Working with Inventory in Your Nexus Dashboard LAN or IPFM Fabrics

Choose Switches > Actions > Add Switches.

The Add Switches page appears with default tabs.

Choose the Bootstrap(POAP) radio button.

As mentioned earlier, Nexus Dashboard retrieves the serial number, model number, and version from the device and displays them on the Inventory Management along window. Also, an option to add the IP address, hostname, and password are made available. If the switch information is not retrieved, refresh the page.

At the top left part of the page, export and import options are provided to export and import the .csv file that contains the switch information. You can pre-provision devices using the import option as well.

For pre-provisioned and bootstrap switches, dummy values can be added for the serial number. After configuring the network successfully, serial number can be changed with the appropriate number of the switch on the Switches tab.

You can change the serial number only for Nexus 9000 series switches.

Select the checkbox next to the switch and enter the switch credentials: IP address and host name.

Based on the IP address of your device, you can either add the IPv4 or IPv6 address in the IP Address field.

You can provision devices in advance. To pre-provision devices, see Pre-provision a device.

In the Admin Password and Confirm Admin Password fields, enter and confirm the admin password.

This admin password is applicable for all the switches displayed on the POAP page.

You can specify a new user. Choose the radio button Specify a new user, enter a Username and Password, and choose Authentication Protocol from the drop-down list.

If you do not want to use admin credentials to discover switches, you can instead use the AAA authentication, that is, RADIUS or TACACS credentials for discovery only.

(Optional) Use discovery credentials for discovering switches.

Click the Bootstrap option at the top right part of the screen.

Nexus Dashboard provisions the management IP address and other credentials to the switch. In this simplified POAP process, all ports are opened up.

Click Refresh to get updated information. The added switch goes through the POAP cycle. Monitor and check the switch for POAP completion.

After the added switch completes POAP, the fabric builder topology page is refreshed with the added switch thereby depicting its discovered physical connections. Set the appropriate role for the switch followed by a Deploy Config operation at the fabric level. The Edit fabric settings, switch role, the topology, and so on are evaluated by Nexus Dashboard and the appropriate intended configuration for the switch is generated as part of the Save operation. The pending configuration will provide a list of the configurations that need to be deployed to the new switch in order to bring it IN-SYNC with the intent.

For any changes on the fabric that result in an Out-of-Sync status, then you must deploy the changes. The process is the same as explained in the Discover existing switches.

During fabric creation, if you have entered AAA server information (in the Manageability tab), you must update the AAA server password on each switch. Otherwise, switch discovery fails.

When discovering devices using SNMP, if you have configured an AAA server for authentication, the command sync-snmp-password <password> <username> is run on the switch through Nexus Dashboard to generate a cached user. The authentication uses MD5, by default. You must specify the SNMPv3 authentication and privacy protocol attributes in the switch AV pair as follows:

snmpv3:auth=SHA priv=AES-128

After the pending configurations are deployed, the Progress column displays 100% for all switches.

Click Close to return to the fabric builder topology.

Click Refresh Topology to view the update. All switches must be in green color indicating that they are functional.

The switch and the link are discovered in Nexus Dashboard. Configurations are built based on various policies (such as fabric, topology, and switch generated policies). The switch image (and other required) configurations are enabled on the switch.

In Nexus Dashboard, the discovered switches can be seen in the standalone fabric topology. Up to this step, the POAP is completed with the basic settings. You must set up interfaces using the Manage > Inventory > Switches page.

Choose a switch to open the Switch Overview page. On the Switches Overview tab, click the Interface tab for any additional configurations, but not limited to the following:

After you click Add Switches, click Discover Switches to add one or more existing switches into the fabric.

In this case, a switch with known credentials and a pre-provisioned IP address, is added to the fabric.

Enter the IP address in the Seed IP field.

The Authentication/Privacy field is selected by default.

If you haven’t configured credential store, in the Local tab, enter the Username and Password of the switch.

If you have configured credential store, in the Credential Store tab, enter the credential store key.

You will see the Credential Store tab only if you configured system certificate and mapped to CyberArk feature. For more information on CA certificates and credential store, see Managing Certificates in your Nexus Dashboard and Configuring Users and Security.

Choose Set as individual device write credential check box to set Discovery/Read credentials as LAN/Write credential for individual devices.

The Max Hops field is set to 2 by default.

The Preserve Config check box is chosen by default.

Check the Preserve Config check box for a brownfield import of a device into the fabric. For a greenfield import where the device configuration will be cleaned up as a part of the import process, uncheck the Preserve Config check box.

Routed fabric does not support brownfield import of a device into the fabric.

Click Discover Switches.

The Add Switches page appears. Since the Max Hops field was populated with 2 (by default), the switch with the specified IP address (leaf-91) and switches two hops from that switch, are populated in the Add Switches result.

If Nexus Dashboard was able to perform a successful shallow discovery to a switch, the status column shows as Manageable. Choose the check box next to the appropriate switch(es) and click Add Switches.

Though this example describes the discovery of one switch, multiple switches can be discovered at once.

The switch discovery process is initiated. The Progress column displays progress for all the selected switches. It displays done for each switch on completion.

You must not close the screen (and try to add switches again) until all selected switches are imported or an error message comes up.

If an error message comes up, close the screen. The fabric topology screen comes up. The error messages are displayed at the top right part of the screen. Resolve the errors wherever applicable and initiate the import process again by clicking Add Switches in the Actions panel.

Nexus Dashboard discovers all the switches, and the Progress column displays done for all switches, close the screen. The Standalone fabric topology page comes up again. The switch icons of the added switches are displayed in it.

You will encounter the following errors during switch discovery sometimes.

Click Refresh topology to view the latest topology view.

When all switches are added and roles assigned to them, the fabric topology contains the switches and connections between them.

After discovering the devices, assign an appropriate role to each device. For more information on roles, see Assign switch roles.

If you choose the Hierarchical layout for display (in the Actions panel), the topology automatically gets aligned as per role assignment, with the leaf devices at the bottom, the spine devices connected on top of them, and the border devices at the top.

Assign vPC switch role - To designate a pair of switches as a vPC switch pair, right-click the switch and choose the vPC peer switch from the list of switches.

AAA server password - During fabric creation, if you have entered AAA server information (in the Manageability tab), you must update the AAA server password on each switch. Else, switch discovery fails.

When a new vPC pair is created and deployed successfully using Nexus Dashboard, one of the peers might be out-of-sync for the no ip redirects CLI even if the command exists on the switch. This out-of-sync is due to a delay on the switch to display the CLI in the running configuration, which causes a diff in the configuration compliance. Re-sync the switches in the Config Deployment page to resolve the diff.

Click Save.

The template and interface configurations form the underlay network configuration on the switches. Also, freeform CLIs that were entered as part of fabric settings (leaf and spine switch freeform configurations entered in the Advanced tab) are deployed.

Configuration Compliance: If the provisioned configurations and switch configurations do not match, the Status column displays out-of-sync. For example, if you enable a function on the switch manually through a CLI, then it results in a configuration mismatch.

To ensure configurations provisioned from Nexus Dashboard to the fabric are accurate or to detect any deviations (such as out-of-band changes), Nexus Dashboard’s Configuration Compliance engine reports and provides necessary remediation configurations.

When you click Deploy Config, the Config Deployment page appears.

If the status is out-of-sync, it suggests that there is inconsistency between Nexus Dashboard and configuration on the device.

The Re-sync button is displayed for each switch in the Re-sync column. Use this option to resynchronize Nexus Dashboard state when there is a large scale out-of-band change, or if configuration changes do not register in Nexus Dashboardproperly. The re-sync operation does a full CC run for the switch and recollects "show run" and "show run all" commands from the switch. When you initiate the re-sync process, a progress message is displayed on the screen. During the re-sync, the running configuration is taken from the switch. The Out-of-Sync/In-Sync status for the switch is recalculated based on the intent defined in Nexus Dashboard.

Click the Preview Config column entry (updated with a specific number of lines). The Config Preview page comes up.

The Pending Config tab displays the pending configurations for successful deployment.

The Side-by-side Comparison tab displays the current configurations and expected configurations together.

Multi-line banner motd configuration can be configured in Nexus Dashboard with freeform configuration policy, either per switch using switch_freeform, or per fabric using leaf/spine freeform configuration. Note that after the multi-line banner motd is configured, deploy the policy by executing the Deploy Config option in the (top right part of the) fabric topology screen. Else, the policy may not be deployed properly on the switch. The banner policy is only to configure single-line banner configuration. Also, you can only create one banner related freeform configuration/policy. Multiple policies for configuring banner motd are not supported.

Close the page.

After successful configuration provisioning (when all switches display a progress of 100%), close the screen.

The fabric topology is displayed. The switch icons turn green to indicate successful configuration.

If a switch icon is in red color, it indicates that the switch and Nexus Dashboard configurations are not in sync. When deployment is pending on a switch, the switch is displayed in blue color. The pending state indicates that there is a pending deployment or pending recomputation. You can click on the switch and review the pending deployments using the Preview or Deploy Config options, or click Deploy Config to recompute the state of the switch.

If there are any warning or errors in the CLI execution, a notification appears on the Fabric builder page. Warnings or errors that are auto-resolvable have the Resolve option.

An example of the Deploy Config option usage is for switch-level freeform configurations.

Click Manage > Fabrics.

Click a supported fabric type.

The Fabric: fabric-name page appears.

Click Inventory > Switches.

Click Actions > Add Switches.

The Add Switches - Fabric: fabric-name page appears.

Click the Bootstrap radio button.

Enter the admin password in the Admin password field in the Switch Credentials area of the page.

Choose one of the discovery options, Admin user and supplied password or Specify a new user.

If you choose Specify a new user, you will see Local and Credential Store tabs.

Choose a required switch.

Click Edit.

The Edit bootstrap switch dialog appears.

Enter the required details.

Click Save.

Choose the switch.

Click Import Selected Switches.

Click on the fabric containing the pre-provisioned device from the Manage > Fabrics page.

The Fabric Overview page appears.

Navigate to Connectivity > Interfaces.

On the Interfaces tab, click Actions > Create interface.

The Create interface page appears.

Enter all the required details on the Create interface page.

You cannot add an Ethernet interface to an already managed device.

Click Save.

Click Preview to check the expected configuration that will be deployed to the switch after it is added.

The Deploy button is disabled for Ethernet interfaces since the devices are pre-provisioned.

Import both the devices into the fabric. For more information, refer Pre-provision a device.

Two Cisco Nexus 9000 series devices that are pre-provisioned are added to an existing fabric.

Choose Add Switches from the Actions drop-down list.

On the Inventory Management page, click PowerOn Auto Provisioning (POAP).

The devices show up in the fabric as gray or undiscovered devices.

Right click and select appropriate roles for these devices similar to other reachable devices.

To create vPC pairing between the devices with physical peer-link or MCT, perform the following steps:

Choose Manage > Fabrics > Connectivity > Interfaces to pre-provision ethernet interfaces.

For more information, see Pre-provision an Ethernet interface.

Create physical Ethernet interfaces on the pre-provisioned devices.

Add a vPC host interface similar to a regular vPC pair of switches. For more information, see Pre-provision an Ethernet interface.

For example, leaf1-leaf2 might represent a pre-provisioned vPC device pair, assuming that the Ethernet interface 1/1 is already pre-provisioned on both the leaf1 and leaf2 devices.

Create a vPC host trunk interface.

Nexus Dashboard creates the vPC host interface and displays a status as Not discovered.

The Preview and Deploy actions won’t yield a result because both require the device to be present.

On the Fabric Overview page, click the Configuration Policies tab and choose Actions > Edit policy.

View the entire intent generated for the pre-provisioned device, including the overlay network and VRF attachment information. For more information on configuration policies, see Working with Configuration Policies for Your Nexus Dashboard LAN or IPFM Fabrics.

Choose the required switch and choose Actions > Discovery > Update Credentials.

The Update Discovery Credentials page appears.

On the Update Discovery Credentials page, enter the discovery credentials such as discovery username and password.

Click Update to save the discovery credentials.

If you do not provide the discovery credentials, Nexus Dashboard uses the admin user and password to discover the switches.

Choose required switch, choose Actions > Discovery > Update VRF.

The Update Discovery VRF window appears.

In the Update Discovery VRF window, choose New VRF and Interface from drop-down list.

Click OK to save new VRF details.

On the Nexus Dashboard UI, choose Manage > Inventory.

Choose the switch(es) for which you want to clear the SSH host keys.

Choose Switch Actions > Discovery > Clear SSH Host keys.

The Clear SSH Host keys action causes flushing of the SSH host keys associated with the chosen devices and appropriate confirmation notifications are displayed on the page.

Choose the switches with SSH Host Key Mismatch state from the switches table and choose Switch Action > Discovery > Rediscover

Right-click a vPC switch and choose vPC Pairing.

The vPC peer dialog box comes up.

Update the field(s) as needed.

When you update a field, the Unpair icon changes to Save.

Click Save to complete the update.

After creating a vPC pair, you can view vPC details on the vPC Overview page.

Right-click a vPC switch and choose vPC Pairing.

The vPC peer page comes up.

Click Unpair at the bottom right part of the page.

The vPC pair is deleted and the fabric topology page appears.

Click Deploy Config.

(Optional) Click the value under the Recalculate Config column.

View the pending configuration in the Config Preview dialog box. The following configuration details are deleted on the switch when you unpair: vPC feature, vPC domain, vPC peerlink, vPC peerlink member ports, loopback secondary IPs, and host vPCs. However, the host vPCs and port channels are not removed. Delete these port channels from the Interfaces window if required.

Enable the Wait for switch mode change to maintenance on deploy option from the Fabric Overview > Switches page or from the Actions drop-down list on the Manage > Inventory > Switches page.

Alternatively, you can click the View in topology option on the Fabric Overview page to access a switch on the Topology page.

You can then right-click on the switch from the Topology page and click Maintenance > Change Mode to access the Change Mode dialog box.

Navigate to Manage > Fabrics.

Click on a Data Center VXLAN EVPN fabric.

The Fabric Overview page appears.

Click the Inventory > Switches tab.

Click the check box for the switch you want to change modes for.

Click Actions > Maintenance > Change Mode.

The Change Mode dialog box appears.

Click Maintenance from the drop-down list to change to maintenance mode or click Normal to change to normal mode.

Click the Wait for switch mode change to maintenance on deploy check box.

Click the Deploy Now button to change the switch mode.

Because you enabled the Wait for switch mode change to maintenance on deploy check box, the Deploy later option is grayed out. Nexus Dashboard retains the last action of the user for this check box.

It may take two to three minutes for the change-mode process to complete.

Click the check box for the required switch.

Click Actions > Maintenance > Provision RMA.

The Provision RMA - switch_name page appears.

Enter the admin password in the Admin password field in the Switch Credentials area of the page.

The Provision RMA page shows the replacement device 5-10 minutes after it is powered on.

Choose one of the discovery options, Admin user and supplied password or Specicy a new user.

If you choose Specify a new user, you will see Local and Credential Store tabs.

Click the check box for the required switch.

Click Actions > Maintenance > Copy Run Start.

The Copy Running Config to Startup Config page appears.

The Progress column shows the process in progress and the Status Description column shows the deployment status.

A confirmation dialog box appears.

Click OK.

The status description column displays Deployment completed and the progress column displays in green.

Click Close to close this page.

To reload the required switch, click Actions > Maintenance > Reload.

A confirmation dialog box appears.

Click Confirm.

Click Actions > Maintenance > Restore Switch.

The Restore Switch page appears and you are in the Select a Backup tab.

The Select a Backup tab displays the fabric backup details. It includes the following information:

You can choose the automatic, manual, or golden backup. These backups are color-coded. Automatic backups are indicated in blue color.

Manual backups are indicated in midnight blue color. Golden backups are indicated in orange color. The automatic backups have only the versions in their names. Whereas the manual backups have tag names, which you gave when you initiated a manual backup, along with the version in the backup name. Hover over a backup to see the name.

You can now mark the backups that you don’t want to delete even after you reach the archiving limit. These backups are the golden backups. You can’t delete golden backups of fabrics. However, Nexus Dashboard archives only up to 10 golden backups.

Click the radio button for the required backup to mark it as golden.

Click Actions > Mark as golden.

A confirmation dialog box appears.

Click Confirm.

Click the radio button for backup to delete from the golden backup.

Click Actions > Remove as golden.

A confirmation dialog box appears.

Click Confirm.

Most of this information is at the fabric level, and may or may not directly impact the proceedings of the switch-level restore.

Click Next to move to the Restore Preview step.

You can view information about the switch name, switch serial, IP address, status, restore supported, delta configuration, and the VRF details.

(Optional) Click Get Config to preview the device configuration details.

The Config Preview dialog appears, which has the following three tabs.

Click Restore Intent to proceed to the Restore Status step in restoring.

The restore status and description appears for the switch.

Click Finish after the restore process is complete.

Choose Actions > Maintenance > Exec Commands.

The Switch show commands page appears.

From the Template drop-down list, click exec_freeform or exec_elam_capture.

Enter the commands in the Freeform CLI for exec_freeform and the required IP addresses.

Click Deploy to run the EXEC commands.

On the CLI Execution Status page, you can check the status of the deployment.

Click Detailed Status under the Command column to view the details.

On the Command Execution Details page, click the information under the the CLI Response column to view the output or the response.

Click Actions > Delete Switch(es).

A confirmation dialog box appears.

Click Confirm.

Choose Manage > Inventory.

Click a switch to open the Switch Overview page.

Click Hardware > Modules.

The Modules tab displays with a list of all of your switches.

You can view the required information in table format.

Enter filter criteria in Filter by Attributes.

You can view the following information.

You can view the following information on the Bootflash tab.

You can filter by these attributes.

Choose Actions > Delete to delete files to increase the available space on the switch.

When you delete files, the file details in this page are updated every 24 hours or when you perform an upload or recalculate compliance operations in Fabric Software. For more information, see Managing Your Fabric Software.

You can view the following information on the FEX tab.

You can filter by these attributes.

Field	Description
Fex Id	Uniquely identifies an FEX that is connected to a Cisco NX-OS device.
Fex Desc	Displays the description configured for the FEX.
Fex Version	Specifies the version of the FEX that is associated with the switch.
Fex Pin	Displays the integer value that denotes the maximum pinning uplinks of the FEX that is active at the time.
State	Specifies the status of the FEX as associated with the Cisco Nexus switch.
Model	Displays the model of the FEX.
Serial No	Displays the serial number of the FEX. If this configured serial number and the serial number of the FEX are not the same, the FEX is not active.
Port Channel	Specifies the port channel number to which the FEX is physically connected to the switch.
Ethernet	Specifies the physical interfaces to which the FEX is connected.
vPC ID	Specifies the vPC ID configured for the FEX.

Choose Actions > Show Command to

Choose Manage > Fabrics.

Choose the fabric, and select Edit Fabric Settings from the Actions drop-down list.

(If you are creating a fabric for the first time, click Create Fabric).

Click Fabric Management.

Click Advanced and update the following fields:

Click Save. The fabric topology screen comes up.

Click Recalculate and deploy from the Actions drop-down list to save and deploy the configurations.

Configuration Compliance functionality ensures that the intended configuration as expressed by those CLIs are present on the switches and if they are removed or there is a mismatch, then Nexus Dashboard flags it as a mismatch and indicates that the device is out-of-sync.

Choose Manage > Fabrics.

Click the necessary fabric in the Name column.

The Overview page for that fabric appears.

Choose Configuration Policies > Policies.

Click Actions > Add policy.

The Create Policy screen comes up.

To provision freeform CLIs on a new fabric, you have to create a fabric, import switches into it, and then deploy freeform CLIs.

Choose the switch where you want to deploy the freeform CLIs, then click Next.

In the Priority field, the priority is set to 500 by default. You can choose a higher priority (by specifying a lower number) for CLIs that need to appear higher up during deployment. For example, a command to enable a feature should appear earlier in the list of commands.

In the Description field, provide a description for the policy.

From the Template Name field, choose freeform_policy.

Add or update the CLIs in the Switch Freeform Config box.

Copy-paste the intended configuration with the correct indentation, as seen in the running configuration on the Nexus switches. For more information, see Resolve freeform config errors in switches.

Click Save.

After the policy is saved, it gets added to the intended configurations for that switch.

From the fabric Overview page, click Inventory > Switches and choose the required switches.

On the Switches tab, click Actions > Deploy.