- New and Changed Information
- Preface
- Overview
- Configuring CFS
- Configuring NTP
- Configuring PTP
- Configuring CDP
- Configuring System Message Logging
- Configuring Smart Call Home
- Configuring Rollback
- Configuring Session Manager
- Configuring the Scheduler
- Configuring SNMP
- Configuring RMON
- Configuring Online Diagnostics
- Configuring the Embedded Event Manager
- Configuring Onboard Failure Logging
- Configuring SPAN
- Configuring ERSPAN
- Configuring LLDP
- Configuring NetFlow
- Supported RFCs
- EEM Events and Examples
- Configuration Limits for Cisco NX-OS System Management
- Information About CFS
- Licensing Requirements for CFS
- Prerequisites for CFS
- Guidelines and Limitations
- Default Settings
- Configuring CFS Distribution
- Enabling CFS Distribution for Applications
- Enabling CFS to Distribute Call Home Configurations
- Enabling CFS to Distribute Device Alias Configurations
- Enabling CFS to Distribute DPVM Configurations
- Enabling CFS to Distribute FC Domain Configurations
- Enabling CFS to Distribute FC Port Security Configurations
- Enabling CFS to Distribute FC Timer Configurations
- Enabling CFS to Distribute IVR Configurations
- Enabling CFS to Distribute NTP Configurations
- Enabling CFS to Distribute RADIUS Configurations
- Enabling CFS to Distribute RSCN Configurations
- Enabling CFS to Distribute TACACS+ Configurations
- Enabling CFS to Distribute User Role Configurations
- Specifying a CFS Distribution Mode
- Configuring an IP Multicast Address for CFSoIP
- Configuring CFS Regions
- Creating and Distributing a CFS Configuration
- Clearing a Locked Session
- Discarding a Configuration
- Disabling CFS Distribution Globally
- Enabling CFS Distribution for Applications
- Verifying the CFS Configuration
- Additional References
- Feature History for CFS
Configuring CFS
This chapter describes how to use Cisco Fabric Services (CFS), a Cisco proprietary feature that distributes data, including configuration changes, to all Cisco NX-OS devices in a network.
Information About CFS
You can use CFS to distribute and synchronize a configuration on one Cisco device or with all other Cisco devices in your network. CFS provides you with consistent and, in most cases, identical configurations and behavior in your network.
This section includes the following topics:
- Applications that Use CFS to Distribute Configuration Changes
- CFS Distribution
- CFS Connectivity in a Mixed Fabric
- CFS Merge Support
- Locking the Network
- CFS Regions
- High Availability
- Virtualization Support
Applications that Use CFS to Distribute Configuration Changes
CFS distributes configuration changes for the applications shown in Table 4-1 .
|
|
---|---|
CFS Distribution
CFS distributes configuration changes to multiple devices across a complete network. CFS supports the following types of distribution:
- CFS over Ethernet (CFSoE)—Distributes application data over an Ethernet network.
- CFS over IP (CFSoIP)—Distributes application data over an IPv4 network.
- CFS over Fibre Channel (CFSoFC)—Distributes application data over a Fibre Channel, such as a virtual storage area network (VSAN). If the device is provisioned with Fibre Channel ports, CFSoFC is enabled by default.
Beginning with Cisco NX-OS Release 5.2, you can configure Fibre Channel over Ethernet (FCoE), which allows Fibre Channel traffic to be encapsulated over a physical Ethernet link. To run FCoE on a Cisco Nexus 7000 Series switch, you must configure a dedicated storage virtual device context (VDC). If FCoE is enabled on the device, CFSoFC services can be used. The applications that require CFS distribution to be enabled in the storage VDC are noted in the configuration instructions throughout this chapter. For more information on FCoE and storage VDCs, see the Cisco NX-OS FCoE Configuration Guide for Cisco Nexus 7000 and Cisco MDS 9500 and the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide, Release 5.x.

Note All of the information in this chapter applies to both CFSoIP and CFSoFC, unless otherwise noted.
CFS Distribution Modes
CFS supports three distribution modes to accommodate different feature requirements. Only one mode is allowed at a given time.
- Uncoordinated distributions—Distribute information that is not expected to conflict with that from a peer. Parallel uncoordinated distributions are allowed for an application.
- Coordinated distributions—Distribute information that can be manipulated and distributed from multiple devices (for example, the port security configuration). Coordinated distributions allow only one application distribution at a given time. CFS uses locks to enforce this. A coordinated distribution is not allowed to start if locks are acquired for the application anywhere in the network. A coordinated distribution consists of three stages:
– The configuration is distributed and committed.
– The network lock is released.
CFS can execute these stages in response to an application request without intervention from the application or under complete control of the application.
CFS Connectivity in a Mixed Fabric
CFS is an infrastructure component that also runs on the Cisco Nexus 5000 Series switches and the Cisco MDS 9000 switches. A mixed fabric of different platforms (such as the Cisco Nexus 7000 Series, Cisco Nexus 5000 Series, and Cisco MDS 9000 switches) can interact with each other.
Using CFSoIP and CFSoFC, the respective CFS clients can also talk to their instances running on the other platforms. Within a defined domain and distribution scope, CFS can distribute the client’s data and configuration to its peers running on other platforms.
All three platforms support both CFSoIP and CFSoFC. However, the Cisco Nexus 7000 Series and Cisco Nexus 5000 Series switches require an FC or FCoE plugin and corresponding configuration in order for CFSoFC to operate. Both options are available by default on the Cisco MDS 9000 switches.

Note Some applications are not compatible with their instances running on different platforms. Therefore, Cisco recommends that you carefully read the client guidelines for CFS distribution before committing the configuration.
For more information on CFS for the Cisco Nexus 5000 Series and Cisco MDS 9000 switches, see the Cisco Nexus 5000 Series NX-OS System Management Configuration Guide and the Cisco MDS 9000 Family NX-OS System Management Configuration Guide, respectively.
CFS Merge Support
An application keeps the configuration synchronized in the fabric through CFS. When two such fabrics become reachable to one another, CFS triggers a merge. These two fabrics could have two different sets of configuration information that need to be reconciled in the event of a merge. CFS provides notification each time an application peer comes online. If a fabric with M application peers merges with another fabric with N application peers and if an application triggers a merge action on every notification, a link-up event results in MxN merges in the fabric.
CFS supports a protocol that reduces the number of merges required to one by handling the complexity of the merge at the CFS layer. This protocol runs per application per scope. The protocol involves selecting one device in a fabric as the merge manager for that fabric. The other devices do not have a role in the merge process.
During a merger of two networks, their designated managers exchange configuration databases. The application on one of them merges the databases, decides if the merge is successful, and notifies all other devices.
In the merge is successful, the merged database is distributed to all devices in the combined fabric, and the entire new fabric remains in a consistent state.
Locking the Network
When you configure an application that uses the CFS infrastructure, that application starts a CFS session and locks the network. When a network is locked, the device software allows configuration changes to this application only from the device holding the lock. If you make configuration changes to the application from another device, the device issues a message to inform the user about the locked status. The configuration changes are held in a pending database by that application.
If you start a CFS session that requires a network lock but forget to end the session, an administrator can clear the session. If you lock a network at any time, your user name is remembered across restarts and switchovers. If another user (on the same machine) tries to perform configuration tasks, that user’s attempts are rejected.
CFS Regions
A CFS region is a user-defined subset of devices for a given feature or application. You usually define regions to localize or restrict distribution based on devices that are close to one another. When a network covers many geographies with many different administrators who are responsible for subsets of devices, you can manage the scope of an application by setting up a CFS region.
CFS regions are identified by numbers ranging from 0 through 200. Region 0 is reserved as the default region and contains every device in the network. You can configure regions from 1 through 200.

Note If an application is moved (that is, assigned to a new region), its scope is restricted to that region, and it ignores all other regions for distribution or merging purposes. The assignment of the region to an application has precedence in distribution over its initial scope.
You can configure a CFS region to distribute configurations for multiple applications. However, on a given device, you can configure only one CFS region at a time to distribute the configuration for a given application. Once you assign an application to a CFS region, its configuration cannot be distributed within another CFS region.
High Availability
Stateless restarts are supported for CFS. After a reboot or a supervisor switchover, the running configuration is applied. For more information on high availability, see the Cisco Nexus 7000 Series NX-OS High Availability and Redundancy Guide, Release 5.x.
Virtualization Support
CFS is configured per VDC. When you access Cisco NX-OS, it places you in the default VDC unless you specify a different VDC. For more information on VDCs, see the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide, Release 5.x.
Licensing Requirements for CFS
Prerequisites for CFS
Guidelines and Limitations
CFS has the following configuration guidelines and limitations:

Note CFSoE must be enabled for the vPC feature to work.
- All CFSoIP-enabled devices with similar multicast addresses form one CFSoIP fabric.
- Make sure that CFS is enabled for the applications that you want to configure. For detailed information, see the Enabling CFS Distribution for Applications.
- Anytime you lock a fabric, your username is remembered across restarts and switchovers.
- Anytime you lock a fabric, configuration changes attempted by anyone else are rejected.
- While a fabric is locked, the application holds a working copy of configuration changes in a pending database or temporary storage area—not in the running configuration.
- Configuration changes that have not been committed yet (still saved as a working copy) are not in the running configuration and do not display in the output of show commands.
- If you start a CFS session that requires a fabric lock but forget to end the session, an administrator can clear the session. For more information, see the Clearing a Locked Session.
- An empty commit is allowed if configuration changes are not previously made. In this case, the commit command results in a session that acquires locks and distributes the current database.
- You can only use the commit command on the specific device where the fabric lock was acquired.
- CFSoIP and CFSoE are not supported for use together.
- CFS regions can be applied only to CFSoIP and CFSoFC applications.
- You cannot distribute the user role configuration between a Cisco MDS 9500 Series switch and the storage VDC configured for a Cisco Nexus 7000 Series switch. To prevent this distribution, make sure to assign the user role configuration in Cisco MDS and the Cisco Nexus 7000 storage VDC to different CFS regions.
Default Settings
Table 4-2 lists the default settings for CFS parameters.
|
|
---|---|
Configuring CFS Distribution
This section describes how to configure CFS and includes the following topics:
- Enabling CFS Distribution for Applications
- Specifying a CFS Distribution Mode
- Configuring an IP Multicast Address for CFSoIP
- Configuring CFS Regions
- Creating and Distributing a CFS Configuration
- Clearing a Locked Session
- Discarding a Configuration
- Disabling CFS Distribution Globally
Enabling CFS Distribution for Applications
This section includes the following topics:
- Enabling CFS to Distribute Call Home Configurations
- Enabling CFS to Distribute Device Alias Configurations
- Enabling CFS to Distribute DPVM Configurations
- Enabling CFS to Distribute FC Domain Configurations
- Enabling CFS to Distribute FC Port Security Configurations
- Enabling CFS to Distribute FC Timer Configurations
- Enabling CFS to Distribute IVR Configurations
- Enabling CFS to Distribute NTP Configurations
- Enabling CFS to Distribute RADIUS Configurations
- Enabling CFS to Distribute RSCN Configurations
- Enabling CFS to Distribute TACACS+ Configurations
- Enabling CFS to Distribute User Role Configurations

Note See Chapter 9, “Configuring Smart Call Home” for more information on Call Home, and see Chapter 5, “Configuring NTP” for more information on NTP. See the Cisco Nexus 7000 Series NX-OS Security Configuration Guide, Release 5.x for more information on CFS for RADIUS, TACACS+, and user roles. See the Cisco Nexus 7000 Series NX-OS SAN Switching Configuration Guide for more information on device alias, DPVM, FC domain, FC port security, FC timer, IVR, and RSCN.
Enabling CFS to Distribute Call Home Configurations
You can enable CFS to distribute Call Home configurations to all Cisco NX-OS devices in the network. The entire Call Home configuration is distributed except the device priority and the sysContact names.
BEFORE YOU BEGIN
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
DETAILED STEPS
This example shows how to enable CFS to distribute Call Home configurations:
Enabling CFS to Distribute Device Alias Configurations
You can enable CFS to distribute device alias configurations in order to consistently administer and maintain the device alias database across all Cisco NX-OS devices in the fabric.
BEFORE YOU BEGIN
Make sure that you are in the storage VDC. To change to the storage VDC, use the switchto vdc fcoe command.
SUMMARY STEPS
DETAILED STEPS
This example shows how to enable CFS to distribute device alias configurations:
Enabling CFS to Distribute DPVM Configurations
You can enable CFS to distribute dynamic port VSAN membership (DPVM) configurations in order to consistently administer and maintain the DPVM database across all Cisco NX-OS devices in the fabric.
BEFORE YOU BEGIN
Make sure that you are in the storage VDC. To change to the storage VDC, use the switchto vdc fcoe command.
Make sure that you enable the DPVM feature. To do so, use the feature dpvm command.
SUMMARY STEPS
DETAILED STEPS
This example shows how to enable CFS to distribute DPVM configurations:
Enabling CFS to Distribute FC Domain Configurations
You can enable CFS to distribute Fibre Channel (FC) domain configurations in order to synchronize the configuration across the fabric from the console of a single Cisco NX-OS device and to ensure consistency in the allowed domain ID lists on all devices in the VSAN.
BEFORE YOU BEGIN
Make sure that you are in the storage VDC. To change to the storage VDC, use the switchto vdc fcoe command.
SUMMARY STEPS
DETAILED STEPS
This example shows how to enable CFS to distribute FC domain configurations:
Enabling CFS to Distribute FC Port Security Configurations
You can enable CFS to distribute Fibre Channel (FC) port security configurations in order to provide a single point of configuration for the entire fabric in the VSAN and to enforce the port security policies throughout the fabric.
BEFORE YOU BEGIN
Make sure that you are in the storage VDC. To change to the storage VDC, use the switchto vdc fcoe command.
Make sure that you enable the FC port security feature. To do so, use the feature fc-port-security command.
SUMMARY STEPS
2. fc-port-security distribute
DETAILED STEPS
This example shows how to enable CFS to distribute FC port security configurations:
Enabling CFS to Distribute FC Timer Configurations
You can enable CFS to distribute Fibre Channel (FC) timer configurations for all Cisco NX-OS devices in the fabric.
BEFORE YOU BEGIN
Make sure that you are in the storage VDC. To change to the storage VDC, use the switchto vdc fcoe command.
SUMMARY STEPS
DETAILED STEPS
This example shows how to enable CFS to distribute FC timer configurations:
Enabling CFS to Distribute IVR Configurations
You can enable CFS to distribute inter-VSAN routing (IVR) configurations in order to enable efficient IVR configuration management and to provide a single point of configuration for the entire fabric in the VSAN.
BEFORE YOU BEGIN
Make sure that you are in the storage VDC. To change to the storage VDC, use the switchto vdc fcoe command.
Make sure that you install the Advanced SAN Services license.
Make sure that you enable the IVR feature. To do so, use the feature ivr command.
SUMMARY STEPS
DETAILED STEPS
This example shows how to enable CFS to distribute IVR configurations:
Enabling CFS to Distribute NTP Configurations
You can enable CFS to distribute NTP configurations to all Cisco NX-OS devices in the network.
BEFORE YOU BEGIN
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
Make sure that you enable the NTP feature. To enable NTP in a Cisco NX-OS Release prior to 5.2, use the ntp enable command. To enable NTP in Cisco NX-OS Release 5.2 or a later release, use the feature ntp command.
SUMMARY STEPS
DETAILED STEPS
This example shows how to enable CFS to distribute NTP configurations:
Enabling CFS to Distribute RADIUS Configurations
You can enable CFS to distribute RADIUS configurations to all Cisco NX-OS devices in the network.
BEFORE YOU BEGIN
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
DETAILED STEPS
This example shows how to enable CFS to distribute RADIUS configurations:
Enabling CFS to Distribute RSCN Configurations
You can enable CFS to distribute registered state change notification (RSCN) configurations to all Cisco NX-OS devices in the fabric.
BEFORE YOU BEGIN
Make sure that you are in the storage VDC. To change to the storage VDC, use the switchto vdc fcoe command.
SUMMARY STEPS
DETAILED STEPS
This example shows how to enable CFS to distribute RSCN configurations:
Enabling CFS to Distribute TACACS+ Configurations
You can enable CFS to distribute TACACS+ configurations to all Cisco NX-OS devices in the network.
BEFORE YOU BEGIN
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
Make sure that you enable the TACACS+ feature. To do so, use the feature tacacs+ command.
SUMMARY STEPS
DETAILED STEPS
This example shows how to enable CFS to distribute TACACS+ configurations:
Enabling CFS to Distribute User Role Configurations
You can enable CFS to distribute user role configurations to all Cisco NX-OS devices in the network.
BEFORE YOU BEGIN
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
DETAILED STEPS
This example shows how to enable CFS to distribute role configurations:
Specifying a CFS Distribution Mode
You can specify and enable a CFS distribution mode (Ethernet or IPv4).
BEFORE YOU BEGIN
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
DETAILED STEPS
This example shows how to enable the Ethernet CFS distribution mode:
[########################################] 100%
Configuring an IP Multicast Address for CFSoIP
For CFS protocol-specific distributions, such as the keepalive mechanism for detecting network topology changes, use the IP multicast address to send and receive information.
You can configure the IP multicast address used to distribute CFSoIPv4. The default IPv4 multicast address is 239.255.70.83.
BEFORE YOU BEGIN
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
You must disable CFS IP distribution before changing the multicast address.
SUMMARY STEPS
DETAILED STEPS
This example shows how to configure the IP multicast address used to distribute CFSoIP for IPv4:
switch(config)# cfs ipv4 mcast-address 239.255.1.1
switch(config)# cfs ipv4 distribute
Distribution over IP : Enabled - mode IPv4
IPv4 multicast address : 239.255.1.1
[########################################] 100%
Configuring CFS Regions
This section describes how to create and configure a CFS region and includes the following topics:
Creating a CFS Region
You can create a CFS region and add an application, such as Call Home, to it.
BEFORE YOU BEGIN
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
DETAILED STEPS
Moving an Application to a Different Region
You can move an application to a different region. For example, you can move NTP from region 1 to region 2.

Note When an application is moved, its scope is restricted to the new region. It ignores all other regions for distribution or merging purposes.
BEFORE YOU BEGIN
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
DETAILED STEPS
This example shows how to move the Call Home application to CFS region 2:
switch(config-cfs-region)# callhome
Removing an Application from a Region
You can remove an application from a region. Removing an application from a region is the same as moving the application back to the default region. The default region is usually region 0. This action brings the entire fabric into the scope of distribution for the application.
BEFORE YOU BEGIN
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
4. (Optional) Repeat Step 3 for each application that you want to remove from this region.
DETAILED STEPS
Deleting a CFS Region
You can delete a region and move all included applications back to the default region.
BEFORE YOU BEGIN
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
2. no cfs region region-number
3. (Optional) show cfs regions brief
DETAILED STEPS
Creating and Distributing a CFS Configuration
You can create a configuration change for an application and then distribute it to its application peers.




BEFORE YOU BEGIN
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
4. (Optional) Repeat Step 3 for each configuration command that you want to make.
DETAILED STEPS
This example shows how to configure and distribute the contact information for Call Home:
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# snmp-server contact personname@companyname.com
switch(config-callhome)# email-contact admin@Mycompany.com
switch(config-callhome)# phone-contact +1-800-123-4567
switch(config-callhome)# street-address 123 Anystreet st. Anytown,AnyWhere
switch(config-callhome)# commit
Clearing a Locked Session
You can clear a lock held by an application from any device in the fabric.
You must have administrator permissions to release a lock.


BEFORE YOU BEGIN
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. (Optional) show application-name status
DETAILED STEPS
Discarding a Configuration
You can discard configuration changes and release the lock.


BEFORE YOU BEGIN
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
DETAILED STEPS
Disabling CFS Distribution Globally
You can disable CFS distribution for a device, isolating the applications using CFS from fabric-wide distributions while maintaining physical connectivity.
When CFS is globally disabled on a device, CFS operations are restricted to the device, and all CFS commands continue to function as if the device was physically isolated.
BEFORE YOU BEGIN
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
DETAILED STEPS
Verifying the CFS Configuration
To display the CFS configuration information, perform one of the following tasks:
Additional References
For additional information, see the following sections:
Related Documents
MIBs
|
|
---|---|
Feature History for CFS
This section provides the CFS release history.
|
|
|
---|---|---|
Added CFS over Fibre Channel (CFSoFC) distribution support for device alias, DPVM, FC domain, FC port security, FC timer, IVR, and RSCN. |
||