Cisco Nexus 3000 Series NX-OS System Management Configuration Guide, Release 9.3(x) First Published: 2019-07-20 Last Modified: 2020-11-10 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 © 2019–2020 Cisco Systems, Inc. All rights reserved. CONTENTS PREFACE Preface xix Audience xix Document Conventions xix Related Documentation for Cisco Nexus 3000 Series Switches xx Documentation Feedback xx Communications, Services, and Additional Information xx CHAPTER 1 New and Changed Information 1 New and Changed Information 1 CHAPTER 2 Overview 3 Licensing Requirements 3 System Management Features 3 CHAPTER 3 Configuring Switch Profiles 7 Information About Switch Profiles 7 Switch Profile Configuration Modes 8 Configuration Validation 8 Software Upgrades and Downgrades with Switch Profiles 9 Prerequisites for Switch Profiles 10 Guidelines and Limitations for Switch Profiles 10 Configuring Switch Profiles 11 Adding a Switch to a Switch Profile 13 Adding or Modifying Switch Profile Commands 14 Importing a Switch Profile 17 Verifying Commands in a Switch Profile 19 Cisco Nexus 3000 Series NX-OS System Management Configuration Guide, Release 9.3(x) iii Contents Isolating a Peer Switch 19 Deleting a Switch Profile 20 Deleting a Switch from a Switch Profile 20 Displaying the Switch Profile Buffer 21 Synchronizing Configurations After a Switch Reboot 22 Switch Profile Configuration show Commands 23 Supported Switch Profile Commands 23 Configuration Examples for Switch Profiles 25 Creating a Switch Profile on a Local and Peer Switch Example 25 Verifying the Synchronization Status Example 26 Displaying the Running Configuration 27 Displaying the Switch Profile Synchronization Between Local and Peer Switches 27 Displaying Verify and Commit on Local and Peer Switches 28 Successful and Unsuccessful Synchronization Examples 29 Configuring the Switch Profile Buffer, Moving the Buffer, and Deleting the Buffer 29 CHAPTER 4 Using Cisco Fabric Services 31 Information About CFS 31 CFS Distribution 32 CFS Distribution Modes 32 Uncoordinated Distribution 32 Coordinated Distribution 32 Unrestricted Uncoordinated Distributions 32 Verifying the CFS Distribution Status 33 CFS Support for Applications 33 CFS Application Requirements 33 Enabling CFS for an Application 33 Verifying Application Registration Status 33 Locking the Network 34 Verifying CFS Lock Status 35 Committing Changes 35 Discarding Changes 35 Saving the Configuration 35 Clearing a Locked Session 35 Cisco Nexus 3000 Series NX-OS System Management Configuration Guide, Release 9.3(x) iv Contents CFS Regions 36 About CFS Regions 36 Example Scenario 36 Managing CFS Regions 36 Creating CFS Regions 36 Assigning Applications to CFS Regions 37 Moving an Application to a Different CFS Region 37 Removing an Application from a Region 38 Deleting CFS Regions 38 Configuring CFS over IP 39 Enabling CFS over IPv4 39 Verifying the CFS Over IP Configuration 39 Configuring IP Multicast Addresses for CFS over IP 39 Configuring IPv4 Multicast Address for CFS 39 Verifying the IP Multicast Address Configuration for CFS over IP 40 Default Settings for CFS 40 CHAPTER 5 Configuring PTP 41 Information About PTP 41 PTP Device Types 41 PTP Process 42 High Availability for PTP 43 Guidelines and Limitations for PTP 43 Default Settings for PTP 43 Configuring PTP 44 Configuring PTP Globally 44 Configuring PTP on an Interface 46 Configuring Multiple PTP Domains 47 Configuring clock Identity 50 Configuring PTP Cost Interface 50 Configuring the Mean Path Delay Threshold Value 51 Configuring a PTP Interface to Stay in a Master State 52 Verifying the PTP Configuration 53 Cisco Nexus 3000 Series NX-OS System Management Configuration Guide, Release 9.3(x) v Contents CHAPTER 6 Configuring NTP 55 Information About NTP 55 NTP as Time Server 56 Distributing NTP Using CFS 56 Clock Manager 56 High Availability 56 Virtualization Support 56 Prerequisites for NTP 57 Guidelines and Limitations for NTP 57 Default Settings 58 Configuring NTP 59 Enabling or Disabling NTP on an Interface 59 Configuring the Device as an Authoritative NTP Server 59 Configuring an NTP Server and Peer 60 Configuring NTP Authentication 62 Configuring NTP Access Restrictions 63 Configuring the NTP Source IP Address 65 Configuring the NTP Source Interface 66 Configuring an NTP Broadcast Server 66 Configuring an NTP Multicast Server 67 Configuring an NTP Multicast Client 68 Configuring NTP Logging 68 Enabling CFS Distribution for NTP 69 Committing NTP Configuration Changes 70 Discarding NTP Configuration Changes 70 Releasing the CFS Session Lock 70 Verifying the NTP Configuration 71 Configuration Examples for NTP 72 CHAPTER 7 Configuring User Accounts and RBAC 75 Information About User Accounts and RBAC 75 User Roles 75 Rules 76 Cisco Nexus 3000 Series NX-OS System Management Configuration Guide, Release 9.3(x) vi Contents User Role Policies 76 User Account Configuration Restrictions 77 User Password Requirements 77 Guidelines and Limitations for User Accounts 78 Configuring User Accounts 79 Configuring SAN Admin Users 80 Configuring RBAC 81 Creating User Roles and Rules 81 Creating Feature Groups 82 Changing User Role Interface Policies 83 Changing User Role VLAN Policies 84 Changing User Role VSAN Policies 84 Verifying the User Accounts and RBAC Configuration 85 Configuring User Accounts Default Settings for the User Accounts and RBAC 85 CHAPTER 8 Configuring System Message Logging 87 Information About System Message Logging 87 Syslog Servers 88 Secure Syslog Servers 88 Guidelines and Limitations for System Message Logging 88 Default Settings for System Message Logging 89 Configuring System Message Logging 89 Configuring System Message Logging to Terminal Sessions 89 Configuring System Message Logging to a File 91 Configuring Module and Facility Messages Logging 93 Configuring Logging Timestamps 95 Configuring the ACL Logging Cache 96 Applying ACL Logging to an Interface 96 Configuring a Logging Source-Interface 97 Configuring the ACL Log Match Level 98 Configuring Syslog Servers 99 Configuring syslog on a UNIX or Linux System 100 Configuring Secure Syslog Servers 101 Configuring the CA Certificate 102 Cisco Nexus 3000 Series NX-OS System Management Configuration Guide, Release 9.3(x) vii Contents Enrolling the CA Certificate 103 Configuring syslog Server Configuration Distribution 104 Displaying and Clearing Log Files 105 Verifying the System Message Logging Configuration 106 Repeated System Logging Messages 107 CHAPTER 9 Configuring Smart Call Home 109 Information About Smart Call Home 109 Smart Call Home Overview 110 Smart Call Home Destination Profiles 110 Smart Call Home Alert Groups 111 Smart Call Home Message Levels 112 Call Home Message Formats 113 Guidelines and Limitations for Smart Call Home 117 Prerequisites for Smart Call Home 117 Default Call Home Settings 118 Configuring Smart Call Home 118 Registering for Smart Call Home 118 Configuring Contact Information 119 Creating a Destination Profile 120 Modifying a Destination Profile 121 Associating an Alert Group with a Destination Profile 123 Adding Show Commands to an Alert Group 123 Configuring E-Mail Server Details 124 Configuring Periodic Inventory Notifications 125 Disabling Duplicate Message Throttling 126 Enabling or Disabling Smart Call Home 127 Testing the Smart Call Home Configuration 127 Verifying the Smart Call Home Configuration 128 Sample Syslog Alert Notification in Full-Text Format 128 Sample Syslog Alert Notification in XML Format 129 CHAPTER 10 Configuring Session Manager 133 Information About Session Manager 133 Cisco Nexus 3000 Series NX-OS System Management Configuration Guide, Release 9.3(x) viii Contents Guidelines and Limitations for Session Manager 133 Configuring Session Manager 134 Creating a Session 134 Configuring ACLs in a Session 134 Verifying a Session 135 Committing a Session 135 Saving a Session 135 Discarding a Session 135 Configuration Example for Session Manager 135 Verifying the Session Manager Configuration 136 CHAPTER 11 Configuring the Scheduler 137 Information About the Scheduler 137 Remote User Authentication 138 Scheduler Log Files 138 Guidelines and Limitations for the Scheduler 138 Default Settings for the Scheduler 138 Configuring the Scheduler 139 Enabling the Scheduler 139 Defining the Scheduler Log File Size 139 Configuring Remote User Authentication 140 Defining a Job 141 Deleting a Job 142 Defining a Timetable 142 Clearing the Scheduler Log File 144 Disabling the Scheduler 144 Verifying the Scheduler Configuration 145 Configuration Examples for the Scheduler 145 Creating a Scheduler Job 145 Scheduling a Scheduler Job 145 Displaying the Job Schedule 145 Displaying the Results of Running Scheduler Jobs 146 Standards for the Scheduler 146 Cisco Nexus 3000 Series NX-OS System Management Configuration Guide, Release 9.3(x) ix Contents CHAPTER 12 Configuring SNMP 147 Information About SNMP 147 SNMP Functional Overview 147 SNMP Notifications 148 SNMPv3 148 Security Models and Levels for SNMPv1, v2, and v3 148 User-Based Security Model 149 CLI and SNMP User Synchronization 150 Group-Based SNMP Access 151 Guidelines and Limitations for SNMP 151 Default SNMP Settings 151 Configuring SNMP 151 Configuring the SNMP Source Interface 151 Configuring SNMP Users 152 Enforcing SNMP Message Encryption 153 Assigning SNMPv3 Users to Multiple Roles 154 Creating SNMP Communities 154 Filtering SNMP Requests 154 Configuring SNMP Notification Receivers 155 Configuring