Migrating to Nexus 7000 from Catalyst 6500 and 4500 Switches
Posted by: Carole Warner Reece
on Apr 1, 2010 
Note: This is an older version of my command summary, the updated version is available at Migrating to Nexus 7000 from Catalyst 6500 and 4500 Switches as of NX-OS 6.0.
I've been looking at migrating some customers' Catalyst 4500 and Catalyst 6500 switches to Nexus 7000 switches. I thought I would write up a comparison of common commands as an aid for the networking team.
Overall, the fundamental NX-OS 4.x CLI commands in are pretty similar to the 12.2 IOS CLI on Catalyst 4500 and 6500s. You can also use the "?" to get help and prompts, commands can be abbreviated, and the [Tab] key will auto-fill in unambiguous commands.
Some caveats: NX-OS does not support all the features of IOS, for example, acting as a DHCP server and NTP authentication.
IOS Commands (Nexus NX-OS Commands when different) |
Function |
| show version | Displays information about the currently running system software image and an overview of the installed hardware. |
| show module | Displays information about the installed modules including module number, module type, number of ports on each module, module MAC addresses, and the module status. |
| router(config)#do show command router(config)#show command ! or router(config)#do show command |
View existing configuration information from the configuration command prompt using show commands. Note: For NX-OS, the [Tab] key and "?" will work for Exec mode commands inside of configuration mode. The use of "do" in NX-OS is currently working, but is not documented. |
| router(config)# do Exec-command router(config)# Exec-command ! or router(config)#do Exec-command |
View existing configuration information from the configuration command prompt. Note: For NX-OS, the [Tab] key and "?" will work for Exec mode commands inside of configuration mode. The use of "do" in NX-OS is currently working, but is not documented. |
| reload | Reloads the operating system for the entire device Note: For the Nexus 7000, this command works only in the default VDC. |
|
! 6500 reload module mod-# |
Reloads a module in the device by turning power off then on. Note: For the Nexus 7000, this command works only in the default VDC |
| service timestamps [debug | log] [uptime | datetime [msec]] [localtime] [show-timezone] [year] debug logging logging timestamp {microseconds | milliseconds | seconds} |
Apply a time stamp to debugging messages or system logging messages. Note: In NX-OS, to enable debug logging configure 'debug logging' command. NX-OS does not have as many options for timestamps. |
| service password-encryption ! No equivalent NX-OS command |
Note: By default, NX-OS encrypts plain text passwords and enables password strength checking. |
|
logging buffered [discriminator discr-name] [buffer-size] [severity-level]
|
Enable system message logging to a local buffer |
| username name {nopassword | password password | password encryption-type encrypted-password} username user-id [password [0 | 5] password ] |
Create and configure a user account. Note: By default, NX-OS encrypts plain text passwords and enables password strength checking. |
| aaa new-model aaa authentication login default group tacacs+ local aaa authentication login console none aaa authentication enable default none aaa authentication ppp default local aaa accounting exec default start-stop group tacacs+ aaa accounting commands 0 -15 start-stop group tacacs+ aaa accounting commands 15 default start-stop group tacacs+ aaa session-id common aaa authentication login default group tacacs+ local aaa authentication login console none aaa user default-role aaa accounting default group tacacs+ |
Configuring AAA. Note: Not all commands are supported on the NX-OS. |
|
clock timezone zone hours-offset [minutes-offset] |
Configure the time zone offset from Coordinated Universal Time (UTC) as well as daylight savings time. |
| ip subnet-zero no ip source-route no ip bootp server ! No equivalent NX-OS command |
These commands are not available in NX-OS. |
| no ip domain-lookup ip domain-name [vrf vrf-name] name no ip domain-lookup ip domain-name domain-name [use-vrf name] |
Disable DNS lookup feature and configure a domain name. |
| ip ssh time-out seconds ip ssh authentication-retries tries ip ssh version 2ip feature ssh ssh key {dsa [force] | rsa [length [force]]} |
Enable an SSH server. Note: The Cisco NX-OS commands for SSH are different from the Cisco IOS commands. NX-OS software supports only SSHv2. |
| power redundancy-mode {redundant | combined} power redundancy-mode {combined | insrc-redundant | ps-redundant | redundant} |
Configure the power supply redundancy mode |
|
! 6500 |
Powers off a module from configuration mode. |
| redundancy mode sso main-cpu auto-sync standard ! No equivalent NX-OS command |
Configure CPU redundancy. Note: : The Nexus 7000 supports dual supervisor modules to provide 1+1 redundancy for the control and management plane. Only one of the supervisor modules is active at any given time, while the other acts as a standby backup. No configuration commands are needed. |
| spanning-tree mode [pvst | mst | rapid-pvst] spanning-tree mode [rapid-pvst | mst] |
Default mode for IOS is PVST; default mode for NX-OS is RPVST. Note: When you enter the command, all STP instances are stopped for the previous mode and are restarted in the new mode. |
| spanning-tree extend system-id ! No equivalent NX-OS command |
Enable the extended system ID feature on a chassis that supports 1024 MAC addresses. Note: NX-OS does not use this command, the extended system ID is always automatically enabled in NX-OS devices. |
| spanning-tree vlan vlan-id priority value | Set the STP bridge priority |
| vlan internal allocation policy ascending ! No equivalent NX-OS command |
Configure the internal VLAN allocation scheme. Note: NX-OS does not support this command. |
|
interface type slot/number |
Configure a Layer 2 access port. Note: NX-OS uses "Ethernet" as the type for all FastEthernet / GigabitEthernet / Ten Gigabit Ethernet interfaces. The VLAN in the vlan-id needs to be created so that the interface will come up. |
| interface type slot/number switchport switchport mode trunk [switchport trunk allowed vlan vlan-id] switchport trunk encapsulation [isl | dot1 | negotiate] [switchport trunk allowed vlan add vlan-id] [speed {10 | 100 | 1000 | auto [10 | 100 | 1000] | nonegotiate}] interface type slot/number switchport switchport mode trunk [switchport trunk allowed vlan vlan-id] [switchport trunk allowed vlan add vlan-id] [speed {10 | 100 | 1000 | auto [10 | 100 | 1000 ] | 10000 | auto}] |
Configure a Layer 2 trunk port. Note: NX-OS only supports 802.1Q encapsulation. |
| vlan vlan-# interface vlan-# no shutdown vlan vlan-# feature interface-vlan interface vlan-# no shutdown |
Configure a VLAN interface Note: In NX-OS, the interface-vlan feature needs to be enabled before an interface VLAN can be configured. The VLAN needs to be defined as well for the interface to come up. |
|
|
Configure a Layer 2 LACP port channel. Note: In NX-OS, the LACP feature needs to be enabled before it can be used. |
| vtp domain domain-name | Configure the VTP domain name |
| vtp {server | client | transparent} vtp mode transparent |
Configure the VTP mode. Note: NX-OS only support VTP transparent mode. |
| udld {enable | aggressive} feature udld |
Enable UDLD globally on a device. |
| ip route prefix mask next-hop-address ip route ip-prefix/length next-hop-address |
Configure static routes. |
| ip access-list extended access-list-name [sequence-number] {permit | deny} protocol source source-wildcard destination destination-wildcard . . . ip access-list access-list-name [sequence-number] {permit | deny} protocol source destination . . . |
Create or configure an IPv4 ACL Note: NX-OS supports one type of IPv4 ACL which is similar to the named extended ACL in IOS. |
|
ip access-list resequence access-list-name starting-sequence-number increment
resequence access-list-type access-list access-list-name starting-sequence-number increment |
Resequence an ACL. |
| router eigrp as-number feature EIGRP router eigrp instance-tag [autonomous-system as-number] |
Configure EIGRP routing. Note: In NX-OS, the EIGRP feature needs to be enabled before it can be used. You can use any case-sensitive alphanumeric string up to 20 characters as an instance tag. If you configure an instance-tag that does not qualify as an AS number, you must use the autonomous-system command to configure the AS number explicitly or this EIGRP instance will remain in the shutdown state |
| router(config-router)# network ip-address [wildcard-mask] interface type slot/number ip address ip-prefix/length ip router eigrp instance-tag |
Configure a network in EIGRP. |
| router ospf process-id feature OSPF router ospf instance-tag |
Configure OSPF routing. Note: In NX-OS, the OSPF feature needs to be enabled before it can be used. The instance-tag is locally assigned and can be any alphanumeric string or positive integer. |
| router(config-router)# network ip-address wildcard-mask area area-id interface type slot/number ip address ip-prefix/length ip router ospf instance-tag area area-id |
Configure a network in OSPF. Note: For NX-OS, a network is configured in OSPF by associating it through an interface the router uses to connect to the area. |
| interface type slot/number ip address ip-address mask ip helper-address ip-address standby [group-number] ip ip-address standby [group-number] timers hellotime holdtime standby [group-number] priority priority standby [group-number] prempt feature hsrp ip dhcp relay interface type slot/number ip address ip-prefix/length ip dhcp relay address ip-address hsrp group-number ip ip-address timers hellotime holdtime priority priority prempt |
Configure HSRP with an IP helper address to a DHCP server. Different command syntax is used. NX-OS also uses 'hsrp' as keyword, while IOS uses 'standby'. Note: In NX-OS, the HSRP feature needs to be enabled before it can be used. To use the DHCP relay, DHCP services also has to be enabled. The HSRP holdtime needs to be at least 3x the hello time. NX-OS uses CIDR notation for IP addresses, but can accept the ip-address mask format as well. Prior to NX-OS 4.2(1), the service dhcp command enabled the DHCP Relay feature. In NX-OS 4.2(1) the command was changed to ip dhcp relay. |
| ip dhcp pool name ! No equivalent NX-OS command |
Configure a Dynamic Host Configuration Protocol (DHCP) address pool on a DHCP server. Note: The NX-OS supports DHCP snooping, and DHCP relay, but does not support acting as a DHCP server. |
| ip multicast-routing feature PIM |
Enable IP multicast routing |
| ipv6 unicast-routing interface type slot/number ipv6 address ipv6-prefix/prefix-length eui-64 interface type slot/number ipv6 address ipv6-prefix/prefix-length eui-64 |
Enable IPv6 traffic forwarding on an interface. Note: NX-OS does NOT need to enable IPv6 routing globally. |
| ntp server ip-address ntp enable ntp server host [prefer] |
Configure NTP. |
|
ntp authenticate ! No equivalent NX-OS command |
Configure NTP authentication options. Note: NX-OS does not currently support NTP authentication keys. |
monitor session session-# source interface type slot/number monitor session session-# destination interface type slot/number interface type slot/number switchport switchport monitor [ingress | learning] monitor session session-number description description source interface type slot/number destination interface type slot/number |
Enable SPAN sessions on interfaces or VLANs |
| snmp-server community RW-string RW acl-# snmp-server community RO-string RO acl-# snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps tty snmp-server enable traps entity snmp-server enable traps port-security snmp-server enable traps config snmp-server host ip-address string snmp ifmib ifindex persist snmp-server community RW-string RW snmp-server community RO-string RO snmp-server community RW-string use-acl acl-name snmp-server community RO-string use-acl acl-name snmp-server enable traps snmp authentication snmp-server enable traps link snmp-server enable traps entity snmp-server host ip-address string |
Enable common SNMP options. Note: NX-OS syntax differs. |
| tacacs-server host ip-address tacacs-server directed-request tacacs-server key [0 | 7] key feature tacacs+ tacacs-server host ip-address tacacs-server directed-request tacacs-server key [0 | 7] key |
Configure TACACS+ server |
I hope this gives you a useful overview of some common configuration and verification commands you may need when migrating.
Three useful Cisco documentation links for further information:
http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_1/nx-os/master/index/master_index.html
http://www.cisco.com/en/US/products/ps9402/products_installation_and_configuration_guides_list.html
http://docwiki.cisco.com/wiki/Cisco_Nexus_7000_NX-OS/IOS_Comparison_Tech_Notes <-- just found this, includes multiple articles comparing Cisco NX-OS and Cisco IOS features.
-- cwr
ps - Some earlier articles that might also be helpful:
Feature Comparison of the Nexus 7000 and Catalyst 6500 Series Switches
Comments (16)
Subscribe to this comment's feed
written by Carole Warner Reece, June 26, 2010
Hi David -
Thanks for the nice follow-up!
Some quick comments on your additional commands:
ip classless
! this command is not needed, and is not supported in NX-OS
no ip forward-protocol udp netbios-dgm
! This command is not supported in NX-OS. I think the closest match is with the operation of the NX-OS DHCP-Relay command
ip dchp relay address which maps to the ip helper-address command in Cisco IOS Software. However, in NX-OS, only packets destined to User Datagram (UDP) port 67 (Bootps) and 68 (Bootpc) are forwarded by the relay, as compared to Cisco IOS which forwards additional protocols (Trivial File Transfer Protocol [TFTP], Domain Name System [DNS], Time, NetBios, and Neighbor Discovery).
ip route 2.2.2.1 255.255.255.255 10.36.4.253
! you can enter this command, but the NX-OS format will be
ip route 2.2.2.1/32 10.36.4.253
I hope this helps!
Carole
Thanks for the nice follow-up!
Some quick comments on your additional commands:
ip classless
! this command is not needed, and is not supported in NX-OS
no ip forward-protocol udp netbios-dgm
! This command is not supported in NX-OS. I think the closest match is with the operation of the NX-OS DHCP-Relay command
ip dchp relay address which maps to the ip helper-address command in Cisco IOS Software. However, in NX-OS, only packets destined to User Datagram (UDP) port 67 (Bootps) and 68 (Bootpc) are forwarded by the relay, as compared to Cisco IOS which forwards additional protocols (Trivial File Transfer Protocol [TFTP], Domain Name System [DNS], Time, NetBios, and Neighbor Discovery).
ip route 2.2.2.1 255.255.255.255 10.36.4.253
! you can enter this command, but the NX-OS format will be
ip route 2.2.2.1/32 10.36.4.253
I hope this helps!
Carole
-
- +0
-
-
written by Babu, August 23, 2010
Hi,
planning to migrate 6513 to nexus 7000, is there any possibility of converting the ios config to nxos .
it is manually done or is there any conversion tool
planning to migrate 6513 to nexus 7000, is there any possibility of converting the ios config to nxos .
it is manually done or is there any conversion tool
-
- +0
-
-
written by Run2dmoon, September 04, 2010
Hi Carole,
I am still waiting to get my hands on a Nexus. But would you know if HSRP would work between Cat 4500/6500 and a Nexus 7k NX-OS? They seem to have different set of commands.
Regards.
I am still waiting to get my hands on a Nexus. But would you know if HSRP would work between Cat 4500/6500 and a Nexus 7k NX-OS? They seem to have different set of commands.
Regards.
-
- +0
-
-
written by Carole Warner Reece, September 04, 2010
It's been some time, but I recall having tested that HSRP does indeed work between 4500/6500 IOS and NX-OS. To align the default standby group (which is 0) on Cisco IOS w/ NX-OS, you need to configure the group-number as 0, as in HSRP 0.
-
- +3
-
-
written by Carole Warner Reece, September 04, 2010
I have not seen any published tools. For various customers, we've done some custom scripting w/ Perl and Excel to map from one type of config to another.
-
- +0
-
-
written by Curious Yellow, June 13, 2011
Could be worth adding the equivalent for redundancy force switchover (system switchover) on the Nexus and the show redundancy (sh redundancy status or show system redundancy status on the Nexus). Spent some time trying to find this info on Google/Cisco!
-
- +0
-
-
written by JohnT, June 28, 2011
Your document and links are very help, this is very gracious and kind of you.
JT
JT
-
- +0
-
-
written by John Marshall, June 29, 2011
I can get basic hsrp between a svi on my nexus and 6500. However I can't seem to use md5 authentication. Is the hashing different between the two?. If so is there a way to use MD5 for hsrp authetication?.
-
- +0
-
-
written by abuemran, October 03, 2011
we are in the middle of upgrading our core 4507r to either nx 7k or cat 6506e..
does nx7 k have equivalent command for port-channel?..
does nx7 k have equivalent command for port-channel?..
-
- +0
-
-
written by Carole Warner Reece, October 12, 2011
Abuemran -
Sure, port-channel is even listed in the table.
After you enable feature LACP you can configure interface port-channel channel-#
Carole
Sure, port-channel is even listed in the table.
After you enable feature LACP you can configure interface port-channel channel-#
Carole
-
- +0
-
-
written by Networkingfolks, November 16, 2011
Hi,
I am looking for an equivalent command in NX-OS. In IOS command is "spanning-tree portfast disable" at interface level to disable STP on that particular interface. Any ideas ?
Thanks,
Amit
I am looking for an equivalent command in NX-OS. In IOS command is "spanning-tree portfast disable" at interface level to disable STP on that particular interface. Any ideas ?
Thanks,
Amit
-
- -1
-
-
written by Carole Warner Reece, November 16, 2011
The command "spanning-tree portfast disable" is used to explicitly disable PortFast mode for a given port, which is definitely not the same as disabling STP on the port. The command is used to disable for an interface the global command "spanning-tree portfast default". PortFast mode immediately places an interface into the forwarding state upon link up.
To remove the PortFast behavior in NX-OS you would use the "spanning-tree port type normal" command.
To remove the PortFast behavior in NX-OS you would use the "spanning-tree port type normal" command.
-
- +0
-
-
written by Daren Fulwell, November 23, 2011
Hi Carole
Thanks for the resource, v useful.
V5.2.1 of the 7K NX-OS now supports NTP serving and authentication keys: have you any experience with it? We only seem able to serve NTP from the 7Ks to connected subnets and not routed ones and are wondering if it's just us?!
Rgds, Daren.
Thanks for the resource, v useful.
V5.2.1 of the 7K NX-OS now supports NTP serving and authentication keys: have you any experience with it? We only seem able to serve NTP from the 7Ks to connected subnets and not routed ones and are wondering if it's just us?!
Rgds, Daren.
-
- +0
-
-
written by Carole Warner Reece, November 27, 2011
Reading the docs says 'Beginning with Cisco NX-OS Release 5.2, the Cisco NX-OS device can use NTP to distribute time. Other devices can configure it as a time server.'
I see that the guidelines and restrictions mention 'If you configure NTP in a VRF, ensure that the NTP server and peers can reach each other through the configured VRFs.'
If your clients can reach the NTP server IP address, they should be able to be use the N7K as their ntp server. So unless there is an ACL in the way, if the NTP config is correct, it sounds like a bug.
(I will test this in the lab when I get a chance...)
Carole
I see that the guidelines and restrictions mention 'If you configure NTP in a VRF, ensure that the NTP server and peers can reach each other through the configured VRFs.'
If your clients can reach the NTP server IP address, they should be able to be use the N7K as their ntp server. So unless there is an ACL in the way, if the NTP config is correct, it sounds like a bug.
(I will test this in the lab when I get a chance...)
Carole
-
- +0
-
-
Write comment
I just want to take a moment, not only to acknowledge the fantastic work that you have done with the Cat6k to Nexus migrating summary, but what a huge resource you are, to me at least.
I am the lead (team of 1) getting ready for an upgrade replacing the Cat6k. I have been rewriting the configuration, but what I have not seen thus far anywhere is static routing conversion. For example, I have the following in the Cat6k and wanted to check with you whether there are no changes in the Nexus world. Please let me know your thoughts on the below. Thanks much, Carole.
ip classless
no ip forward-protocol udp netbios-dgm
ip route 2.2.2.1 255.255.255.255 10.36.4.253
-David