Configuring Cisco Nexus 9000 Series Switches

Beginning with Release 3.10.1, Cisco Nexus Data Broker (NDB) has been renamed to Cisco Nexus Dashboard Data Broker. However, some instances of NDB are present in this document, to correspond with the GUI, and installation folder structure. References of NDB/ Nexus Data Broker/ Nexus Dashboard Data Broker can be used interchangeably.

This chapter contains the following sections:

Guidelines and Limitations for Cisco Nexus 9000 Series Switches

See the following guidelines and limitations for configuring Cisco Nexus 9000 Series switches through Cisco Nexus Dashboard Data Broker.

  • Cisco Nexus Dashboard Data Broker supports NX-API protocol for Cisco Nexus 9000 series family of switches.

  • Tap aggregation is supported on Cisco Nexus 9500 platform switches with N9K-X9700-EX and N9K-X9700-FX line card.

  • To enable tap aggregration on N9K-X9700-EX and N9K-X9700-FX line cards, configure hardware acl tap-agg globally on the Cisco Nexus 9500 switches.

  • The devices that are going to provisioned by Cisco Nexus Dashboard Data Broker are assumed to have LLDP enabled and the LLDP feature should not be disabled during the device association with Cisco Nexus Dashboard Data Broker. If the LLDP feature is disabled, there might be an inconsistency in Cisco Nexus Dashboard Data Broker that cannot be fixed without device deletion and re-addition.

  • Cisco Nexus Dashboard Data Broker assumes that the device interfaces configured by the port definitions are L2 switch ports and these interfaces have device configurations as switchport trunk by default.

  • Prior to deploying the Cisco Nexus 9000 Series switches for Tap/SPAN aggregation through Cisco Nexus Dashboard Data Broker with NX-API mode, the following configurations should be completed:

    • Configure the ACL TCAM region size for IPV4 port ACLs or MAC port ACLs.

    • Enable NX-API feature in the switch using the feature nxapi command.

    • Configure switchport mode trunk on all the inter-switch ports and the port-channels.

Configuring TCAM Hardware Sizing on Cisco Nexus 9000 Series Switches

The TCAM configuration is based on the filtering requirement. You may need to configure multiple TCAM entries based on your filtering requirement. Complete these steps to configure a TCAM:

SUMMARY STEPS

  1. Use the hardware access-list tcam region <region> <tcam-size> command to configure the following TCAM regions:

DETAILED STEPS

Command or Action Purpose

Use the hardware access-list tcam region <region> <tcam-size> command to configure the following TCAM regions: 


NAT ACL[nat] size =    0
Ingress PACL [ing-ifacl] size = 1024
VACL [vacl] size =    0
Ingress RACL [ing-racl] size =    0
Ingress L2 QOS [ing-l2-qos] size =  256
Ingress L3/VLAN QOS [ing-l3-vlan-qos] size =    0
Ingress SUP [ing-sup] size =  512
Ingress L2 SPAN filter [ing-l2-span-filter] size =  256
Ingress L3 SPAN filter [ing-l3-span-filter] size =    0
Ingress FSTAT [ing-fstat] size =    0
span [span] size =  512
Egress RACL [egr-racl] size = 1792
Egress SUP [egr-sup] size =  256
Ingress Redirect [ing-redirect] size =  512
Egress L2 QOS [egr-l2-qos] size =    0
Egress L3/VLAN QOS [egr-l3-vlan-qos] size =    0
Ingress Netflow/Analytics [ing-netflow] size =  512
Ingress NBM [ing-nbm] size =    0
TCP NAT ACL[tcp-nat] size =    0
Egress sup control plane[egr-copp] size =    0
Ingress Flow Redirect [ing-flow-redirect] size =    0
Ingress PACL IPv4 Lite [ing-ifacl-ipv4-lite] size =    0
Ingress PACL IPv6 Lite [ing-ifacl-ipv6-lite] size =    0
MCAST NAT ACL[mcast-nat] size =    0
Ingress PACL Super Bridge [ing-pacl-sb] size = 1024
Ingress Storm Control [ing-storm-control] size =    0
Ingress VACL redirect [ing-vacl-nh] size =    0
Egress PACL [egr-ifacl] size =    0

See the Cisco Nexus 9000 Series NX-OS Security Configuration Guide for the step-by-step TCAM hardware sizing configuration on Cisco Nexus 9000 Series Switches.

Note

 

Cisco Nexus Dashboard Data Broker in OpenFlow mode supports Ethernet MAC source and destination addresses as match capabilities only when the OpenFlow TCAM region is configured as double wide (for example, hardware access-list tcam region openflow 512 double-wide). If the OpenFlow TCAM region is configured as non double wide, only ether type match is supported as match capabilities.

Enabling Cisco NX-API on Cisco Nexus 9000 Series Switches Using CLI

You can now manage multiple Cisco Nexus 9000 Series switches that are connected in a topology. Cisco Nexus Dashboard Data Broker plugin can discover the switch interconnections using LLDP and update the topology services within Cisco Nexus Dashboard Data Broker. The switch interconnections can be a physical link or a port-channel interface. The topology displays only the interconnections between Cisco Nexus 9000 Series switches that are added to the NDB device list. The topology interconnection is displayed in the GUI.

Complete the following steps for enabling Cisco NX-API on Cisco Nexus 9000 Series switches:

Procedure

  Command or Action Purpose

Step 1

Enable the management interface.

Enable the management interface on the switch.

Step 2

switch# conf t

Enter the configuration mode.

Step 3

switch (config) # feature nxapi

Enable the NX-API feature.

Step 4

switch (config) # nxapi http port 80

Configure the HTTP port.

Step 5

switch (config) # nxapi https port 443

Configure the HTTPS port.

For the step-by-step configuration information for enabling the NX-API feature on Cisco Nexus 9000 Series switches, see the Cisco Nexus 9000 Series NX-OS Programmability Guide.

Enabling Switch Port Mode as Trunk on the Inter-switch Ports and Port Channels

Complete the following steps to enable the switch port mode on the inter-switch ports and port-channels:

Procedure

  Command or Action Purpose

Step 1

switch(config)# config t

Enables the configuration mode.

Step 2

switch(config)# interface {{type slot/port} | {port-channel number}}

Specifies an interface to configure.

Step 3

switch(config-if)# switchport mode {access | trunk}

Configures the switchport mode as access or trunk on the inter-switch ports and the port-channels.

Step 4

switch(config)# exit

Exits the configuration mode.