larger cover

Add To My Wish List

Register your product to gain access to bonus material or receive a coupon.

NX-OS and Cisco Nexus Switching: Next-Generation Data Center Architectures, 2nd Edition

Best Value Purchase

Book + eBook Bundle

  • Your Price: $75.59
  • List Price: $125.98
  • Includes EPUB and PDF
  • About eBook Formats
  • This eBook includes the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    Adobe Reader PDF The popular standard, used most often with the free Acrobat® Reader® software.

    This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

Individual Purchases


  • Your Price: $55.99
  • List Price: $69.99
  • Usually ships in 24 hours.

eBook (Watermarked)

  • Your Price: $44.79
  • List Price: $55.99
  • Includes EPUB and PDF
  • About eBook Formats
  • This eBook includes the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    Adobe Reader PDF The popular standard, used most often with the free Acrobat® Reader® software.

    This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

  • Description
  • Extras
  • Sample Content
  • Updates
  • Copyright 2013
  • Dimensions: 7-3/8" x 9-1/8"
  • Pages: 864
  • Edition: 2nd
  • Book
  • ISBN-10: 1-58714-304-6
  • ISBN-13: 978-1-58714-304-5

NX-OS and Cisco Nexus Switching

Next-Generation Data Center Architectures

Second Edition

The complete guide to planning, configuring, managing, and troubleshooting NX-OS in the enterprise–updated with new technologies and examples

Using Cisco Nexus switches and the NX-OS operating system, data center professionals can build unified core networks that deliver unprecedented scalability, resilience, operational continuity, flexibility, and performance. NX-OS and Cisco Nexus Switching, Second Edition, is the definitive guide to applying these breakthrough technologies in real-world environments. This extensively updated edition contains five new chapters addressing a wide range of new technologies, including FabricPath, OTV, IPv6, QoS, VSG, Multi-Hop FCoE, LISP, MPLS, Layer 3 on Nexus 5000, and Config sync. It also presents a start-to-finish, step-by-step case study of an enterprise customer who migrated from Cisco Catalyst to a Nexus-based architecture, illuminated with insights that are applicable in virtually any enterprise data center. Drawing on decades of experience with enterprise customers, the authors cover every facet of deploying, configuring, operating, and troubleshooting NX-OS in today’s data center. You’ll find updated best practices for high availability, virtualization, security,
L2/L3 protocol and network support, multicast, serviceability, provision of networking and storage services, and more. Best of all, the authors present all the proven commands, sample configurations, and tips you need to apply these best practices in your data center.

Ron Fuller, CCIE No. 5851 (Routing and Switching/Storage Networking), Technical Marketing Engineer on Cisco’s Nexus 7000 team, specializes in helping customers design end-to-end data center architectures. Ron has 21 years of industry experience, including 7 at Cisco. He has spoken at Cisco Live on VDCs, NX-OS multicast, and general design.

David Jansen, CCIE No. 5952 (Routing/Switching), is a Cisco Technical Solutions Architect specializing in enterprise data center architecture. He has 20 years of industry experience, 15 of them at Cisco (6 as a solution architect); and has delivered several Cisco Live presentations on NX-OS and data center solutions.

Matthew McPherson, senior systems engineer and solutions architect for the Cisco Central Select Operation, specializes in data center architectures. He has 12 years of experience working with service providers and large finance and manufacturing enterprises, and possesses deep technical knowledge of routing, switching, and security.

  • Understand the NX-OS command line, virtualization features, and file system
  • Utilize the NX-OS comprehensive Layer 2/Layer 3 support: vPC, Spanning Tree Protocol, Cisco FabricPath, EIGRP, OSPF, BGP, HSRP, GLBP, and VRRP
  • Configure IP multicast with PIM, Auto-RP, and MSDP
  • Secure your network with CTS, SGTs, ACLs, CoPP, and DAI
  • Establish a trusted set of network devices with Cisco TrustSec
  • Maximize availability with ISSU, stateful process restart/switchover, and non-stop forwarding
  • Improve serviceability with SPAN, ERSPAN, configuration checkpoints/rollback, packet analysis, Smart Call Home, Python, and PoAP
  • Unify storage and Ethernet fabrics with FCoE, NPV, and NPIV
  • Take full advantage of Nexus 1000V in a virtualized environment
  • Achieve superior QoS with MQ CLI, queuing, and marking
  • Extend L2 networks across L3 infrastructure with Overlay Transport Virtualization (OTV)
  • Deliver on SLAs by integrating MPLS application components such as L3 VPNs, traffic engineering, QoS, and mVPN
  • Support mobility via the new Locator ID Separation Protocol (LISP)
  • Walk step-by-step through a realistic Nexus and NX-OS data center migration

Online Sample Chapter

Cisco NX-OS and Cisco Nexus Switching: Unified Fabric

Sample Pages

Download the sample pages (includes Chapter 8 and Index)

Table of Contents

Foreword xxiii

Introduction xxiv

Chapter 1 Introduction to Cisco NX-OS 1

NX-OS Overview 1

NX-OS Supported Platforms 3

NX-OS Licensing 7

Nexus 7000 7

Nexus 5500 8

Nexus 3000 8

Nexus 2000 9

Nexus 1000v 9

Installing the NX-OS License File 9

Cisco NX-OS and Cisco IOS Comparison 10

NX-OS User Modes 12

EXEC Command Mode 12

Global Configuration Command Mode 13

Interface Configuration Command Mode 13

Management Interfaces 14

Controller Processor (Supervisor Module) 15

Connectivity Management Processor (CMP) 16

Telnet 18

SSH 19



Managing System Files 28

File Systems 28

Configuration Files: Configuration Rollback 33

Operating System Files 35

Virtual Device Contexts 37

VDC Configuration 43

VDC Interface Allocation 46

Interface Allocation: N7K-M132XP-12 and L 46

Interface Allocation: N7K-F132XP-15 47

Interface Allocation: N7K-M108X2-12L 48

Interface Allocation: 10/100/1000 Modules 48

Interface Allocation on M2 Modules 52

Troubleshooting 54

show Commands 54

debug Commands 55

Topology 56

Further Reading 57

Chapter 2 Layer 2 Support and Configurations 59

Layer 2 Overview 59

Store-and-Forward Switching 60

Cut-Through Switching 60

Fabric Extension via the Nexus 2000 60

Configuring Nexus 2000 Using Static Pinning 61

Nexus 2000 Static Pinning Verification 62

Configuring Nexus 2000 Using Port-Channels 66

Nexus 2000 Static Pinning Verification 67

Layer 2 Forwarding on a Nexus 7000 69

L2 Forwarding Verification 70

VLANs 71

Configuring VLANs 72

VLAN Trunking Protocol 72

Assigning VLAN Membership 73

Verifying VLAN Configuration 74

Private VLANs 76

Configuring PVLANs 77

Verifying PVLAN Configuration 80

Spanning Tree Protocol 80

Rapid-PVST+ Configuration 82

Verifying Spanning Tree State for a VLAN 83

Spanning Tree Timers 84

MST Configuration 87

Additional Spanning Tree Configuration 91

Port Cost 91

Port Priority 94

Spanning Tree Toolkit 94

BPDUGuard 94

BPDUFilter 95

RootGuard 96

LoopGuard 97

Dispute Mechanism 98

Bridge Assurance 98

Spanning Tree Port Types 99

Virtualization Hosts 100

Configuring Layer 2 Interfaces 100

Trunk Ports 100

Standard Host 101

Link to Virtualization Host 101

Port-Profiles 102

Port-Channels 103

Assigning Physical Ports to a Port-Channel 104

Port-Channel Flow Control 107

Verifying Load Distribution Across a Port-Channel 108

Virtual Port-Channels 109

vPC Peer-Gateway 116

vPC Peer-Switch 116

ARP Synchronization 117

Unidirectional Link Detection 118

Cisco FabricPath 119

vPC+ 127

Configuring vPC+ 127

Summary 133

Chapter 3 Layer 3 Support and Configurations 135


EIGRP Operation 136

Configuring EIGRP 137

EIGRP Summarization 142

EIGRP Stub Routing 145

Securing EIGRP 147

EIGRP Redistribution 149

OSPF 154

OSPFv2 Configuration 154

OSPF Summarization 160

OSPF Stub Routing 163

Securing OSPF 167

OSPF Redistribution 169

OSPFv3 Configuration 177

IS-IS 178

IS-IS Configuration 178

BGP 183

BGP Configuration 184

BGP Neighbors 187

Securing BGP 190

BGP Peer Templates 192

Advertising BGP Networks 194

Modifying BGP Routing Metrics 197

Verifying BGP-Specific Configuration 198

First Hop Redundancy Protocols 198

HSRP 199

HSRP Configuration 199

HSRP Priority and Preempt 200

Verifying the HSRP Configuration 201

Securing HSRP 202

HSRP Secondary Support 204

HSRP Support for IPv6 204

VRRP 205

VRRP Configuration 205

VRRP Priority and Preempt 207

Verifying VRRP Configuration 208

Securing VRRP 208

VRRP Secondary Support 209

HSRP, VRRP, and vPC Interactions 210

GLBP 212

GLBP Configuration 212

GLBP Priority and Preempt 214

Verifying GLBP Configuration 214

Securing GLBP 215

GLBP Secondary Support 218

Summary 220

Chapter 4 IP Multicast Configuration 221

Multicast Operation 221

Multicast Distribution Trees 222

Reverse Path Forwarding 225

Protocol Independent Multicast (PIM) 225

RPs 226

PIM Configuration on Nexus 7000 and Nexus 5500 227

Configuring Static RPs 230

Configuring BSRs 232

Configuring Auto-RP 235

Configuring Anycast-RP 237

Configuring SSM and Static RPF 239

IGMP Operation 241

IGMP Configuration on Nexus 7000 242

IGMP Configuration on Nexus 5000 245

IGMP Configuration on Nexus 1000V 246

MSDP Configuration on Nexus 7000 248

Administrative Scoping of Multicast RPs in PIM 250

Configuring PIM Join and Prune Policies 252

Multicast and Control Plane Policing (CoPP) 253

Summary 253

Chapter 5 Security 255

Configuring RADIUS 256

RADIUS Configuration Distribution 259

Configuring TACACS+ 266

Enabling TACACS+ 266

TACACS+ Configuration Distribution 267

Configuring the Global TACACS+ Keys 268

Configuring the TACACS+ Server Hosts 268

Configuring TACACS+ Server Groups 269

Configuring TACACS+ Source Interface 270

Configuring SSH 275

Cisco TrustSec 278

Configuring AAA for Cisco TrustSec 281

Defining Network Device Admission Control 282

Configuring the Nexus 7000 for 802.1x and SGA Features 285

SGT Assignment via ISE Server 288

Policy Component: IP to SGT Mapping 290

Policy Component: SGACL Creation 292

Configuring Cisco TrustSec: IEEE 802.1AE LinkSec 294

Layer 2 Solutions Between Data Centers 301

Configuring IP ACLs 302

Configuring MAC ACLs 305

Configuring VLAN ACLs 307

Configuring Port Security 308

Security Violations and Actions 311

Configuring DHCP Snooping 313

Configuring Dynamic ARP Inspection 316

Dynamic ARP Inspection Trust State 317

Configuring IP Source Guard 321

Configuring Keychain Management 322

Configuring Traffic Storm Control 323

Configuring Unicast RPF 325

Configuring Control Plane Policing 327

Configuring Rate Limits 335

SNMPv3 340

Summary 347

Chapter 6 High Availability 349

Physical Redundancy 349

Redundant Power Supplies 350

Redundant Cooling System 352

Redundant Supervisors 355

Redundant Ethernet Out-of-Band (EOBC) 357

Redundant Fabric Modules 357

Generic Online Diagnostics 358

Bootup Diagnostics 359

Runtime Diagnostics 360

On-Demand Diagnostics 365

NX-OS High-Availability Architecture 365

Process Modularity 366

Process Restart 368

Stateful Switchover 369

Nonstop Forwarding 370

In-Service Software Upgrades 370

Summary 383

Chapter 7 Embedded Serviceability Features 385

SPAN 386

SPAN on Nexus 7000 386

Configuring SPAN on Nexus 7000 387

SPAN on Nexus 5x00 392

Configuring SPAN on Nexus 5x00 393

SPAN on Nexus 1000V 397

Configuring SPAN on Nexus 1000V 398

ERSPAN on Nexus 1000V 400

ERSPAN on Nexus 7000 406

ERSPAN on Nexus 5x00 412

Embedded Analyzer 414

Smart Call Home 424

Smart Call Home Configuration 428

Configuration Checkpoint and Rollback on Nexus 7000 431

Checkpoint Creation and Rollback 432

Configuration Checkpoint and Rollback on Nexus 5x00 434

Checkpoint Creation and Rollback 435

NetFlow 437

Configuring NetFlow on Nexus 7000 438

Configuring NetFlow on Nexus 1000V 442

Network Time Protocol 444

Precision Time Protocol 445

IEEE 802.3az (Energy Efficient Ethernet) 447

Power On Auto-Provisioning 448

Python 449

Summary 454

Chapter 8 Unified Fabric 455

Unified Fabric Overview 455

Enabling Technologies 456

10-Gigabit Ethernet 456

Fibre Channel over Ethernet 458

Single-Hop Fibre Channel over Ethernet 461

Multhop Fibre Channel over Ethernet 462

Storage VDC on Nexus 7000 463

N-Port Virtualization 465

N-Port Identification Virtualization 466

FCoE NPV Mode 466

Nexus 5x00 Unified Fabric Configuration 467

Single-Hop FCoE Configuration: Nexus 5x00 469

FCoE-NPV on Nexus 5x00 473

Nexus 7000 Unified Fabric Configuration 477

Summary 488

Chapter 9 Nexus 1000V 489

Hypervisor and vSphere Introduction 489

Nexus 1000V System Overview 490

Nexus 1000V Switching Overview 494

Nexus 1000V VSM Installation 496

Nexus 1000V Deployed on Nexus 1010 Virtual Services Blade 497

Registering the Nexus 1000V Plug-In to VMware Virtual Center Management Application 502

Configuring the SVS Domain and Networking Characteristics 507

Connecting the Nexus 1000V VSM to the vCenter Server 508

Nexus 1000V Installation Management Center 510

VEM Installation Option on the Nexus 1000V Management Installation Center 519

vCenter Connection Option on the Nexus 1000V Management Installation Center 523

Creating the Uplink Profile 526

Adding the VEM to a ESX vSphere Host 528

Enabling the Telnet Server Process 536

Changing the VSM Hostname 536

Layer 3 Control 536

1000V Port Profiles 542

Virtual Network Management Center 552

Installing Virtual Network Management Center Software from OVA Downloaded from 553

Adding the VM-Manager for vCenter Connectivity in VNMC Management Application 564

Configuring the Cisco VNMC Policy-Agent on the 1000v VSM 570

Virtual Security Gateway 571

Install Virtual Security Gateway on the Nexus 1010 574

Configuring the Cisco VNMC Policy-Agent on the VSG 577

Verify That the VSG and VSM Are Registered Clients in VNMC 578

Creating a Tenant in VMMC 579

Virtual Extensible LAN 602

Deploying Virtual Extensible LAN 604

Nexus 1000v Network Analysis Module 629

Installing Nexus 1000v Network Analysis Module 630

Deploying the Nexus 1000v NAM as a Virtual Services Blade on the Nexus 1010 641

Summary 642

Chapter 10 Quality of Service (QoS) 643

QoS on Nexus 7000 646

Forwarding Architecture 646

Network-QoS Policies 648

Queuing Policies 650

QoS and Nexus 2000 Fabric Extenders 661

Cisco Press Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Cisco Press and its family of brands. I can unsubscribe at any time.


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Cisco Press products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.


Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.


This site is not directed to children under the age of 13.


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by Cisco Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive:

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020