Networking

11:25 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

How To Configure Cisco Nexus 5500 Port Profiles

Cisco Nexus 5500 port profiles let network engineers apply multiple port configurations with a single command. Port profiles can reduce errors and enforce standard configurations. We show you how with sample code.

For more instructions on the Cisco Nexus 5500, see How to Set Up Cisco Nexus Fabric Extender and How to Configure Cisco Nexus 5500 Virtual Port Channel.

A Cisco Nexus port profile is a group of port configuration directives that can be applied to an interface via a single command. In this way, a network engineer can build a set of profiles appropriate to the environment, and then apply one or more profiles to an interface without having to apply each command individually. Port profiles are useful for:

Reducing CLI errors committed by network operators. Configuring an interface is simplified by using an "inherit" command to apply much of the needed configuration using a port profile. NX-OS makes sure that the commands in the port profile are applied to the interface.

Enforcing standard interface configurations. Any number of configurations are possible for an interface, but network environments should enforce a specific interface configuration standard to ensure predictable interface behavior across the data center. A hurried network engineer might rush an interface configuration by applying a VLAN ID, while ignoring the rest of the defined standard. A more diligent engineer will probably take the time to input all appropriate configuration commands. And whether hurried or diligent, any engineer can forget to include commands now and then. By using port profiles, engineers ensure the interface configuration conforms to the standard.

Improving configuration readability. Interface configurations can become cluttered with lots of commands, several of which are likely to be used by many interfaces. Applying port profiles tightens up the configuration an engineer must review at the CLI, which makes the configuration more readable, and helps unique configuration details stand out.

Features and Limitations

Cisco Nexus port profiles have several key features and limitations. For example, a port profile name can be as long as 80 characters. While hyphens and underscores can be used, other special characters (including spaces) are not permitted. I recommend naming port profiles (and any other human-created object in a network device configuration) using all capital letters. This helps the object to stand out as obviously human-made, as opposed to being a configuration keyword.

Network engineers must create specific port profiles types to match specific interface types. Ethernet, VLAN, port-channel, and Virtual Ethernet interface types are supported.

Once created, port profiles must be enabled before they will be active. While it's possible to apply a disabled port profile to an interface, the commands in the port profile won't actually be inherited by the interface until the port profile is enabled.

An interface can only inherit a single port profile. However, it’s possible to nest port profiles within one another. When nesting port profiles, the network engineer must pay careful attention to the commands being applied, as NX-OS will not prevent conflicting commands from co-existing in the nested profiles. For example, the nested port profile could contain "switchport trunk" while "switchport fex-fabric" (a conflicting command) is contained in the parent profile. In this situation, the resulting interface configuration would contain the command applied last during port profile inheritance.

[ Join Ethan Banks and other IT experts at Interop Las Vegas for access to 125+ IT sessions and 300+ exhibiting companies. Register today! ]

A specific port profile can only be applied to a limited number of interfaces. On a Nexus 5596 running NX-OS 5.2(1)N1(1), the limit is 512 interfaces, though that number can go as high as 1024 using the "max-ports" command.

When a port profile is deleted, the interfaces that inherited the port profile lose the configuration commands belonging to the deleted port profile. Adding or removing a port profile can take many seconds; a pause at the CLI while a port profile is inherited by an interface is therefore normal.

When you change a port profile being used by one or more interfaces, you change the interfaces as well. That's both powerful and dangerous, as an ill-considered change to a production port profile could negatively impact hundreds of interfaces. This is similar to the power (and danger) of applying commands to large interface ranges.

Let's review the code required to create and apply some simple port profiles.

Example 1: AVAILABLE. By default, switch interfaces are enabled. I don't care for this default behavior, and apply the "AVAILABLE" port profile. In this configuration, I create a port-profile called "AVAILABLE", set the total number of interfaces it can be applied to the max of 1,024, and enable the port profile. The only configuration command is "shutdown".

NEXUS-SWITCH(config)# port-profile AVAILABLE NEXUS-SWITCH(config-port-prof)# shutdown NEXUS-SWITCH(config-port-prof)# max-ports ? <1-1024> Enter the max-number of ports

NEXUS-SWITCH(config-port-prof)# max-ports 1024 NEXUS-SWITCH(config-port-prof)# state enabled NEXUS-SWITCH(config-port-prof)# exit NEXUS-SWITCH(config)# show run port-profile AVAILABLE

!Command: show running-config port-profile AVAILABLE !Time: Wed Mar 13 17:22:02 2013

version 5.2(1)N1(1) port-profile type ethernet AVAILABLE shutdown max-ports 1024 state enabled

Now we're ready to apply this port profile to an interface. First, let's take a look at the default interface configuration and status.

NEXUS-SWITCH# show run interface eth120/1/1

!Command: show running-config interface Ethernet120/1/1 !Time: Wed Mar 13 17:32:54 2013

version 5.2(1)N1(1)

interface Ethernet120/1/1

NEXUS-SWITCH#show interface eth120/1/1 status

-------------------------------------------------------------------------------- Port Name Status Vlan Duplex Speed Type -------------------------------------------------------------------------------- Eth120/1/1 -- notconnec 1 auto auto -- NEXUS-SWITCH#

The interface is at the default configuration and is in a "not connected" status, meaning that there is no host plugged into the port, but the port will light up if a cable is plugged in. Now, let's apply the AVAILABLE port profile and observe the change.

NEXUS-SWITCH# conf t Enter configuration commands, one per line. End with CNTL/Z. NEXUS-SWITCH(config)# interface eth120/1/1 NEXUS-SWITCH(config-if)# inherit port-profile AVAILABLE NEXUS-SWITCH(config-if)# exit NEXUS-SWITCH(config)# exit NEXUS-SWITCH# show run interface eth120/1/1

!Command: show running-config interface Ethernet120/1/1 !Time: Wed Mar 13 17:39:20 2013

version 5.2(1)N1(1)

interface Ethernet120/1/1 inherit port-profile AVAILABLE

NEXUS-SWITCH# show interface eth120/1/1 status

-------------------------------------------------------------------------------- Port Name Status Vlan Duplex Speed Type -------------------------------------------------------------------------------- Eth120/1/1 -- disabled 1 auto auto -- NEXUS-SWITCH#

With the port profile inherited by the interface, the interface status shows as "disabled" instead of "not connected". This is a result of the "shutdown" command that the interface has inherited as a part of its configuration from the AVAILABLE port profile.

Example 2: HOST-ACCESS-VLAN-111. Now let's take our "AVAILABLE" interface, and make it ready to uplink a host requiring service on VLAN 111. First, we'll build a port profile called HOST-ACCESS-VLAN-111, add some configuration commands to it, enable it, and apply it to the same interface used in Example 1.

As you review the configuration output, you'll see the message "ERROR: Interface is already inherited". This is what NX-OS reports when you try to apply a port profile to an interface that's already had a port profile applied. You must remove the existing port-profile inheritance first, which I do in this example.

NEXUS-SWITCH# conf t Enter configuration commands, one per line. End with CNTL/Z. NEXUS-SWITCH(config)# port-profile HOST-ACCESS-VLAN-111 NEXUS-SWITCH(config-port-prof)# switchport access vlan 111 NEXUS-SWITCH(config-port-prof)# flowcontrol receive on NEXUS-SWITCH(config-port-prof)# spanning-tree port type edge NEXUS-SWITCH(config-port-prof)# spanning-tree guard root NEXUS-SWITCH(config-port-prof)# state enabled NEXUS-SWITCH(config-port-prof)# exi NEXUS-SWITCH(config)# interface eth120/1/1 NEXUS-SWITCH(config-if)# inherit port-profile HOST-ACCESS-VLAN-111 ERROR: Interface is already inherited NEXUS-SWITCH(config-if)# no inherit port-profile AVAILABLE NEXUS-SWITCH(config-if)# inherit port-profile HOST-ACCESS-VLAN-111 Warning: Edge port type (portfast) should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when edge port type (portfast) is enabled, can cause temporary bridging loops. Use with CAUTION

Edge Port Type (Portfast) has been configured on Ethernet120/1/1 but will only have effect when the interface is in a non-trunking mode. NEXUS-SWITCH(config-if)# NEXUS-SWITCH# show run interface eth120/1/1

!Command: show running-config interface Ethernet120/1/1 !Time: Wed Mar 13 18:06:12 2013

version 5.2(1)N1(1)

interface Ethernet120/1/1 inherit port-profile HOST-ACCESS-VLAN-111

NEXUS-SWITCH# show interface eth120/1/1 status

-------------------------------------------------------------------------------- Port Name Status Vlan Duplex Speed Type -------------------------------------------------------------------------------- Eth120/1/1 -- AAFlowcon 111 auto auto -- NEXUS-SWITCH# show run interface eth120/1/1 expand-port-profile

!Command: show running-config interface Ethernet120/1/1 expand-port-profile !Time: Wed Mar 13 18:06:55 2013

version 5.2(1)N1(1)

interface Ethernet120/1/1 switchport access vlan 111 spanning-tree port type edge spanning-tree guard root flowcontrol receive on

NEXUS-SWITCH#

Finally, note in the output above the "expand-port-profile" directive after the "show running-config interface" command. This allows the network engineer to see what commands the port profile has actually applied to the interface.

Ethan Banks, CCIE #20655, is a hands-on networking practitioner who has designed, built and maintained networks for higher education, state government, financial institutions, and technology corporations. Ethan is also a host of the Packet Pushers Podcast. The technical ... View Full Bio

Comment  | 
Print  | 
More Insights
Hot Topics
13
Why Facebook Wedge Is Revolutionary
Tom Hollingsworth 7/16/2014
10
Open Source Vs. Open Enough
Bob Laliberte, ESG senior analyst,  7/18/2014
5
Do We Need 25 GbE & 50 GbE?
Jim O'Reilly, Consultant,  7/18/2014
White Papers
Register for Network Computing Newsletters
Cartoon
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Slideshows
Twitter Feed