The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the Cisco NX-OS system management commands that begin with the letter F.
To enable the Intelligent CAM (iCAM) feature, use the feature icam command. To disable the iCAM feature, use the no form of this command.
|
|
This example shows how to enable the iCAM feature:
#
configure terminal
This example shows how to disable the iCAM feature:
#
configure terminal
To enable the Link Layer Discovery Protocol (LLDP) feature globally, use the feature lldp command. To disable the LLDP feature, use the no form of this command.
Global configuration mode (config)
network-admin
network-operator
vdc-admin
vdc-operator
|
|
In order for LLDP to discover servers connected to your device, the servers must be running openLLDP software.
LLDP must be enabled on the device before you can enable or disable it on any interfaces.
Note LLDP is supported only on physical interfaces. LLDP timers and type, length, and value (TLV) descriptions cannot be configured using Cisco DCNM.
LLDP can discover up to one device per port. LLDP can discover up to one server per port. LLDP can discover only Linux servers that are connected to your device. LLDP can discover Linux servers, if they are not using a converged network adapter (CNA); however, LLDP cannot discover other types of servers.
Make sure that you are in the correct virtual device context (VDC). To switch VDCs, use the switchto vdc command.
This example shows how to enable the LLDP feature globally:
switch(
config)#
feature lldp
switch(
config)
This example shows how to disable the LLDP feature:
switch(
config)#
no feature lldp
switch(
config)#2010 Jan 11 01:50:33 switch %FEATURE-MGR-2-FM_AUTOCKPT_IN_PROGRESS: AutoCheckpoint system-fm-lldp's creation in progress...
2010 Jan 21 01:50:34 switch %FEATURE-MGR-2-FM_AUTOCKPT_SUCCEEDED: AutoCheckpoint
created successfully
switch(
config)#
|
|
---|---|
To globally enable the NetFlow feature, use the feature netflow command. To disable NetFlow, use the no form of this command.
|
|
This example shows how to enable NetFlow on a Cisco NX-OS device:
This example shows how to disable NetFlow on a Cisco NX-OS device:
|
|
---|---|
Creates a flow record and enters flow record configuration mode. |
|
To enable the Network Time Protocol (NTP) on a virtual device context (VDC), use the feature ntp command. To disable NTP on a VDC, use the no form of this command.
|
|
Make sure that you are in the correct virtual device context (VDC). To change the VDC, use the switchto vdc command.
This example shows how to enable NTP on a VDC:
This example shows how to disable NTP on a VDC:
|
|
---|---|
Configures the device to act as an authoritative NTP server. |
|
To enable the Precision Time Protocol (PTP) feature on the current virtual device context (VDC), use the feature ptp command. To disable the PTP feature, use the no form of this command.
|
|
This example shows how to enable the PTP feature on the current VDC:
This example shows how to disable the PTP feature on the current VDC:
|
|
---|---|
Configures the priority1 value to use when advertising this clock. |
|
Configures the priority2 value to use when advertising this clock. |
|
To enable the scheduling of maintenance jobs, use the feature scheduler command. To disable the scheduler, use the no form of this command.
|
|
---|---|
You must enable the scheduler feature before you can configure a maintenance job.
Maintenance jobs can be scheduled for one-time-only or at periodic intervals. Maintenance jobs include quality of service policy changes, data and configuration backup, and so on.
This example shows how to enable the scheduler:
This example shows how to disable the scheduler:
|
|
---|---|
To delete a specific file in the /var/tmp directory, use the filesys delete command.
filesys delete /var/tmp/ file-name
|
|
---|---|
This example shows how to delete a specific file from the /var/tmp directory:
To configure the filters for an Encapsulated Remote Switched Port Analyzer (ERSPAN) session, use the filter command. To remove the filters, use the no form of this command.
filter [access-group acl-filter] [vlan vlan-range] [bpdu [true | false]] [cos cos-value] [dest-mac dest-mac] [eth-type eth-value] [flow-hash flow-value] [pc-lane port-number] [src_mac mac-address] [trace-route [true | false]]
no filter [access-group acl-filter] [vlan vlan-range] [bpdu [true | false]] [cos cos-value] [dest-mac dest-mac] [eth-type eth-value] [flow-hash flow-value] [pc-lane port-number] [src_mac mac-address] [trace-route [true | false]]
|
|
You can configure filters for ingress or egress ERSPAN traffic based on a set of rules. A simple filter has only one rule, and multiple fields or conditions can be added to this rule. The packets are spanned only if all conditions are met.
Port channel member lane is not supported on F1 Series modules.
F2 and F2e Series modules do not support egress SPAN filtering for destination MAC addresses and source MAC addresses.
This example shows how to configure filters for an ERSPAN session:
|
|
---|---|
To configure the filters for an Ethernet Switched Port Analyzer (SPAN) session, use the filter command. To remove the filters, use the no form of this command.
filter [vlan vlan-range] [bpdu [true | false]] [cos cos-value] [dest-mac dest-mac] [eth-type eth-value] [flow-hash flow-value] [pc-lane port-number] [src_mac mac-address] [trace-route [true | false]]
no filter [vlan vlan-range] [bpdu [true | false]] [cos cos-value] [dest-mac dest-mac] [eth-type eth-value] [flow-hash flow-value] [pc-lane port-number] [src_mac mac-address] [trace-route [true | false]]
Config-monitor configuration mode (config-monitor)
|
|
You can configure filters for ingress or egress SPAN traffic based on a set of rules. A simple filter has only one rule, and multiple fields or conditions can be added to this rule. The packets are spanned only if all conditions are met.
Port channel member lane is not supported on F1 Series modules.
F2 and F2e Series modules do not support egress SPAN filtering for destination MAC addresses and source MAC addresses.
This example shows how to configure filters for an SPAN session:
|
|
---|---|
To apply an access group to an Encapsulated Remote Switched Port Analyzer (ERSPAN) source session, use the filter access-group command. To remove an access group, use the no form of this command.
filter access-group acl_filter
no filter access-group acl_filter
Access control list (ACL) name. An ACL associates the access list with the SPAN session. |
|
|
Only the permit to deny actions are allowed for Encapsulated Remote Switched Port Analyzer (ERSPAN) access control list (ACL) filters.
For information about ACL-related commands, see the Cisco Nexus 7000 Series NX-OS Security Command Reference.
This example shows how to apply an access group to an ERSPAN session:
This example shows how to disassociate an access group to an ERSPAN session:
|
|
---|---|
To configure the Address Resolution Protocol (ARP) frame type filter for the Encapsulated Remote Switched Port Analyzer (ERSPAN) session, use the filter frame-type arp command. To remove the filter from the session, enter the no form of this command.
filter frame-type arp [arp-rarp [arp | rarp] [req-resp [req | rsp]] [sender-ip ip-address] [target-ip ip-address]]
no filter frame-type arp [arp-rarp [arp | rarp] [req-resp [req | rsp]] [sender-ip ip-address] [target-ip ip-address]]
(Optional) Specifies an ARP or Reverse Address Resolution Protocol (RARP) frame type filter. |
|
(Optional) Specifies a filter based on a request or response. |
|
|
|
This example shows how to configure the ARP frame type filter for the ERSPAN session:
To configure the Ethernet frame type filter for the Ethernet Switched Port Analyzer (SPAN) or Encapsulated Remote Switched Port Analyzer (ERSPAN) session, use the filter frame-type eth command. To remove the Ethernet frame type filter, use the no form of this command.
config-monitor mode (for a SPAN session)
config-erspan-src mode (for an ERSPAN session)
|
|
This example shows how to configure the Ethernet frame type filter for a SPAN session:
switch(config-monitor)# filter frame-type eth
This example shows how to configure the Ethernet frame type filter for an ERSPAN session:
To configure the Fibre Channel over Ethernet (FCoE) frame type filter for the Ethernet Switched Port Analyzer (SPAN) or Encapsulated Remote Switched Port Analyzer (ERSPAN) session, use the filter frame-type fcoe command. To remove the FCoE frame type filter, use the no form of this command.
filter frame-type fcoe [[fc-sid FC-source-ID] [fc-did FC-dest-ID] [fcoe-type fcoe-value] [r-ctl r-ctl-value] [sof sof-value] [cmd-code cmd-value]]
no filter frame-type fcoe [[fc-sid FC-source-ID] [fc-did FC-dest-ID] [fcoe-type fcoe-value] [r-ctl r-ctl-value] [sof sof-value] [cmd-code cmd-value]]
config-monitor mode (for a SPAN session)
config-erspan-src mode (for an ERSPAN session)
|
|
F1 Series modules do not support FCoE source IDs and FCoE destination IDs.
This example shows how to configure the FCoE frame type filter for a SPAN session:
switch(config-monitor)# filter frame-type fcoe
This example shows how to configure the FCoE frame type filter for an ERSPAN session:
To configure the IPv4 frame type filter for the Ethernet Switched Port Analyzer (SPAN) or Encapsulated Remote Switched Port Analyzer (ERSPAN) session, use the filter frame-type ipv4 command. To remove the Ethernet frame type filter, use the no form of this command.
filter frame-type ipv4 [[src-ip src-ip] [dest-ip dest-ip] [tos tos-value] [l4-protocol l4-value]]
no filter frame-type ipv4 [[src-ip src-ip] [dest-ip dest-ip] [tos tos-value] [l4-protocol l4-value]]
config-monitor mode (for a SPAN session)
config-erspan-src mode (for an ERSPAN session)
|
|
This example shows how to configure the IPv4 frame type filter for a SPAN session:
switch(config-monitor)# filter frame-type ipv4 l4-protocol 3
This example shows how to configure the IPv4 frame type filter for an ERSPAN session:
To configure the IPv6 frame type filter for the Ethernet Switched Port Analyzer (SPAN) or Encapsulated Remote Switched Port Analyzer (ERSPAN) session, use the filter frame-type ipv6 command. To remove the IPv6 frame type filter, use the no form of this command.
filter frame-type ipv6 [src-ip src-ip] [dest-ip dest-ip] [tos tos-value] [l4-protocol l4-value]
no filter frame-type ipv6 [src-ip src-ip] [dest-ip dest-ip] [tos tos-value] [l4-protocol l4-value]
config-monitor mode (for a SPAN session)
config-erspan-src mode (for an ERSPAN session)
|
|
F1 Series modules have limited support for rule-based SPAN. They do not support IPv6 source IP and IPv6 destination IP filters. They support only IPv4 and IPv6 ToS filters with values from 0 to 3.
F2 and F2e Series modules have limited support for rule-based SPAN. They do not support wildcards in the IPv6 source IP filter and IPv6 destination IP filter.
This example shows how to configure the IPv6 frame type filter for a SPAN session:
switch(config-monitor)# filter frame-type ipv6 src-ip 10.0.0.1
This example shows how to configure the IPv6 frame type filter for an ERSPAN session:
To apply a VLAN access map to one or more VLANs, use the filter vlan command. To remove a VLAN access map, use the no form of this command.
filter vlan vlan_mrange [ include-untagged ]
no filter vlan vlan_mrange [ include-untagged ]
Name of the VLAN access map that you want to create or configure. The range is from 1 to 3967 and from 4048 to 4093. |
|
(Optional) Specifies untagged frames on a port with Layer 3 subinterfaces. |
Config-monitor configuration (config-monitor)
|
|
This example shows how to apply a VLAN access map to one or more VLANs:
This example shows how to remove the VLAN access map:
|
|
---|---|
Applies a VLAN access map to one or more VLANs and i ncludes untagged frames on a port with Layer 3 subinterfaces. |
To apply a VLAN access map to one or more VLANs and i nclude untagged frames on a port with Layer 3 subinterfaces, use the filter vlan include-untagged command. To remove a VLAN access map to one or more VLANs with untagged frames on a port with Layer 3 subinterfaces, use the no form of this command.
no filter vlan include-untagged
Config-monitor configuration (config-monitor)
|
|
This example shows how to apply a VLAN access map to one or more VLANs and i nclude untagged frames on a port with Layer 3 subinterfaces:
This example shows how to remove a VLAN access map to one or more VLANs with untagged frames on a port with Layer 3 subinterfaces:
|
|
---|---|
To create a Flexible NetFlow flow exporter or to modify an existing Flexible NetFlow flow exporter, use the flow exporter command. To remove a Flexible NetFlow flow exporter, use the no form of this command.
no flow exporter exporter-name
Flow exporters are not present in the configuration until you create them.
|
|
---|---|
Flow exporters export the data in the flow monitor cache to a remote system, such as a server running NetFlow collector, for analysis and storage. Flow exporters are created as separate entities in the configuration. Flow exporters are assigned to flow monitors to provide data export capability for the flow monitors. You can create several flow exporters and assign them to one or more flow monitors to provide several export destinations. You can create one flow exporter and apply it to several flow monitors.
Once you enter the flow export configuration mode, the prompt changes to the following:
Within the flow export configuration mode, the following keywords and arguments are available to configure the flow exporters:
– ethernet mod / port — Specifies the Ethernet IEEE 802.3z interface module and port number. The ranges for the module and port number depend on the chassis used.
– loopback virtual-num — Specifies the virtual interface number. The range is from 0 to 1023.
– mgmt num — Specifies the management interface number. The range is from 0 to 10.
This example shows how to create a flow exporter named FLOW-EXPORTER-1, enter flow exporter configuration mode, and configure the flow exporter:
|
|
---|---|
To create a Flexible NetFlow flow monitor or to modify an existing Flexible NetFlow flow monitor and enter flow monitor configuration mode, use the flow monitor command. To remove a Flexible NetFlow flow monitor, use the no form of this command.
Flow monitors are not present in the configuration until you create them.
|
|
---|---|
Flow monitors are the Flexible NetFlow component that is applied to interfaces to perform network traffic monitoring. Flow monitors consist of a record that you add to the flow monitor after you create the flow monitor and a cache that is automatically created at the time that the flow monitor is applied to the first interface. Flow data is collected from the network traffic during the monitoring process based on the key and nonkey fields in record that is configured for the flow monitor and stored in the flow monitor cache.
Once you enter the flow monitor configuration mode, the prompt changes to the following:
Within the flow monitor configuration mode, the following keywords and arguments are available to configure the flow monitor:
– record-name —Name of a record.
– netflow ipv4 collection-type — Specifies the traditional IPv4 NetFlow collection schemes as follows:
original-input —Specifies the traditional IPv4 input NetFlow.
original-output —Specifies the traditional IPv4 output NetFlow.
protocol-port —Specifies the protocol and ports aggregation scheme.
– netflow-original — Specifies the traditional IPv4 input NetFlow with origin autonomous systems.
The netflow-original and original-input keywords are the same and are equivalent to the following commands:
The original-output keywords are the same as the original-input keywords except for the following:
This example shows how to create and configure a flow monitor named FLOW-MONITOR-1:
|
|
---|---|
To create a Flexible NetFlow flow record or to modify an existing Flexible NetFlow flow record and enter flow record configuration mode, use the flow record command. To remove a Flexible NetFlow flow record, use the no form of this command.
Flow records are not present in the configuration until you create them.
|
|
---|---|
Flexible NetFlow uses key and nonkey fields just as original NetFlow does to create and populate flows in a cache. In Flexible NetFlow, a combination of key and nonkey fields is called a record. Original NetFlow and Flexible NetFlow both use the values in key fields in IP datagrams, such as the IP source or destination address and the source or destination transport protocol port, as the criteria for determining when a new flow must be created in the cache while network traffic is being monitored. A flow is defined as a stream of packets between a given source and a given destination. New flows are created whenever NetFlow analyzes a packet that has a unique value in one of the key fields.
Once you enter the flow record configuration mode, the prompt changes to the following:
Within the flow record configuration mode, the following keywords and arguments are available to configure the flow record:
Cisco NX-OS enables the following match fields by default when you create a flow record:
This example shows how to create a flow record and enter flow record configuration mode:
|
|
---|---|
To create a Flexible NetFlow flow timeout or to modify an existing Flexible NetFlow flow timeout, use the flow timeout command. To remove a Flexible NetFlow flow timeout, use the no form of this command.
flow timeout { active seconds | aggressive threshold percentage | fast seconds threshold packets | inactive seconds | session | seconds}
no flow timeout { active seconds | aggressive threshold percentage | fast seconds threshold packets | inactive seconds | session | seconds}
|
|
---|---|
Added the seconds argument for the syntax description and also the note. |
|
The active timeout is the amount of time to wait before sending flow information about an active session. The flow is not removed from the cache after this timeout; however, the packet count, byte count, and timestamps are reset.
The aggressive timeout only affects hardware caches and is used when flows are being received faster than expected. If flows are being received faster than the threshold, they are aged out of the cache.
The fast timeout specifies when an inactive flow should be aged out.
The inactive timeout is used for Transmission Control Protocol (TCP) sessions that receive no more data from the sender (FIN) followed by an acknowledgment field is significant (ACK) or a reset (RST) packet being received. The inactive timeout indicates the session is over and the flow can be aged out.
Note Only the flow timeout seconds command is supported for F2 Series modules. All of the other NetFlow timeout commands are supported for M Series modules only.
This example shows how to specify the active or long timeout value in seconds for the F1 and M1 Series modules:
This example shows how to specify the percentage of the NetFlow table content:
This example shows how to specify the fast aging timeout in seconds:
This example shows how to specify the inactive or normal timeout in seconds:
This example shows how to specify the flush cache timeout in seconds for F2 Series module:
|
|
---|---|