Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.0(2)N1(1)

Configuring Switch Profiles

This section describes how to configure switch profiles in Cisco NX-OS Release 5.0(2)N1(1) on the Cisco Nexus 5000 Series switch.

Information About Switch Profiles
Switch Profile Configuration Modes
Configuration Validation
Software Upgrades and Downgrades With Switch Profiles

Information About Switch Profiles

Several applications require consistent configuration across Cisco Nexus 5000 Series switches in the network. For example, with a Virtual Port Channel (vPC), you must have identical configurations. Mismatched configurations can cause errors or misconfigurations that can result in service disruptions. The configuration synchronization (config-sync) feature in Cisco NX-OS Release 5.0(2)N1(1), allows you to configure one switch profile and have the configuration be automatically synchronized to the peer switch.

A switch profile provides the following benefits:

Allows configurations to be synchronized between switches.
Merges configurations when connectivity is established between two switches.
Provides control of exactly which configuration gets synchronized.
Ensures configuration consistency across peers through merge and mutual-exclusion checks.
Provides verify and commit semantics.
Supports configuring and synchronizing port profile configurations.
Provides an import command to migrate existing vPC configurations to a switch profile.

Switch Profile Configuration Modes

The Cisco NX-OS Release 5.0(2)N1(1) switch profile feature includes the following configuration modes:

Configuration Synchronization Mode
Switch Profile Mode
Switch Profile Import Mode

Configuration Synchronization Mode

Beginning with Cisco NX-OS Release 5.0(2)N1(1), the configuration synchronization mode (config-sync) allows you to create switch profiles. After entering the config sync command, you can create and name the switch profile that displays the switch profile mode. You must enter the config sync command on the local and the peer switch that you want to synchronize.

Switch Profile Mode

The switch profile mode allows you to add supported configuration commands to a switch profile that is later synchronized with a peer switch. Commands that you enter in the switch profile mode are buffered until you enter the commit command.

Switch Profile Import Mode

When you upgrade from an earlier release to Cisco NX-OS Release 5.0(2)N1(1), you have the option to enter the import command to copy supported running-configuration commands to a switch profile. After entering the import command, the switch profile mode (config-sync-sp) changes to the switch profile import mode (config-sync-sp-import). The switch profile import mode allows you to import existing switch configurations from the running configuration and specify which commands you want to include in the switch profile.

Because different topologies require different commands that are included in a switch profile, the import command mode allows you to modify the imported set of commands to suit a specific topology. For example, a dual homed Fabric Extender (FEX) topology requires that most of the configuration is synchronized. In other vPC topologies, the configuration that needs to be synchronized might be a much smaller set of commands.

You need to enter the commit command to complete the import process and move the configuration into the switch profile. Because configuration changes are not supported during the import process, if you added new commands before entering the commit command, the switch profile remains unsaved and the switch remains in the switch profile import mode. You can remove the added commands or abort the import.Unsaved configurations are lost if the process is aborted. You can add new commands can be added to the switch profile after the import is complete.

Configuration Validation

Two types of configuration validation checks can identify two types of switch profile failures:

Mutual Exclusion Checks
Merge Checks

Mutual Exclusion Checks

To reduce the possibility of overriding configuration settings that are included in a switch profile, mutual exclusion (mutex) checks the switch profile commands against the commands that exist on the local switch and the commands on the peer switch. A command that is included in a switch profile cannot be configured outside of the switch profile or on a peer switch. This requirement reduces the possibility that an existing command is unintentionally overwritten.

As a part of the commit process, the mutex-check occurs on both switches if the peer switch is reachable, otherwise the mutex-check is performed locally. Configuration changes made from the configuration terminal occur only on the local switch.

If a mutex-check identifies errors, they are reported as a mutex failure and they must be manually corrected.

The following exceptions apply to the mutual exclusion policy:

Interface configuration—An interface configuration can be partially present in a switch profile and partially present in the running configuration as long as there are no conflicts.
Shutdown/no shutdown
System QoS

Merge Checks

Merge checks are done on the peer switch that is receiving a configuration. The merge checks ensure that the received configuration does not conflict with the switch profile configuration that already exists on the receiving switch. The merge check occurs during the merge or commit process. Errors are reported as merge failures and must be manually corrected.

When one or both switches are reloaded and the configurations are synchronized for the first time, the merge check verifies that the switch profile configurations are identical on both switches. Differences in the switch profiles are reported as merge errors and must be manually corrected.

Software Upgrades and Downgrades With Switch Profiles

When you downgrade from Cisco NX-OS Release 5.0(2)N1(1) to an earlier release, you are prompted to remove an existing switch profile that is not supported on earlier releases.

When you upgrade from an earlier release to Cisco NX-OS Release 5.0(2)N1(1), you have the option to move some of the running-configuration commands to a switch profile. The import command allows you to import relevant switch profile commands. An upgrade can occur if there are buffered configurations (uncommitted); however, the uncommitted configurations are lost.

When you perform an In Service Software Upgrade (ISSU) on one of the switches included in a switch profile, a configuration synchronization cannot occur because the peer is unreachable.

Prerequisites for Switch Profiles

Switch profiles have the following prerequisites:

You must enable CFSoIP distribution over mgmt0 on both switches by entering the cfs ipv4 distribute command.
You must configure a switch profile with the same name on both peer-switches by entering the config sync and switch-profile commands.
Configure each switch as peer switch by entering the sync-peers destination command

Configuration Guidelines and Limitations

Switch profiles have the following configuration guidelines and limitations:

You can only enable configuration synchronization using the mgmt0 interface.
You must configure synchronized peers with the same switch profile name.
Commands that are qualified for a switch profile configuration are allowed to be configured in the configuration switch profile (config-sync-sp) mode.
Supported switch profile commands relate to vPC commands. FCoE commands are not supported.
One switch profile session can be in progress at a time. Attempts to start another session will fail.
Supported command changes made from the configuration terminal mode are blocked when a switch profile session is in progress. You should not make unsupported command changes from the configuration terminal mode when a switch profile session is in progress..
When you enter the commit command and a peer switch is reachable, the configuration is applied to both peer switches or neither switch. If there is a commit failure, the commands remain in the switch profile buffer. You can then make necessary corrections and try the commit again.
Cisco recommends that you enable pre-provisioning for all Gigabit-Ethernet Modules (GEMs) and Cisco Nexus Fabric Extender modules whose interface configurations are synchronized using the configuration synchronization feature. Follow these guidelines in Cisco Nexus Fabric Extender A/A topologies where the Fabric Extenders might not be online on one switch and its configuration is changed and synchronized on the other switch. In this scenario, if you do not enable pre-provisioning, a commit fails and the configuration is rolled back on both switches.

Configuring Switch Profiles

You can create and configure a switch profile. Enter the switch-profile name command in the configuration synchronization mode (config-sync).

Before You Begin

You must create the switch profile with the same name on each switch and the switches must configure each other as a peer. When connectivity is established between switches with the same active switch profile, the switch profiles are synchronized.

SUMMARY STEPS

1. configuration terminal

2. cfs ipv4 distribute

3. config sync

4. switch-profile name

5. sync-peers destination IP-address

6. show switch-profile name status

7. exit

8. copy running-config startup-config

DETAILED STEPS

	Command or Action	Purpose
Step 1	configuration terminal Example: switch# configuration terminal switch(config)#	Enters the configuration terminal mode.
Step 2	cfs ipv4 distribute Example: switch(config)# cfs ipv4 distribute switch(config)#	Enables CFS distribution between the peer switches.
Step 3	config sync Example: switch# config sync switch(config-sync)#	Enters the configuration synchronization mode.
Step 4	switch-profile `name` Example: switch(config-sync)# switch-profile abc switch(config-sync-sp)#	Configures the switch profile, names the switch profile, and enters the switch profile synchronization configuration mode.
Step 5	sync-peers destination `IP-address` Example: switch(config-sync-sp)# sync-peers destination 10.1.1.1 switch(config-sync-sp)#	Configures the peer switch.
Step 6	show switch-profile `name` status Example: switch(config-sync-sp)# show switch-profile abc status switch(config-sync-sp)#	(Optional) Views the switch profile on the local switch and the peer switch information.
Step 7	exit Example: switch(config-sync-sp)# exit switch#	Exits the switch profile configuration mode and returns to EXEC mode.
Step 8	copy running-config startup-config Example: switch# copy running-config startup-config switch#	(Optional) Copies the running configuration to the startup configuration.

The following example shows how to configure a switch profile and shows the switch profile status.

switch# configuration terminal
switch(config)# cfs ipv4 distribute
switch(config-sync)# switch-profile abc 
switch(config-sync-sp)# sync-peers destination 10.1.1.1
switch(config-sync-sp)# show switch-profile abc status
Start-time:  15801 usecs after Mon Aug 23 06:21:08 2010
End-time:   6480 usecs after Mon Aug 23 06:21:13 2010
 
Profile-Revision: 1
Session-type: Initial-Exchange
Peer-triggered: Yes
Profile-status: Sync Success
 
Local information:
----------------
Status: Commit Success
Error(s):
 
Peer information:
----------------
IP-address: 10.1.1.1
Sync-status: In Sync.
Status: Commit Success
Error(s):
switch(config-sync-sp)# exit
switch#

Adding a Switch to a Switch Profile

Enter the sync-peers destination destination IP command in the switch profile configuration mode to add the switch to a switch profile.

Follow these guidelines when adding switches:

Switches are identified by their IP address.
Destination IPs are the IP addresses of the switches that you want to synchronize.
The committed switch profile is synchronized with the newly added peers (when they are online) providing that the peer switch is also configured with configuration synchronization.

Before You Begin

After creating a switch profile on the local switch, you must add the second switch that will be included in the synchronization.

SUMMARY STEPS

1. config sync

2. switch-profile name

3. sync-peers destination destination IP

4. exit

5. (Optional) show switch-profile peer

6. (Optional) copy running-config startup-config

DETAILED STEPS

	Command or Action	Purpose
Step 1	config sync Example: switch# config sync switch(config-sync)#	Enters configuration synchronization mode.
Step 2	switch-profile name Example: switch(config-sync)# switch-profile abc switch(config-sync-sp)#	Configures the switch profile, names the switch profile, and enters the switch profile synchronization configuration mode.
Step 3	sync-peers destination destination IP Example: switch(config-sync-sp)# sync-peers destination 10.1.1.1 switch(config-sync-sp)#	Adds a switch to the switch profile.
Step 4	exit Example: switch(config-sync-sp)# exit switch#	Exits switch profile configuration mode.
Step 5	show switch-profile peer Example: switch# show switch-profile peer	(Optional) Displays the switch profile peer configuration.
Step 6	copy running-config startup-config Example: switch# copy running-config startup-config	(Optional) Copies the running configuration to the startup configuration.

Adding or Modifying Switch Profile Commands

To modify a command in a switch profile, add the modified command to the switch profile and enter the commit command to apply the command and synchronize the switch profile to the peer switch if it is reachable.

Follow these guidelines when adding or modifying switch profile commands:

Commands that are added or modified are buffered until you enter the commit command.
Commands are executed in the same order in which they are buffered. If there is an order-dependency for certain commands, for example, a QoS policy must be defined before being applied, you must maintain that order; otherwise, the commit might fail. You can use utility commands, such as the show switch-profile name buffer command, the buffer-delete command, and the buffer-move command, to change the buffer and correct the order of already entered commands.

Before You Begin

After configuring a switch profile on the local and the peer switch, you must add and commit the supported commands to the switch profile. The commands are added to the switch profile buffer until you enter the commit command. The commit command does the following:

Triggers the mutex check and the merge check to verify the synchronization.
Creates a checkpoint with a rollback infrastructure.
Applies the configuration on the local switch and the peer switch.
Executes a rollback on all switches if there is a failure with an application on any of the switches in the switch profile.
Deletes the checkpoint.

SUMMARY STEPS

1. config sync

2. switch-profile name

3. command arugument

4. (Optional) show switch-profile name buffer

5. verify

6. commit

7. (Optional) show switch-profile name status

8. exit

9. (Optional) copy running-config startup-config

DETAILED STEPS

	Command or Action	Purpose
Step 1	config sync Example: switch# config sync switch(config-sync)#	Enters configuration synchronization mode.
Step 2	switch-profile name Example: switch(config-sync)# switch-profile abc switch(config-sync-sp)#	Configures the switch profile, names the switch profile, and enters switch profile synchronization configuration mode.
Step 3	command arugument Example: switch(config-sync-sp)# interface Port-channel100 switch(config-sync-sp-if)# speed 1000 switch(config-sync-sp-if)# interface Ethernet1/1 switch(config-sync-sp-if)# speed 1000 switch(config-sync-sp-if)# channel-group 100	Adds a command to the switch profile.
Step 4	show switch-profile name buffer Example: switch(config-sync-sp)# show switch-profile abc buffer switch(config-sync-sp)#	(Optional) Displays the configuration commands in the switch profile buffer.
Step 5	verify Example: switch(config-sync-sp)# verify	Verifies the commands in the switch profile buffer.
Step 6	commit Example: switch(config-sync-sp)# commit	Saves the commands in the switch profile and synchronizes the configuration with the peer switch.
Step 7	show switch-profile name status Example: switch(config-sync-sp)# show switch-profile abc status switch(config-sync-sp)#	(Optional) Displays the status of the switch profile on the local switch and the status on the peer switch.
Step 8	exit Example: switch(config-sync-sp)# exit switch#	Exits the switch profile configuration mode.
Step 9	copy running-config startup-config Example: switch# copy running-config startup-config	(Optional) Copies the running configuration to the startup configuration.

The following example shows how to create a switch profile, configure a peer switch, and add commands to the switch profile.

switch# configuration terminal
switch(config)# cfs ipv4 distribute
switch(config-sync)# switch-profile abc 
switch(config-sync-sp)# sync-peers destination 10.1.1.1
switch(config-sync-sp)# interface port-channel100
switch(config-sync-sp-if)# speed 1000
switch(config-sync-sp-if)# interface Ethernet1/1
switch(config-sync-sp-if)# speed 1000
switch(config-sync-sp-if)# channel-group 100
switch(config-sync-sp)# verify
switch(config-sync-sp)# commit
switch(config-sync-sp)# exit
switch#

The following example shows an existing configuration with a defined switch profile. The second example shows how the switch profile command changed by adding the modified command to the switch profile.

switch# show running-config
switch-profile abc
  interface Ethernet1/1
    switchport mode trunk
    switchport trunk allowed vlan 1-10

Switch# config sync
Switch(config-sync)# switch-profile abc
Switch(config-sync-sp)# interface Ethernet1/1
Switch(config-sync-sp-if)# switchport trunk allowed vlan 5-10
Switch(config-sync-sp-if)# commit

Switch# show running-config
switch-profile abc
  interface Ethernet1/1
    switchport mode trunk
    switchport trunk allowed vlan 5-10

Importing a Switch Profile

You can import a switch profile based on the set of commands that you want to import. The following three ways can be used to import commands that were added using the configuration terminal mode:

Follow these guidelines when adding switches:

Add selected commands to the switch profile.
Add supported commands that were specified for an interface.
Add supported system-level commands.

When you import commands to a switch profile, the switch profile buffer must be empty.

If new commands are added during the import, the switch profile remains unsaved and the switch remains in the switch profile import mode. You can enter the abort command to stop the import. For additional information importing a switch profile, see the “Switch Profile Import Mode” section.

SUMMARY STEPS

1. config sync

2. switch-profile name

3. import {interfaceport/slot | running-config}

4. commit

5. (Optional) abort

6. exit

7. (Optional) show switch-profile

8. (Optional) copy running-config startup-config

DETAILED STEPS

	Command or Action	Purpose
Step 1	config sync Example: switch# config sync switch(config-sync)#	Enters the configuration synchronization mode.
Step 2	switch-profile name Example: switch(config-sync)# switch-profile abc switch(config-sync-sp)#	Configures the switch profile, names the switch profile, and enters the switch profile synchronization configuration mode.
Step 3	import {interfaceport/slot \| running-config} Example: switch(config-sync-sp)# import ethernet 1/2 switch(config-sync-sp-import)#	Identifies the commands that you want to import and enters switch profile import mode. <CR>—Adds selected commands. interface—Adds the supported commands for a specified interface. running-config—Adds supported system-level commands.
Step 4	commit Example: switch(config-sync-sp-import)# commit	Imports the commands and saves the commands to the switch profile.
Step 5	abort Example: switch(config-sync-sp-import)# abort	(Optional) Aborts the import process.
Step 6	exit Example: switch(config-sync-sp)# exit switch#	Exits the switch profile import mode.
Step 7	show switch-profile Example: switch# show switch-profile	(Optional) Displays the switch profile configuration.
Step 8	copy running-config startup-config Example: switch# copy running-config startup-config	(Optional) Copies the running configuration to the startup configuration.

Importing Configurations in a vPC Topology

You can import configurations in a two-switch vPC topology.

Note

For specific information on the following steps, see the appropriate sections in this chapter.

Configure the switch-profile with the same name on both switches.

Import the configurations to both switches independently.

Note

Ensure that the configuration moved to the switch profile on both switches is identical; otherwise, a merge-check failure might occur.

Configure the switches by entering the sync-peer destination command.
Verify that the switch profiles are the same by entering the appropriate show commands.

Verifying Commands in a Switch Profile

You can verify the commands that are included in a switch profile, enter the verify command in switch profile mode.

SUMMARY STEPS

1. config sync

2. switch-profile name

3. verify

4. exit

5. (Optional) copy running-config startup-config

DETAILED STEPS

	Command or Action	Purpose
Step 1	config sync Example: switch# config sync switch(config-sync)#	Enters configuration synchronization mode.
Step 2	switch-profile name Example: switch(config-sync)# switch-profile abc switch(config-sync-sp)#	Configures the switch profile, names the switch profile, and enters switch profile synchronization configuration mode.
Step 3	verify Example: switch(config-sync-sp)# verify	Verifies the commands in the switch profile buffer.
Step 4	exit Example: switch(config-sync-sp)# exit switch#	Exits the switch profile configuration mode.
Step 5	copy running-config startup-config Example: switch# copy running-config startup-config	(Optional) Copies the running configuration to the startup configuration.

Isolating a Peer Switch

You can isolate a peer switch in order to make changes to a switch profile. This process can be used when you want to block a configuration synchronization or when you want to debug configurations.

Isolating a peer switch requires that you remove the switch from the switch profile and then add the peer switch back to the switch profile.

Note

For specific information on the following steps, see the appropriate sections in this chapter.

To temporarily isolate a peer switch, follow these steps:

Remove a peer switch from a switch profile.
Make changes to the switch profile and commit the changes.
Enter debug commands.
Undo the changes that were made to the switch profile in Step 2 and commit.
Add the peer switch back to the switch profile.

Deleting a Switch Profile

You can delete a switch profile by selecting the all-config or the local-config option:

all-config—Deletes the switch profile on both peer switches (when both are reachable). If you choose this option and one of the peers is unreachable, only the local switch profile is deleted. the all-config option completely deletes the switch profile on both peer switches.
local-config—Deletes the switch profile on the local switch only.

SUMMARY STEPS

1. config sync

2. no switch-profile name {all-config | local-config}

3. exit

4. (Optional) copy running-config startup-config

DETAILED STEPS

	Command or Action	Purpose
Step 1	config sync Example: switch# config sync switch(config-sync)#	Enters the configuration synchronization mode.
Step 2	no switch-profile name {all-config \| local-config} Example: switch(config-sync)# no switch-profile abc local-config switch(config-sync-sp)#	Deletes the switch profile as follows: all-config—Deletes the switch profile on the local and peer switch. If the peer switch is not reachable, only the local switch profile is deleted. local-config—Deletes the switch profile and local configuration.
Step 3	exit Example: switch(config-sync-sp)# exit switch#	Exits configuration synchronization mode.
Step 4	copy running-config startup-config Example: switch# copy running-config startup-config	(Optional) Copies the running configuration to the startup configuration.

Deleting a Switch From a Switch Profile

You can delete a switch from a switch profile.

SUMMARY STEPS

1. config sync

2. switch-profile name

3. no sync-peers destination destination IP

4. exit

5. (Optional) show switch-profile

6. (Optional) copy running-config startup-config

DETAILED STEPS

	Command or Action	Purpose
Step 1	config sync Example: switch# config sync switch(config-sync)#	Enters configuration synchronization mode.
Step 2	switch-profile name Example: switch(config-sync)# switch-profile abc switch(config-sync-sp)#	Configures the switch profile, names the switch profile, and enters the switch profile synchronization configuration mode.
Step 3	no sync-peers destination destination IP Example: switch(config-sync-sp)# no sync-peers destination 10.1.1.1 switch(config-sync-sp)#	Removes the specified switch from the switch profile.
Step 4	exit Example: switch(config-sync-sp)# exit switch#	Exits the switch profile configuration mode.
Step 5	show switch-profile Example: switch# show switch-profile	(Optional) Displays the switch profile configuration.
Step 6	copy running-config startup-config Example: switch# copy running-config startup-config	(Optional) Copies the running configuration to the startup configuration.

Verifying the Switch Profile Configuration

To display information about a switch profile, perform one of the following tasks:

Command	Purpose
show switch-profile `name`	Displays the commands in a switch profile.
show switch-profile `name` buffer	Displays the uncommitted commands in a switch profile, the commands that were moved, and the commands that were deleted.
show switch-profile `name` peer `IP-address`	Displays the synchronization status for a peer switch.
show switch-profile `name` session-history	Displays the status of the last 20 switch profile sessions.
show switch-profile `name` status	Displays the configuration synchronization status of a peer switch.
show running-config expand-port-profile	Displays details about the port profile.
show running-config exclude-provision	Displays the configurations for offline pre-provisioned interfaces that are hidden.
show running-config switch-profile	Displays the running configuration for the switch profile on the local switch.
show startup-config switch-profile	Displays the startup configuration for the switch profile on the local switch.

For detailed information about the fields in the output from these commands, see the Cisco Nexus 5000 Series Command Reference.

Configuration Examples for Switch Profiles

This section includes the following examples:

Creating a Switch Profile on a Local and Peer Switch
Verifying the Synchronization Status
Showing the Running Configuration
Displaying the Switch Profile Synchronization Between the Local and the Peer Switch
Displaying the Verify and Commit on the Local and the Peer Switch
Displaying the Successful and Unsuccessful Synchronization Between the Local and the Peer Switch
Displaying the Switch Profile Buffer
Importing Configurations
Migrating to Cisco NX-OS Release 5.0(2)N1(1) Using the import Command
Replacing a Cisco Nexus 5000 Series Switch
Replacing a Cisco Nexus 2000 Series Fabric Extender
Installing a New Cisco Nexus 2000 Series Fabric Extender
Synchronizing Configurations

Creating a Switch Profile on a Local and Peer Switch

The following example shows how to create a successful switch profile configuration on a local and peer switch including configuring QoS policies; a vPC peer-link, and a vPC in a switch profile. The example includes the following tasks in the order that they must be completed:

Enable CFSoIP distribution.
Create a switch profile and configure the peer switch.
Verify the switch profile status on both peer switches.
Add the configuration commands that will be applied to the local and the peer switch.
View the buffered commands.
Verify the commands.
Commit the commands to the switch profile.

Enable CFSoIP distribution on the local and the peer switch.

switch# configuration terminal
switch(config)# cfs ipv4 distribute

Create a switch profile on the local and the peer switch.

switch(config-sync)# switch-profile abc 
switch(config-sync-sp)# sync-peers destination 10.1.1.1

Verify that the switch profiles are the same on the local and the peer switch.

switch(config-sync-sp)# show switch-profile abc status
 
Start-time:  15801 usecs after Mon Aug 23 06:21:08 2010
End-time:   6480 usecs after Mon Aug 23 06:21:13 2010
 
Profile-Revision: 1
Session-type: Initial-Exchange
Peer-triggered: Yes
Profile-status: Sync Success
 
Local information:
----------------
Status: Commit Success
Error(s):
 
Peer information:
----------------
IP-address: 10.1.1.1
Sync-status: In Sync.
Status: Commit Success
Error(s):

Add the configuration commands to the switch profile on the local switch. The commands will be applied to the peer switch when the commands are committed.

switch(config-sync-sp)# class-map type qos c1 
switch(config-sync-sp-cmap-qos)# match cos 2 
switch(config-sync-sp-cmap-qos)# class-map type qos c2 
switch(config-sync-sp-cmap-qos)# match cos 5 
switch(config-sync-sp-cmap-qos)# policy-map type qos p1 
switch(config-sync-sp-pmap-qos)# class c1 
switch(config-sync-sp-pmap-c-qos)# set qos-group 2 
switch(config-sync-sp-pmap-c-qos)# class c2 
switch(config-sync-sp-pmap-c-qos)# set qos-group 3 
switch(config-sync-sp-pmap-c-qos)# system qos 
switch(config-sync-sp-sys-qos)# service-policy type qos input p1 
switch(config-sync-sp-sys-qos)# vlan 1-50 
switch(config-sync-sp-vlan)# interface port-channel 100 
switch(config-sync-sp-if)# vpc peer-link 
switch(config-sync-sp-if)# switchport mode trunk 
switch(config-sync-sp-if)# interface port-channel 10 
switch(config-sync-sp-if)# vpc 1 
switch(config-sync-sp-if)# switchport mode trunk 
switch(config-sync-sp-if)# switchport trunk allowed vlan 1, 10-50

View the buffered commands.

switch(config-sync-sp-if)# show switch-profile switch-profile buffer
----------------------------------------------------------
Seq-no  Command
----------------------------------------------------------
1       class-map type qos match-all c1
1.1       match cos 2
2       class-map type qos match-all c2
2.1       match cos 5
3       policy-map type qos p1
3.1       class c1
3.1.1       set qos-group 2
3.2       class c2
3.2.1       set qos-group 3
4       system qos
4.1       service-policy type qos input p1
5       vlan 2-50
6       interface port-channel100
6.1       vpc peer-link
6.2       switchport mode trunk
7       interface port-channel10
7.1       vpc 1
7.2       switchport mode trunk
7.3       switchport trunk allowed vlan 1, 10-50

Verify the commands in the switch profile.

switch(config-sync-sp-if)# verify
Verification Successful

Apply the commands to the switch profile and to synchronize the configurations between the local and the peer switch.

switch(config-sync-sp)# commit
Commit Successful
switch(config-sync)#

Verifying the Synchronization Status

The following example shows how to verify the synchronization status between the local and the peer switch:

switch(config-sync)# show switch-profile switch-profile status
 
Start-time: 804935 usecs after Mon Aug 23 06:41:10 2010
End-time: 956631 usecs after Mon Aug 23 06:41:20 2010
 
Profile-Revision: 2
Session-type: Commit
Peer-triggered: No
Profile-status: Sync Success
 
Local information:
----------------
Status: Commit Success
Error(s):
 
Peer information:
----------------
IP-address: 10.1.1.1
Sync-status: In Sync.
Status: Commit Success
Error(s):
 
switch(config-sync)#

Showing the Running Configuration

The following example shows the running configuration of the switch profile on the local switch:

switch(config-sync)# show running-config switch-profile
switch-profile sp
  sync-peers destination 10.1.1.1
  class-map type qos match-all c1
    match cos 2
  class-map type qos match-all c2
    match cos 5
  policy-map type qos p1
    class c1
      set qos-group 2
    class c2
      set qos-group 3
  system qos
    service-policy type qos input p1
  vlan 2-50
 
  interface port-channel10
    switchport mode trunk
    vpc 1
    switchport trunk allowed vlan 1,10-50
 
  interface port-channel100
    switchport mode trunk
    vpc peer-link
switch(config-sync)#

Displaying the Switch Profile Synchronization Between the Local and the Peer Switch

The following example shows how to display the initial successful synchronization between the two peers:

switch1# show switch-profile sp status

Start-time: 491815 usecs after Thu Aug 12 11:54:51 2010
End-time: 449475 usecs after Thu Aug 12 11:54:58 2010

Profile-Revision: 1
Session-type: Initial-Exchange
Peer-triggered: No
Profile-status: Sync Success

Local information:
----------------
Status: Commit Success
Error(s): 

Peer information:
----------------
IP-address: 10.193.194.52
Sync-status: In Sync.
Status: Commit Success
Error(s): 

switch1# 


switch2# show switch-profile sp status

Start-time: 503194 usecs after Thu Aug 12 11:54:51 2010
End-time: 532989 usecs after Thu Aug 12 11:54:58 2010

Profile-Revision: 1
Session-type: Initial-Exchange
Peer-triggered: Yes
Profile-status: Sync Success

Local information:
----------------
Status: Commit Success
Error(s): 

Peer information:
----------------
IP-address: 10.193.194.51
Sync-status: In Sync.
Status: Commit Success
Error(s): 

switch2#

Displaying the Verify and Commit on the Local and the Peer Switch

The following example shows how to configure a successful verify and commit of the local and peer switch.

switch1# configure sync
Enter configuration commands, one per line.  End with CNTL/Z.
sw01(config-sync)# switch-profile sp
Switch-Profile started, Profile ID is 1
sw01(config-sync-sp)# interface Ethernet1/1
sw01(config-sync-sp-if)# description foo
sw01(config-sync-sp-if)# verify
Verification Successful
sw01(config-sync-sp)# commit
Commit Successful
sw01(config-sync)# show running-config switch-profile
switch-profile sp
  sync-peers destination 10.193.194.52
  interface Ethernet1/1
    description foo
sw01(config-sync)# show switch-profile sp status

Start-time: 171513 usecs after Wed Aug 11 17:51:28 2010
End-time: 676451 usecs after Wed Aug 11 17:51:43 2010

Profile-Revision: 3
Session-type: Commit
Peer-triggered: No
Profile-status: Sync Success

Local information:
----------------
Status: Commit Success
Error(s): 

Peer information:
----------------
IP-address: 10.193.194.52
Sync-status: In Sync.
Status: Commit Success
Error(s): 

switch1(config-sync)# 


switch2# show running-config switch-profile
switch-profile sp
  sync-peers destination 10.193.194.51
  interface Ethernet1/1
    description foo
switch2# show switch-profile sp status

Start-time: 265716 usecs after Wed Aug 11 16:51:28 2010
End-time: 734702 usecs after Wed Aug 11 16:51:43 2010

Profile-Revision: 3
Session-type: Commit
Peer-triggered: Yes
Profile-status: Sync Success

Local information:
----------------
Status: Commit Success
Error(s): 

Peer information:
----------------
IP-address: 10.193.194.51
Sync-status: In Sync.
Status: Commit Success
Error(s): 

switch2#

Displaying the Successful and Unsuccessful Synchronization Between the Local and the Peer Switch

The following example shows how to configure the synchronization status of the switch profile on the peer switch. The first example shows a successful synchronization and the second example shows a peer not reachable status.

switch1# show switch-profile abc peer

switch1# show switch-profile sp peer 10.193.194.52
Peer-sync-status           : In Sync.
Peer-status                : Commit Success
Peer-error(s)              : 
switch1# 


switch1# show switch-profile sp peer 10.193.194.52
Peer-sync-status           : Not yet merged. pending-merge:1 received_merge:0
Peer-status                : Peer not reachable
Peer-error(s)              : 
switch1#

Displaying the Switch Profile Buffer

The following example shows how to configure the switch profile buffer, the buffer-move configuration, and the buffer-delete configuration:

switch1# configure sync
Enter configuration commands, one per line.  End with CNTL/Z.
switch1(config-sync)# switch-profile sp
Switch-Profile started, Profile ID is 1
switch1(config-sync-sp)# vlan 101
switch1(config-sync-sp-vlan)# ip igmp snooping querier 10.101.1.1
switch1(config-sync-sp-vlan)# exit
switch1(config-sync-sp)# mac address-table static 0000.0000.0001 vlan 101 drop 
switch1(config-sync-sp)# interface Ethernet1/2
switch1(config-sync-sp-if)# switchport mode trunk 
switch1(config-sync-sp-if)# switchport trunk allowed vlan 101
switch1(config-sync-sp-if)# exit
switch1(config-sync-sp)# show switch-profile sp buffer
----------------------------------------------------------
Seq-no  Command
----------------------------------------------------------
1       vlan 101
1.1       ip igmp snooping querier 10.101.1.1
2       mac address-table static 0000.0000.0001 vlan 101 drop
3       interface Ethernet1/2
3.1       switchport mode trunk
3.2       switchport trunk allowed vlan 101

switch1(config-sync-sp)# buffer-move 3 1
switch1(config-sync-sp)# show switch-profile sp buffer
----------------------------------------------------------
Seq-no  Command
----------------------------------------------------------
1       interface Ethernet1/2
1.1       switchport mode trunk
1.2       switchport trunk allowed vlan 101
2       vlan 101
2.1       ip igmp snooping querier 10.101.1.1
3       mac address-table static 0000.0000.0001 vlan 101 drop

switch1(config-sync-sp)# buffer-delete 1
switch1(config-sync-sp)# show switch-profile sp buffer
----------------------------------------------------------
Seq-no  Command
----------------------------------------------------------
2       vlan 101
2.1       ip igmp snooping querier 10.101.1.1
3       mac address-table static 0000.0000.0001 vlan 101 drop

switch1(config-sync-sp)# buffer-delete all
switch1(config-sync-sp)# show switch-profile sp buffer
switch1(config-sync-sp)#

Importing Configurations

The following example shows how to import an interface configuration:

switch# show running-config interface Ethernet1/3

!Command: show running-config interface Ethernet1/3
!Time: Wed Aug 11 18:12:44 2010

version 5.0(2)N1(1)

interface Ethernet1/3
  switchport mode trunk
  switchport trunk allowed vlan 1-100

switch# configure sync 
Enter configuration commands, one per line.  End with CNTL/Z.
sw01(config-sync)# switch-profile sp
Switch-Profile started, Profile ID is 1

switch(config-sync-sp)# import interface Ethernet1/3
switch(config-sync-sp-import)# show switch-profile sp buffer
----------------------------------------------------------
Seq-no  Command
----------------------------------------------------------
1       interface Ethernet1/3
1.1       switchport mode trunk
1.2       switchport trunk allowed vlan 1-100

switch(config-sync-sp-import)# verify
Verification Successful
switch(config-sync-sp-import)# commit
Commit Successful
switch(config-sync)#

The following example shows how to import the supported commands in a running configuration.

switch(config-sync)# switch-profile sp
Switch-Profile started, Profile ID is 1
switch(config-sync-sp)# import running-config 
switch(config-sync-sp-import)# show switch-profile sp buffer
----------------------------------------------------------
Seq-no  Command
----------------------------------------------------------
1       logging event link-status default
2       vlan 1
3       port-profile type ethernet pp1
3.1       bandwidth 5000
3.2       bandwidth inherit
3.3       speed 10000
3.4       state enabled
4       interface port-channel3
4.1       switchport mode trunk
4.2       vpc peer-link
4.3       spanning-tree port type network
5       interface port-channel30
5.1       switchport mode trunk
5.2       vpc 30
5.3       switchport trunk allowed vlan 2-10
6       interface port-channel31
6.1       switchport mode trunk
6.2       vpc 31
6.3       switchport trunk allowed vlan 11-20
7       interface port-channel101
7.1       switchport mode fex-fabric
7.2       fex associate 101
8       interface port-channel102
8.1       switchport mode fex-fabric
8.2       vpc 102
8.3       fex associate 102
9       interface port-channel103
9.1       switchport mode fex-fabric
9.2       vpc 103
9.3       fex associate 103
10      interface Ethernet1/1
11      interface Ethernet1/2
12      interface Ethernet1/3
13      interface Ethernet1/4
13.1      switchport mode trunk
13.2      channel-group 3
14      interface Ethernet1/5
14.1      switchport mode trunk
14.2      channel-group 3
15      interface Ethernet1/6
15.1      switchport mode trunk
15.2      channel-group 3
16      interface Ethernet1/7
16.1      switchport mode trunk
16.2      channel-group 3
17      interface Ethernet1/8
18      interface Ethernet1/9
18.1      switchport mode trunk
18.2      switchport trunk allowed vlan 11-20
18.3      channel-group 31 mode active
19      interface Ethernet1/10
19.1      switchport mode trunk
19.2      switchport trunk allowed vlan 11-20
19.3      channel-group 31 mode active
20      interface Ethernet1/11
21      interface Ethernet1/12
...
45      interface Ethernet2/4
45.1      fex associate 101
45.2      switchport mode fex-fabric
45.3      channel-group 101
46      interface Ethernet2/5
46.1      fex associate 101
46.2      switchport mode fex-fabric
46.3      channel-group 101
47      interface Ethernet2/6
47.1      fex associate 101
47.2      switchport mode fex-fabric
47.3      channel-group 101
48      interface Ethernet2/7
48.1      fex associate 101
48.2      switchport mode fex-fabric
48.3      channel-group 101
49      interface Ethernet2/8
49.1      fex associate 101
...
89      interface Ethernet100/1/32
90      interface Ethernet100/1/33
91      interface Ethernet100/1/34
92      interface Ethernet100/1/35
93      interface Ethernet100/1/36
...
105     interface Ethernet100/1/48
switch(config-sync-sp-import)#

The following example shows how to import selected supported commands. First, show the port profile running configuration to identify the configuration that you are going to import.

switch# show running-config port-profile 

!Command: show running-config port-profile
!Time: Thu Aug 12 12:09:11 2010

version 5.0(2)N1(1)
port-profile type ethernet pp1
  bandwidth 5000
  bandwidth inherit
  speed 10000
  state enabled

switch# 

switch# configure sync
Enter configuration commands, one per line.  End with CNTL/Z.
sw01(config-sync)# switch-profile sp
Switch-Profile started, Profile ID is 1
switch(config-sync-sp)# import
switch(config-sync-sp-import)# port-profile type ethernet pp1
switch(config-sync-sp-import-if)#   bandwidth 5000
switch(config-sync-sp-import-if)#   bandwidth inherit
switch(config-sync-sp-import-if)#   speed 10000
switch(config-sync-sp-import-if)#   state enabled
switch(config-sync-sp-import-if)# show switch-profile sp buffer
----------------------------------------------------------
Seq-no  Command
----------------------------------------------------------
1       port-profile type ethernet pp1
1.1       bandwidth 5000
1.2       bandwidth inherit
1.3       speed 10000
1.4       state enabled

switch(config-sync-sp-import-if)# verify
Verification Successful
switch(config-sync-sp-import)# commit
Commit Successful
sw01(config-sync)# show running-config switch-profile 
switch-profile sp
  sync-peers destination 10.193.194.52
  port-profile type ethernet pp1
    bandwidth 5000
    bandwidth inherit
    speed 10000
    state enabled
switch(config-sync)#

Migrating to Cisco NX-OS Release 5.0(2)N1(1) Using the import Command

The following tasks show how to migrate to Cisco NX-OS Release 5.0(2)N1(1) in an Active/Active and Straight-Through topology.

Migrating to Cisco NX-OS Release 5.0(2)N1(1) in a Fabric Extender A-A Topology

This examples shows the tasks used to migrate to Cisco NX-OS Release 5.0(2)N1(1) in a Fabric Extender A-A topology. For details on the tasks, see the appropriate sections in this chapter.

Ensure configurations are the same on both switches.
Configure the switch-profile with same name on both switches.
Enter the import running-config command on both switches.
Enter the show switch-profile <name> buffer command to ensure all configurations are correctly imported on both switches.
Remove unwanted configuration settings by editing the buffer. See "Displaying the Switch Profile Buffer".
Enter the commit command on both switches.
Enter the sync-peers destination IP-address command to configure the peer switch on both switches.
Enter the show switch-profile <name> status command to ensure both switches are synchronized.

Migrating to Cisco NX-OS Release 5.0(2)N1(1) in a Fabric Extender Fabric Extender Straight-Through Topology

This examples shows the tasks used to migrate to Cisco NX-OS Release 5.0(2)N1(1) in a Fabric Extender Straight-Through topology. For details on the tasks, see the appropriate sections in this chapter.

Ensure the vPC port-channel configurations are the same on both switches.
Configure the switch-profile with the same name on both switches.
Enter the import interface port-channel x-y, port-channel z command for all vPC port-channels on both switches.
Enter the show switch-profile <name> buffer command to ensure all configurations are correctly imported on both switches.
Remove unwanted configuration settings by editing the buffer. See "Displaying the Switch Profile Buffer".
Enter the commit command on both switches
Enter the sync-peers destination IP-addresscommand to configure the peer switch on both switches.
Enter the show switch-profile <name> status command to ensure both switches are synchronized.

Replacing a Cisco Nexus 5000 Series Switch

When a Cisco Nexus 5000 Series switch has been replaced, perform the following configuration steps on the replacement switch to synchronize it with the existing Cisco Nexus 5000 Series switch. The procedure can be done in a hybrid Fabric Extender A/A topology and Fabric Extender Straight-Through topology.

Do not connect any peer-link, vPC, A/A or Straight-Through topology fabric ports to the replacement switch.
Boot the replacement switch. The switch comes up with no configuration.
Enable pre-provisioning on all Fabric Extender A/A and ST modules.
Configure the replacement switch:

If the running-configuration was saved offline, follow steps 5-9 to apply the configuration.

If the running-configuration was not saved offline, you can obtain it from the peer switch if the configuration synchronization feature is enabled. (See Steps 1 and 2 from "Creating a Switch Profile on a Local and Peer Switch" then begin with step 10 below).

If neither condition is met, manually add the configuration and then begin with step 10 below.
Edit the configuration file to remove the sync-peer command if using the configuration synchronization feature.
Configure the mgmt port IP address and download the configuration file.
Copy the saved configuration file to the running configuration.
Verify the configuration is correct by entering the show running-config command and the show provision failed-config slot command.
If switch-profile configuration changes were made on the peer switch while the replacement switch was out-of-service, apply those configurations in the switch-profile and then enter the commit command.
Shutdown all Fabric Extender ST topology ports that are included in a vPC topology.
Connect the Fabric Extender ST topology fabric ports.
Wait for Fabric Extender ST topology switches to come online.
Ensure the vPC role priority of the existing switch is better than the replacement switch.
Connect the peer-link ports to the peer switch.
Connect the Fabric Extender A/A topology fabric ports.
Connect the switch vPC ports.
Enter the no shutdown command on all Fabric Extender ST vPC ports.
Verify that all vPC switches and the Fabric Extenders on the replacement switch come online and that there is no disruption in traffic.
If you are using the configuration synchronization feature, add the sync-peer configuration to the switch-profile if this wasn’t enabled in Step 4.
If you are using the configuration synchronization feature, enter the show switch-profile name status command to ensure both switches are synchronized.

Replacing a Cisco Nexus 2000 Series Fabric Extender

When a Cisco Nexus 2000 Series Fabric Extender needs to be replaced, use the following procedure for the least disruption.

Replacing a Fabric Extender in an Active/Active Topology

Because the hosts behind a Fabric Extender in an A/A Topology are by definition singly connected, there will be traffic disruption for those hosts.

If the replacement Fabric Extender is a different model, pre-provisioning for the new type will not be allowed until the old Fabric Extender is disconnected. Perform the following tasks to retain the configuration on both Nexus 5000 Series switches.

Save configuration for Fabric Extender interfaces to a file.
Replace the Fabric Extender.
Connect all Fabric Extender fabric and host ports.
Copy the file to the running configuration after the Fabric Extender comes online.
If the configuration needs to be applied before the Fabric Extender comes online, that slot needs to be pre-provisioned.

Replacing a Fabric Extender in a Straight-Through Topology

If the replacement Fabric Extender is the same model as the original Fabric Extender, then there is no disruption; the configuration on the Fabric Extender interfaces remain unchanged.

If the replacement Fabric Extender is a different model, then pre-provisioning for the new Fabric Extender will not be allowed until the old Fabric Extender is disconnected. Follow these steps to retain the configuration.

Save the Fabric Extender interface configurations to a file.
Disconnect the Fabric Extender fabric ports and wait until the Fabric Extender is offline.
Pre-provision the slot with the new Fabric Extender model.
Modify the configuration file if necessary for the new Fabric Extender if the configurations are incompatible

Note

For vPC ports, this might affect consistency.
Copy the file to the running configuration.
Connect the Fabric Extender fabric and host ports and then wait for the Fabric Extender to come online.
Verify that all ports and vPC switches are up with the correct configuration.

Installing a New Cisco Nexus 2000 Series Fabric Extender

With pre-provisioning, the new Fabric Extender can be fully configured before the Fabric Extender is connected to a Cisco Nexus 5000 Series switch.

Pre-provision the slot with the Fabric Extender model.
Configure the interfaces as though the Fabric Extender is connected.
Connect the Fabric Extender and wait for it to come online.

Verify that all configurations are applied correctly

Note

All configurations are applied serially in a best-effort fashion when the Fabric Extender comes online.

Synchronizing Configurations

Synchronizing Configurations After a Cisco Nexus 5000 Series Switch Reboots

If a Nexus 5000 switch reboots while a new configuration is committed on a peer switch using a switch-profile, follow these steps to synchronize the peer switches after the reload.

Reapply configurations that were changed on the peer switch during the reboot.
Enter the commit command.
Verify that the configuration is applied correctly and both peers are back synchronized.

Synchronizing Configurations When a vPC Peer-link Fails

When a peer-link fails and both switches are operational, the secondary switch would shut down its vPC ports. In a Fabric Extender A/A topology, the A/A Fabric Extender is disconnected on the secondary. If the configuration is changed in a switch-profile on the primary switch, the configuration will not be accepted on the secondary switch unless the A/A Fabric Extender is pre-provisioned. Therefore, it is recommended that all A/A Fabric Extenders be pre-provisioned when using the configuration synchronization feature.

Synchronizing Configurations When the mgmt0 Interface Connectivity is Lost

When the mgmt0 interface connectivity is lost and configuration changes are required, apply the configuration changes on both switches using the switch-profile. When connectivity to the mgmt0 interface is restored, both switches are synchronized.

If a configuration change is made only on one switch in this scenario, a merge will succeed when the mgmt0 interface comes up and the configuration gets applied on the other switch.

Synchronizing Configurations When an ISSU is Performed on One Switch and a Configuration Change is Made on the Peer Switch

In a vPC topology, configuration changes on the peer switch are not allowed when an ISSU is performed on the other switch. In topologies Without vPCs, configuration changes are allowed and the switch undergoing an ISSU will synchronize the new configurations when the upgrade is complete.

Bias-Free Language

Results

Chapter: Configuring Switch Profiles

Configuring Switch Profiles

Configuring Switch Profiles

Information About Switch Profiles

Switch Profile Configuration Modes

Configuration Synchronization Mode

Switch Profile Mode

Switch Profile Import Mode

Configuration Validation

Mutual Exclusion Checks

Merge Checks

Software Upgrades and Downgrades With Switch Profiles

Prerequisites for Switch Profiles

Configuration Guidelines and Limitations

Configuring Switch Profiles

Adding a Switch to a Switch Profile

Adding or Modifying Switch Profile Commands

Importing a Switch Profile

Importing Configurations in a vPC Topology

Verifying Commands in a Switch Profile

Isolating a Peer Switch

Deleting a Switch Profile

Deleting a Switch From a Switch Profile

Verifying the Switch Profile Configuration

Configuration Examples for Switch Profiles

Creating a Switch Profile on a Local and Peer Switch

Verifying the Synchronization Status

Showing the Running Configuration

Displaying the Switch Profile Synchronization Between the Local and the Peer Switch

Displaying the Verify and Commit on the Local and the Peer Switch

Displaying the Successful and Unsuccessful Synchronization Between the Local and the Peer Switch

Displaying the Switch Profile Buffer

Importing Configurations

Migrating to Cisco NX-OS Release 5.0(2)N1(1) Using the import Command

Migrating to Cisco NX-OS Release 5.0(2)N1(1) in a Fabric Extender A-A Topology

Migrating to Cisco NX-OS Release 5.0(2)N1(1) in a Fabric Extender Fabric Extender Straight-Through Topology

Replacing a Cisco Nexus 5000 Series Switch

Replacing a Cisco Nexus 2000 Series Fabric Extender

Replacing a Fabric Extender in an Active/Active Topology

Replacing a Fabric Extender in a Straight-Through Topology

Installing a New Cisco Nexus 2000 Series Fabric Extender

Synchronizing Configurations

Synchronizing Configurations After a Cisco Nexus 5000 Series Switch Reboots

Synchronizing Configurations When a vPC Peer-link Fails

Synchronizing Configurations When the mgmt0 Interface Connectivity is Lost

Synchronizing Configurations When an ISSU is Performed on One Switch and a Configuration Change is Made on the Peer Switch

Was this Document Helpful?

Contact Cisco