NX-OS

Nexus platform VDCs, virtual port-channels, and data center switching features.

Feature Enablement

NX-OS is modular — nothing runs until you explicitly enable it. This is the opposite of IOS where features are available by default.

Enable common features

Switch(config)# feature vpc
Switch(config)# feature hsrp
Switch(config)# feature lacp
Switch(config)# feature interface-vlan
Switch(config)# feature lldp
Switch(config)# feature nxapi
Switch(config)# feature scp-server

Verify which features are enabled

Switch# show feature

Output shows every feature and its state (enabled/disabled). If a command is not recognized, the feature is probably not enabled.

vPC Configuration

vPC domain — peer keepalive and peer link

Switch(config)# vpc domain 100
Switch(config-vpc-domain)# peer-keepalive destination 10.50.1.11 source 10.50.1.10 vrf management
Switch(config-vpc-domain)# peer-switch
Switch(config-vpc-domain)# auto-recovery
Switch(config-vpc-domain)# ip arp synchronize

Peer link — dedicated port-channel between vPC peers

Switch(config)# interface port-channel 1
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan 1-4094
Switch(config-if)# vpc peer-link

vPC member port-channel — downstream device dual-homed to both peers

Switch(config)# interface port-channel 10
Switch(config-if)# switchport mode trunk
Switch(config-if)# vpc 10

The vpc 10 number must match on both peers. The port-channel number does not need to match, but keeping them consistent avoids confusion.

Verify vPC status

Switch# show vpc
Switch# show vpc brief
Switch# show vpc peer-keepalive
Switch# show vpc consistency-parameters global
Switch# show vpc consistency-parameters interface port-channel 10

consistency-parameters is critical — if vPC detects a config mismatch between peers (STP mode, VLAN allowed list, speed), it suspends the vPC member port. Check this first when a vPC port goes down.

Interface Operations

Show interface status — NX-OS equivalent of show ip interface brief

Switch# show interface brief
Switch# show interface status
Switch# show interface Ethernet1/1

Configure an SVI

Switch(config)# interface Vlan 10
Switch(config-if)# ip address 10.50.10.1/24
Switch(config-if)# no shutdown

NX-OS uses CIDR notation (/24) for interface addresses, not subnet masks. ip address 10.50.10.1 255.255.255.0 also works but is not idiomatic.

Configuration Management

Save running config — NX-OS equivalent of write memory

Switch# copy running-config startup-config

Checkpoint and rollback — NX-OS’s built-in config versioning

Switch# checkpoint my-checkpoint description "Before VLAN changes"
Switch# show checkpoint summary
Switch# rollback running-config checkpoint my-checkpoint

Checkpoints are stored locally. This is safer than IOS archive because rollback is atomic — it computes the diff and applies only the delta, not a full config replace.

Show the diff between running config and a checkpoint

Switch# show diff rollback-patch checkpoint my-checkpoint running-config

NX-OS vs IOS Differences

Operation IOS / IOS-XE NX-OS

Operation	IOS / IOS-XE	NX-OS
Enable features	Implicitly available	`feature <name>` required
Interface addressing	`ip address 10.0.0.1 255.255.255.0`	`ip address 10.0.0.1/24`
Save config	`write memory`	`copy running-config startup-config`
Config rollback	`configure replace` (file-based)	`checkpoint` / `rollback` (atomic)
VRF syntax	`ip vrf` (classic) / `vrf definition` (new)	`vrf context`
Default route	`ip route 0.0.0.0 0.0.0.0 gw`	`ip route 0.0.0.0/0 gw`
Show interfaces	`show ip interface brief`	`show interface brief`
Port-channel	`channel-group 1 mode active`	`channel-group 1 mode active` (same)

Enable features

Implicitly available

feature <name> required

Interface addressing

ip address 10.0.0.1 255.255.255.0

ip address 10.0.0.1/24

Save config

write memory

copy running-config startup-config

Config rollback

configure replace (file-based)

checkpoint / rollback (atomic)

VRF syntax

ip vrf (classic) / vrf definition (new)

vrf context

Default route

ip route 0.0.0.0 0.0.0.0 gw

ip route 0.0.0.0/0 gw

Show interfaces

show ip interface brief

show interface brief

Port-channel

channel-group 1 mode active

channel-group 1 mode active (same)

Useful Show Commands

Daily operational checks

Switch# show module                         (1)
Switch# show environment                    (2)
Switch# show system resources               (3)
Switch# show logging last 50                (4)
Switch# show interface counters errors      (5)
Switch# show spanning-tree summary          (6)

1	Line cards and supervisor status
2	Fan, power supply, temperature
3	CPU and memory utilization
4	Recent syslog messages
5	Interface error counters across all ports
6	STP topology summary — root bridge, port states

NX-API

Enable NX-API for programmatic access

Switch(config)# feature nxapi
Switch(config)# nxapi http port 80
Switch(config)# nxapi https port 443

Query NX-API from Linux

curl -s -k -X POST https://10.50.1.40/ins \
  -H "Content-Type: application/json" \
  -u admin:<PASSWORD> \
  -d '{
    "ins_api": {
      "version": "1",
      "type": "cli_show",
      "chunk": "0",
      "sid": "1",
      "input": "show vlan brief",
      "output_format": "json"
    }
  }' | jq '.ins_api.outputs.output.body'