.

Usage Guidelines

Use the feature evb command to enable the EVB feature globally on the device before configuring the resource wait delay parameter.

When a VDP request is received, a series of configuration changes are triggered on the device. The resource-wait-delay parameter indicates the maximum waiting time for a device to complete the configuration change. If the change is not completed within the wait delay parameter, then the VDP request fails. You can configure the resource-wait-delay EVB parameter to align with specific configuration scale and requirement.

Examples

The following example shows how to configure the VDP resource wait delay parameter: 


Device(config)# feature evb
Device(config)# evb resource-wait-delay 22

evpn

To create an EVPN instance for a Layer-2 VNI on a leaf switch and configure a route distinguisher and route targets (for the switch-VNI combination), use the evpn command in global configuration mode. To disable this feature, use the no form of the command.

evpn

no evpn

Syntax Description

This command has no arguments or keywords.

Command Default

An EVPN instance is not available unless you create it manually or through auto-configuration.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 7.3(0)N1(1)

This command was introduced.

Cisco NX-OS 7.3(0)D1(1)

Usage Guidelines

This command enables you to enter the config-evpn mode. Then (using the vni l2 command), you need to specify the Layer-2 VNI for which RDs and RTs are to be created, and create the RDs/RTs. This is required to advertise the MAC addresses in EVPN route type 2.

Examples

The following example shows how to enable a Layer-2 VNI EVPN instance on a leaf switch: 


switch(config)# evpn    
switch(config-evpn)# vni 6001 l2      
switch(config-evpn-evi)# rd auto      
switch(config-evpn-evi)# route-target import auto  
switch(config-evpn-evi)# route-target export auto

export-gateway-ip

To enable BGP to advertise the gateway IP in the EVPN Type-5 routes, use the export-gateway-ip command. To disable this feature, use the no form of this command.

export-gateway-ip

no export-gateway-ip

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Router VRF Address Family configuration (config-router-vrf-af)

Command History

Release Modification

8.3(1)

This command was introduced.

Usage Guidelines

This command does not require a license.

Examples

The following example enables BGP to advertise the gateway IP in EVPN Type-5 routes:


switch(config)# router bgp 500000
switch(config-router)# vrf cust_1
switch(config-router-vrf)# address-family ipv4 unicast
switch(config-router-vrf-af)# export-gateway-ip

Examples

The following example disables this feature:


switch(config-router-vrf-af)# no export-gateway-ip

fabric database auto-pull

To auto provision the network and tenant configuration on supported Cisco Nexus switches in a Cisco Programmable Fabric deployment, use the fabric database auto-pull command in privileged EXEC mode.

fabric database auto-pull { dot1q dot1q_id | vni vni_id } interface interface-id

Syntax Description

dot1q dot1q-id

Specifies that the tenant be provisioned based on the IEEE 802.1Q (dot1q) tag identifier of the Cisco Programmable Fabric host.

Note 
dot1q dot1q-id requires the fabric database mobility domain to be defined first.

vni vni-id

Specifies that the tenant be provisioned based on the virtual network identifier (VNI) of the Cisco Programmable Fabric host.

The range is from 4096 to 16773119.

Note 
This keyword and argument combination is not supported on the Cisco Nexus 5500 Platform Switches.

interface interface-id

Specifies the interface to which the host is associated. The allowed interfaces are Ethernet and port channel.

Command Modes

Privileged EXEC (#)

Command History

Release Modification

Cisco NX-OS 7.0(0)N1(1)

This command was introduced.

Cisco NX-OS 7.0(2)N1(1)

This command was supported in Cisco Nexus 5500 Platform Switches.

Cisco NX-OS 7.2(0)D1(1)

This command was integrated.

Usage Guidelines

Use this command if auto configuration triggers such as data plane or VDP are not available for a Cisco Nexus 5500 Platform Switch, or provisioning is proactive, that is, before the host comes online.


Note

This command determines the recovery and clear timers.

Use the fabric database auto-pull command to trigger the command-line interface-based auto configuration, and preprovision the switch configurations for the specified IEEE 802.1Q (dot1q) or virtual network identifier (VNI) of the host.

Command-line interface-based auto configuration is the only supported configuration option for Cisco Nexus 55xx switches with Cisco NX-OS Release 7.0(2)N1(1) and later releases. Before Cisco NX-OS Release 7.0(2)N1(1), you had to manually provision the tenant switches.

The fabric database auto-pull command must be executed on all the switches where auto configuration is required, including both the switches in a virtual port channel+ (vPC+) topology.

If you are using a script to issue this command, make sure that the configuration has successfully completed before starting the next request.

This command is a part of configuration profiles, and will only appear in a running configuration if the show running-config expand-port-profile command is used.

To save the auto configuration, use the copy running start command on all the switches, including both the switches in a vPC+ topology.

Use the interface interface-id keyword and argument to allow for a per-interface profile map.


Note

Only switchport interfaces are permitted.

Examples

The following example shows how to configure the fabric database auto-pull command: 


switch# fabric database auto-pull dot1q 1000 interface e1/1
switch# fabric database auto-pull vni 110000 interface e1/1

  • In the following example, if interface ethernet 2/4 is specified, then profile map 100 will be used. If ethernet 2/5 is specified, profile map 200 will be used: 

    
fabric database profile-map 100
  ethernet-tag encapsulation dot1q 50 dynamic
fabric database profile-map 200
  ethernet-tag encapsulation dot1q 50 static tenant-tmpl
!
interface Ethernet2/4
  fabric database inherit-profile-map 100
!
interface Ethernet2/5
  fabric database inherit-profile-map 200

fabric database auto-pull dci

To trigger the Node to extract an entry from LDAP, use the fabric database auto-pull dci command in global configuration mode. You must configure the feature-set fabric and feature fabric forwarding commands before you can configure the fabric database dci command.

fabric database auto-pull dci vrf vrf-name node-id ipaddr peer-id ipaddr

Syntax Description

vrf vrf-name

Deploys the VRF at this node. It is one of the three primary keys to the LDAP entry.

node-id ipaddr

Specifies the IP address to be used to identify this switch (it is applicable to both border and dc edge router) in LDAP.

The value of ipaddr must match the IP address that you configured in the Cisco Prime Data Center Network Manager (DCNM) when you set up your topology.

peer-id ipaddr

Specifies the node ID of the peer node in VRF-lite. The value for ipaddr is as follows:

  • For a VRF-lite or CE-PE, the value is the IP address of the separate Edge Router device that pairs with the border leaf switch.

Command Default

The new partition (VRF) is not configured on a tenant.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 7.1(0)N1(1)

This command was introduced.

Cisco NX-OS 7.2(0)D1(1)

This command was integrated.

Usage Guidelines

Cisco Programmable Fabric communicates to other Cisco Programmable Fabric devices and to the external networks through one or more border leaf switches. If a border leaf does not support Edge Router functionalities, such as Multi Protocol Label Switching or virtual private network, Virtual Private LAN Service (VPLS), or Overlay Transport Virtualization (OTV), a separate Edge Router device pairs with the border leaf switch to enable Layer 3 connectivity to the end points in the same VRF in another fabric. This is called a VRF-lite or CE-PE.

The fabric database auto-pull dci command creates an Edge Router VRF-specific auto configuration on the border leafs or the Edge Router devices or both, and enables Layer 3 connectivity to end points in the same VRF in another fabric or to the outside world (WAN), whether the other fabric is geographically collocated or not.

This command is supported on the border leaf switch in a Edge Router in a VRF-lite or CE-PE solution.


Note

EL2 license is required for fabric forwarding. For GW and auto-config, L3 Base and LAN Enterprise licenses are required with no grace-period for L3 Base.

Examples

The following sample shows how to create connectivity outside fabric using the fabric database auto-pull dci command: 


switch(config)# fabric database auto-pull dci vrf VRF1 node-id 1.1.1.1 peer-id 2.2.2.2

fabric database mobility-domain

To configure the mobility domain name, use the fabric database mobility-domain command in global configuration mode. To remove the mobility domain name, use the no form of this command.

fabric database mobility-domain domain-name

no fabric database mobility-domain domain-name

Syntax Description

domain-name

Mobility domain name up to 128 characters.

Command Default

The mobility domain name is not configured.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 7.0(0)N1(1)

This command was introduced.

Cisco NX-OS 7.2(0)D1(1)

This command was integrated.

Usage Guidelines

Use the fabric database mobility-domain command to configure the mobility domain name that is used to retrieve the profile name and parameters, if the profiles are stored remotely. Profiles stored remotely are indexed by the mobility domain and VLAN pair.

Mobility domain uses only data plane MAC learning as the network auto-configuration trigger.

The specified domain-name must match the mobility domain ID specified in the Cisco Prime DCNM as part of the workload-automation settings. If they do not match, the auto-configuration profile will not be populated with the appropriate parameters (for example, segment-IP or subnet).

Mobility domain requires either 802.1Q trunk header transport or, if an access-port is used, a trunk with a native VLAN and matching allowed VLAN between the host (server) and the leaf switch.

Examples

The following example shows how to configure the mobility domain name: 


switch(config)# feature-set fabric
switch(config)# feature fabric forwarding
switch(config)# fabric database mobility-domain mymobilitydomain

fabric database override-profile

To configure fabric database override network profile name, use the fabric database override-profile command in global configuration mode. To remove the override profile name, use the no form of this command.

fabric database override-profile ProfileName

no fabric database override-profile ProfileName

Syntax Description

ProfileName

Name of the network profile to be changed.

Command Default

The profile returned from the Lightweight Directory Access Protocol (LDAP) is honored as part of the auto-configuration trigger.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 7.1(0)N1(1)

This command was introduced.

Cisco NX-OS 7.2(0)D1(1)

This command was integrated.

Usage Guidelines

An example use-case for this command is the usage on a Cisco Nexus 5500 Platform Switch that does not support segment ID. Consequently, the Cisco Nexus 5500 Platform Switch can only be a Layer-2 leaf. This command-line interface will force Cisco Nexus 5500 Platform Switches to always use a specified profile regardless of the profile associated with the network entry in the LDAP database.

Examples

The following example shows how to override a profile name using the fabric database override-profile command: 


Device(config)# fabric database override-profile Profile1

The following example shows how to auto configure Cisco Nexus 5500 series switches using the fabric database override-profile command: 


Device(config)# fabric database override-profile defaultNetworkL2GblVlanProfile

fabric database override-vrf-profile

When a particular switch needs to use a different include profile for tenant, than what is specified in the tenant profile, use the fabric database override-vrf-profile command in global configuration mode. To disable the overridden profile name, use the no form of this command.

fabric database override-vrf-profile vrfProfileName

no fabric database override-vrf-profile vrfProfileName

Syntax Description

vrfProfileName

Name of the network profile to be changed.

Command Default

The profile returned from the Lightweight Directory Access Protocol (LDAP) is honored as part of the auto-configuration trigger.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 7.1(0)N1(1)

This command was introduced.

Cisco NX-OS 7.2(0)D1(1)

This command was integrated.

Usage Guidelines

When you configure a different include profile name for a tenant, it works by substituting the profile specified in the LDAP database locally at the switch in which this command is configured.

Examples

The following example shows how the border leaf can use the fabric database override-vrf-profile command to specify a border leaf specific version of an include profile name: 


Device(config)# fabric database override-vrf-profile vrf-common-universal-bl

fabric database profile-map

To configure a fabric database profile map, use the fabric database profile-map command in global configuration mode. To disable a fabric database profile map, use the no form of this command.

fabric database profile-map { global | id }

no fabric database profile-map { global | id }

Syntax Description

global

Displays the global profile applicable to all the interfaces.

id

Profile map ID.

Command Default

A profile map is not assigned.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 7.1(0)N1(1)

This command was introduced.

Cisco NX-OS 7.2(0)D1(1)

This command was integrated.

Examples

The following example shows how to configure Leaf map by using the fabric database profile-map command: 


Device(config)# fabric database profile-map global
Device(config-profile-map-global)# ethernet-tag encapsulation dot1q default dynamic
Device(config-profile-map-global)# ethernet-tag encapsulation vni default dynamic
Device(config-profile-map-global)# vdp vni default dynamic
Device(config-profile-map-global)# vdp dot1q default dynamic

The following sample shows how to configure Border Leaf map by using the fabric database profile-map command: 


Device(config)# fabric database profile-map global
Device(config-profile-map-global)# vrf default dynamic

fabric database refresh

To refresh the database, use the fabric database refresh command in privileged EXEC mode.

fabric database refresh { dot1q | include-vrf | vni }

Syntax Description

dot1q

Displays the dot1q encapsulation.

include-vrf

Displays the include vrf name.

vni

Displays the Virtual Network Identifier (VNI).

Command Modes

Privileged EXEC (#)

Command History

Release Modification

Cisco NX-OS 7.1(0)N1(1)

This command was introduced.

Cisco NX-OS 7.2(0)D1(1)

This command was integrated.

Usage Guidelines

In the virtual port channel (vPC) setup, the fabric database refresh command is supported only on the vPC primary switch. Also this command requires a matching vni or dot1q hosts. You can use the show fabric database host command to list active vni or dot1q hosts.

Examples

The following example shows how to refresh dot1q by using the fabric database refresh command: 


Device# fabric database refresh dot1q 50

fabric database server primary

To configure which Lightweight Directory Access Protocol (LDAP) server is the primary LDAP server, use the fabric database server primary command in global configuration mode.

To disable the primary LDAP server, use the no form of this command.

fabric database server primary { host server--host | ip server-ip }

no fabric database server primary { host server--host | ip server-ip }

Syntax Description

host server--host

Specifies the hostname of the server.

server server-ip

Specifies the IP address of the server.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 7.3(0)N1(1)

This command was introduced.

Cisco NX-OS 7.3(0)D1(1)

Usage Guidelines

If the active LDAP server used is not the primary server, then the switch would poll the primary LDAP server and will switch to the primary server once the communication with the primary server is successful. This command is optional and it should be configured in addition to the LDAP server configuration (fabric database type) command.

Note

The host or IP configuration of this command must match with the host or IP configuration of LDAP server configuration (fabric database type) command.

Examples

The following example shows how to configure the primary LDAP server, using the fabric database server primary command. 


switch(config)# fabric database server primary host ldapserver-dcnm.cisco.com vrf management

fabric database timer re-add

To configure the fabric database timers, use the fabric database timer command in global configuration mode. To disable fabric database timers, use the no form of this command.

fabric database timer re-add { timeout }

no fabric database timer re-add { timeout }

Syntax Description

timeout

Displays the delay, in minutes. The range is from 0 to 1440. The default is 2.

Command Default

The default database timer is applicable.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 7.2(0)D1(1)

This command was introduced.

Cisco NX-OS 7.3(0)N1(1)

This command was modified.

Examples

The following example shows how to configure database timer value, in minutes, by using the fabric database timer command: 


switch(config)# fabric database timer re-add 5

fabric database type

To configure the external database, use the fabric database type command in global configuration mode. To remove this configuration, use the no form of this command

fabric database type { network | profile }

no fabric database type { network | profile }

Syntax Description

network

Configures the network database.

profile

Configures the config-profile database.

Command Default

The external database is not configured.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 7.0(0)N1(1)

This command was introduced.

Cisco NX-OS 7.2(0)D1(1)

This command was integrated.

Examples

The following example shows how to configure a database type: 

Device# configure terminal
Device(config)# fabric database type network
Device(config)# fabric database type profile

fabric forwarding anycast-gateway-mac

To specify the MAC address of the server facing ports across all leaf nodes, use the fabric forwarding anycast-gateway-mac command in global configuration mode. To disable the anycast gateway MAC address, use the no form of this command.

fabric forwarding anycast-gateway-mac mac-address

no fabric forwarding anycast-gateway-mac mac-address

Syntax Description

mac-address

Anycast gateway MAC address of the switch.

Command Default

The anycast gateway MAC address is not configured.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 7.0(0)N1(1)

This command was introduced.

Cisco NX-OS 7.2(0)D1(1)

This command was integrated.

Usage Guidelines

The anycast gateway MAC address is used per interface; hence, it is replicated across all the switch virtual interfaces (SVI) that are supporting proxy gateway or anycast gateway.

Examples

The following example shows how to configure the anycast gateway MAC address: 


Device> enable
Device# configure terminal
Device(config)# install feature-set fabric
Device(config)# feature-set fabric
Device(config)# fabric forwarding anycast-gateway-mac EE:EE:EE:EE:EE:EE

fabric forwarding limit-vlan-mac

To configure the maximum number of IPs per MAC in any VLAN or segment or bridge-domain, use the fabric forwarding limit-vlan-mac command in global configuration mode.

fabric forwarding limit-vlan-mac <value>

Syntax Description

value

Maximum number of end hosts that are allowed to have the same mapping (VLAN or MAC) in a virtual routing and forwarding (VRF). The range is from 5 to 2048.

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 7.1(0)N1(1)

This command was introduced.

Cisco NX-OS 7.2(0)D1(1)

This command was integrated.

Examples

The following example shows how to configure the maximum number of end hosts allowed to have the same mapping (VLAN or MAC) in a given VRF by using the fabric forwarding limit-vlan-mac command: 


Device(config)# fabric forwarding limit-vlan-mac 7

fabric forwarding mode anycast-gateway

To enable the distributed anycast-gateway function on a leaf/ToR switch in a VXLAN EVPN fabric, use the fabric forwarding mode anycast-gateway command in interface configuration mode. To disable the distributed anycast-gateway, use the no form of the command.

fabric forwarding mode anycast-gateway

no fabric forwarding mode anycast-gateway

Syntax Description

This command has no arguments or keywords.

Command Default

Distributed anycast-gateway is not enabled on the leaf/ToR switch in a VXLAN EVPN fabric.

Command Modes

Interface configuration (config-if)

Command History

Release Modification

Cisco NX-OS 7.2(0)D1(1)

This command was introduced.

Cisco NX-OS 7.3(0)N1(1)

This command was integrated.

Examples

The following example shows how to enable distributed anycast-gateway on the leaf/ToR switch in a VXLAN EVPN fabric: 


switch(config)# interface vlan 10
switch(config-if)# fabric forwarding mode anycast-gateway

fabric forwarding port-l2dci

To configure on the layer-2 trunk port connected out from the border-leaf, use the fabric forwarding port-l2dci command in interface configuration mode. To disable this configuration, use the no form of this command.

fabric forwarding port-l2dci

no fabric forwarding port-l2dci

Syntax Description

This command has no arguments or keywords.

Command Default

Port configuration to DCI remains disabled.

Command Modes

Interface configuration (config-if)

Command History

Release Modification

Cisco NX-OS 7.1(0)N1(1)

This command was introduced.

Cisco NX-OS 7.2(0)D1(1)

This command was integrated.

Usage Guidelines

For layer-2 extension across data center fabrics, various common technologies such as VPLS, OTV, and so on are employed. When a tenant subnet spans across data center fabrics, ARP (Address Resolution Protocol) and IPv6 ND (Neighbor Discovery) packets received on a border leaf from hosts connected to other data centers should NOT be treated as if coming from local hosts (also known as the directly attached ones).

When you configure this command, clients are notified that the corresponding port is connected for layer 2 data center interconnection. After this notification, the ARP and Neighbor Discovery process will ignore ARP and Neighbor Discovery packets ingress on the port and HMM is not triggered. to add the route to ARP and Neighbor Discovery.

Examples

The following example shows how to configure a port connection: 

Device(config)# interface port-channel 43
Device(config-if)# fabric forwarding port-l2dci

fabric forwarding switch-role

To specify the role of a device in the Cisco Programmable Fabric network, use the fabric forwarding switch-role command in global configuration mode. To disable the role specified for a device, use the no form of the command.

fabric forwarding switch-role { border [ leaf | spine | dci-node ] | leaf [ border ] | spine [ border ] | dci-node [ border ] }

no fabric forwarding switch-role

Syntax Description

border

(Optional) Specifies that the device is a border switch.

leaf

(Optional) Specifies that the device functions as a leaf switch.

spine

(Optional) Specifies that the device functions as a spine switch.

dci-node

(Optional) Specifies that the device is a Cisco Data Center Interconnect (DCI) node.

Use this keyword with the border keyword to specify that the device is both a Cisco Programmable Fabric border-leaf switch and a DCI node.

Command Default

The device is configured as a Cisco Programmable Fabric leaf switch.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 7.0(0)N1(1)

This command was introduced.

Cisco NX-OS 7.1(0)N1(1)

This command was modified. The dci-node keyword was added.

Cisco NX-OS 7.2(0)D1(1)

This command was integrated.

Usage Guidelines

You can configure a switch to act like a border (leaf or spine), spine, or leaf switch. A device sends notifications to registered components whenever there is a change in the role of a device. You can specify a combination of a border and a leaf or a spine on a device. Both Border Gateway Protocol (BGP) and Intermediate System-to-Intermediate System (ISIS) protocol restart when the role of a device changes.

When the role of a node is changed to spine, the FabricPath IS-IS root priority of that node is updated to 128. (The default root priority is 64.) The role of spine introduces a change in the FabricPath root priority for the MDT-Root.


Note
You can manually configure the FabricPath IS-IS root priority of any node.

This command is supported only on Layer-3 Cisco Programmable Fabric leaf switches (Cisco Nexus 5600/6000 series switches); it is not supported on Layer-2 Cisco Programmable Fabric switches. The command is not supported on the Cisco Nexus 5500 Platform.

Examples

The following example shows how to specify a device to be a border-spine switch:

Note

The release Cisco NX-OS 7.1(0)N1(1) does not allow switch-role change, which was applicable in the previous release Cisco NX-OS 7.0(0)N1(1). You must execute the write erase command to perform a switch-role, else the switch-role command gets rejected. 


switch# configure terminal
switch(config)# install feature-set fabric
switch(config)# feature-set fabric
switch(config)# feature fabric forwarding
switch(config)# fabric forwarding switch-role border spine

The following example shows how to specify a device to be a border-leaf switch: 


switch# configure terminal
switch(config)# install feature-set fabric
switch(config)# feature-set fabric
switch(config)# feature fabric forwarding
switch(config)# fabric forwarding switch-role border leaf

feature evb

To enable the Edge Virtual Bridging (EVB) feature on a device, use the feature evb command in global configuration mode. To disable EVB feature, use the no form of this command.

feature evb

no feature evb

Syntax Description

This command has no arguments or keywords.

Command Default

EVB is disabled.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 7.0(0)N1(1)

This command was introduced.

Cisco NX-OS 7.2(0)D1(1)

This command was integrated.

Usage Guidelines

You can enable or disable EVB globally on a device. You must use the feature evb command to enable and configure the EVB parameters.

Examples

This example shows how to enable the EVB feature on a device: 

Device(config)# feature evb

feature ngoam

To enable the VXLAN operations, administration, and maintenance (OAM) feature on the Cisco Nexus device, use the feature ngoam command in global configuration mode.

To disable VXLAN OAM feature, use the no form of this command.

feature ngoam

no feature ngoam

Syntax Description

This command has no arguments or keywords.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 7.3(0)N1(1)

This command was introduced.

Cisco NX-OS 7.3(0)D1(1)

Examples

The following example shows how to configure VXLAN OAM feature using the feature ngoam command. 

switch# feature ngoam

feature nv overlay

To enable the VXLAN functionality globally on the switch, use the feature nv overlay command in global configuration mode. To disable this feature, use the no form of the command.

feature nv overlay

no feature nv overlay

Syntax Description

This command has no arguments or keywords.

Command Default

VXLAN functionality is not enabled.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 6.1(2)I2(2)

This command was introduced.

Cisco NX-OS 7.3(0)N1(1)

This command was integrated.

Cisco NX-OS 7.3(0)D1(1)

Examples

The following example shows how to enable the VXLAN functionality globally on the switch: 


switch(config)# feature nv overlay

feature plb

To enable the pervasive load balancing function, use the feature plb command in global configuration mode. To disable the function, use the no form of the command.

feature plb

no feature plb

Syntax Description

This command has no arguments or keywords.

Command Default

The pervasive load balancing (PLB) function is not enabled by default.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 8.0(1)

This command was introduced.

Usage Guidelines

None.

Examples

This example shows how to configure the pervasive load balancing function: 


switch(config)# feature plb

Related Commands

Command

Description

plb

Creates a PLB service instance and parameters for it.

plb l3-device-group

Creates a PLB device group for balancing server or appliance loads.

show plb statistics

Displays PLB statistics.

feature vmtracker

To enable VM Tracker auto configuration trigger you must enable VM Tracker feature, use the feature vmtracker command in global configuration mode. To disable the VM Tracker feature, use the no form of this command.

feature vmtracker

no feature vmtracker

Syntax Description

This command has no arguments or keywords.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 7.1(0)N1(1a)

This command was introduced.

Cisco NX-OS 7.2(0)D1(1)

This command was integrated.

Examples

The following example shows how to enable VM Tracker feature: 


Switch(config)# feature vmtracker
Switch(config)# vmtracker fabric auto-config

feature vn-segment-vlan-based

To enable the (VLAN)-based virtual network (VN) segment feature on a device, use the feature vn-segment-vlan-based command in global configuration mode. To disable VLAN-based VN segment feature, use the no form of this command.

feature vn-segment-vlan-based

no feature vn-segment-vlan-based

Syntax Description

This command has no arguments or keywords.

Command Default

The VLAN-based virtual network segment is disabled.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 6.1(2)I2(2)

This command was introduced.

Cisco NX-OS 7.0(0)N1(1)

This command was integrated.

Usage Guidelines

You can enable or disable the VLAN-based VN segment feature globally on a device. The VLAN-based VN segment feature is enabled only if the feature-set fabricpath is enabled on the device.

Examples

This example shows how to enable the VLAN-based VN segment feature on a device: 

Device(config)# feature vn-segment-vlan-based

feature-set fabric

To enable configuring host mobility-specific commands, use the feature-set fabric command in global configuration mode.

feature-set fabric

Syntax Description

This command has no arguments or keywords.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 5.1(1)

This command was introduced.

Cisco NX-OS 7.0(0)N1(1)

This command was integrated.

Usage Guidelines

This command must be configured before configuring host mobility-specific commands.

Examples

The following example shows how to enable configuring host mobility-specific commands: 


switch(config)# feature-set fabric

host-reachability protocol bgp

To enable BGP reachability for a leaf switch (or VTEP) interface in a VXLAN EVPN fabric, use the host-reachability protocol bgp command in NVE interface configuration mode. To disable this feature, use the no form of the command.

host-reachability protocol bgp

no host-reachability protocol bgp

Syntax Description

This command has no arguments or keywords.

Command Default

This function is disabled.

Command Modes

NVE interface configuration mode  (config-if-nve).

Command History

Release Modification

Cisco NX-OS 7.3(0)N1(1)

This command was introduced.

Cisco NX-OS 7.3(0)D1(1)

Usage Guidelines

Enabling this command ensures that the leaf switch or VTEP interface is reachable through BGP, which is essential for communication with the BGP EVPN control plane.

Examples

The following example shows how to enable BGP reachability for a leaf switch or VTEP interface in a VXLAN EVPN fabric: 

switch(config)# interface nve 1
switch(config-if-nve)# host-reachability protocol bgp

import l2vpn evpn reoriginate

To enable importing of routes in the BGP EVPN control plane to the border leaf or border spine switch in a VXLAN setup, use the import l2vpn evpn reoriginate command in the neighbor vpnv4 unicast address family configuration mode. To disable this feature, use the no form of the command.

import l2vpn evpn reoriginate

no import l2vpn evpn reoriginate

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Neighbor vpnv4 unicast address family (config-router-neighbor-af)

Command History

Release Modification

Cisco NX-OS 7.3(0)N1(1)

This command was introduced.

Cisco NX-OS 7.3(0)D1(1)

Usage Guidelines

The import l2vpn evpn reoriginate command is used for the DCI function. Using this command, you can import routes within the VXLAN EVPN fabric to the border leaf/spine switch. This enables forwarding of L2VPN routes towards the WAN edge device. This way, networks/devices outside the VXLAN fabric (WAN, a remote data center, etc), can communicate with entities within the data center fabric.

Examples

This example shows how to enable importing of routes in the BGP EVPN control plane to the border leaf or border spine switch in a VXLAN setup. 

switch(config)# router bgp 100
switch(config-router)# neighbor 1.1.1.1 remote-as 200
switch(config-router-neighbor)# address-family vpnv4 unicast 
switch(config-router-neighbor-af)# import l2vpn evpn reoriginate

import vpn unicast reoriginate

To enable importing of VPNv4 and VPNv6 routes from the WAN edge device to the border leaf or border spine switch of a VXLAN setup, use the import vpn unicast reoriginate command in the neighbor l2vpn evpn address family configuration mode. To disable this feature, use the no form of the command.

import vpn unicast reoriginate

no import vpn unicast reoriginate

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Neighbor l2vpn evpn address family (config-router-neighbor-af)

Command History

Release Modification

Cisco NX-OS 7.3(0)N1(1)

This command was introduced

Cisco NX-OS 7.3(0)D1(1)

Usage Guidelines

The import vpn unicast reoriginate command is used for the DCI function. Using this command, you can import VPN routes coming in from the WAN edge device on the border leaf/spine switch into the VXLAN EVPN fabric. This command enables forwarding of VPN routes into devices within the VXLAN fabric. This way, leaf switches (VTEPs) in the VXLAN data center fabric can communicate with devices that are outside the data center network (a remote data center, Classical Ethernet pod, etc).

Examples

This example shows how to enable importing of VPNv4 and VPNv6 routes from the WAN edge device to the border leaf or border spine switch of a VXLAN setup. 

switch(config)# router bgp 100
switch(config-router-neighbor)# neighbor 2.2.2.1 remote-as 100
switch(config-router-neighbor)# address-family l2vpn evpn 
switch(config-router-neighbor-af)# import vpn unicast reoriginate

include profile

To configure a set of VLAN profile instances to refer to a common virtual routing and forwarding (VRF) instance, use the include profile command in profile configuration mode. To remove the reference to a common VRF instance, use the no form of this command.

include profile profile-name

no include profile profile-name

Syntax Description

profile-name

Name of the profile. The maximum number of characters allowed is 80.

Command Default

VLAN profile instances do not refer to a common VRF instance.

Command Modes

Profile configuration (config-profile)

Command History

Release Modification

Cisco NX-OS 7.0(0)N1(1)

This command was introduced.

Cisco NX-OS 7.2(0)D1(1)

This command was integrated.

Usage Guidelines

Use the include profile command to configure a set of VRF profile instances to refer to a common VRF instance. For example, a set of VLANs can refer to the same VLAN VRF instance. Any configuration after you configure the first VLAN VRF instance will increment the reference count of the include instance. The configuration related to the VRF stays until the last instance referring to the VRF is present.

Examples

The following example shows how to configure a set of VLAN profile instances to refer to a common VRF instance: 


Device> enable
Device# configure profile p1
Device(config-profile)# configure profile p2
Device(config-profile)# include profile p1

install feature-set fabric

To enable configuring host mobility-specific commands, use the install feature-set fabric command in global configuration mode.

install feature-set fabric

Syntax Description

This command has no arguments or keywords.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 5.1(1)

This command was introduced.

Cisco NX-OS 7.0(0)N1(1)

This command was integrated.

Usage Guidelines

This command needs to be configured before configuring host mobility-specific commands.

Examples

The following example shows how to enable configuring host mobility-specific commands: 


switch(config)# install feature-set fabric

instance

To create an instance of a user-defined parameter list, use the instance command in parameter list configuration mode. To remove an instance of a user-defined parameter list, use the no form of this command.

instance instance-name

no instance instance-name

Syntax Description

instance-name

Parameter-list instance name.

Command Default

A user-defined parameter-list instance is not created.

Command Modes

Parameter list configuration (config-param-list)

Command History

Release Modification

Cisco NX-OS 5.0(1.13)

This command was introduced.

Cisco NX-OS 6.1(2)I2(2)

This command was integrated.

Cisco NX-OS 7.0(0)N1(1)

Usage Guidelines

You can create instances of a parameter list for different hosts with various values. When you create an instance of a parameter list using the instance command, the device enters parameter instance configuration (config-param-inst) mode. The following options are available in this mode:

  • set - Sets the parameter value.
  • this - Displays information about the instance.
  • verify - Verifies the instance with the specified device-profile.
  • end - Exits parameter instance configuration mode and returns to EXEC mode.
  • exit - Exits parameter instance configuration mode and returns to parameter list configuration mode.
  • pop - Pops the mode from the stack or restores it from the specified name.
  • push - Pushes the current mode to the stack or saves it with the specified name.
  • where - Displays instance-related details (such as parameter-list name, instance name, and so on).

Examples

The following example shows to create an instance inst1 under the user-defined parameter list List1: 


Device# configure terminal
Device(config)# param-list List1 
Device(config-param-list)# instance inst1
Device(config-param-list)# exit

ip igmp snooping

To disable a NVE static router port interface, use the command, use the ip igmp snooping disable-nve-static-router-port command in global configuration mode.

ip igmp snooping disable-nve-static-router-port

Syntax Description

This command has no arguments or keywords.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 6.1(2)I2(2)

This command was introduced.

Usage Guidelines

When IGMP snooping is globally enabled, use ip igmp snooping command, IGMP snooping is enabled on all existing VLAN interfaces. When IGMP snooping is globally disabled, IGMP snooping is disabled on all existing VLAN interfaces. A sample is given below:

Examples

The following example shows how to disable NVE static router port interface: 


switch(config)# ip igmp snooping
switch(config)# ip igmp snooping disable-nve-static-router-port

lldp fabric auto-config

To enable the Link Layer Discovery Protocol (LLDP) auto-configuration feature, use the lldp fabric auto-config command in global configuration mode. To disable the LLDP feature, use the no form of this command.

lldp fabric auto-config

no lldp fabric auto-config

Syntax Description

This command has no arguments or keywords.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 7.3(0)N1(1)

This command was introduced.

Cisco NX-OS 7.3(0)D1(1)

Examples

The following example shows how to enable LLDP feature: 


Switch(config)# lldp fabric auto-config

logging level evb

To enable the system log (syslog) filter level for an Edge Virtual Bridging (EVB) session, use the logging level evb command in global configuration mode. To disable the syslog filter level for EVB, use the no form of this command.

logging level evb log-level

no logging level evb log-level

Syntax Description

log-level
Sets the severity for the syslog filter level. The level values ranges from 0 to 7. The severity associated with the values are:
  • 0-emerg—Sets severity levels for emergencies.
  • 1-alert—Sets severity levels for alerts.
  • 2-crit—Sets severity levels for critical issues.
  • 3-err—Sets severity levels for errors.
  • 4-warn—Sets severity levels for warnings.
  • 5-notif—Sets severity levels for notifications.
  • 6-inform—Sets severity levels for session information.
  • 7-debug—Sets severity levels for debugs.

Command Default

Syslog filter level with severity value 5 is enabled.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco NX-OS 4.0(1)

This command was introduced.

Cisco NX-OS 7.0(0)N1(1)

This command was integrated.

Usage Guidelines

Use the feature evb command to enable the EVB session. This, in turn, enables the evb keyword in the logging level command on the device.

Examples

The following example shows how to set a syslog filter level of 4 for an EVB session: 


Device# configure terminal
Device(config)# feature evb
Device(config)# logging level evb 4
Device(config)# end

The following example displays the default severity level and the user-defined syslog filter level for an EVB session: 


Device# show logging level evb

Facility        Default Severity        Current Session Severity
--------        ----------------        ------------------------
evb                     5                       4

0(emergencies)          1(alerts)       2(critical)
3(errors)               4(warnings)     5(notifications)
6(information)          7(debugging)

match (EVPN NLRI)

To filter traffic for a route map based on EVPN NLRI attributes, use the match command in route-map configuration mode. To remove a match command from a route map, use the no form of this command.

match { evpn route-type | mac-list | ip address prefix-list } name

no match { evpn route-type | mac-list | ip address prefix-list } name

Syntax Description

evpn route-type name

Specifies that the routes of the specified route-type be allowed or restricted.

You can enter the route-types 1 to 6, or enter all for all the route-types.

mac-list name

Specifies that the MAC routes of the specified mac-list be allowed or restricted.

ip address prefix-list name

Specifies that the IP addresses of the specified IP prefix be allowed or restricted.

Command Default

None.

Command Modes

Route-map configuration (config-route-map)

Command History

Release Modification

Cisco NX-OS 7.0(3)I1

This command was introduced.

Usage Guidelines

The match command filters the EVPN attributes for a specific route-map. You can enable filtering of different attributes for different route-maps, allowing you to filter network traffic as desired.

Examples

This example shows how to allow or restrict routes in the evpn-test route-map. EVPN route-type 5 is permitted, host-route IP prefix-list is permitted, and tenant-mac mac-list is denied. 


switch(config)# route-map evpn-test permit 10
switch(config-route-map)# match evpn route-type 5

switch(config)# route-map evpn-test permit 20
switch(config-route-map)# match ip address prefix-list host-route

switch(config)# route-map evpn-test deny 10
switch(config-route-map)# match mac-list tenant-mac

match (VLAN access-map)

To specify an access control list (ACL) for traffic filtering in a VLAN access map, use the match command in VLAN access-map configuration mode. To remove a match command from a VLAN access map, use the no form of this command.

match {ip | ipv6 | mac} address access-list-name

no match {ip | ipv6 | mac} address access-list-name

Syntax Description

ip

Specifies that the ACL is an IPv4 ACL.

ipv6

Specifies that the ACL is an IPv6 ACL.

mac

Specifies that the ACL is a MAC ACL.

access-list-name

Specifies the ACL by name, which can be up to 64 alphanumeric, case-sensitive characters.

Command Default

None

Command Modes

  VLAN access-map configuration

Command History

Release Modification

Cisco NX-OS 5.2(1)

This command was introduced.

Cisco NX-OS 6.1(2)I2(2)

This command was integrated.

Cisco NX-OS 7.0(0)N1(1)

Usage Guidelines

You can specify one or more match commands per entry in a VLAN access map.

By default, the device classifies traffic and applies IPv4 ACLs to IPv4 traffic, IPv6 ACLs to IPv6 traffic, and MAC ACLs to all other traffic.

This command does not require a license.

Examples

This example shows how to create a VLAN access map named vlan-map-01 and add two entries that each have two match commands and one action command: 


Device(config-access-map)# vlan access-map vlan-map-01
Device(config-access-map)# match ip address ip-acl-01
switch(config-access-map)# action forward
switch(config-access-map)# match mac address mac-acl-00f
switch(config-access-map)# vlan access-map vlan-map-01
switch(config-access-map)# match ip address ip-acl-320
switch(config-access-map)# match mac address mac-acl-00e
switch(config-access-map)# action drop
switch(config-access-map)# show vlan access-map
Vlan access-map vlan-map-01 10
        match ip: ip-acl-01
        match mac: mac-acl-00f
        action: forward
Vlan access-map vlan-map-01 20
        match ip: ip-acl-320
        match mac: mac-acl-00e
        action: drop

maximum paths mixed

Use the maximum-paths mixed command to enable BGP and the Unicast Routing Information Base (URIB) to consider the following paths as Equal Cost Multi Path (ECMP):

  • iBGP paths

  • eBGP paths

  • Paths from other protocols (such as static) that are redistributed or injected into BGP.

This command specifies the number of parallel multipaths. To disable this feature, use the no no form of this command.

maximum-paths mixed number-of-paths

no maximum-paths mixed number-of-paths

Syntax Description

number-of-paths

Specifies the number of parallel multipaths.

Command Default

None

Command Modes

Router Address Family configuration (config-router-af)

Router VRF Address Family configuration (config-router-vrf-af)

Command History

Release Modification

Cisco NX-OS Release 8.3(1)

This command was introduced.

Usage Guidelines

The paths can be either local to the device (static, iBGP or eBGP) or remote (eBGP or iBGP learnt over BGP-EVPN). This overrides the default route selection behavior in which local routes are preferred over remote routes. URIB downloads all NHs of the route, including locally learnt and user-configured routes, to the Unicast FIB Distribution Module (uFDM)/Forwarding Information Base (FIB).

This command does not require a license.

Examples

The following example enables BGP and the Unicast Routing Information Base (URIB) to consider paths as Equal Cost Multi Path (ECMP): 


switch(config)# router bgp 500000
switch(config-router)# address-family l2vpn evpn
switch(config-router-af)# maximum-paths mixed 32

Examples

The following example shows how to disable this feature:


switch(config-router-af)# no maximum-paths mixed 32

member vni associate-vrf

To associate a Layer-3 VNI to a tenant VRF (for routing between Layer-2 tenant networks), use the member vni associate-vrf command in NVE configuration mode. To disable this feature, use the no form of the command.

member vni Id associate-vrf

no member vni Id associate-vrf

Syntax Description

Id

Layer-3 VNI that is being associated with the tenant VRF.

Command Default

The Layer-3 VNI is not associated with the tenant VRF.

Command Modes

NVE configuration mode (config-if-nve)

Command History

Release Modification

Cisco NX-OS 6.1(2)I2(2)

This command was introduced.

Cisco NX-OS 6.2.2

This command was integrated.

Cisco NX-OS 7.3(0)N1(1)

Usage Guidelines

When you associate a Layer-3 VNI to a VRF, end hosts in the VXLAN EVPN fabric use this VNI to communicate to end hosts in other (Layer-2) tenant networks. Typically, a single Layer-3 VNI is created for a tenant VRF. The VRF and VNI specified with this command must match the VRF and VNI configured for the tenant earlier.

Examples

The following example shows how to associate a Layer-3 VNI to a tenant VRF in a VXLAN EVPN fabric: 


switch(config-if-nve)# interface nve 1 
switch(config-if-nve)# member vni 50000 associate-vrf