Cisco Nexus 9000 Series Switches

Cisco Nexus 9000 Platform Switch Software Data Sheet

  • Viewing Options

  • PDF (292.9 KB)
  • Feedback

Cisco NX-OS Software Overview

Cisco® NX-OS Software is an operating system purpose built for the data center and designed with performance, resiliency, scalability, manageability, and programmability at its foundation. Cisco NX-OS provides a robust and comprehensive feature set that meets the demanding requirements of virtualization and automation in present and future data centers. The Cisco NX-OS Software for Cisco Nexus® 9000 Series Switches works in two modes:

   Standalone Cisco NX-OS deployment

   Cisco Application Centric Infrastructure (ACI) deployment

The Cisco Nexus 9000 Series uses an enhanced version of Cisco NX-OS with a single binary image that supports every switch in the series, simplifying image management. The operating system is modular, with a dedicated process for each routing protocol, a design that isolates faults while increasing availability. In the event of a process failure, the process can be restarted without losing state. The operating system supports In-Service Software Upgrade (ISSU), hot and cold patching, and online diagnostics. In the event of a supervisor module failure, the software supports stateful switchover with continuous availability.

Main switch features include the following:

   Power-On Auto Provisioning (POAP) automates the process of upgrading software images and installing configuration files on Cisco Nexus switches that are being deployed in the network for the first time.

   The intelligent Cisco NX-OS API (NX-API) provides operators with a way to manage the switch through remote procedure calls (RPCs; JavaScript Object Notation [JSON] or XML) over HTTP/HTTPS infrastructure.

   Linux shell access enables the switch to be configured through Linux shell scripts, helping automate the configuration of multiple switches and helping ensure consistency among multiple switches.

   Full ISSU (to be available in future release) and patching allows Cisco NX-OS to be upgraded and patched without any interruption in switch operations.

   Line-rate overlay support provides Virtual Extensible LAN (VXLAN) bridging and routing (to be available in future release) at full line rate, facilitating and accelerating communication between virtual and physical servers as well as between multiple data centers in a campus environment.

Cisco NX-OS Features and Benefits

The software packaging for the Cisco Nexus 9000 Series offers flexibility and a comprehensive feature set while being consistent with Cisco Nexus access switches. The default system software has a comprehensive Layer 2 security and management feature set. To enable Layer 3 IP Unicast and IP Multicast routing functions, you must install additional licenses. Table 1 lists the software packaging and licensing available to enable advanced features.

Table 1.       Software Packaging and Licensing


Chassis Based

Part Number

Supported Features

Cisco Nexus 9500 platform Layer 3 license



Layer 3 features, including full Open Shortest Path First (OSPF), Enhanced Interior Gateway Routing Protocol (EIGRP), and Border Gateway Protocol (BGP)

Cisco Data Center Network Manager (DCNM) license



Cisco DCNM license for Cisco Nexus 9500 platform

Software Requirements

The Cisco Nexus 9000 Series runs Cisco NX-OS on a 64-bit Linux kernel (Linux Release 3.4.10) with a single binary image that supports both modular (Cisco Nexus 9500 platform) and fixed-port (Cisco Nexus 9300 platform) switches. The single image incorporates both the Linux kernel and Cisco NX-OS so that the switch can be booted through a standard Linux kickstart process.


Table 2 summarizes the main features of the Cisco Nexus 9500 platform in standalone mode.

Table 2.       Main Features

Layer 2 Features


  Reserved range remapping

Private VLANs (PVLANs)

  Isolated ports and promiscuous ports
  PVLAN on PortChannels and vPCs

PVLANs: Fabric extenders

  Isolated ports

Virtual PortChannel (vPC)

Spanning Tree Protocol

  IEEE 802.1w Rapid Spanning Tree (Rapid PVST+)
  IEEE 802.1s Multiple Spanning Tree (MST)
  Edge port and edge-port trunk
  Extensions: Bridge Protocol Data Unit (BPDU) guard, BPDU filtering, bridge assurance, loop guard, and root guard

VLAN Trunk Protocol (VTP) Versions 1 and 2 (v1 and v2): Transparent mode

MAC addresses: Static

  Unicast and multicast

IEEE 802.3x Flow Control

IEEE 802.1AB Link Layer Discovery Protocol (LLDP)

User-configurable interface maximum transmission unit (MTU) and jumbo frames

Automatic medium-dependent-interface crossover (auto-MDIX)

Unidirectional Link Detection (UDLD)

Layer 3 Features


  Static routes
  BGP, EIGRP, OSPFv2, and Intermediate System to Intermediate System (ISIS)
  Virtual Routing and Forwarding Lite (VRF-Lite) and VRF route leaking
  Hot Standby Router Protocol (HSRP) v1 and v2
  Virtual Router Redundancy Protocol (VRRP)
  Bidirectional Forwarding Detection (BFD)
  Dynamic Host Configuration Protocol (DHCP) relay


  Static routes
  BGP and OSPFv3
  VRF-Lite and VRF route leaking
  DHCP relay

BGP enhancements

  disable-peer-as-check: Advertise routes learned from one node in one autonomous system (as) to another node in the same autonomous system.
  allow-as in: Allow routes having their own autonomous systems in the autonomous system path (as-path) to be installed in the BGP routing information base (BRIB).
  best-as-path-relax: Allow paths received from different autonomous systems to be handled as multipath if their as-path lengths are the same and other multipath conditions are met.
  best-as-path-relax: Allow paths received from different autonomous systems to be handled as multipath if their as-path lengths are the same and other multipath conditions are met.
  transport connection-mode passive: Allow a passive connection setup only.
  remove private-as enhancements [no | default]: Remove-private-as [all] [replace-as]
  MD5 authentication for prefix-based neighbors: Allow authentication for prefix-based neighbors.
  External BGP (EBGP) next-hop is unchanged
  IPv6 route updates over IPv4 peering
  EBGP scales to 1000 peers with BFD

64-way ECMP

User-configurable MAC addresses (16) on routed interfaces

Multicast Features

Interior Gateway Management Protocol (IGMP) v1, v2, and v3

IGMP snooping

Protocol-Independent Multicast (PIM) sparse mode (PIM-SM) and Any Source Multicast (ASM)

Anycast Routing Protocol (Anycast RP)

Multicast Source Discovery Protocol (MSDP)

Availability Features

Single binary image across Cisco Nexus 9300 and 9500 platforms

Fault isolation per process


Process patching

Stateless process restart

Stateful supervisor switchover

Online insertion and removal (OIR) of modules without disruption of traffic

Comprehensive Monitoring Features

Cisco Generic Online Diagnostics (GOLD)

  Minimum, complete, bypass, on-demand diagnostics, [[OK?]] and health checks

Onboard fault logging (OBFL)

Cisco Embedded Event Manager (EEM): Scheduler, monitor, and event manager

Integrated packet capture and analysis with Wireshark

Default SSD (chassis supervisor and top of rack [ToR]) for logging and data capture

Cisco Switched Port Analyzer (SPAN)

  Source and destination on switch

Encapsulated Remote SPAN (ERSPAN)

  Source on switch and fabric extender
  Ingress application control list (ACL) filtering

Virtualization Support Features

VXLAN gateway

VXLAN bridging

VXLAN routing

Security Features

Ingress and egress ACLs using Layer 2, 3, and 4 fields

  Extended ACLs, MAC addresses, port ACLs (PACLs), VLAN ACLs (VACLs), and routed ACLs (RACLs)
  Flexible ACL carving

ACL counters

Storm control

  Broadcast, multicast, and unknown unicast

User-configurable Control-Plane Policing (CoPP)

Authentication, authorization, and accounting (AAA)

  Challenge Handshake Authentication Protocol (CHAP), Password Authentication Protocol (PAP), Microsoft MS-CHAP, and MS-CHAPv2
  Capability to disable role-based access control (RBAC) and use AAA server authentication
  Role-based access control (RBAC) integration to replace privilege levels
  Test parameters
  VRF context support
  Lightweight Directory Access Protocol (LDAP) support




Interface Types

Layer 2 switch port

  Access and trunk (VLAN list and native VLAN tagged and untagged)

Layer 3 routed

Loopback interface

Switched virtual interface (SVI)


  Static mode
  IEEE 802.3ad LACP
  Load balancing
  Member link ping
  Minimum number of links

Fabric extender port

QoS Features

Up to 4 queues per port

Modular QoS command-line interface (CLI; MQC)

ACL-based classification


  Strict priority and strict priority fabric extender
  Weighted Round-Robin (WRR) and WRR fabric extender

Marking and classification

  Differentiated services code point (DSCP) on switch
  Class of service (CoS)
  CoS preservation for Remote Direct Memory Access (RDMA) over Converged Enhanced Ethernet (RoCEE)



Explicit congestion notification (ECN)

Weighted Random Early Detection (WRED)

Priority flow control (PFC) support for up to 3 PFC classes

Device Management Features


Configuration rollback

Configuration session manager

FTP, SFTP, and TFTP client

Network Time Protocol (NTP)

  Client, peer, server, ACL, and authentication

Remote copy (RCP) and secure copy (SCP) client

Remote monitor (RMON)

Cisco Smart Call Home

Simple Network Management Protocol (SNMP) v1, v2, and v3


Virtual terminal (vty)

XML (Netconf)

Secure Shell (SSH) v2 (client and server)

Telnet (client and server)

USB port

100/1000-Gbps management port

RS-232 serial console port

Support for copy <file> start

Locator LED (beacon) for line cards (chassis) and uplink modules (ToR)

Supported in Cisco DCNM LAN and Cisco Prime Infrastructure

Supported in Cisco networking plug-in for OpenStack

Extensibility and Programmability Features

Linux tools

  Bash shell access
  Broadcom shell access

Python shell

Cisco NX-API

Extensible Messaging and Presence Protocol (XMPP) client

Standards Compliance

IEEE 802.1D Bridging and Spanning Tree

IEEE 802.1p QoS/CoS

IEEE 802.1Q VLAN Tagging

IEEE 802.1w Rapid Spanning Tree

IEEE 802.1s Multiple Spanning Tree Protocol

IEEE 802.1AB Link Layer Discovery Protocol

IEEE 802.3ad Link Aggregation with LACP

IEEE 802.3x Flow Control

IEEE 802.3ab 1000BASE-T

IEEE 802.3z Gigabit Ethernet

IEEE 802.3ae 10 Gigabit Ethernet

IEEE 802.3ba 40 Gigabit Ethernet

RFC 2460 IPv6

RFC 2461 Neighbor Discovery for IPv6

RFC 2462 IPv6 Stateless Address Autoconfiguration

RFC 2463 ICMPv6


Cisco NX-OS Software Release 6.2 equivalent

For More Information

For more information about the Cisco Nexus 9000 Series software releases, please visit