Click here to request your free 14-day trial of Cisco Umbrella through NetCraftsmen today!

4/2
2010
Carole Warner Reece

Migrating to Nexus 7000 from Catalyst 6500 and 4500 Switches

Note: This is an older version of my command summary, the updated version is available at Migrating to Nexus 7000 from Catalyst 6500 and 4500 Switches as of NX-OS 6.0.

I’ve been looking at migrating some customers’ Catalyst 4500 and Catalyst 6500 switches to Nexus 7000 switches. I thought I would write up a comparison of common commands as an aid for the networking team.

Overall, the fundamental NX-OS 4.x CLI commands in are pretty similar to the 12.2 IOS CLI on Catalyst 4500 and 6500s. You can also use the “?” to get help and prompts, commands can be abbreviated, and the [Tab] key will auto-fill in unambiguous commands.

Some caveats: NX-OS does not support all the features of IOS, for example, acting as a DHCP server and NTP authentication.

IOS Commands (Nexus NX-OS Commands when different)

Function

show version Displays information about the currently running system software image and an overview of the installed hardware.
show module Displays information about the installed modules including module number, module type, number of ports on each module, module MAC addresses, and the module status.
router(config)#do show command


router(config)#show command
! or
router(config)#do show command 
View existing configuration information from the configuration command prompt using show commands.

Note:
For NX-OS, the [Tab] key and “?” will work for Exec mode commands inside of configuration mode. The use of “do” in NX-OS is currently working, but is not documented.
router(config)# do Exec-command 

router(config)# Exec-command
! or
router(config)#do Exec-command

View existing configuration information from the configuration command prompt.

Note:
For NX-OS, the [Tab] key and “?” will work for Exec mode commands inside of configuration mode. The use of “do” in NX-OS is currently working, but is not documented.
reload Reloads the operating system for the entire deviceNote:

For the Nexus 7000, this command works only in the default VDC.

! 6500
hw-module module slot reset
! 4500
no hw-module [slot | module] number power
hw-module [slot | module] number power
 

reload module mod-#

Reloads a module in the device by turning power off then on.

Note: For the Nexus 7000, this command works only in the default VDC

service timestamps [debug | log] [uptime | datetime [msec]] [localtime] [show-timezone] [year]
debug logging
logging timestamp {microseconds | milliseconds | seconds}
Apply a time stamp to debugging messages or system logging messages.Note:

In NX-OS, to enable debug logging configure ‘debug logging’ command. NX-OS does not have as many options for timestamps.

service password-encryption 

! No equivalent NX-OS command

Note: By default, NX-OS encrypts plain text passwords and enables password strength checking.
logging buffered [discriminator discr-name] [buffer-size] [severity-level]


logging logfile logfile-name severity-level [size bytes]

  
 

Enable system message logging to a local buffer
username name {nopassword | password password | password encryption-type encrypted-password} 

username user-id [password [0 | 5]  password] 

Create and configure a user account.

Note:
By default, NX-OS encrypts plain text passwords and enables password strength checking.
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login console none
aaa authentication enable default none
aaa authentication ppp default local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 -15 start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa session-id common 

aaa authentication login default group tacacs+ local
aaa authentication login console none
aaa user default-role
aaa accounting default group tacacs+

Configuring AAA. Note: Not all commands are supported on the NX-OS.
clock timezone zone hours-offset [minutes-offset]
clock summer-time zone recurring [week day month hh:mm week day month hh:mm [offset]]

clock timezone zone-name offset-hours offset-minutes
clock summer-time zone-name start-week start-day start-month start-time end-week end-day end-month end-time offset-minutes
Configure the time zone offset from Coordinated Universal Time (UTC) as well as daylight savings time.
ip subnet-zero
no ip source-route
no ip bootp server

! No equivalent NX-OS command
These commands are not available in NX-OS.
no ip domain-lookup
ip domain-name [vrf vrf-name] name 

no ip domain-lookup
ip domain-name
domain-name [use-vrf name]

Disable DNS lookup feature and configure a domain name.
ip ssh time-out seconds
ip ssh authentication-retries tries
ip ssh version 2ip 

feature ssh
ssh key {dsa [force] | rsa [length [force]]}

Enable an SSH server.

Note:
The Cisco NX-OS commands for SSH are different from the Cisco IOS commands. NX-OS software supports only SSHv2.
power redundancy-mode {redundant | combined} 

power redundancy-mode {combined | insrc-redundant | ps-redundant | redundant}

Configure the power supply redundancy mode
! 6500
no power enable module mod-#
! 4500
no hw-module [slot | module] number power

poweroff module mod-#
Powers off a module from configuration mode. 
redundancy
mode sso
main-cpu
auto-sync standard! No equivalent NX-OS command
Configure CPU redundancy.

Note:
: The Nexus 7000 supports dual supervisor modules to provide 1+1 redundancy for the control and management plane. Only one of the supervisor modules is active at any given time, while the other acts as a standby backup. No configuration commands are needed.
spanning-tree mode [pvst | mst | rapid-pvst] 

spanning-tree mode [rapid-pvst | mst]

Default mode for IOS is PVST; default mode for NX-OS is RPVST.

Note:
When you enter the command, all STP instances are stopped for the previous mode and are restarted in the new mode.
spanning-tree extend system-id 

! No equivalent NX-OS command

Enable the extended system ID feature on a chassis that supports 1024 MAC addresses. Note:

NX-OS does not use this command, the extended system ID is always automatically enabled in NX-OS devices.

spanning-tree vlan vlan-id  priority value Set the STP bridge priority
vlan internal allocation policy ascending 

! No equivalent NX-OS command

Configure the internal VLAN allocation scheme.

Note:
NX-OS does not support this command.
interface type slot/number
switchport
switchport mode access
switchport access vlan vlan-id
spanning-tree portfast
[speed {10 | 100 | 1000 | auto [10 | 100 | 1000] | nonegotiate}]

interfacetype slot/number
switchport
switchport host
switchport access vlan
 vlan-id
[speed {10 | 100 | 1000
|
auto [10 |
100 | 1000] | 10000 | auto}]
vlan 
 vlan-id

Configure a Layer 2 access port.

Note:
NX-OS uses “Ethernet” as the type for all FastEthernet / GigabitEthernet / Ten Gigabit Ethernet interfaces.
The VLAN in the vlan-id needs to be created so that the interface will come up.
interface type slot/number
switchport
switchport mode trunk
[switchport trunk allowed vlan vlan-id]
switchport trunk encapsulation [isl | dot1 | negotiate]
[switchport trunk allowed vlan add vlan-id]
[speed {10 | 100 | 1000 | auto [10 | 100 | 1000] | nonegotiate}]interface 

 type slot/number
switchport
switchport mode trunk
[switchport trunk allowed vlan
vlan-id]
[switchport trunk allowed vlan add
vlan-id]
[speed {10 | 100 | 1000
| auto [10 | 100 | 1000] | 10000 | auto}]

Configure a Layer 2 trunk port.

Note:
NX-OS only supports 802.1Q encapsulation.
vlan vlan-#
interface vlan-#
no shutdown 

vlan vlan-#
feature interface-vlan
interface vlan-#
no shutdown

Configure a VLAN interface

Note:
In NX-OS, the interface-vlan feature needs to be enabled before an interface VLAN can be configured. The VLAN needs to be defined as well for the interface to come up.

interface port-channel
channel-#
switchport

switchport mode . . .
interface type slot/number
switchport
channel-group group_number mode {active | auto | desirable | on | passive}

feature LACP
interface port-channel
channel-#
switchport
switchport mode . . .
interface
 type slot/number
switchport
channel-group
channel-
 number   [force]  [mode{on | active | passive}] 

Configure a Layer 2 LACP port channel.Note:

In NX-OS, the LACP feature needs to be enabled before it can be used.

vtp domain domain-name Configure the VTP domain name
vtp {server | client | transparent}vtp mode transparent Configure the VTP mode.

Note:
NX-OS only support VTP transparent mode.
udld {enable | aggressive}feature udld Enable UDLD globally on a device.
ip route prefix mask next-hop-address
 

  ip route ip-prefix/length next-hop-address

Configure static routes.
ip access-list extended access-list-name
[sequence-number] {permit | deny} protocol source source-wildcard destination destination-wildcard . . .


ip access-list access-list-name
[sequence-number] {permit | deny} protocol source destination . . .
 
Create or configure an IPv4 ACL
Note:
NX-OS supports one type of IPv4 ACL which is similar to the named extended ACL in IOS.
ip access-list resequence access-list-name starting-sequence-number increment

  resequence access-list-type access-list access-list-name starting-sequence-number increment

Resequence an ACL.
router eigrp as-number 

feature EIGRP
router eigrp
 instance-tag
[autonomous-system as-number]

Configure EIGRP routing.

Note:
In NX-OS, the EIGRP feature needs to be enabled before it can be used. You can use any case-sensitive alphanumeric string up to 20 characters as an instance tag. If you configure an instance-tag that does not qualify as an AS number, you must use the autonomous-system command to configure the AS number explicitly or this EIGRP instance will remain in the shutdown state
router(config-router)#
network ip-address [wildcard-mask]
interface type slot/number
ip address ip-prefix/length
ip router eigrp instance-tag

 

Configure a network in EIGRP.

Note:
For NX-OS, a network is configured in EIGRP by associating it through an interface the router uses to connect to the area. NX-OS uses CIDR notation for IP addresses, but can accept the ip-address mask format as well.
router ospf process-id 

feature OSPF
router ospf
 instance-tag

Configure OSPF routing.

Note:
In NX-OS, the OSPF feature needs to be enabled before it can be used. The instance-tag is locally assigned and can be any alphanumeric string or positive integer.
router(config-router)#
network ip-address wildcard-mask area area-id
interface type slot/number
ip address ip-prefix/length
ip router ospf instance-tag area area-id 


Configure a network in OSPF.

Note:
For NX-OS, a network is configured in OSPF by associating it through an interface the router uses to connect to the area.
interface type slot/number
ip address ip-address mask
ip helper-address ip-address
standby [group-number] ip ip-address
standby [group-number] timers hellotime holdtime
standby [group-number] priority priority
standby [group-number] premptf

eature hsrp
ip dhcp relay
interface
 type slot/number
ip address ip-prefix/length 
ip dhcp relay address
ip-address
hsrp
group-number
ip
ip-address
timers  
hellotime holdtime
 
priority  priority
prempt

Configure HSRP with an IP helper address to a DHCP server. Different command syntax is used. NX-OS also uses ‘hsrp’ as keyword, while IOS uses ‘standby’.

Note:
In NX-OS, the HSRP feature needs to be enabled before it can be used. To use the DHCP relay, DHCP services also has to be enabled. The HSRP holdtime needs to be at least 3x the hello time. NX-OS uses CIDR notation for IP addresses, but can accept the ip-address mask format as well.
Prior to NX-OS 4.2(1), the service dhcp command enabled the DHCP Relay feature. In NX-OS 4.2(1) the command was changed to ip dhcp relay.
ip dhcp pool name 

! No equivalent NX-OS command

Configure a Dynamic Host Configuration Protocol (DHCP) address pool on a DHCP server.

Note:
The NX-OS supports DHCP snooping, and DHCP relay, but does not support acting as a DHCP server.
ip multicast-routing 

feature PIM

Enable IP multicast routing
ipv6 unicast-routing
interface type slot/number
ipv6 address  ipv6-prefix/prefix-length eui-64
 

interface  type slot/number
ipv6 address  ipv6-prefix/prefix-length eui-64

Enable IPv6 traffic forwarding on an interface.

Note:
NX-OS does NOT need to enable IPv6 routing globally.
ntp server ip-address 

ntp enable
ntp server host [prefer]

Configure NTP.
ntp authenticate
ntp authentication-key md5
value
ntp trusted-key
key-number
ntp update-calendar
ntp server ip-address key key-id 

 

! No equivalent NX-OS command

Configure NTP authentication options.

Note:
NX-OS does not currently support NTP authentication keys.

monitor session session-#
source interface type slot/number
monitor session session-# destination interface type slot/number 

interface type slot/number
switchport
switchport monitor [ingress | learning]
monitor session session-number
description description

source interface
type slot/number
destination interface
type slot/number 

Enable SPAN sessions on interfaces or VLANs
snmp-server community RW-string RW acl-#
snmp-server community RO-string RO acl-#
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
 snmp-server enable traps tty
snmp-server enable traps entity
snmp-server enable traps port-security
snmp-server enable traps config
snmp-server host ip-address string
snmp ifmib ifindex persist 

snmp-server community RW-string RW
snmp-server community
 RO-string RO
snmp-server community
 RW-string use-acl acl-name
snmp-server community RO-string use-acl acl-name
snmp-server enable traps snmp authentication
snmp-server enable traps link 
snmp-server enable traps entity
snmp-server host ip-address string
 

Enable common SNMP options.

Note:
NX-OS syntax differs.
tacacs-server host ip-address
tacacs-server directed-request
tacacs-server key [0 | 7] keyfeature tacacs+
tacacs-server host ip-address
tacacs-server directed-request
tacacs-server key [0 | 7] key
Configure TACACS+ server

I hope this gives you a useful overview of some common configuration and verification commands you may need when migrating.

Three useful Cisco documentation links for further information:

http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_1/nx-os/master/index/master_index.html

http://www.cisco.com/en/US/products/ps9402/products_installation_and_configuration_guides_list.html

http://docwiki.cisco.com/wiki/Cisco_Nexus_7000_NX-OS/IOS_Comparison_Tech_Notes <– just found this, includes multiple articles comparing Cisco NX-OS and Cisco IOS features.

— cwr

ps – Some earlier articles that might also be helpful:

Carole Warner Reece

Architect

A senior network consultant with more than fifteen years of industry experience, Carole is one of our most highly experienced network professionals. Her current focus is on the data center and on network infrastructure.

View more Posts

 

Nick Kelly

Cybersecurity Engineer, Cisco

Nick has over 20 years of experience in Security Operations and Security Sales. He is an avid student of cybersecurity and regularly engages with the Infosec community at events like BSides, RVASec, Derbycon and more. The son of an FBI forensics director, Nick holds a B.S. in Criminal Justice and is one of Cisco’s Fire Jumper Elite members. When he’s not working, he writes cyberpunk and punches aliens on his Playstation.

 

Virgilio “BONG” dela Cruz Jr.

CCDP, CCNA V, CCNP, Cisco IPS Express Security for AM/EE
Field Solutions Architect, Tech Data

Virgilio “Bong” has sixteen years of professional experience in IT industry from academe, technical and customer support, pre-sales, post sales, project management, training and enablement. He has worked in Cisco Technical Assistance Center (TAC) as a member of the WAN and LAN Switching team. Bong now works for Tech Data as the Field Solutions Architect with a focus on Cisco Security and holds a few Cisco certifications including Fire Jumper Elite.

 

John Cavanaugh

CCIE #1066, CCDE #20070002, CCAr
Chief Technology Officer, Practice Lead Security Services, NetCraftsmen

John is our CTO and the practice lead for a talented team of consultants focused on designing and delivering scalable and secure infrastructure solutions to customers across multiple industry verticals and technologies. Previously he has held several positions including Executive Director/Chief Architect for Global Network Services at JPMorgan Chase. In that capacity, he led a team managing network architecture and services.  Prior to his role at JPMorgan Chase, John was a Distinguished Engineer at Cisco working across a number of verticals including Higher Education, Finance, Retail, Government, and Health Care.

He is an expert in working with groups to identify business needs, and align technology strategies to enable business strategies, building in agility and scalability to allow for future changes. John is experienced in the architecture and design of highly available, secure, network infrastructure and data centers, and has worked on projects worldwide. He has worked in both the business and regulatory environments for the design and deployment of complex IT infrastructures.