Here is a few Cisco Nexus switch CLI commands that I’ve put together for reference. I will continuously add to this list
Features
To turn a feature on within configuration mode, it is simply feature followed by name of the feature. For example:
feature interface-vlan (Allows to add an IP address on a vlan interface)
feature lacp (Port-Channel Mode)
feature vpc (Virtual Port Channel)
feature lldp (Similar to CDP but is not Cisco proprietary)
feature vtp (Vlan Trunking Protocol)
feature fex (Used when connecting Nexus 2k’s)
DNS and Name Resolution
ip domain-lookup (turns on name resolution)
ip domain-name domain-name (DNS domain name, i.e. could be your active directory domain or real world domain name)
ip name-server x.x.x.x (x.x.x.x being the IP address of your DNS server. Repeat this command to add multiple DNS servers)
Access Lists
ip access-list access-list-name (creates an access list with a name)
10 remark Access-List-For-Remote-Access (creates a remark in position 10 of Access-List-For-Remote-Access for the current access list)
20 permit tcp x.x.x.x/24 any eq 22 (creates an access rule in position 20 to allow the network x.x.x.x/24 to any for SSH)
30 deny ip any any log (creates an access rule in position 30 to deny everything and log)
no 25 permit tcp y.y.y.y/24 any eq 22 (removes the access rule in position 25)
Spanning-Tree
spanning-tree mode rapid-pvst (Turns Rapid Per-Vlan Spanning Tree on. Other option is Multiple Spanning-Tree mode MST)
spanning-tree port type edge (Configured on the interface when connecting to end devices. This is essentially port-fast)
spanning-tree port type normal (Configured on the interface and/or port-channel. Used when uplinking to Non-Nexus switches. Does not use Bridge Assurance)
spanning-tree port type network (Configured on the interface and/or port-channel. Used when uplinking to Nexus switches. Uses Bridge Assurance)
spanning-tree port type network default (Makes spanning-tree type network default for all interfaces that do no use one of the above options)
spanning-tree vlan 1 priority 4096 (Makes this switch the root for vlan 1)
What is bridge assurance – A nice explanation can be found here ( on Cloudcentrics
Fex – Nexus 2000
fex 100 (Creates a FEX ID of 100. This is used to identify the Nexus2k. i.e. port 1 of the Nexus2k will be eth100/1/1)
pinning max-links 2 (Allow a maximum of 2 uplinks from the Nexus 2k FEX)
description Nexus2k-Level-1 (Creates a description of Nexus2k-Level-1)
interface ethernet1/1 (Enter into the interface you wish to connect the fex to)
switchport mode fex-fabric (Put the interface into fex-fabric mode)
fex associate 100 (Associate this port to the FEX ID we created earlier)
VLANS
vlan 10 (Creates vlan 10)
name storage (Creates a name of storage for vlan)
interface vlan 10 (Creates a vlan interface for vlan 10. Must have feature interface-vlan turned on)
ip address x.x.x.x/24 (Creates an ip address of x.x.x.x/24 for vlan interface 10)
description iSCSI-Storage (Creates a description of iSCSI-Storage for interface vlan 10)
Port-Channels
interface port-channel 1 (Creates an interface port-channel 1)
description Uplink-to-Cisco-3750 (Gives the port-channel interface a description)
switchport mode trunk (Turns the interface into vlan trunk mode)
switchport trunk allowed vlan 10 (Restrict which vlans are allowed over the trunk)
switchport trunk allowed vlan add 15 (Add vlan 15 to the restricted allowed vlans on the trunk)
switchport trunk native vlan 20 (Any untag packets will be placed in vlan 20)
switchport mode access (Turns the interface into access mode)
switchport access vlan 10 (Places the interface into vlan 10)
For spanning-tree options please refer to spanning-tree above
interface eth1/1-2 (Enter into interface range mode) eth1/1 and eth1/2
channel-group mode 1 active (Add the 2 interfaces into port-channel 1 using LACP) OR
channel-group mode 1 on (Add the 2 interfaces into port-channel 1. Forces the ports into a channel and does NOT use LACP)
show port-channel summary (Shows a summary of your port-channel interfaces and status)
Fiber Channel
show flogi database (Shows the connected wwpn’s)
show int fc2/1 brief (shows summary information about the fiber channel port)
Policy Maps
show policy-map interface control-plane | i violate|class-map (shows any violation in CoPP)
SPAN or Port-Mirroring for Packet Capture
monitor session 1 (Creates a Monitor Session of 1)
source interface ethernet1/1 (Tells the monitor session which port to use as the source) OR
source interface port-channel 1 (Tells the monitor session which port-channel to use as the source) OR
source interface vlan 10 (Tells the monitor session which vlan to use as the source)
destination interface ethernet1/2 (Tells the monitor session which port to use as the destination, where you would plug your packet capture software such as wire shark)
Line Console
line console (Enter into line console)
speed 38400 (change baud rate to 38400. Might be used if changing the console logging level lower than warning)
Logging
logging console 7 (Turns logging on the console to debug. Must change line baud rate for this, see Line Console above)
logging monitor 7 (Turns logging on the monitor i.e. telnet or ssh, to debug)
Additional Notes
Connecting a 1Gb SFP into a Nexus 5K requires the following command on the interface – speed 1000
Be the first to comment