SNMPv1: Simple community-string based access.
SNMPv2c: RFC 2575-based group access that can be tied into RBAC model.
SNMPv3: Enables for two independent security mechanisms, authentication (Hashed Message Authentication leveraging either Secure Hash Algorithm [SHA-1] or Message Digest 5 [MD5] algorithms) and encryption (Data Encryption Standard [DES] as the default and Advanced Encryption Standard [AES]) to ensure secure communication between NMS station and N7K/NX-OS. Both mechanisms are implemented as demonstrated in Example 1-8.
As NX-OS is truly modular and highly available, the NX-OS implementation of SNMP supports stateless restarts for SNMP. NX-OS has also implemented virtualization support for SNMP; NX-OS supports one instance of SNMP per virtual device context (VDC). SNMP is also VRF-aware, which allows you to configure SNMP to use a particular VRF to reach the network management host.
Example 1-8 demonstrates how to enable SNMPv3 on NX-OS.
Example 1-8 Enabling SNMPv3 on NX-OS
N7010-1# conf tEnter configuration commands, one per line. End with CNTL/Z.N7010-1(config)# snmp-server user NMS auth sha Cisc0123! priv Cisc0123! engineID00:00:00:63:00:01:00:10:20:15:10:03N7010-1(config)# snmp-server host 10.100.22.254 informs version 3 auth NMSN7010-1(config)# snmp-server community public roN7010-1(config)# snmp-server community nxos rwN7010-1(config)# show snmpsys contact:sys location:0 SNMP packets input 0 Bad SNMP versions 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get-request PDUs 0 Get-next PDUs 0 Set-request PDUs 0 No such name PDU 0 Bad value PDU 0 Read Only PDU 0 General errors 0 Get Responses45 SNMP packets output 45 Trap PDU 0 Too big errors 0 No such name errors 0 Bad values errors 0 General errors 0 Get Requests 0 Get Next Requests 0 Set Requests 0 Get Responses 0 Silent dropsCommunity Group / Access context acl_filter--------- -------------- ------- ----------nxos network-adminpublic network-operator______________________________________________________________ SNMP USERS______________________________________________________________User Auth Priv(enforce) Groups____ ____ _____________ ______admin md5 des(no) network-adminnxos-admin sha des(no) network-operator______________________________________________________________ NOTIFICATION TARGET USERS (configured for sending V3 Inform)______________________________________________________________User Auth Priv____ ____ ____NMS sha des(EngineID 0:0:0:63:0:1:0:10:20:15:10:3)SNMP Tcp Authentication Flag : Enabled.-----------------------------------------------------------------------------------Port Monitor : enabled-----------------------------------------------------------------------------------Policy Name : defaultAdmin status : Not ActiveOper status : Not ActivePort type : All Ports-----------------------------------------------------------------------------------Counter Threshold Interval Rising Threshold event Falling Threshold event In Use------- --------- -------- ---------------- ----- ------------------ --Link Loss Delta 60 5 4 1 4 YesSync Loss Delta 60 5 4 1 4 YesProtocol Error Delta 60 1 4 0 4 YesSignal Loss Delta 60 5 4 1 4 YesInvalid Words Delta 60 1 4 0 4 YesInvalid CRC’s Delta 60 5 4 1 4 YesRX Performance Delta 60 2147483648 4 524288000 4 YesTX Performance Delta 60 2147483648 4 524288000 4 Yes-----------------------------------------------------------------------------------SNMP protocol : Enabled-------------------------------------------------------------------Context [Protocol instance, VRF, Topology]N7010-1# show snmp user______________________________________________________________ SNMP USERS______________________________________________________________User Auth Priv(enforce) Groups____ ____ _____________ ______admin md5 des(no) network-adminnxos-admin sha des(no) network-operator______________________________________________________________ NOTIFICATION TARGET USERS (configured for sending V3 Inform)______________________________________________________________User Auth Priv____ ____ ____NMS sha des(EngineID 0:0:0:63:0:1:0:10:20:15:10:3)N7010-1(config)# exitN7010-1# copy running-config startup-config[########################################] 100%N7010-1#
DCNM
Cisco Data Center Network Manager (DCNM) is a management solution that supports NX-OS devices. DCNM maximizes the overall data center infrastructure uptime and reliability, which improves service levels. Focused on the operational management requirements of the data center, DCNM provides a robust framework and rich feature set that fulfills the switching, application, automation, provisioning, and services needs of today’s data centers and tomorrow’s data center requirements.
DCNM is a client-server application supporting a Java-based client-server application. The DCNM client communicates with the DCNM server only, never directly with managed Cisco NX-OS devices. The DCNM server uses the XML management interface of Cisco NX-OS devices to manage and monitor them. The XML management interface is a programmatic method based on the NETCONF protocol that complements the CLI functionality.
DCNM has a robust configuration and feature support on the NX-OS platform. The following features can be configured, provisioned, and monitored through DCNM enterprise management:
Physical ports
Port channels and virtual port channels (vPC)
Loopback and management interfaces
VLAN network interfaces (sometimes referred to as switched virtual interfaces [SVI])
VLAN and private VLAN (PVLAN)
Spanning Tree Protocol, including Rapid Spanning Tree (RST) and Multi-Instance Spanning Tree Protocol (MST)
Virtual Device Contexts
Gateway Load Balancing Protocol (GLBP) and object tracking
Hot Standby Router Protocol (HSRP)
Access control lists
IEEE 802.1X
Authentication, authorization, and accounting (AAA)
Role-based access control
Dynamic Host Configuration Protocol (DHCP) snooping
Dynamic Address Resolution Protocol (ARP) inspection
IP Source Guard
Traffic storm control
Port security
Hardware resource utilization with Ternary Content Addressable Memory (TCAM) statistics
Switched Port Analyzer (SPAN)
DCNM also includes end-end enterprise visibility including topology views, event browsers, configuration change management, device operating system management, hardware asset inventory, logging, and statistical data collection management.
Managing System Files
Directories can be created on bootflash: and external flash memory (slot0:, usb1:, and usb2:); you can also navigate through these directories and use them for files. Files can be created and accessed on bootflash:, volatile:, slot0:, usb1:, and usb2: file systems. Files can be accessed only on the system: file systems. Debug file system can be used for debug log files specified in the debug logfile command. System image files, from remote servers using FTP, Secure Copy (SCP), Secure Shell FTP (SFTP), and TFTP can also be downloaded.
File Systems
Table 1-1 outlines the parameters for the syntax for specifying a local file system, which is:
filesystem:[//module/]
Table 1-1 Syntax for Specifying a Local File System
File System Name | Module | Description |
Bootflash | sup-active sup-local | Internal CompactFlash memory located on the active supervisor module used for storing image files, configuration files, and other miscellaneous files. The initial default directory is bootflash. |
Bootflash | sup-standby sup-remote | Internal CompactFlash memory located on the standby supervisor module used for storing image files, configuration files, and other miscellaneous files. |
slot0 | Not applicable | External CompactFlash memory installed in a supervisor module used for storing system images, configuration files, and other miscellaneous files. |
volatile | Not applicable | Volatile random-access memory (VRAM) located on a supervisor module used for temporary or pending changes. |
Nvram | Not applicable | Nonvolatile random-access memory (NVRAM) located on a supervisor module used for storing the startup-configuration file. |
Log | Not applicable | Memory on the active supervisor that stores logging file statistics. |
system | Not applicable | Memory on a supervisor module used for storing the running-configuration file. |
debug | Not applicable | Memory on a supervisor module used for debug logs. |
usb1 | Not applicable | External USB flash memory installed in a supervisor module used for storing image files, configuration files, and other miscellaneous files. |
usb2 | Not applicable | External USB flash memory installed in a supervisor module used for storing image files, configuration files, and other miscellaneous files. |
Example 1-9 demonstrates some file system commands and how to copy a file.
Example 1-9 File System Commands/Copying a File