larger cover

Add To My Wish List

Register your product to gain access to bonus material or receive a coupon.

NX-OS and Cisco Nexus Switching: Next-Generation Data Center Architectures, 2nd Edition

eBook (Watermarked)

  • Your Price: $44.79
  • List Price: $55.99
  • Includes EPUB and PDF
  • About eBook Formats
  • This eBook includes the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    Adobe Reader PDF The popular standard, used most often with the free Acrobat® Reader® software.

    This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

Also available in other formats.

  • Description
  • Sample Content
  • Updates
  • Copyright 2013
  • Dimensions: 7-3/8" x 9-1/8"
  • Pages: 864
  • Edition: 2nd
  • eBook (Watermarked)
  • ISBN-10: 0-13-288356-2
  • ISBN-13: 978-0-13-288356-6

NX-OS and Cisco Nexus Switching

Next-Generation Data Center Architectures

Second Edition

The complete guide to planning, configuring, managing, and troubleshooting NX-OS in the enterprise–updated with new technologies and examples

Using Cisco Nexus switches and the NX-OS operating system, data center professionals can build unified core networks that deliver unprecedented scalability, resilience, operational continuity, flexibility, and performance. NX-OS and Cisco Nexus Switching, Second Edition, is the definitive guide to applying these breakthrough technologies in real-world environments. This extensively updated edition contains five new chapters addressing a wide range of new technologies, including FabricPath, OTV, IPv6, QoS, VSG, Multi-Hop FCoE, LISP, MPLS, Layer 3 on Nexus 5000, and Config sync. It also presents a start-to-finish, step-by-step case study of an enterprise customer who migrated from Cisco Catalyst to a Nexus-based architecture, illuminated with insights that are applicable in virtually any enterprise data center. Drawing on decades of experience with enterprise customers, the authors cover every facet of deploying, configuring, operating, and troubleshooting NX-OS in today’s data center. You’ll find updated best practices for high availability, virtualization, security,
L2/L3 protocol and network support, multicast, serviceability, provision of networking and storage services, and more. Best of all, the authors present all the proven commands, sample configurations, and tips you need to apply these best practices in your data center.

Ron Fuller, CCIE No. 5851 (Routing and Switching/Storage Networking), Technical Marketing Engineer on Cisco’s Nexus 7000 team, specializes in helping customers design end-to-end data center architectures. Ron has 21 years of industry experience, including 7 at Cisco. He has spoken at Cisco Live on VDCs, NX-OS multicast, and general design.

David Jansen, CCIE No. 5952 (Routing/Switching), is a Cisco Technical Solutions Architect specializing in enterprise data center architecture. He has 20 years of industry experience, 15 of them at Cisco (6 as a solution architect); and has delivered several Cisco Live presentations on NX-OS and data center solutions.

Matthew McPherson, senior systems engineer and solutions architect for the Cisco Central Select Operation, specializes in data center architectures. He has 12 years of experience working with service providers and large finance and manufacturing enterprises, and possesses deep technical knowledge of routing, switching, and security.

  • Understand the NX-OS command line, virtualization features, and file system
  • Utilize the NX-OS comprehensive Layer 2/Layer 3 support: vPC, Spanning Tree Protocol, Cisco FabricPath, EIGRP, OSPF, BGP, HSRP, GLBP, and VRRP
  • Configure IP multicast with PIM, Auto-RP, and MSDP
  • Secure your network with CTS, SGTs, ACLs, CoPP, and DAI
  • Establish a trusted set of network devices with Cisco TrustSec
  • Maximize availability with ISSU, stateful process restart/switchover, and non-stop forwarding
  • Improve serviceability with SPAN, ERSPAN, configuration checkpoints/rollback, packet analysis, Smart Call Home, Python, and PoAP
  • Unify storage and Ethernet fabrics with FCoE, NPV, and NPIV
  • Take full advantage of Nexus 1000V in a virtualized environment
  • Achieve superior QoS with MQ CLI, queuing, and marking
  • Extend L2 networks across L3 infrastructure with Overlay Transport Virtualization (OTV)
  • Deliver on SLAs by integrating MPLS application components such as L3 VPNs, traffic engineering, QoS, and mVPN
  • Support mobility via the new Locator ID Separation Protocol (LISP)
  • Walk step-by-step through a realistic Nexus and NX-OS data center migration

Table of Contents

Foreword xxiii

Introduction xxiv

Chapter 1 Introduction to Cisco NX-OS 1

NX-OS Overview 1

    NX-OS Supported Platforms 3

    NX-OS Licensing 7

        Nexus 7000 7

        Nexus 5500 8

        Nexus 3000 8

        Nexus 2000 9

        Nexus 1000v 9

        Installing the NX-OS License File 9

    Cisco NX-OS and Cisco IOS Comparison 10

NX-OS User Modes 12

    EXEC Command Mode 12

    Global Configuration Command Mode 13

    Interface Configuration Command Mode 13

Management Interfaces 14

    Controller Processor (Supervisor Module) 15

    Connectivity Management Processor (CMP) 16

    Telnet 18

    SSH 19

    SNMP 23

    DCNM 26

Managing System Files 28

    File Systems 28

    Configuration Files: Configuration Rollback 33

    Operating System Files 35

Virtual Device Contexts 37

    VDC Configuration 43

    VDC Interface Allocation 46

        Interface Allocation: N7K-M132XP-12 and L 46

        Interface Allocation: N7K-F132XP-15 47

        Interface Allocation: N7K-M108X2-12L 48

        Interface Allocation: 10/100/1000 Modules 48

        Interface Allocation on M2 Modules 52

Troubleshooting 54

    show Commands 54

    debug Commands 55

Topology 56

Further Reading 57

Chapter 2 Layer 2 Support and Configurations 59

Layer 2 Overview 59

    Store-and-Forward Switching 60

    Cut-Through Switching 60

    Fabric Extension via the Nexus 2000 60

    Configuring Nexus 2000 Using Static Pinning 61

    Nexus 2000 Static Pinning Verification 62

    Configuring Nexus 2000 Using Port-Channels 66

    Nexus 2000 Static Pinning Verification 67

    Layer 2 Forwarding on a Nexus 7000 69

    L2 Forwarding Verification 70

VLANs 71

    Configuring VLANs 72

    VLAN Trunking Protocol 72

    Assigning VLAN Membership 73

    Verifying VLAN Configuration 74

Private VLANs 76

    Configuring PVLANs 77

    Verifying PVLAN Configuration 80

Spanning Tree Protocol 80

    Rapid-PVST+ Configuration 82

        Verifying Spanning Tree State for a VLAN 83

        Spanning Tree Timers 84

    MST Configuration 87

    Additional Spanning Tree Configuration 91

        Port Cost 91

        Port Priority 94

    Spanning Tree Toolkit 94

        BPDUGuard 94

        BPDUFilter 95

        RootGuard 96

        LoopGuard 97

        Dispute Mechanism 98

        Bridge Assurance 98

    Spanning Tree Port Types 99

    Virtualization Hosts 100

    Configuring Layer 2 Interfaces 100

        Trunk Ports 100

        Standard Host 101

        Link to Virtualization Host 101

        Port-Profiles 102

Port-Channels 103

    Assigning Physical Ports to a Port-Channel 104

    Port-Channel Flow Control 107

    Verifying Load Distribution Across a Port-Channel 108

Virtual Port-Channels 109

    vPC Peer-Gateway 116

    vPC Peer-Switch 116

    ARP Synchronization 117

Unidirectional Link Detection 118

Cisco FabricPath 119

    vPC+ 127

    Configuring vPC+ 127

Summary 133

Chapter 3 Layer 3 Support and Configurations 135


    EIGRP Operation 136

    Configuring EIGRP 137

    EIGRP Summarization 142

    EIGRP Stub Routing 145

    Securing EIGRP 147

    EIGRP Redistribution 149

OSPF 154

    OSPFv2 Configuration 154

    OSPF Summarization 160

    OSPF Stub Routing 163

    Securing OSPF 167

    OSPF Redistribution 169

    OSPFv3 Configuration 177

IS-IS 178

    IS-IS Configuration 178

BGP 183

    BGP Configuration 184

    BGP Neighbors 187

    Securing BGP 190

    BGP Peer Templates 192

    Advertising BGP Networks 194

    Modifying BGP Routing Metrics 197

    Verifying BGP-Specific Configuration 198

First Hop Redundancy Protocols 198

    HSRP 199

        HSRP Configuration 199

        HSRP Priority and Preempt 200

        Verifying the HSRP Configuration 201

        Securing HSRP 202

        HSRP Secondary Support 204

        HSRP Support for IPv6 204

    VRRP 205

        VRRP Configuration 205

        VRRP Priority and Preempt 207

        Verifying VRRP Configuration 208

        Securing VRRP 208

        VRRP Secondary Support 209

    HSRP, VRRP, and vPC Interactions 210

    GLBP 212

        GLBP Configuration 212

        GLBP Priority and Preempt 214

        Verifying GLBP Configuration 214

        Securing GLBP 215

        GLBP Secondary Support 218

Summary 220

Chapter 4 IP Multicast Configuration 221

Multicast Operation 221

    Multicast Distribution Trees 222

    Reverse Path Forwarding 225

    Protocol Independent Multicast (PIM) 225

    RPs 226

PIM Configuration on Nexus 7000 and Nexus 5500 227

    Configuring Static RPs 230

    Configuring BSRs 232

    Configuring Auto-RP 235

    Configuring Anycast-RP 237

    Configuring SSM and Static RPF 239

IGMP Operation 241

IGMP Configuration on Nexus 7000 242

IGMP Configuration on Nexus 5000 245

IGMP Configuration on Nexus 1000V 246

MSDP Configuration on Nexus 7000 248

Administrative Scoping of Multicast RPs in PIM 250

Configuring PIM Join and Prune Policies 252

Multicast and Control Plane Policing (CoPP) 253

Summary 253

Chapter 5 Security 255

Configuring RADIUS 256

    RADIUS Configuration Distribution 259

Configuring TACACS+ 266

    Enabling TACACS+ 266

        TACACS+ Configuration Distribution 267

        Configuring the Global TACACS+ Keys 268

        Configuring the TACACS+ Server Hosts 268

        Configuring TACACS+ Server Groups 269

        Configuring TACACS+ Source Interface 270

Configuring SSH 275

Cisco TrustSec 278

    Configuring AAA for Cisco TrustSec 281

        Defining Network Device Admission Control 282

        Configuring the Nexus 7000 for 802.1x and SGA Features 285

        SGT Assignment via ISE Server 288

        Policy Component: IP to SGT Mapping 290

        Policy Component: SGACL Creation 292

Configuring Cisco TrustSec: IEEE 802.1AE LinkSec 294

    Layer 2 Solutions Between Data Centers 301

Configuring IP ACLs 302

Configuring MAC ACLs 305

Configuring VLAN ACLs 307

Configuring Port Security 308

    Security Violations and Actions 311

Configuring DHCP Snooping 313

Configuring Dynamic ARP Inspection 316

    Dynamic ARP Inspection Trust State 317

Configuring IP Source Guard 321

Configuring Keychain Management 322

Configuring Traffic Storm Control 323

Configuring Unicast RPF 325

Configuring Control Plane Policing 327

Configuring Rate Limits 335

SNMPv3 340

Summary 347

Chapter 6 High Availability 349

Physical Redundancy 349

    Redundant Power Supplies 350

    Redundant Cooling System 352

    Redundant Supervisors 355

    Redundant Ethernet Out-of-Band (EOBC) 357

    Redundant Fabric Modules 357

Generic Online Diagnostics 358

    Bootup Diagnostics 359

    Runtime Diagnostics 360

    On-Demand Diagnostics 365

NX-OS High-Availability Architecture 365

Process Modularity 366

Process Restart 368

Stateful Switchover 369

Nonstop Forwarding 370

In-Service Software Upgrades 370

Summary 383

Chapter 7 Embedded Serviceability Features 385

SPAN 386

    SPAN on Nexus 7000 386

    Configuring SPAN on Nexus 7000 387

    SPAN on Nexus 5x00 392

    Configuring SPAN on Nexus 5x00 393

    SPAN on Nexus 1000V 397

    Configuring SPAN on Nexus 1000V 398

ERSPAN on Nexus 1000V 400

ERSPAN on Nexus 7000 406

ERSPAN on Nexus 5x00 412

Embedded Analyzer 414

Smart Call Home 424

    Smart Call Home Configuration 428

Configuration Checkpoint and Rollback on Nexus 7000 431

    Checkpoint Creation and Rollback 432

Configuration Checkpoint and Rollback on Nexus 5x00 434

    Checkpoint Creation and Rollback 435

NetFlow 437

    Configuring NetFlow on Nexus 7000 438

    Configuring NetFlow on Nexus 1000V 442

Network Time Protocol 444

Precision Time Protocol 445

IEEE 802.3az (Energy Efficient Ethernet) 447

Power On Auto-Provisioning 448

Python 449

Summary 454

Chapter 8 Unified Fabric 455

Unified Fabric Overview 455

Enabling Technologies 456

    10-Gigabit Ethernet 456

    Fibre Channel over Ethernet 458

    Single-Hop Fibre Channel over Ethernet 461

    Multhop Fibre Channel over Ethernet 462

    Storage VDC on Nexus 7000 463

N-Port Virtualization 465

    N-Port Identification Virtualization 466

    FCoE NPV Mode 466

Nexus 5x00 Unified Fabric Configuration 467

    Single-Hop FCoE Configuration: Nexus 5x00 469

    FCoE-NPV on Nexus 5x00 473

Nexus 7000 Unified Fabric Configuration 477

Summary 488

Chapter 9 Nexus 1000V 489

Hypervisor and vSphere Introduction 489

Nexus 1000V System Overview 490

Nexus 1000V Switching Overview 494

Nexus 1000V VSM Installation 496

    Nexus 1000V Deployed on Nexus 1010 Virtual Services Blade 497

        Registering the Nexus 1000V Plug-In to VMware Virtual Center Management Application 502

        Configuring the SVS Domain and Networking Characteristics 507

        Connecting the Nexus 1000V VSM to the vCenter Server 508

    Nexus 1000V Installation Management Center 510

    VEM Installation Option on the Nexus 1000V Management Installation Center 519

    vCenter Connection Option on the Nexus 1000V Management Installation Center 523

    Creating the Uplink Profile 526

    Adding the VEM to a ESX vSphere Host 528

    Enabling the Telnet Server Process 536

    Changing the VSM Hostname 536

    Layer 3 Control 536

1000V Port Profiles 542

Virtual Network Management Center 552

    Installing Virtual Network Management Center Software from OVA Downloaded from 553

    Adding the VM-Manager for vCenter Connectivity in VNMC Management Application 564

    Configuring the Cisco VNMC Policy-Agent on the 1000v VSM 570

Virtual Security Gateway 571

Install Virtual Security Gateway on the Nexus 1010 574

    Configuring the Cisco VNMC Policy-Agent on the VSG 577

    Verify That the VSG and VSM Are Registered Clients in VNMC 578

    Creating a Tenant in VMMC 579

Virtual Extensible LAN 602

    Deploying Virtual Extensible LAN 604

Nexus 1000v Network Analysis Module 629

    Installing Nexus 1000v Network Analysis Module 630

    Deploying the Nexus 1000v NAM as a Virtual Services Blade on the Nexus 1010 641

Summary 642

Chapter 10 Quality of Service (QoS) 643

QoS on Nexus 7000 646

    Forwarding Architecture 646

    Network-QoS Policies 648

    Queuing Policies 650

    QoS and Nexus 2000 Fabric Extenders 661

    QoS and Nexus 7000 Virtual Device Contexts 663

QoS on Nexus 5x00 663

    Forwarding Architecture 663

    Network-QoS Policies 664

    Queuing Policies 667

    QoS and Nexus 2000 Fabric Extenders 668

QoS on Nexus 1000V 670

    Forwarding Architecture 670

    Classification in Nexus 1000V 670

Summary 674

Chapter 11 Overlay Transport Virtualization (OTV) 675

OTV Terminology and Concepts 677

OTV Control Plane 682

Multicast-Enabled Transport Infrastructure 687

Unicast-Enabled Transport Infrastructure 691

OTV Data-Plane 695

Data-Plane Multicast Traffic 697

OTV and QoS 698

Failure Isolation 698

    STP Isolation 698

    Unknown Unicast Handling with OTV 699

    Broadcast Traffic Handling with OTV 699

Multihoming with OTV 700

    OTV and ARP 700

First-Hop Routing Protocol Localization 702

Inbound Path Optimization 705

Summary 707

Chapter 12 Layer 3 Virtualization and Multiprotocol Label Switching (MPLS) 709

Virtual Routing and Forwarding 709

    Predefined VRFs 710

    VRF Operational Commands 713

    VRF-Lite 713

MPLS Introduction 717

    MPLS Terminology 718

    LDP and Layer 3 VPNs 720

    Quality of Service 723

    Traffic Engineering 723

    MPLS and IPv6: 6PE and 6VPE 725

    Management and Troubleshooting 725

    High Availability 725

Nexus Hardware Requirements and NX-OS Licensing for MPLS and VRF 726

Summary 727

Chapter 13 LISP 729

LISP Overview 729

LISP Terminology 730

LISP Prerequisites 731

LISP Control Plane 732

LISP Data Plane 733

Communicating Between LISP and non-LISP Sites 735

LISP Host Mobility with an Extended Subnet Mode 736

LISP Deployment Best Practices 746

Summary 746

Chapter 14 Nexus Migration Case Study 749

Existing Environment 749

Design Goals 750

The Design 751

Migration Plan 752

Premigration Steps 752

Maintenance Window #1 754

Maintenance Window #1 Summary 760

Maintenance Window #2 760

Ongoing Maintenance Windows 788

Summary 788

Index 789


Cisco Press Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Cisco Press and its family of brands. I can unsubscribe at any time.


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Cisco Press products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.


Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.


This site is not directed to children under the age of 13.


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by Cisco Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive:

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020