Switch Profiles

Overview

Configuration synchronization (config-sync) is a feature that enables consistent configuration across network devices by automatically synchronizing a switch profile to its peer switch.

  • Allows configurations to be synchronized between switches.

  • Merges configurations when connectivity is established between two switches.

  • Provides control of exactly which configuration gets synchronized.

  • Ensures configuration consistency across peers through merge and mutual-exclusion checks.

  • Provides verify and commit semantics.

  • Allows for migrating existing vPC configurations to a switch profile.

Configuration Modes

The switch profile feature includes the following configuration modes:

  • Configuration synchronization mode (config-sync)

  • Switch profile mode (config-sync-sp)

  • Switch profile import mode (config-sync-sp-import)

Configuration Synchronization Mode

The configuration synchronization mode (config-sync) allows you to create switch profiles.

Switch Profile Mode

The switch profile mode (config-sync-sp) allows you to add supported configuration commands to a switch profile temporary buffer that is later synchronized with a peer switch. Commands that you enter in the switch profile mode are not executed until you enter the commit command. Although the syntax of the commands are validated when you enter them, there is no guarantee that the commands will be successful when you enter the commit command.

Switch Profile Import Mode

The switch profile import mode (config-sync-sp-import) allows you to import existing switch configurations from the running configuration to a switch profile and specify which commands you want to include in that profile. This option is especially useful when you upgrade from a Cisco NX-OS release that does not support switch profiles to a release that does.

Cisco recommends that you import the necessary configurations from the running configuration using the switch profile import mode and commit the changes before making any additional changes in the switch profile or global configuration mode. Otherwise, you might jeopardize the import, requiring you to abandon the current import session and perform the process again. For more information, see Import Switch Profile.

Configuration Validation

Two types of configuration validation checks can identify switch profile failures:

  • Mutual exclusion checks

  • Merge checks

Mutual Exclusion Checks

The mutual exclusion of configuration commands is enforced in order to avoid duplicate commands in the config-sync and global configuration modes. When you commit the configuration of a switch profile, mutual exclusion (mutex) checks are performed on the local switch as well as the peer switch (if configured). If no failures are reported on both switches, the commit is accepted and pushed into the running configuration.

A command that is included in a switch profile cannot be configured outside of the switch profile.

If a mutex check identifies errors, they are reported as mutex failures, and they must be manually corrected. For details, see Manual Correction for Mutex and Merge Failures.

The following exceptions apply to the mutual exclusion policy:

  • Interface configuration—An interface configuration can be partially present in a switch profile and partially present in the running configuration as long as there are no conflicts.

  • Shutdown/no shutdown

  • System QoS

Merge Checks

Merge checks are done on the peer switch that is receiving a configuration. The merge checks ensure that the received configuration does not conflict with the switch profile configuration that already exists on the receiving switch. The merge check occurs during the verify or commit process. Errors are reported as merge failures and must be manually corrected. For details, see Manual Correction for Mutex and Merge Failures.

When one or both switches are reloaded and the configurations are synchronized for the first time, the merge check verifies that the switch profile configurations are identical on both switches. Differences in the switch profiles are reported as merge errors and must be manually corrected.

Software Upgrades and Downgrades

You must delete the switch profile when downgrading from a Cisco NX-OS release that supports switch profiles to a release that does not.

When you upgrade from an earlier release to a Cisco NX-OS release that supports switch profiles, you have the option to move some of the running-configuration commands to a switch profile. For details, see Switch Profile Import Mode.

An upgrade can occur if there are buffered (uncommitted) configurations; however, the uncommitted configurations will be lost.

Guidelines and Limitations

Switch profiles have the following configuration guidelines and limitations:

General Guidelines

  1. Beginning with Cisco NX-OS Release 9.3(3), the mtu command is supported in the interface configuration mode through the switch-profiles configuration mode.

  2. You can only enable configuration synchronization using the mgmt0 interface.

  3. You must configure synchronized peers with the same switch profile name.

  4. Commands that are qualified for a switch profile configuration are allowed to be configured in the configuration switch profile mode (config-sync-sp).

  5. Only one switch profile session can be in progress at a time. Attempts to start another session will fail.

  6. Command changes made from the global configuration mode are blocked when a switch profile session is in progress.

  7. When you enter the commit command and a peer switch is reachable, the configuration is applied to both peer switches or neither switch. If a commit failure occurs, the commands remain in the switch profile buffer. You can then make necessary corrections and try the commit again.

Supported Features

  • Switch profiles are supported only on Cisco Nexus 9300 Series switches. Cisco Nexus 9500 Series switches do not support switch profiles.

  • Supported switch profile commands relate to vPC commands.

  • Layer 3 commands are not supported.

Configuration-Synchronization in a Virtual Peer-Link Environment Guidelines

  • To initiate a config-sync session with a virtual peer link, be sure to configure a loopback IP address instead of a management IP address between the peer switches.

  • You cannot perform a configuration synchronization between a multichassis EtherChannel trunk (MCT) configuration and a virtual peer-link configuration. This config-sync operation is not supported.

Configuration-Synchronization Guidelines

  • Port-channels created in the switch profile mode should not be configured using global configuration (config terminal) mode.

  • If a port-channel is created in global configuration mode, channel groups including member interfaces must also be created using global configuration mode.

  • Port-channels that are configured within the switch profile mode may have members both inside and outside of a switch profile.

  • If you want to import a member interface to a switch profile, the port-channel that corresponds with the member interface must also be present within the switch profile.

  • For "no system default switchport" configuration at global level, the "switchport" command under port-channel is also considered for mutual exclusion.

  • The configuration synchronization ( config-sync ) mode is an L2 mode parallel to the config-terminal mode ( config t ). Config-sync uses the switch-profile to update config t mode in the same switch as well as the peer switch. To prevent sync issues in switch-profile mode, Cisco recommends that you perform a commit action after each CLI command before overriding, or replacing the current CLI command.

    For example, if you want to overwrite CLI_command_A and change it to CLI_command_B , commit CLI_command_A first, then configure CLI_command_B and perform another commit action. 

    switch# conf sync
Enter configuration commands, one per line. End with CNTL/Z.
switch(config-sync)# switch-profile test
Resyncing db before starting Switch-profile.Re-synchronization of switch-profile db takes a few minutes...
Re-synchronize switch-profile db completed successfully.
Switch-Profile started, Profile ID is 1
switch(config-sync-sp)#
switch(config-sync-sp)# int e 1/3
switch(config-sync-sp-if)# switchport trunk allowed vlan 100-150
switch(config-sync-sp-if)# commit
Verification successful...
Proceeding to apply configuration. This might take a while depending on amount of configuration in buffer.
Please avoid other configuration changes during this time.
Commit Successful
switch(config-sync)#
switch(config-sync)# switch-profile test
Resyncing db before starting Switch-profile.Re-synchronization of switch-profile db takes a few minutes...
Re-synchronize switch-profile db completed successfully.
Switch-Profile started, Profile ID is 1
switch(config-sync-sp)#
switch(config-sync-sp)# int e 1/3
switch(config-sync-sp-if)# switchport trunk allowed vlan 45-90
switch(config-sync-sp-if)# commit
Verification successful...
Proceeding to apply configuration. This might take a while depending on amount of configuration in buffer.
Please avoid other configuration changes during this time.
Commit Successful
switch(config-sync)# end
switch#

Configure Switch Profile

You can create and configure a switch profile on the local switch and then add a second switch that will be included in the synchronization.

You must create the switch profile with the same name on each switch, and the switches must configure each other as a peer. When connectivity is established between switches with the same active switch profile, the switch profiles are synchronized.

Procedure

Step 1

Enter global configuration mode using the command configure terminal and enable Cisco Fabric Services (CFS) distribution between the peer switches using the command cfs ipv4 distribute

Example:

switch# configure terminal
		switch(config)#

Example:

switch(config)# cfs ipv4 distribute

Step 2

Enter the configuration synchronization mode using the command config sync

Example:

switch(config)# config sync
		switch(config-sync)#

Step 3

Configure the switch profile, names the switch profile, and enters the switch profile configuration mode using the command switch-profile name

Example:

switch(config-sync)# switch-profile abc
	switch(config-sync-sp)#

Step 4

Add a switch to the switch profile using the command [ no ] sync-peers destination ip-address

Example:

switch(config-sync-sp)# sync-peers destination 10.1.1.1

The destination IP address is the IP address of the switch that you want to synchronize.

The no form of this command removes the specified switch from the switch profile.

Note

 
You need to wait for peer switches to show the switch-profile status of "In sync" before any commit is done.

Step 5

For Cisco Nexus 3164Q switches only, follow these steps:

  1. Enter the switch profile interface configuration mode using the command interface type slot/port

    Example:

    switch(config-sync-sp)# interface ethernet 1/1
	switch(config-sync-sp-if)#

  2. Change a Layer 3 interface into a Layer 2 interface using the command switchport

    Example:

    switch(config-sync-sp-if)# switchport

  3. Exit the switch profile interface configuration mode using the command exit

    Example:

    switch(config-sync-sp-if)# exit
	switch(config-sync-sp)#

  4. Commit the current configuration using the command commit

    Example:

    switch(config-sync-sp)# commit

    Note

     
    Verify that the switch-profile status shows as "In sync" before any commit is done.

Step 6

Exit the switch profile configuration mode and returns to EXEC mode using the command end

Example:

switch(config-sync-sp)# end
	switch#

This is an optional step.

Step 7

Display the switch profile on the local switch and the peer switch information using the command show switch-profile name status

Example:

switch# show switch-profile abc status

This is an optional step.

Step 8

Display the switch profile peer configuration using the command show switch-profile name peer ip-address

Example:

switch# show switch-profile abc peer 10.1.1.1

This is an optional step.

Step 9

Copy the running configuration to the startup configuration using the command copy running-config startup-config

Example:

switch# copy running-config startup-config

This is an optional step.

Add or Modify Switch Profile Commands

After you configure a switch profile on the local and the peer switch, you must add and commit the supported commands to the switch profile.

Commands that are added or modified are buffered until you enter the commit command. Commands are executed in the same order in which they are buffered. If there is an order dependency for certain commands (for example, a QoS policy must be defined before being applied), you must maintain that order; otherwise, the commit might fail. You can use utility commands, such as the show switch-profile name buffer command, the buffer-delete command, and the buffer-move command, to change the buffer and correct the order of already entered commands.

Procedure

Step 1

Enter the configuration synchronization mode using the command config sync

Example:

switch# config sync
	switch(config-sync)#

Step 2

Configure the switch profile, name the switch profile, and enter the switch profile configuration mode using the command switch-profile name

Example:

switch(config-sync)# switch-profile abc
	switch(config-sync-sp)#

Step 3

Add a command to the switch profile using the command command

Example:

switch(config-sync-sp)# interface Port-channel100
	switch(config-sync-sp-if)# speed 1000
	switch(config-sync-sp-if)# interface Ethernet1/1
	switch(config-sync-sp-if)# speed 1000
	switch(config-sync-sp-if)# channel-group 100
	switch(config-sync-sp-if)# exit
	switch(config-sync-sp)#

Step 4

Display the configuration commands in the switch profile buffer using the command show switch-profile name buffer

Example:

switch(config-sync-sp)# show switch-profile abc buffer

This is an optional step.

Step 5

Verify the commands in the switch profile buffer using the command verify

Example:

switch(config-sync-sp)# verify

Step 6

Save the commands in the switch profile and synchronize the configuration with the peer switch using the command commit

Example:

switch(config-sync-sp)# commit

This command also does the following:

  • Triggers the mutex check and the merge check to verify the synchronization.

  • Creates a checkpoint with a rollback infrastructure.

  • Executes a rollback on all switches if an application failure occurs on any of the switches in the switch profile.

  • Deletes the checkpoint.

Step 7

Exit the switch profile configuration mode and return to EXEC mode using the command end

Example:

switch(config-sync-sp)# end
 	switch#

This is an optional step.

Step 8

Display the status of the switch profile on the local switch and the status on the peer switch using the command show switch-profile name status

Example:

switch# show switch-profile abc status

This is an optional step.

Step 9

Copy the running configuration to the startup configuration using the command copy running-config startup-config

Example:

switch# copy running-config startup-config

This is an optional step.

Import Switch Profile

You can import a switch profile based on the set of commands that you want to import.

Before you begin

Make sure that the switch profile buffer is empty before you import commands to a switch profile.

Procedure

Step 1

Enter configuration synchronization mode and configure the interface that will be imported in Step 4.

Example:

switch(config)# interface ethernet 1/2
	switch(config-if)# switchport
	switch(config-if)# switchport mode trunk 
	switch(config-if)# switchport trunk allowed vlan 12
	switch(config-if)# speed 10000
	switch(config-if)# spanning-tree port type edge trunk 
	switch(config)# end
	switch#

This is an optional step.

Step 2

Enter configuration synchronization mode using the command config sync

Example:

switch# config sync
	switch(config-sync)#

Step 3

Configure the switch profile, name the switch profile, and enter the switch profile configuration mode using the command switch-profile name

Example:

switch(config-sync)# switch-profile abc
	switch(config-sync-sp)#

Step 4

Identify the commands that you want to import and enter the switch profile import mode using the command import [ interface interface port / slot | running-config ]

Example:

switch(config-sync-sp)# import interface ethernet 1/2
	switch(config-sync-sp-import)#

The following options are available:

  • Entering the import command without any options adds the selected commands to the switch profile.

  • The import interface option adds the supported commands for a specified interface.

  • The running-config option adds supported system-level commands.

Note

 

If new commands are added during the import, the switch profile remains unsaved, and the switch remains in the switch profile import mode.

Step 5

Import the commands and save the commands to the switch profile using the command commit

Example:

switch(config-sync-sp-import)# commit

Step 6

Abort the import process using the command abort

Example:

switch(config-sync-sp-import)# abort

This is an optional step.

Step 7

Exit the switch profile import mode and return to EXEC mode using the command end

Example:

switch(config-sync-sp-import)# end
	switch#

This is an optional step.

Step 8

Display the switch profile configuration using the command show switch-profile

Example:

switch# show switch-profile

This is an optional step.

Step 9

Copy the running configuration to the startup configuration using the command copy running-config startup-config

Example:

switch# copy running-config startup-config

This is an optional step.

Import Configurations in vPC Topology

Importing configurations in a vPC topology is the process of applying configuration profiles to both switches in a two-switch vPC setup to ensure consistent operation.

  • Both switches must have a switch profile with the same name.

  • Configurations are imported independently to each switch.

  • Switches are synchronized using the sync-peers destination command.

Steps

Follow these steps to import configurations in a two-switch vPC topology:

  1. Configure the switch profile with the same name on both switches.

  2. Import the configurations to both switches independently.

  3. Configure the switches by entering the sync-peers destination command.

  4. Verify that the switch profiles are the same by entering the appropriate show commands.


Note

Make sure that the configuration moved to the switch profile on both switches is identical; otherwise, a merge-check failure might occur.

Isolate Peer Switch

Isolating a peer switch is the process of temporarily removing a switch from its profile to perform configuration changes or troubleshooting without synchronizing with its peer.

Steps

To isolate a peer switch and later restore synchronization, perform the following steps:

  1. Remove the peer switch from the switch profile on both switches.

  2. Add the no sync-peers destination command to the switch profile and commit the changes on both switches.

  3. Add any necessary troubleshooting configurations.

  4. Verify that the show running switch-profile is identical on both switches.

  5. Add the sync-peers destination ip-address command to both switches and commit the changes.

  6. Verify that the peers are in sync.


Note

For specific information on the following steps, see the appropriate sections in this chapter.

Delete Switch Profile

You can delete a switch profile.

Procedure

Step 1

Enter configuration synchronization mode using the command config sync

Example:

switch# config sync
	switch(config-sync)#

Step 2

Delete the switch profile using the command no switch-profile name { all-config | local-config | profile-only local }

Example:

switch(config-sync)# no switch-profile abc local-config
   switch(config-sync-sp)#

  • all-config —Deletes the switch profile on the local and the peer switch. If the peer switch is not reachable, only the local switch profile is deleted.

  • local-config —Deletes the switch profile and local configuration.

  • profile-only local —Deletes the only the switch profile on the local switch, leaving any configurations previously applied by that profile intact on the local switch.

Note

 
It is recommended that you execute resync-database prior to deleting a switch-profile: 
switch(config-sync)# resync-database

Step 3

Exit the switch profile configuration mode and return to EXEC mode using the command end

Example:

switch(config-sync-sp)# end
	switch#

This is an optional step.

Step 4

Copy the running configuration to the startup configuration using the command copy running-config startup-config

Example:

switch# copy running-config startup-config

This is an optional step.

When you enter this command, the config-sync feature triggers the same operation on the peer switch.

Manual Correction for Mutex and Merge Failures

If the conflict is on the peer switch, follow the steps in Isolate Peer Switch to correct the problem on that switch.

  1. Import the offending command into the switch profile using the switch profile import mode.

  2. Change the behavior as desired.

Migrate to Cisco NX-OS Release 7.0(3)I2(1) or Higher in a Fabric Extender Straight-Through Topology

Migration Steps

The following ordered steps outline the migration process to Cisco NX-OS Release 7.0(3)I2(1) or higher in a Fabric Extender straight-through topology:

  1. Make sure configurations are the same on both switches.

  2. Configure the switch profile with the same name on both switches.

  3. Enter the import interface port-channel x-y , port-channel z command for all vPC port channels on both switches.

  4. Enter the show switch-profile name buffer command to ensure all configurations are correctly imported on both switches.

  5. Remove unwanted configuration settings by editing the buffer.

  6. Enter the commit command on both switches.

  7. Enter the sync-peers destination ip-address command to configure the peer switch on both switches.

  8. Enter the show switch-profile name status command to ensure both switches are synchronized.

Replace Cisco Nexus 9000 Series Switch

This procedure can be done in a hybrid Fabric Extender active/active topology and Fabric Extender straight-through topology.


Note

Do not connect any peer link, vPC, active/active, or straight-through topology fabric ports to the replacement switch.

Procedure

Step 1

Boot the replacement switch. The switch comes up with no configuration.

Step 2

Configure the replacement switch.

  • If the running configuration was saved offline, follow Steps 4 through 8 to apply the configuration.

  • If the running configuration was not saved offline, you can obtain it from the peer switch if the configuration synchronization feature is enabled. (See Steps 1 and 2 in Creating a Switch Profile on a Local and a Peer Switch ; then begin with Step 9 below).

  • If neither condition is met, manually add the configuration and then begin with Step 9 below.

Step 3

Edit the configuration file to remove the sync-peer command if you are using the configuration synchronization feature.

Step 4

Configure the mgmt port IP address and download the configuration file and copy the saved configuration file to the running configuration.

Step 5

Verify that the configuration is correct by entering the show running-config command. If the switch profile configuration changes were made on the peer switch while the replacement switch was out of service, apply those configurations in the switch profile and then enter the commit command.

Step 6

Shut down all Fabric Extender straight-through topology ports that are included in a vPC topology and connect the Fabric Extender straight-through topology fabric ports.

Note

 

Wait for the Fabric Extender straight-through topology switches to come online and make sure that the vPC role priority of the existing switch is better than the replacement switch.

Step 7

Connect the peer-link ports to the peer switch and the switch vPC ports.

Step 8

Enter the no shutdown command on all Fabric Extender straight-through vPC ports.

Step 9

Verify that all vPC switches and the Fabric Extenders on the replacement switch come online and that there is no disruption in traffic.

Note

 

If you are using the configuration synchronization feature, add the sync-peer configuration to the switch profile if it was not enabled earlier. If you are using the configuration synchronization feature, enter the show switch-profile name status command to ensure both switches are synchronized.

Synchronize Configurations After Cisco Nexus 9000 Series Switch Reboots

Procedure

Step 1

Remove the peer switch from the switch profile on both switches.

Step 2

Add the no sync-peers destination command to the switch profile and commit the changes on both switches.

Step 3

Add any missing or changed commands.

Step 4

Verify that the show running switch-profile is identical on both switches.

Step 5

Add the sync-peers destination ip-address command to both switches and commit the changes.

Step 6

Verify that the peers are in sync.

Synchronize Configurations When mgmt0 Interface Connectivity Is Lost

When the mgmt0 interface connectivity is lost and configuration changes are required, apply the configuration changes on both switches using the switch profile. When connectivity to the mgmt0 interface is restored, both switches are synchronized.

If a configuration change is made on only one switch in this scenario, a merge will succeed when the mgmt0 interface comes up and the configuration gets applied on the other switch.

Revert Inadvertent Port Mode Change of Layer 2 to Layer 3 in Global Configuration Mode

The configurations related to a port imported in config-sync mode should never be configured in the global configuration mode. Normally any attempt to do so will be denied by the config-sync feature, and a mutex warning will appear. However, due to limitations in mutex checks, if a port configured as Layer 2 in the config-sync mode is changed to Layer 3 (no switchport) in the global configuration mode, the config-sync feature is unable to detect and prevent it. As a result, the config-sync mode might become out of sync with the global configuration mode.

Procedure

Step 1

Remove the peer switch from the switch profile on both switches.

Step 2

Add the no sync-peers destination command to the switch profile and commit the changes on both switches.

Step 3

Import the current interface configuration.

Step 4

Make any necessary changes and commit them.

Step 5

Verify that the show running switch-profile is identical on both switches.

Step 6

Add the sync-peers destination ip-address command to both switches and commit the changes.

Step 7

Verify that the peers are in sync.

Verify Switch Profile Configuration

Switch Profile Show Commands

The following table lists the available show commands for switch profiles and describes their purpose.

Table 1. Switch Profile Show Commands

Command

Purpose

show switch-profile name

Displays the commands in a switch profile.

show switch-profile name buffer

Displays the uncommitted commands in a switch profile, the commands that were moved, and the commands that were deleted.

show switch-profile name peer ip-address

Displays the synchronization status for a peer switch.

show switch-profile name session-history

Displays the status of the last 20 switch profile sessions.

show switch-profile name status

Displays the configuration synchronization status of a peer switch.

show running-config switch-profile

Displays the running configuration for the switch profile on the local switch.

show startup-config switch-profile

Displays the startup configuration for the switch profile on the local switch.

Configuration Examples for Switch Profiles

Display Switch Profile Synchronization Between Local and Peer Switch

The following example shows how to display the initial successful synchronization between the two peers: 

switch1# show switch-profile sp status

Start-time: 491815 usecs after Mon Jul 20 11:54:51 2015
End-time: 449475 usecs after Mon Jul 20 11:54:58 2015

Profile-Revision: 1
Session-type: Initial-Exchange
Peer-triggered: No
Profile-status: Sync Success

Local information:
----------------
Status: Commit Success
Error(s): 

Peer information:
----------------
IP-address: 10.193.194.52
Sync-status: In Sync.
Status: Commit Success
Error(s): 


switch2# show switch-profile sp status

Start-time: 503194 usecs after Mon Jul 20 11:54:51 2015
End-time: 532989 usecs after Mon Jul 20 11:54:58 2015

Profile-Revision: 1
Session-type: Initial-Exchange
Peer-triggered: Yes
Profile-status: Sync Success

Local information:
----------------
Status: Commit Success
Error(s): 

Peer information:
----------------
IP-address: 10.193.194.51
Sync-status: In Sync.
Status: Commit Success
Error(s):

Show Running Configuration

The following example shows the running configuration of the switch profile on the local switch: 

——— PEER SWITCH-1 ———
switch-1# show running-config switch-profile 

switch-profile A
 sync-peers destination 30.0.0.82

 interface port-channel10
 switchport mode trunk
 switchport trunk allowed vlan 10
 spanning-tree port type network
 vpc peer-link

 interface Ethernet2/1
 switchport mode trunk
 switchport trunk allowed vlan 10
 spanning-tree port type network
 channel-group 10 mode active
switch-1# 

——— PEER SWITCH-2 ———
switch-2# show running-config switch-profile 

switch-profile A
 sync-peers destination 30.0.0.81

 interface port-channel10
 switchport mode trunk
 switchport trunk allowed vlan 10
 spanning-tree port type network
 vpc peer-link

 interface Ethernet2/1
 switchport mode trunk
 switchport trunk allowed vlan 10
 spanning-tree port type network
 channel-group 10 mode active
switch-2#

Verify Synchronization Status

The following example shows how to verify the synchronization status between the local and the peer switch: 

switch-1# show switch-profile status

switch-profile : A
-------------switch-1---------------------------------------------

Start-time: 912776 usecs after Wed Aug 19 17:03:43 2015
End-time: 868379 usecs after Wed Aug 19 17:03:48 2015

Profile-Revision: 4
Session-type: Commit
Session-subtype: -
Peer-triggered: No
Profile-status: Sync Success

Local information:
----------------
Status: Commit Success
Error(s): 

Peer information:
----------------
IP-address: 30.0.0.82
Sync-status: In sync
Status: Commit Success
Error(s):

Create Switch Profile on Local and Peer Switch

The following example shows how to create a successful switch profile configuration on a local and a peer switch, including configuring QoS policies, a vPC peer link, and a vPC in a switch profile.

  1. Enable CFS distribution on the local and the peer switch and configure the destination IP address of the switch that you want to synchronize with, such as the management interface on the switch. 

    —Local switch-1#---
switch-1# configure terminal
switch-1(config)# cfs ipv4 distribute 
switch-1(config)# interface mgmt 0
switch-1(config-if)# ip address 30.0.0.81/8

—Peer switch-2#--
switch-2# configure terminal
switch-2(config)# cfs ipv4 distribute 
switch-2(config)# interface mgmt 0
switch-2(config-if)# ip address 30.0.0.82/8

  2. Create a new switch profile on the local and the peer switch. 

    —Local switch-1#--- 
switch-1# config sync 
switch-1(config-sync)# switch-profile A
Switch-Profile started, Profile ID is 1
switch-1(config-sync-sp)# sync-peers destination 30.0.0.82
switch-1(config-sync-sp)# end

—Peer switch-2#--
switch-1# config sync
switch-1(config-sync)# switch-profile A
Switch-Profile started, Profile ID is 1
switch-1(config-sync-sp)# sync-peers destination 30.0.0.81
switch-1(config-sync-sp)# end

  3. Verify that the switch profiles are the same on the local and the peer switch. 

    switch-1(config-sync-sp)# show switch-profile status
 
switch-profile : A
----------------------------------------------------------

Start-time: 843992 usecs after Wed Aug 19 17:00:01 2015
End-time: 770051 usecs after Wed Aug 19 17:00:03 2015

Profile-Revision: 1
Session-type: Initial-Exchange
Session-subtype: Init-Exchange-All
Peer-triggered: Yes
Profile-status: Sync Success

Local information:
----------------
Status: Commit Success
Error(s): 

Peer information:
----------------
IP-address: 30.0.0.82
Sync-status: In sync
Status: Commit Success
Error(s):

  4. Add the configuration commands to the switch profile on the local switch. The commands will be applied to the peer switch when the commands are committed. 

    switch-1# config sync 
switch-1(config-sync)# switch-profile A
Switch-Profile started, Profile ID is 1
switch-1(config-sync-sp)# interface port-channel 10
switch-1(config-sync-sp-if)# switchport
switch-1(config-sync-sp-if)# commit 
Verification successful...
Proceeding to apply configuration. This might take a while depending on amount of configuration in buffer.
Please avoid other configuration changes during this time.
Commit Successful
switch-1(config-sync)# switch-profile A
Switch-Profile started, Profile ID is 1
switch-1(config-sync-sp)# interface port-channel 10
switch-1(config-sync-sp-if)# switchport mode trunk
switch-1(config-sync-sp-if)# switchport trunk allowed vlan 10
switch-1(config-sync-sp-if)# spanning-tree port type network 
switch-1(config-sync-sp-if)# vpc peer-link 
switch-1(config-sync-sp-if)# switch-profile switching-mode switchname
switch-1(config-sync-sp-if)# show switch-profile buffer 

switch-profile : A
----------------------------------------------------------
Seq-no Command
----------------------------------------------------------
1 interface port-channel10
1.1 switchport mode trunk
1.2 switchport trunk allowed vlan 10
1.3 spanning-tree port type network
1.4 vpc peer-link

switch-1(config-sync-sp-if)# commit 
Verification successful...
Proceeding to apply configuration. This might take a while depending on amount of
configuration in buffer.
Please avoid other configuration changes during this time.
Commit Successful
switch-1(config-sync)# switch-profile A
Switch-Profile started, Profile ID is 1
switch-1(config-sync-sp)# interface ethernet 2/1
switch-1(config-sync-sp-if)# switchport mode trunk 
switch-1(config-sync-sp-if)# switchport trunk allowed vlan 10
switch-1(config-sync-sp-if)# spanning-tree port type network 
switch-1(config-sync-sp-if)# channel-group 10 mode active

  5. View the buffered commands. 

    switch-1(config-sync-sp-if)# show switch-profile buffer

switch-profile : A
----------------------------------------------------------
Seq-no Command
----------------------------------------------------------
1 interface Ethernet2/1
1.1 switchport mode trunk
1.2 switchport trunk allowed vlan 10
1.3 spanning-tree port type network
1.4 channel-group 10 mode active

  6. Verify the commands in the switch profile. 

    switch-1(config-sync-sp-if)# verify
Verification Successful

  7. Apply the commands to the switch profile and synchronize the configurations between the local and the peer switch. 

    —Local switch-2#--
switch-1(config-sync-sp)# commit 
Verification successful...
Proceeding to apply configuration. This might take a while depending on amount of
configuration in buffer.
Please avoid other configuration changes during this time.
Commit Successful
switch-1(config-sync)# end

switch-1# show running-config switch-profile 

switch-profile A
sync-peers destination 30.0.0.82

interface port-channel10
switchport mode trunk
switchport trunk allowed vlan 10
spanning-tree port type network
vpc peer-link

interface Ethernet2/1
switchport mode trunk
switchport trunk allowed vlan 10
spanning-tree port type network
channel-group 10 mode active


—Peer switch-2#--
switch-2# show running-config switch-profile  

switch-profile A
sync-peers destination 30.0.0.81

interface port-channel10
switchport mode trunk
switchport trunk allowed vlan 10
spanning-tree port type network
vpc peer-link

interface Ethernet2/1
switchport mode trunk
switchport trunk allowed vlan 10
spanning-tree port type network
channel-group 10 mode active

Display Switch Profile Buffer

The following example shows how to configure the switch profile buffer, the buffer-move configuration, and the buffer-delete configuration: 

switch1# config sync
switch1(config-sync)# switch-profile sp
Switch-Profile started, Profile ID is 1
switch1(config-sync-sp)# vlan 101
switch1(config-sync-sp-vlan)# ip igmp snooping querier 10.101.1.1
switch1(config-sync-sp-vlan)# exit
switch1(config-sync-sp)# mac address-table static 0000.0000.0001 vlan 101 drop
switch1(config-sync-sp)# interface Ethernet1/2
switch1(config-sync-sp-if)# switchport mode trunk 
switch1(config-sync-sp-if)# switchport trunk allowed vlan 101
switch1(config-sync-sp-if)# exit
switch1(config-sync-sp)# show switch-profile sp buffer
----------------------------------------------------------
Seq-no  Command
----------------------------------------------------------
1       vlan 101
1.1       ip igmp snooping querier 10.101.1.1
2       mac address-table static 0000.0000.0001 vlan 101 drop
3       interface Ethernet1/2
3.1       switchport mode trunk
3.2       switchport trunk allowed vlan 101

switch1(config-sync-sp)# buffer-move 3 1
switch1(config-sync-sp)# show switch-profile sp buffer
----------------------------------------------------------
Seq-no  Command
----------------------------------------------------------
1       interface Ethernet1/2
1.1       switchport mode trunk
1.2       switchport trunk allowed vlan 101
2       vlan 101
2.1       ip igmp snooping querier 10.101.1.1
3       mac address-table static 0000.0000.0001 vlan 101 drop

switch1(config-sync-sp)# buffer-delete 1
switch1(config-sync-sp)# show switch-profile sp buffer
----------------------------------------------------------
Seq-no  Command
----------------------------------------------------------
2       vlan 101
2.1       ip igmp snooping querier 10.101.1.1
3       mac address-table static 0000.0000.0001 vlan 101 drop

switch1(config-sync-sp)# buffer-delete all
switch1(config-sync-sp)# show switch-profile sp buffer

Display Successful and Unsuccessful Synchronization Between Local and Peer Switch

The following example shows how to configure the synchronization status of the switch profile on the peer switch. The first example shows a successful synchronization, and the second example shows a peer-not-reachable status. 

switch1# show switch-profile sp peer

switch1# show switch-profile sp peer 10.193.194.52
Peer-sync-status           : In Sync.
Peer-status                : Commit Success
Peer-error(s)              : 
switch1# 


switch1# show switch-profile sp peer 10.193.194.52
Peer-sync-status           : Not yet merged. pending-merge:1 received_merge:0
Peer-status                : Peer not reachable
Peer-error(s)              :

Display 'Verify and Commit' on Local and Peer Switch

The following example shows how to perform a successful verify and commit of the local and the peer switch: 

switch1# config sync
switch1(config-sync)# switch-profile sp
Switch-Profile started, Profile ID is 1
switch1(config-sync-sp)# interface Ethernet1/1
switch1(config-sync-sp-if)# description foo
switch1(config-sync-sp-if)# exit
switch1(config-sync-sp)# verify
Verification Successful
switch1(config-sync-sp)# commit
Commit Successful
switch1(config-sync)# show running-config switch-profile
switch-profile sp
  sync-peers destination 10.193.194.52
  interface Ethernet1/1
    description foo
switch1(config-sync)# show switch-profile sp status

Start-time: 171513 usecs after Wed Jul 20 17:51:28 2015
End-time: 676451 usecs after Wed Jul 20 17:51:43 2015

Profile-Revision: 3
Session-type: Commit
Peer-triggered: No
Profile-status: Sync Success

Local information:
----------------
Status: Commit Success
Error(s): 

Peer information:
----------------
IP-address: 10.193.194.52
Sync-status: In Sync.
Status: Commit Success
Error(s): 

switch1(config-sync)# 


switch2# show running-config switch-profile
switch-profile sp
  sync-peers destination 10.193.194.51
  interface Ethernet1/1
    description foo
switch2# show switch-profile sp status

Start-time: 265716 usecs after Mon Jul 20 16:51:28 2015
End-time: 734702 usecs after Mon Jul 20 16:51:43 2015

Profile-Revision: 3
Session-type: Commit
Peer-triggered: Yes
Profile-status: Sync Success

Local information:
----------------
Status: Commit Success
Error(s): 

Peer information:
----------------
IP-address: 10.193.194.51
Sync-status: In Sync.
Status: Commit Success
Error(s):

Import Configurations

The following example shows how to import an interface configuration: 

switch# show running-config interface Ethernet1/3

!Command: show running-config interface Ethernet1/3
!Time: Wed Jul 20 18:12:44 2015

version 7.0(3)I2(1)

interface Ethernet1/3
  switchport mode trunk
  switchport trunk allowed vlan 1-100

switch# config sync 
switch(config-sync)# switch-profile sp
Switch-Profile started, Profile ID is 1

switch(config-sync-sp)# import interface Ethernet1/3
switch(config-sync-sp-import)# show switch-profile sp buffer
----------------------------------------------------------
Seq-no  Command
----------------------------------------------------------
1       interface Ethernet1/3
1.1       switchport mode trunk
1.2       switchport trunk allowed vlan 1-100

switch(config-sync-sp-import)# verify
Verification Successful
switch(config-sync-sp-import)# commit
Commit Successful

The following example shows how to import the supported commands in a running configuration: 

switch(config-sync)# switch-profile sp
Switch-Profile started, Profile ID is 1
switch(config-sync-sp)# import running-config 
switch(config-sync-sp-import)# show switch-profile sp buffer
----------------------------------------------------------
Seq-no  Command
----------------------------------------------------------
1       logging event link-status default
2       vlan 1
3       interface port-channel 3
3.1       switchport mode trunk
3.2       vpc peer-link
3.3       spanning-tree port type network
4       interface port-channel 30
4.1       switchport mode trunk
4.2       vpc 30
4.3       switchport trunk allowed vlan 2-10
5       interface port-channel 31
5.1       switchport mode trunk
5.2       vpc 31
5.3       switchport trunk allowed vlan 11-20
6       interface port-channel 101
6.1       switchport mode fex-fabric
6.2       fex associate 101
7       interface port-channel 102
7.1       switchport mode fex-fabric
7.2       vpc 102
7.3       fex associate 102
8       interface port-channel 103
8.1       switchport mode fex-fabric
8.2       vpc 103
8.3       fex associate 103
9      interface Ethernet1/1
10      interface Ethernet1/2
11      interface Ethernet1/3
12      interface Ethernet1/4
12.1      switchport mode trunk
12.2      channel-group 3
13      interface Ethernet1/5
13.1      switchport mode trunk
13.2      channel-group 3
14      interface Ethernet1/6
14.1      switchport mode trunk
14.2      channel-group 3
15      interface Ethernet1/7
15.1      switchport mode trunk
15.2      channel-group 3
16      interface Ethernet1/8
17      interface Ethernet1/9
17.1      switchport mode trunk
17.2      switchport trunk allowed vlan 11-20
17.3      channel-group 31 mode active
18      interface Ethernet1/10
18.1      switchport mode trunk
18.2      switchport trunk allowed vlan 11-20
18.3      channel-group 31 mode active
19      interface Ethernet1/11
20      interface Ethernet1/12
...
45      interface Ethernet2/4
45.1      fex associate 101
45.2      switchport mode fex-fabric
45.3      channel-group 101
46      interface Ethernet2/5
46.1      fex associate 101
46.2      switchport mode fex-fabric
46.3      channel-group 101
47      interface Ethernet2/6
47.1      fex associate 101
47.2      switchport mode fex-fabric
47.3      channel-group 101
48      interface Ethernet2/7
48.1      fex associate 101
48.2      switchport mode fex-fabric
48.3      channel-group 101
49      interface Ethernet2/8
49.1      fex associate 101
...
89      interface Ethernet100/1/32
90      interface Ethernet100/1/33
91      interface Ethernet100/1/34
92      interface Ethernet100/1/35
93      interface Ethernet100/1/36
...
105     interface Ethernet100/1/48