Table Of Contents

Initial Configuration

Setup Utility (First Time Setup)

Global Configuration Parameters

Terminal CLI Access (SSHv2)

Hostname

Boot Variables

MOTD Login Banner

Password Strength-Check

Power Budget

Power Redundancy Mode

Powering Off Unused I/O and Fabric Modules

Cisco NX-OS Licensing

Installation Process

Summary Installation Steps:

Verifying the License Status

Backing Up a License File

Initial Configuration

---

This chapter provides Cisco NX-OS best practices that are that typically configured when a Cisco Nexus 7000 Series switch is powered up for the first time and the user is connected to the RS-232 console port on the active supervisor module.

This chapter includes the following sections:

•Setup Utility (First Time Setup)

•Global Configuration Parameters

•Power Budget

•Cisco NX-OS Licensing

Setup Utility (First Time Setup)

Introduced: Cisco NX-OS Release 4.0(1)

The Setup Utility is automatically executed when a Cisco Nexus 7000 chassis is powered up for the first time, or if the configuration is erased with the write erase command, and the chassis is reloaded (The Setup Utility can also be manually executed any time using the setup Exec command). The Setup Utility was created to assist the administrator with some initial configuration parameters, but is not required and can be bypassed if the administrator chooses to do so. The following table contains the parameters that can be configured using the Setup Utility. If the Setup Utility is bypassed, the value in the Default Value column will be automatically configured. The Initial Startup Parameters are always required.

Table 2-1 Required Initial Startup Parameters 

Initial Startup Parameter (Required)	Default Value
Enforce Secure Password Standard	yes
Admin Password	no default

Table 2-2 Optional Startup Utility 

Startup Utility (Optional)	Default Value
Create another login account	no
Configure read-only SNMP community string	no
Configure read-write SNMP community string	no
Enter switch name	no default
Enable License Grace Period	no
Out-of-band (mgmt0) management configuration	yes
Mgmt0 IPV4 address	no default
Mgmt0 IPv4 netmask	no default
Configure the default gateway	yes
IPv4 address of the default gateway	no default
Configure advanced IP options	no
Enable Telnet service	no
Enable SSH service	yes
Type of SSH Key (dsa/rsa)	RSA
Number of RSA Key bits	1024
Configure the NTP server	no
Configure the Default Interface Layer (L3/L2)	L3
Configure the default switchport interface state (shut/no shut)	shutdown
Configure best practices CoPP profile (strict/moderate/lenient/none)	strict
Configure CMP processor on current sup (Slot 5)	yes
CMP IPv4 address	no default
IPv4 address of the default gateway	no default
Configure CMP processor on current sup (Slot 6)	yes
CMP IPv4 address	no default
IPv4 address of the default gateway	no default

Global Configuration Parameters

This section provides Cisco NX-OS best practices that are recommended when configuring global parameters related to general system management.

Terminal CLI Access (SSHv2)

Introduced: Cisco NX-OS Release 4.0(1)

Cisco NX-OS software supports SSHv2 and Telnet for remote terminal CLI access. SSHv2 is enabled by default and is preferred since it increases security with encryption. If SSHv2 is disabled, it can be enabled with the feature ssh command (The feature ssh command is not displayed in the running-configuration when it is enabled). SSHv2 uses a 1024 bit RSA key by default. The ssh key command can be used to create a new or stronger RSA/DSA key. If a key is already configured, the force option can be used to overwrite the existing key.

n7000(config)# feature ssh

n7000(config)# ssh key rsa 2048

Note In Cisco NX-OS Release 4.0(1) SSHv2 was enabled with the service ssh command. It was changed to feature ssh in Cisco NX-OS Release 4.1(2).

Hostname

Introduced: Cisco NX-OS Release 4.0(1)

A recognizable hostname should be configured to identify the Cisco Nexus 7000 Series device when administrators access the CLI. If Virtual Device Contexts (VDCs) are configured, a unique hostname should be configured per VDC.

n7000(config)# hostname N7K-1-Core-L3

Boot Variables

Introduced: Cisco NX-OS Release 4.0(1)

Boot variables specify what version of Cisco NX-OS software boots after a system has been reloaded. The boot variables should always be configured to ensure the expected version of Cisco NX-OS software is booted if an unplanned chassis reload occurs. A kickstart and system image are required to properly boot a Cisco Nexus 7000 Series switch. (The image version numbers have to match.) Cisco NX-OS images can be booted from bootflash: or slot0: (bootflash: is recommended since the memory cannot be removed from the supervisor module). In the following example, Cisco NX-OS Release 5.1(1) kickstart and system boot variables are configured for both supervisor modules in the chassis (default behavior) since the sup-1 and sup-2 options have been omitted.

n7000(config)# boot kickstart bootflash:n7000-s1-kickstart.5.1.1.bin

n7000(config)# boot system bootflash:n7000-s1-dk9.5.1.1.bin

MOTD Login Banner

Introduced: Cisco NX-OS Release 4.0(1)

A Message Of The Day (MOTD) login banner is recommended to notify users they are attempting to log into a device. This banner will be displayed prior to the user authentication process and serves as a warning to deter unauthorized users from attempting to log in. The end delimiter character cannot be used within the contents of the banner. The following example uses a capital Z. (Production devices should have a more detailed disclaimer.)

n7000(config)# banner motd Z

Enter TEXT message. End with the character 'Z'.

> Authorized Access Only!

> Z

n7000(config)# 

Password Strength-Check

Introduced: Cisco NX-OS Release 4.1(2)

The Password Strength-Check feature is enabled by default to force users to configure secure passwords when configuring users in the local database for authentication. We recommend that you keep the Password Strength-Check feature enabled. If it is disabled, it can be enabled with the following global configuration command.

n7000(config)# password strength-check

Power Budget

Introduced: Cisco NX-OS Release 4.0(1)

The power budget can be monitored and managed using the show environmental power command. Cisco NX-OS Release 5.0(2a) introduced real-time power draw for the fan trays and all I/O modules released in Cisco NX-OS Release 5.x software. The configured power redundancy mode determines how the available power is allocated (See the next section for details on the power redundancy mode.)

n7000# show environment power

pow_reserved 4800

Power Supply:

Voltage: 50 Volts

Power                              Actual        Total

Supply    Model                    Output     Capacity    Status

                                  (Watts )     (Watts )

-------  -------------------  -----------  -----------  --------------

1        N7K-AC-6.0KW               786 W       6000 W     Ok

2        N7K-AC-6.0KW               830 W       6000 W     Ok

3        ------------                 0 W          0 W     Absent

                                   Actual        Power

Module    Model                     Draw    Allocated    Status

                                  (Watts )     (Watts )

-------  -------------------  -----------  -----------  --------------

3        N7K-M108X2-12L             395 W        650 W    Powered-Up

4        N7K-M108X2-12L             382 W        650 W    Powered-Up

5        N7K-SUP1                   N/A          210 W    Powered-Up

6        N7K-SUP1                   N/A          210 W    Powered-Up

Xb1      N7K-C7010-FAB-1            N/A           60 W    Powered-Up

Xb2      N7K-C7010-FAB-1            N/A           60 W    Powered-Up

Xb3      N7K-C7010-FAB-1            N/A           60 W    Powered-Up

Xb4      N7K-C7010-FAB-1            N/A           60 W    Powered-Up

Xb5      N7K-C7010-FAB-1            N/A           60 W    Powered-Up

fan1     N7K-C7010-FAN-S            116 W        720 W    Powered-Up

fan2     N7K-C7010-FAN-S            116 W        720 W    Powered-Up

fan3     N7K-C7010-FAN-F             11 W        120 W    Powered-Up

fan4     N7K-C7010-FAN-F             11 W        120 W    Powered-Up

N/A - Per module power not available

Power Usage Summary:

--------------------

Power Supply redundancy mode (configured)               Redundant

Power Supply redundancy mode (operational)              Redundant

Total Power Capacity (based on configured mode)               6000 W

Total Power of all Inputs (cumulative)                       12000 W

Total Power Output (actual draw)                              1616 W

Power Redundancy Mode

Introduced: Cisco NX-OS Release 4.0(1)

The recommended power redundancy mode will vary per Cisco Nexus 7000 Series chassis depending on the number of power supplies and the number of inputs and associated input voltage (110v/220v). Each redundancy mode provides different power allocations to allow the administrator to select the mode that is best suited for their installation. The default mode is ps-redundant, which is recommended for most installations. Use caution when configuring combined mode, since power redundancy will not be available for the chassis.

Table 2-3 Power Redundancy Mode

Redundancy Mode	Description
combined	This mode does not provide power redundancy for the chassis - All input power is available to the chassis. (Power is not reserved for backup as with the other modes)
insrc-redundant	Input Source (GRID) Redundancy - The available power is based on the lesser of the two grids through the power supplies. The difference (50%) is reserved for backup.
ps-redundant	Power Supply Redundancy - Provides an extra power supply in the event one fails or is removed from the chassis.
redundant	Input Source (GRID) + Power Supply Redundancy - The available power is the lesser of the available power for the power supply mode and input source voltage. The difference (50%) is reserved for backup.

n7000(config)# power redundancy-mode redundant

Powering Off Unused I/O and Fabric Modules

Introduced: Cisco NX-OS Release 4.0(1)

We recommend that you power off all I/O (Ethernet) and fabric modules that are not in use to reduce unnecessary power draw. We also recommend that you power off all I/O and fabric modules slots that are not installed to give the administrator control when powering them up. This reduces risk by preventing newly installed modules from powering up outside of a change control window.

n7000(config)# poweroff module 1

n7000(config)# poweroff xbar 4

n7000(config)# poweroff module 3 

NOTICE: module <3> status is either absent or not powered up (or denied)... Proceeding 
anyway

Cisco NX-OS Licensing

This section contains a brief explanation of the Cisco NX-OS licensing model and installation procedure. Always install all required licenses to avoid unnecessary network outages that can occur if a licensed feature is enabled and the grace period expires.

Installation Process

Introduced: Cisco NX-OS Release 4.0(1)

The Cisco NX-OS licensing model allows features to be enabled on a pay as you grow basis. When you purchase a Cisco NX-OS license, you obtain a license file based on the chassis host ID that gets installed on a specific chassis. (Cisco NX-OS software allows Layer-2 connectivity with basic Layer-3 functionality by default.) If you do not have a license for a specific feature, a 120-day grace period can be enabled using the global license grace-period configuration command. (The grace period is not recommended for production networks.) After 120 days, all features that are enabled that require a license that is not installed on the chassis are automatically removed from the running-configuration.

See the latest Cisco Nexus 7000 Series Licensing Configuration Guide for a list of features that are included with each license type.

When two supervisor modules are installed in a chassis, the chassis is the only component that requires a new license to be reissued and reinstalled if it is replaced. All other components including a supervisor module can be replaced without having to reissue or reinstall the license. If only one supervisor module is installed in a chassis, a new license will have to be reinstalled from a backup copy if the supervisor module or the chassis is replaced.

Licenses are installed per chassis in the default VDC (1). Installing a license is a non-disruptive procedure.

Summary Installation Steps:

1. Obtain the chassis host ID, which is used to generate the license, by entering the show license host-id command.

2. Locate the Product Authorization Key (PAK) and go to the Product License Registration web page on cisco.com

3. Follow the instructions to generate the license file and download it.

4. Transfer the license file the Cisco Nexus 7000 Series supervisor module (i.e. bootflash: or slot0:)

5. Install the license using the following install license Exec command.

n7000# install license bootflash:license_file.lic

Installing license  ..done

Verifying the License Status

Introduced: Cisco NX-OS Release 4.0(1)

The Cisco NX-OS license status can be verified using the following command.

n7000# show license usage

Feature                      Ins  Lic   Status Expiry Date Comments

                                 Count

--------------------------------------------------------------------------------

SCALABLE_SERVICES_PKG         No    -   Unused             -

TRANSPORT_SERVICES_PKG        No    -   Unused             -

LAN_ADVANCED_SERVICES_PKG     No    -   Unused             -

LAN_ENTERPRISE_SERVICES_PKG   No    -   Unused             -

--------------------------------------------------------------------------------

Backing Up a License File

Introduced: Cisco NX-OS Release 4.0(1)

You should always keep your license files in a safe location in the event they have to be reinstalled. If you don't have a license file for a particular chassis, you can create a backup copy for the chassis if it already has the license installed. Once the backup file is created, it should be transferred to safe location.

n7000# copy licenses bootflash:license_file.tar

Backing up license done