Cisco Nexus 7000 Series NX-OS System Management Command Reference
F Commands
Download this chapter
F CommandsF Commands
Download the complete book
Cisco Nexus 7000 Series NX-OS System Management Command Reference (PDF)Cisco Nexus 7000 Series NX-OS System Management Command Reference (PDF) (PDF - 11 MB)
 Feedback

Table Of Contents

F Commands

feature lldp

feature netflow

feature ntp

feature ptp

feature scheduler

filter access-group

filter vlan

filter vlan include-untagged

flow exporter

flow monitor

flow record

flow timeout


F Commands

This chapter describes the Cisco NX-OS system management commands that begin with the letter F.

feature lldp

To enable the Link Layer Discovery Protocol (LLDP) feature globally, use the feature lldp command. To disable the LLDP feature, use the no form of this command.

feature lldp

no feature lldp

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled

Command Modes

Global configuration (config)

Supported User Roles

network-admin
network-operator
vdc-admin
vdc-operator

Command History

Release
Modification

5.0(1)

This command was introduced.


Usage Guidelines

In order for LLDP to discover servers, the servers must be running openLLDP software.

LLDP must be enabled on the device before you can enable or disable it on any interfaces.

LLDP is supported only on physical interfaces. LLDP can discover up to one device per port. LLDP can discover Linux servers, if they are not using a converged network adapter (CNA); however, LLDP cannot discover other types of servers.

Make sure that you are in the correct virtual device context (VDC). To switch VDCs, use the switchto vdc command.

This command does not require a license.

Examples

This example shows how to enable the LLDP feature globally: 

switch(config)# feature lldp

switch(config)

This example shows how to disable the LLDP feature: 

switch(config)# no feature lldp

switch(config)#2010 Jan 11 01:50:33 switch %FEATURE-MGR-2-FM_AUTOCKPT_IN_PROGRESS: 
AutoCheckpoint system-fm-lldp's creation in progress...

2010 Jan 21 01:50:34 switch %FEATURE-MGR-2-FM_AUTOCKPT_SUCCEEDED: AutoCheckpoint

  created successfully

switch(config)#

Related Commands

Command
Description

show running-config lldp

Displays the global LLDP configuration.


feature netflow

To globally enable the NetFlow feature, use the feature netflow command. To disable NetfFow, use the no form of this command.

feature netflow

no feature netflow

Syntax Description

This command does not have any arguments or keywords.

Defaults

Disabled

Command Modes

Global configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

This command does not require a license.

Examples

This example shows how to enable NetFlow on a Cisco NX-OS device: 

switch(config)# configure terminal

switch(config)# feature netflow

switch(config)#

This example shows how to disable NetFlow on a Cisco NX-OS device: 

switch(config)# no feature netflow

switch(config)#

Related Commands

Command
Description

flow record

Creates a flow record and enters flow record configuration mode.

show flow record

Displays information about NetFlow flow records.


feature ntp

To enable the Network Time Protocol (NTP) on a virtual device context (VDC), use the feature ntp command. To disable NTP on a VDC, use the no form of this command.

feature ntp

no feature ntp

Syntax Description

This command does not have any arguments or keywords.

Defaults

Enabled

Command Modes

Global configuration mode

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

5.2(1)

This command was introduced.


Usage Guidelines

Make sure that you are in the correct virtual device context (VDC). To change the VDC, use the switchto vdc command.

This command does not require a license.

Examples

This example shows how to enable NTP on a VDC: 

switch# configure terminal

switch(config)# feature ntp

This example shows how to disable NTP on a VDC: 

switch# configure terminal

switch(config)# no feature ntp

Related Commands

Command
Description

ntp master

Configures the device to act as an authoritative NTP server.

ntp enable

Enables the NTP feature on a VDC.


feature ptp

To enable the Precision Time Protocol (PTP) feature on the current virtual device context (VDC), use the feature ptp command. To disable the PTP feature, use the no form of this command.

feature ptp

no feature ptp

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled

Command Modes

Global configuration mode

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

5.2(1)

This command was introduced.


Usage Guidelines

This command does not require a license.

Examples

This example shows how to enable the PTP feature on the current VDC: 

switch# configure terminal

switch(config)# feature ptp

switch(config)#

This example shows how to disable the PTP feature on the current VDC: 

switch(config)# no feature ptp 
2011 Jul  5 06:11:07 switch %FEATURE-MGR-2-FM_AUTOCKPT_IN_PROGRESS: AutoCheckpoi

nt system-fm-ptp's creation in progress...

2011 Jul  5 06:11:07 switch %FEATURE-MGR-2-FM_AUTOCKPT_SUCCEEDED: AutoCheckpoint

  created successfully

switch(config)#

Related Commands

Command
Description

ptp source

Configures the source IP address for all PTP packets.

ptp domain

Configures the domain number to use for this clock.

ptp priority1

Configures the priority1 value to use when advertising this clock.

ptp priority2

Configures the priority2 value to use when advertising this clock.

show ptp brief

Displays the PTP status.

show ptp clock

Displays the properties of the local clock.


feature scheduler

To enable the scheduling of maintenance jobs, use the feature scheduler command. To disable the scheduler, use the no form of this command.

feature scheduler

no feature scheduler

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled

Command Modes

Global configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modified

4.0(1)

This command was introduced.


Usage Guidelines

You must enable the scheduler feature before you can configure a maintenance job.

Maintenance jobs can be scheduled for one-time-only or at periodic intervals. Maintenance jobs include quality of service policy changes, data and configuration backup, and so on.

This command does not require a license.

Examples

This example shows how to enable the scheduler: 

switch# config t

switch(config)# feature scheduler 

switch(config)#

This example shows how to disable the scheduler: 

switch# config t

switch(config)# no feature scheduler 

switch(config)#

Related Commands

Command
Description

scheduler

Creates and schedules maintenance jobs.

show scheduler

Displays scheduler information.


filter access-group

To apply an access group to an Encapsulated Remote Switched Port Analyzer (ERSPAN) source session, use the filter access-group command. To remove an access group, use the no form of this command.

filter access-group acl_filter

no filter access-group acl_filter

Syntax Description

acl_filter

Access control list (ACL) name. An ACL associates the access list with the SPAN session.


Defaults

None

Command Modes

config-monitor-erspan-src

Supported User Roles

network-admin
VDC-admin

Command History

Release
Modification

5.1(1)

This command was introduced.


Usage Guidelines

Only the permit to deny actions are allowed for Encapsulated Remote Switched Port Analyzer (ERSPAN) access control list (ACL) filters.

For information about ACL-related commands, see the Cisco Nexus 7000 Series NX-OS Security Command Reference.

This command does not require a license.

Examples

This example shows how to apply an access group to an ERSPAN session: 

switch# configure terminal

switch(config)# monitor session 3 type erspan-source

switch(config-monitor-erspan-src)# filter vlan 3-5, 7

switch(config-monitor-erspan-src)# filter access-group ACL1

This example shows how to disassociate an access group to an ERSPAN session: 

switch# configure terminal

switch(config)# monitor session 3 type erspan-source

switch(config-monitor-erspan-src)# filter vlan 3-5, 7

switch(config-monitor-erspan-src)# no filter access-group ACL1

Related Commands

Command
Description

filter vlan

Applies a VLAN filter to a session.


filter vlan

To apply a VLAN access map to one or more VLANs, use the filter vlan command. To remove a VLAN access map, use the no form of this command.

filter vlan vlan_mrange [include-untagged]

no filter vlan vlan_mrange [include-untagged]

Syntax Description

vlan_mrange

Name of the VLAN access map that you want to create or configure. The range is from 1 to 3967 and from 4048 to 4093.

include-untagged

(Optional) Specifies untagged frames on a port with Layer 3 subinterfaces.


Defaults

None

Command Modes

Config-monitor configuration (config-monitor)

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

This command does not require a license.

Examples

This example shows how to apply a VLAN access map to one or more VLANs: 

switch(config)# monitor session 1

switch(config-monitor)# filter vlan 5-10 include-untagged

switch(config-monitor)#

This example shows how to remove the VLAN access map: 

switch(config-monitor)# no filter vlan 5-10 include-untagged

switch(config-monitor)#

Related Commands

Command
Description

filter vlan include-untagged

Applies a VLAN access map to one or more VLANs and includes untagged frames on a port with Layer 3 subinterfaces.


filter vlan include-untagged

To apply a VLAN access map to one or more VLANs and include untagged frames on a port with Layer 3 subinterfaces, use the filter vlan include-untagged command. To remove a VLAN access map to one or more VLANs with untagged frames on a port with Layer 3 subinterfaces, use the no form of this command.

filter vlan include-untagged

no filter vlan include-untagged

Syntax Description

This command has no arguments or keywords.

Defaults

None

Command Modes

Config-monitor configuration (config-monitor)

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

This command does not require a license.

Examples

This example shows how to apply a VLAN access map to one or more VLANs and include untagged frames on a port with Layer 3 subinterfaces: 

switch(config)# monitor session 1

switch(config-monitor)# filter vlan 1-20 include-untagged

switch(config-monitor)#

This example shows how to remove a VLAN access map to one or more VLANs with untagged frames on a port with Layer 3 subinterfaces: 

switch(config-monitor)# no filter vlan 1-20 include-untagged

switch(config-monitor)#

Related Commands

Command
Description

filter vlan

Applies a VLAN access map to one or more VLANs.


flow exporter

To create a Flexible NetFlow flow exporter or to modify an existing Flexible NetFlow flow exporter, use the flow exporter command. To remove a Flexible NetFlow flow exporter, use the no form of this command.

flow exporter exporter-name

no flow exporter exporter-name

Syntax Description

exporter-name

Name of the flow exporter that is created or modified.


Defaults

Flow exporters are not present in the configuration until you create them.

Command Modes

Global configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

Flow exporters export the data in the flow monitor cache to a remote system, such as a server running NetFlow collector, for analysis and storage. Flow exporters are created as separate entities in the configuration. Flow exporters are assigned to flow monitors to provide data export capability for the flow monitors. You can create several flow exporters and assign them to one or more flow monitors to provide several export destinations. You can create one flow exporter and apply it to several flow monitors.

Once you enter the flow export configuration mode, the prompt changes to the following: 

switch(config-flow-exporter)#

Within the flow export configuration mode, the following keywords and arguments are available to configure the flow exporters:

description description—Provides a description for this flow exporter; you can use a maximum of 63 characters.

destination {ip-addr | ipv6-addr} [use-vrf label-name]—Specifies the destination address for the collector. Enter the optional use-vrf label-name to specify a VRF. Use the following format when entering the destination address:

ip-addr—A.B.C.D

ipv6-addr—A:B::C:D

dscp value—Specifies the differentiated services code point (DSCP) value. The range is from 0 to 63.

exit—Exits from the current configuration mode.

no—Negates a command or sets its defaults.

source interface—Specifies the source interface for this destination. The valid values for interface are as follows:

ethernet mod/portSpecifies the Ethernet IEEE 802.3z interface module and port number. The ranges for the module and port number depend on the chassis used.

loopback virtual-numSpecifies the virtual interface number. The range is from 0 to 1023.

mgmt numSpecifies the management interface number. The range is from 0 to 10.

transport udp dest-port—Specifies the transport UDP destination port. The range is from 0 to 65535.

version {5 | 9}—Specifies the export version 5 or the version 9 and enters the export version configuration mode. See the version command for additional information.

This command does not require a license.

Examples

This example shows how to create a flow exporter named FLOW-EXPORTER-1, enter flow exporter configuration mode, and configure the flow exporter: 

switch(config)# flow exporter FLOW-EXPORTER-1

switch(config-flow-exporter)# description located in Pahrump, NV

switch(config-flow-exporter)# destination A.B.C.D

switch(config-flow-monitor)# dscp 32

switch(config-flow-monitor)# source ethernet 3/2

switch(config-flow-monitor)# transport udp 59

switch(config-flow-monitor)# version 5

Related Commands

Command
Description

clear flow exporter

Clears the flow monitor.

show flow exporter

Displays flow monitor status and statistics.


flow monitor

To create a Flexible NetFlow flow monitor or to modify an existing Flexible NetFlow flow monitor and enter flow monitor configuration mode, use the flow monitor command. To remove a Flexible NetFlow flow monitor, use the no form of this command.

flow monitor monitor-name

no flow monitor monitor-name

Syntax Description

monitor-name

Name of the flow monitor that is created or modified.


Defaults

Flow monitors are not present in the configuration until you create them.

Command Modes

Global configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

Flow monitors are the Flexible NetFlow component that is applied to interfaces to perform network traffic monitoring. Flow monitors consist of a record that you add to the flow monitor after you create the flow monitor and a cache that is automatically created at the time that the flow monitor is applied to the first interface. Flow data is collected from the network traffic during the monitoring process based on the key and nonkey fields in record that is configured for the flow monitor and stored in the flow monitor cache.

Once you enter the flow monitor configuration mode, the prompt changes to the following: 

switch(config-flow-monitor)#

Within the flow monitor configuration mode, the following keywords and arguments are available to configure the flow monitor:

description description—Provides a description for this flow monitor; you use a maximum of 63 characters.

exit—Exits from the current configuration mode.

exporter name—Specifies the name of an exporter to export records.

no—Negates a command or sets its defaults.

record {record-name | netflow ipv4 collection-type | netflow-original}—Specifies a flow record to use as follows:

record-name—Name of a record.

netflow ipv4 collection-typeSpecifies the traditional IPv4 NetFlow collection schemes as follows:

original-input—Specifies the traditional IPv4 input NetFlow.

original-output—Specifies the traditional IPv4 output NetFlow.

protocol-port—Specifies the protocol and ports aggregation scheme.

netflow-originalSpecifies the traditional IPv4 input NetFlow with origin autonomous systems.

The netflow-original and original-input keywords are the same and are equivalent to the following commands:

match ipv4 source address

match ipv4 destination address

match ip tos

match ip protocol

match transport source-port

match transport destination-port

match interface input

collect counter bytes

collect counter packet

collect timestamp sys-uptime first

collect timestamp sys-uptime last

collect interface output

collect transport tcp flags

collect routing next-hop address ipv4

collect routing source as

collect routing destination as

The original-output keywords are the same as the original-input keywords except for the following:

match interface output (instead of match interface input)

collect interface input (instead of collect interface output)

This command does not require a license.

Examples

This example shows how to create and configure a flow monitor named FLOW-MONITOR-1: 

switch(config)# flow monitor FLOW-MONITOR-1

switch(config-flow-monitor)# description monitor location las vegas, NV

switch(config-flow-monitor)# exporter exporter-name1

switch(config-flow-monitor)# record test-record

switch(config-flow-monitor)# netflow ipv4 original-input

Related Commands

Command
Description

clear flow monitor

Clears the flow monitor.

show flow sw-monitor

Displays flow monitor status and statistics.


flow record

To create a Flexible NetFlow flow record or to modify an existing Flexible NetFlow flow record and enter flow record configuration mode, use the flow record command. To remove a Flexible NetFlow flow record, use the no form of this command.

flow record record-name

no flow record record-name

Syntax Description

record-name

Name of the flow record that is created or modified.


Defaults

Flow records are not present in the configuration until you create them.

Command Modes

Global configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

Flexible NetFlow uses key and nonkey fields just as original NetFlow does to create and populate flows in a cache. In Flexible NetFlow, a combination of key and nonkey fields is called a record. Original NetFlow and Flexible NetFlow both use the values in key fields in IP datagrams, such as the IP source or destination address and the source or destination transport protocol port, as the criteria for determining when a new flow must be created in the cache while network traffic is being monitored. A flow is defined as a stream of packets between a given source and a given destination. New flows are created whenever NetFlow analyzes a packet that has a unique value in one of the key fields.

Once you enter the flow record configuration mode, the prompt changes to the following: 

switch(config-flow-record)#

Within the flow record configuration mode, the following keywords and arguments are available to configure the flow record:

collect—Specifies a nonkey field. See the collect command for additional information.

description description—Provides a description for this flow record; you use a maximum of 63 characters.

exit—Exits from the current configuration mode.

matchSpecifies a key field. See the match command for additional information.

no—Negates a command or sets its defaults.

Cisco NX-OS enables the following match fields by default when you create a flow record:

match interface input

match interface output

match flow direction

This command does not require a license.

Examples

This example shows how to create a flow record and enter flow record configuration mode: 

switch(config)# flow record FLOW-RECORD-1

switch(config-flow-record)#

Related Commands

Command
Description

clear flow monitor

Clears the flow monitor.

flow monitor

Creates a flow monitor.

show flow sw-monitor

Displays flow monitor status and statistics.


flow timeout

To create a Flexible NetFlow flow timeout or to modify an existing Flexible NetFlow flow timeout, use the flow timeout command. To remove a Flexible NetFlow flow timeout, use the no form of this command.

flow timeout {active seconds | aggressive threshold percentage | fast seconds threshold packets | inactive seconds | session | seconds}

no flow timeout {active seconds | aggressive threshold percentage | fast seconds threshold packets | inactive seconds | session | seconds}

Syntax Description

active seconds

Specifies the active or long timeout in seconds. The range is from 60 to 4092. The default is 1800.

aggressive threshold percentage

Specifies the percentage of the NetFlow table content. The range is from 50 to 99.

fast seconds

Specifies the fast aging timeout in seconds. The range is from 32 to 512. The default is not supported.

threshold packets

Specifies the packet threshold for a flow timeout in packets. The range is from 1 to 4000. The default is not supported.

inactive seconds

Specifies the inactive or normal timeout in seconds. The range is from 15 to 4092. The default is 15.

session

Enables TCP session aging.

seconds

Flush timeout value in seconds for F2 Series modules. The range is from 5 to 60 seconds.


Defaults

The default settings are as follows:

Active timeout—1800 seconds

Aggressive aging timeout—Disabled

Fast timeout—Disabled

Inactive timeout—15 seconds

Session aging timeout—Disabled

Flush cache timeout - 15 seconds (enabled only on F2)

Command Modes

Global configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

6.1(2)

Added the seconds argument for the syntax description and also the note.

4.0(1)

This command was introduced.


Usage Guidelines

The active timeout is the amount of time to wait before sending flow information about an active session. The flow is not removed from the cache after this timeout; however, the packet count, byte count, and timestamps are reset.

The aggressive timeout only affects hardware caches and is used when flows are being received faster than expected. If flows are being received faster than the threshold, they are aged out of the cache.

The fast timeout specifies when an inactive flow should be aged out.

The inactive timeout is used for Transmission Control Protocol (TCP) sessions that receive no more data from the sender (FIN) followed by an acknowledgment field is significant (ACK) or a reset (RST) packet being received. The inactive timeout indicates the session is over and the flow can be aged out.

Note Only the flow timeout seconds command is supported for F2 Series modules. All of the other NetFlow timeout commands are supported for M Series modules only.

This command does not require a license.

Examples

This example shows how to specify the active or long timeout value in seconds for the F1 and M1 Series modules: 

switch(config)# flow timeout active 45

switch(config)#

This example shows how to specify the percentage of the NetFlow table content: 

switch(config)# flow timeout aggressive threshold 45

switch(config)#

This example shows how to specify the fast aging timeout in seconds: 

switch(config)# flow timeout fast 30 threshold 20

switch(config)#

This example shows how to specify the inactive or normal timeout in seconds: 

switch(config)# flow timeout inactive 45

switch(config)#

This example shows how to specify the flush cache timeout in seconds for F2 Series module: 

switch(config)# flow timeout 45

switch(config)#

Related Commands

Command
Description

flow record

Creates a flow exporter.

clear flow monitor

Clears the flow monitor.

flow monitor

Creates a flow monitor.

show flow sw-monitor

Displays flow monitor status and statistics.