● Cisco Nexus NX-OS Command References
Cisco Nexus 9000 Series Switches - Command References
Cisco Nexus 7000 Series Switches - Command References
Cisco Nexus 5000 Series Switches - Command References
Cisco Nexus 3000 Series Switches - Command References
 |
| Cisco NX-OS Software |
● Management
▶ Delete the start-up configuration
write erase boot
reload
▶ Enable ssh
(config)#ssh key rsa 1024
(config)#feature ssh
(config)#username test123 sshkey ssh-rsa
(config)#ssh login-attempts 5
▶ Enable HTTP/HTTPS
(config)#feature http-server
switch#show feature
switch#show http-server
▶ Configure the management IP address
switch#config t
switch(config)#int mgmt0
switch(config-if)#ip address 10.10.10.10 255.255.255.0
switch(config-if)#end
switch#
▶ Disable telnet and ssh
(config)#no feature telnet
(config)#no feature ssh
▶ Configure logging hosts
interface Vlan100
ip address 10.10.10.1 255.255.255.0
(config)#logging source-interface Vlan100
(config)#logging host 10.10.10.1
● Hardware and Environment
▶ Display hardware information with serial numbers
show inventory
▶ Display detailed hardware information
show hardware
▶ Display enviroment information
show environment
▶ Display temperature information
show temperature
▶ Display CPU and Memory information
show system resources
● Interfaces
▶ GBIC
(config)#no errdisable detect cause gbic-invalid
(config)#service unsupported-transceiver
▶ Virtual Device Context (VDC)
VDC-1(config)# vdc VDC-2
VDC-1# switchto vdc VDC-2
VDC-2# switchback
VDC-1(config)# vdc VDC-2
VDC-2(config-vdc)# allocate interface g0/1
VDC-2(config-vdc)# allocate interface g0/2
VDC-2# show vdc
VDC-2# show vdc membership
● Switching
▶ Configuring VLANs
switch#
switch(config)#vlan 100
switch(config-vlan)#name vlan-name
switch(config-vlan)#exit
switch(config)#
▶ Assign an interface to the VLAN
switch#config t
switch(config)#int g1/1
switch(config-if)#switchport
switch(config-if)#switchport mode access
switch(config-if)#switchport access vlan 100
switch(config-if)#end
switch(config)#
▶ Configuring VTP
Switch#(config)#feature vtp
Switch#(config)#vtp mode server
Switch#(config)#vtp domain <domain-name>
Switch#(config)#vtp password <password>
Switch#(config)#vtp version 2
Switch#(config)#vtp pruning
Switch#(config)#sh vtp status
▶ Configuring 802.1q Trunking
Switch#conf t
Switch#(config)#int g0/1
Switch#(config-if)#switchport
Switch#(config-if)#switchport mode trunk
Switch#(config-if)#switchport trunk allowed vlan add 100
Switch#(config-if)#switchport trunk allowed vlan remove 100
Switch#(config-if)#end
▶ Configuring Port-channel
interface port-channel 1
int e0/1-2
switchport
switchport mode trunk
channel group 1 mode on
channel group 1 force mode on
▶ Display vPC information
show vpc
show vpc brief
show vpc role
show vpc consistency-parameters global
● Routing
Cisco NX-OS/IOS OSPF Comparison
▶ Configuring OSPF
switch(config-if-range)# feature ospf
switch(config)# router ospf 1
switch(config-router)# int g1/1 -2
switch(config-if-range)# ip router ospf 1 area 0
▶ Enabling L3 on ports
switch(config-if)# int g1/1
switch(config-if)# no switchport
switch(config-if)# ip address 10.10.10.1/24
switch(config-if)# no shutdown
● Security
▶ Configuring an ACL to block telnet
access-list 110 deny tcp any host 10.10.10.100 eq 23
access-list 110 permit ip any any
int g1/1
ip access-group 110 out
▶ Configuring a named ACL
ip access-list Block_Telnet
deny tcp any host 10.10.10.100 eq telnet
permit ip any any
int g1/1
ip access-group Block_Telnet out
▶ Configuring ARP Inspection
(config)# ip arp inspection vlan 1
(config)# int fa0/1
(config-if)# ip arp inspection trust
To configure a Layer 2 interface as a trusted ARP interface, use the ip arp inspection trust command. To configure a Layer 2 interface as an untrusted ARP interface, use the no form of this command.
ip arp inspection trust
no ip arp inspection trust
* Dynamic ARP Inspection (DAI) is a security feature that validates Address Resolution Protocol (ARP) packets in a network. DAI allows a network administrator to intercept, log, and discard ARP packets with invalid MAC address to IP address bindings. This capability protects the network from certain “man-in-the-middle” attacks.
No comments:
Post a Comment