Saturday, October 17, 2020

Cisco - Nexus NX-OS Commands Cheat Sheet


● Cisco Nexus NX-OS Command References


Cisco Nexus 9000 Series Switches - Command References

Cisco Nexus 7000 Series Switches - Command References

Cisco Nexus 5000 Series Switches - Command References

Cisco Nexus 3000 Series Switches - Command References

Cisco NX-OS Software

● Management


▶ Delete the start-up configuration
write erase boot
reload


▶ Enable ssh
(config)#ssh key rsa 1024
(config)#feature ssh
(config)#username test123 sshkey ssh-rsa
(config)#ssh login-attempts 5


▶ Configure the management IP address
switch#config t
switch(config)#int mgmt0
switch(config-if)#ip address 10.10.10.10 255.255.255.0
switch(config-if)#end
switch#


▶ Disable telnet and ssh
(config)#no feature telnet
(config)#no feature ssh


▶ Configure logging hosts
interface Vlan100
ip address 10.10.10.1 255.255.255.0
(config)#logging source-interface Vlan100
(config)#logging host 10.10.10.1


Hardware and Environment


▶ Display hardware information with serial numbers
show inventory

▶ Display detailed hardware information
show hardware

▶ Display enviroment information
show environment

▶ Display temperature information
show temperature

▶ Display CPU and Memory information
show system resources


Interfaces


▶ GBIC
(config)#no errdisable detect cause gbic-invalid
(config)#service unsupported-transceiver


▶ Virtual Device Context (VDC)
VDC-1(config)# vdc VDC-2
VDC-1# switchto vdc VDC-2
VDC-2# switchback
VDC-1(config)# vdc VDC-2
VDC-2(config-vdc)# allocate interface g0/1
VDC-2(config-vdc)# allocate interface g0/2
VDC-2# show vdc
VDC-2# show vdc membership


Switching


▶ Configuring VLANs
switch#
switch(config)#vlan 100
switch(config-vlan)#name vlan-name
switch(config-vlan)#exit
switch(config)#


▶ Assign an interface to the VLAN
switch#config t
switch(config)#int g1/1
switch(config-if)#switchport
switch(config-if)#switchport mode access
switch(config-if)#switchport access vlan 100
switch(config-if)#end
switch(config)#


▶ Configuring VTP
Switch#(config)#feature vtp
Switch#(config)#vtp mode server
Switch#(config)#vtp domain <domain-name>
Switch#(config)#vtp password <password>
Switch#(config)#vtp version 2
Switch#(config)#vtp pruning
Switch#(config)#sh vtp status


▶ Configuring 802.1q Trunking
Switch#conf t
Switch#(config)#int g0/1
Switch#(config-if)#switchport
Switch#(config-if)#switchport mode trunk
Switch#(config-if)#switchport trunk allowed vlan add 100
Switch#(config-if)#switchport trunk allowed vlan remove 100
Switch#(config-if)#end


▶ Configuring Port-channel
interface port-channel 1
int e0/1-2
switchport
switchport mode trunk
channel group 1 mode on
channel group 1 force mode on


▶ Display vPC information
show vpc
show vpc brief
show vpc role
show vpc consistency-parameters global



Routing


Cisco NX-OS/IOS OSPF Comparison

▶ Configuring OSPF
switch(config-if-range)# feature ospf
switch(config)# router ospf 1
switch(config-router)# int g1/1 -2
switch(config-if-range)# ip router ospf 1 area 0


▶ Enabling L3 on ports
switch(config-if)# int g1/1
switch(config-if)# no switchport
switch(config-if)# ip address 10.10.10.1/24
switch(config-if)# no shutdown



Security


▶ Configuring an ACL to block telnet
access-list 110 deny tcp any host 10.10.10.100 eq 23
access-list 110 permit ip any any
int g1/1
ip access-group 110 out


▶ Configuring a named ACL
ip access-list Block_Telnet
deny tcp any host 10.10.10.100 eq telnet
permit ip any any
int g1/1
ip access-group Block_Telnet out


▶ Configuring ARP Inspection
(config)# ip arp inspection vlan 1
(config)# int fa0/1
(config-if)# ip arp inspection trust


To configure a Layer 2 interface as a trusted ARP interface, use the ip arp inspection trust command. To configure a Layer 2 interface as an untrusted ARP interface, use the no form of this command.

ip arp inspection trust
no ip arp inspection trust


* Dynamic ARP Inspection (DAI) is a security feature that validates Address Resolution Protocol (ARP) packets in a network. DAI allows a network administrator to intercept, log, and discard ARP packets with invalid MAC address to IP address bindings. This capability protects the network from certain “man-in-the-middle” attacks.


No comments: