Using the Cisco NX-OS Setup Utility

This chapter contains the following sections:

About the Cisco NX-OS Setup Utility

The Cisco NX-OS setup utility is an interactive command-line interface (CLI) mode that guides you through a basic (also called a startup) configuration of the system. The setup utility allows you to configure only enough connectivity for system management.

The setup utility allows you to build an initial configuration file using the System Configuration Dialog. The setup starts automatically when a device has no configuration file in NVRAM. The dialog guides you through initial configuration. After the file is created, you can use the CLI to perform additional configuration.

You can press Ctrl-C at any prompt to skip the remaining configuration options and proceed with what you have configured up to that point, except for the administrator password. If you want to skip answers to any questions, press Enter. If a default answer is not available (for example, the device hostname), the device uses what was previously configured and skips to the next question.

Figure 1. Setup Script Flow. This figure shows how to enter and exit the setup script.

You use the setup utility mainly for configuring the system initially, when no configuration is present. However, you can use the setup utility at any time for basic device configuration. The setup utility keeps the configured values when you skip steps in the script. For example, if you have already configured the mgmt0 interface, the setup utility does not change that configuration if you skip that step. However, if there is a default value for the step, the setup utility changes to the configuration using that default, not the configured value. Be sure to carefully check the configuration changes before you save the configuration.


Note


Be sure to configure the IPv4 route, the default network IPv4 address, and the default gateway IPv4 address to enable SNMP access. If you enable IPv4 routing, the device uses the IPv4 route and the default network IPv4 address. If IPv4 routing is disabled, the device uses the default gateway IPv4 address.



Note


The setup script only supports IPv4.


Prerequisites for the Setup Utility

The setup utility has the following prerequisites:

  • Have a password strategy for your network environment.

  • Connect the console port on the supervisor module to the network. If you have dual supervisor modules, connect the console ports on both supervisor modules to the network.

  • Connect the Ethernet management port on the supervisor module to the network. If you have dual supervisor modules, connect the Ethernet management ports on both supervisor modules to the network.

Setting Up Your Cisco NX-OS Device

To configure basic management of the Cisco NX-OS device using the setup utility, follow these steps:

Procedure


Step 1

Power on the device.

Step 2

Enable or disable password-strength checking.

A strong password has the following characteristics:

  • At least eight characters long

  • Does not contain many consecutive characters (such as "abcd")

  • Does not contain many repeating characters (such as "aaabbb")

  • Does not contain dictionary words

  • Does not contain proper names

  • Contains both uppercase and lowercase characters

  • Contains numbers

Example:


         ---- System Admin Account Setup ----

Do you want to enforce secure password standard (yes/no) [y]: y

Step 3

Enter the new password for the administrator.

Note

 
If a password is trivial (such as a short, easy-to-decipher password), your password configuration is rejected. Passwords are case sensitive. Be sure to configure a strong password that has at least eight characters, both uppercase and lowercase letters, and numbers.

Example:


Enter the password for "admin": <password> 

Confirm the password for "admin": <password>

---- Basic System Configuration Dialog ----

This setup utility will guide you through the basic configuration of 
the system. Setup configures only enough connectivity for management 
of the system.

Please register Cisco Nexus 9000 Family devices promptly with your 
supplier. Failure to register may affect response times for initial 
service calls. Nexus devices must be registered to receive 
entitled support services.

Press Enter at anytime to skip a dialog. Use ctrl-c at anytime 
to skip the remaining dialogs.

Step 4

Enter the setup mode by entering yes.

Example:


Would you like to enter the basic configuration dialog (yes/no): yes

Step 5

Create additional accounts by entering yes (no is the default).

Example:


  Create another login account (yes/no) [n]:yes

  1. Enter the user login ID.

    Example:

    
    Enter the User login Id : user_login
    
    

    Caution

     

    Usernames must begin with an alphanumeric character and can contain only these special characters: ( + = . _ \ -). The # and ! symbols are not supported. If the username contains characters that are not allowed, the specified user is unable to log in.

  2. Enter the user password.

    Example:

    
    Enter the password for "user1": user_password
    Confirm the password for "user1": user_password
    
    
  3. Enter the default user role.

    Example:

    
    Enter the user role (network-operator|network-admin) [network-operator]: default_user_role
    
    

For information on the default user roles, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide.

Step 6

Configure an SNMP community string by entering yes.

Example:


Configure read-only SNMP community string (yes/no) [n]: yes
SNMP community string : snmp_community_string

For information on SNMP, see the Cisco Nexus 9000 Series NX-OS System Management Configuration Guide.

Step 7

Enter a name for the device (the default name is switch).

Example:


Enter the switch name: switch_name

Step 8

Configure out-of-band management by entering yes. You can then enter the mgmt0 IPv4 address and subnet mask.

Note

 

You can only configure IPv4 address in the setup utility. For information on configuring IPv6, see the Cisco Nexus 9000 Series NX-OS Unicast Routing Configuration Guide.

Example:


Continue with Out-of-band (mgmt0) management configuration? [yes/no]: yes
Mgmt0 IPv4 address: mgmt0_ip_address
Mgmt0 IPv4 netmask: mgmt0_subnet_mask

Step 9

Configure the IPv4 default gateway (recommended) by entering yes. You can then enter its IP address.

Example:


Configure the default-gateway: (yes/no) [y]: yes
IPv4 address of the default-gateway: default_gateway

Step 10

Configure advanced IP options such as the static routes, default network, DNS, and domain name by entering yes.

Example:


Configure Advanced IP options (yes/no)? [n]: yes

Step 11

Configure a static route (recommended) by entering yes. You can then enter its destination prefix, destination prefix mask, and next hop IP address.

Example:


Configure static route: (yes/no) [y]: yes
Destination prefix: dest_prefix
Destination prefix mask: dest_mask 
Next hop ip address: next_hop_address

Step 12

Configure the default network (recommended) by entering yes. You can then enter its IPv4 address.

Note

 

The default network IPv4 address is the same as the destination prefix in the static route configuration.

Example:


Configure the default network: (yes/no) [y]: yes
Default network IP address [dest_prefix]: dest_prefix

Step 13

Configure the DNS IPv4 address by entering yes. You can then enter the address.

Example:


Configure the DNS IP address? (yes/no) [y]: yes
DNS IP address: ipv4_address

Step 14

Configure the default domain name by entering yes. You can then enter the name.

Example:


Configure the DNS IP address? (yes/no) [y]: yes
DNS IP address: ipv4_address

Step 15

Enable the Telnet service by entering yes.

Example:


Enable the telnet service? (yes/no) [y]: yes

Step 16

Enable the SSH service by entering yes. You can then enter the key type and number of key bits. For more information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide.

Example:


Enable the ssh service? (yes/no) [y]: yes
Type of ssh key you would like to generate (dsa/rsa) : key_type
Number of  key bits <768-2048> : number_of_bits

Step 17

Configure the NTP server by entering yes. You can then enter its IP address. For more information, see the Cisco Nexus 9000 Series NX-OS System Management Configuration Guide.

Example:


Configure NTP server? (yes/no) [n]: yes
NTP server IP address: ntp_server_IP_address

Step 18

Specify a default interface layer (L2 or L3).

Example:


Configure default interface layer (L3/L2) [L3]: interface_layer

Step 19

Enter the default switchport interface state (shutdown or no shutdown). A shutdown interface is in an administratively down state. For more information, see the Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide.

Example:


Configure default switchport interface state (shut/noshut) [shut]: default_state

Step 20

Enter yes (no is the default) to configure basic Fibre Channel configurations.

Example:


Enter basic FC configurations (yes/no) [n]: yes

Note

 

This step is available only on platforms that support SAN switching.

  1. Enter shut (noshut is the default) to configure the default Fibre Channel switch port interface to the shut (disabled) state.

    Example:

    
    Configure default physical FC switchport interface state (shut/noshut) [noshut]: shut
    
    
  2. Enter on (on is the default) to configure the switch port trunk mode

    Example:

    
    Configure default physical FC switchport trunk mode (on/off/auto) [on]: on
    
    
  3. Enter permit (deny is the default) to permit a default zone policy configuration.

    Example:

    
    Configure default zone policy (permit/deny) [deny]: permit
    
    
    Permits traffic flow to all members of the default zone.

    Example:

    Note

     

    If you are executing the setup script after entering a write erase command, you explicitly must change the default zone policy to permit for VSAN 1 after finishing the script using the following command:

    switch(config)# zone default-zone permit vsan 1
    
    
  4. Enter yes (no is the default) to enable a full zone set distribution.

    Example:

    
    Enable full zoneset distribution (yes/no) [n]: yes
    
    

Step 21

Enter the best practices profile for control plane policing (CoPP). For more information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide.

Example:


Configure best practices CoPP profile (strict/moderate/lenient/none) [strict]: moderate

The system now summarizes the complete configuration and asks if you want to edit it.

Step 22

Continue to the next step by entering no. If you enter yes, the setup utility returns to the beginning of the setup and repeats each step.

Example:


Would you like to edit the configuration? (yes/no) [y]: yes

Step 23

Use and save this configuration by entering yes. If you do not save the configuration at this point, none of your changes are part of the configuration the next time the device reboots. Enter yes to save the new configuration. This step ensures that the boot variables for the nx-os image are also automatically configured.

Example:


Use this configuration and save it? (yes/no) [y]: yes

Caution

 
If you do not save the configuration at this point, none of your changes are part of the configuration the next time that the device reboots. Enter yes to save the new configuration to ensure that the boot variables for the nx-os image are also automatically configured.

Additional References for the Setup Utility

This section includes additional information related to using the setup utility.

Related Documents for the Setup Utility

Related Topic

Document Title

Licensing

Cisco NX-OS Licensing Guide

SSH and Telnet

Cisco Nexus 9000 Series NX-OS Security Configuration Guide

User roles

Cisco Nexus 9000 Series NX-OS Security Configuration Guide

IPv4 and IPv6

Cisco Nexus 9000 Series NX-OS Unicast Routing Configuration Guide

SNMP and NTP

Cisco Nexus 9000 Series NX-OS System Management Configuration Guide