Configuring Switch Profiles

This chapter describes how to configure switch profiles on the Cisco Nexus 9000 Series switches.

About Switch Profiles

Several applications require consistent configuration across devices in the network. For example, with a virtual port channel (vPC), you must have identical configurations. Mismatched configurations can cause errors or misconfigurations that can result in service disruptions. The configuration synchronization (config-sync) feature allows you to configure one switch profile and have the configuration be automatically synchronized to the peer switch.

A switch profile provides the following benefits:

  • Allows configurations to be synchronized between switches.

  • Merges configurations when connectivity is established between two switches.

  • Provides control of exactly which configuration gets synchronized.

  • Ensures configuration consistency across peers through merge and mutual-exclusion checks.

  • Provides verify and commit semantics.

  • Allows for migrating existing vPC configurations to a switch profile.

Switch Profile Configuration Modes

The switch profile feature includes the following configuration modes:

  • Configuration synchronization mode (config-sync)

  • Switch profile mode (config-sync-sp)

  • Switch profile import mode (config-sync-sp-import)

Configuration Synchronization Mode

The configuration synchronization mode (config-sync) allows you to create switch profiles.

Switch Profile Mode

The switch profile mode (config-sync-sp) allows you to add supported configuration commands to a switch profile temporary buffer that is later synchronized with a peer switch. Commands that you enter in the switch profile mode are not executed until you enter the commit command. Although the syntax of the commands are validated when you enter them, there is no guarantee that the commands will be successful when you enter the commit command.

Switch Profile Import Mode

The switch profile import mode (config-sync-sp-import) allows you to import existing switch configurations from the running configuration to a switch profile and specify which commands you want to include in that profile. This option is especially useful when you upgrade from a Cisco NX-OS release that does not support switch profiles to a release that does.

Cisco recommends that you import the necessary configurations from the running configuration using the switch profile import mode and commit the changes before making any additional changes in the switch profile or global configuration mode. Otherwise, you might jeopardize the import, requiring you to abandon the current import session and perform the process again. For more information, see Importing a Switch Profile.

Configuration Validation

Two types of configuration validation checks can identify switch profile failures:

  • Mutual exclusion checks

  • Merge checks

Mutual Exclusion Checks

The mutual exclusion of configuration commands is enforced in order to avoid duplicate commands in the config-sync and global configuration modes. When you commit the configuration of a switch profile, mutual exclusion (mutex) checks are performed on the local switch as well as the peer switch (if configured). If no failures are reported on both switches, the commit is accepted and pushed into the running configuration.

A command that is included in a switch profile cannot be configured outside of the switch profile.

If a mutex check identifies errors, they are reported as mutex failures, and they must be manually corrected. For details, see Manually Correcting Mutex and Merge Failures.

The following exceptions apply to the mutual exclusion policy:

  • Interface configuration—An interface configuration can be partially present in a switch profile and partially present in the running configuration as long as there are no conflicts.

  • Shutdown/no shutdown

  • System QoS

Merge Checks

Merge checks are done on the peer switch that is receiving a configuration. The merge checks ensure that the received configuration does not conflict with the switch profile configuration that already exists on the receiving switch. The merge check occurs during the verify or commit process. Errors are reported as merge failures and must be manually corrected. For details, see Manually Correcting Mutex and Merge Failures.

When one or both switches are reloaded and the configurations are synchronized for the first time, the merge check verifies that the switch profile configurations are identical on both switches. Differences in the switch profiles are reported as merge errors and must be manually corrected.

Software Upgrades and Downgrades with Switch Profiles

You must delete the switch profile when downgrading from a Cisco NX-OS release that supports switch profiles to a release that does not.

When you upgrade from an earlier release to a Cisco NX-OS release that supports switch profiles, you have the option to move some of the running-configuration commands to a switch profile. For details, see Switch Profile Import Mode.

An upgrade can occur if there are buffered (uncommitted) configurations; however, the uncommitted configurations will be lost.

Guidelines and Limitations for Switch Profiles

Switch profiles have the following configuration guidelines and limitations:

  • Beginning with Cisco NX-OS Release 9.3(3), the mtu command is supported in the interface configuration mode through the switch-profiles configuration mode.

  • Switch profiles are supported only on Cisco Nexus 9300 Series switches. Cisco Nexus 9500 Series switches do not support switch profiles.

  • You can only enable configuration synchronization using the mgmt0 interface.

  • When using config-sync in a virtual peer-link environment, note the following limitations:

    • To initiate a config-sync session with a virtual peer link, be sure to configure a loopback IP address instead of a management IP address between the peer switches.

    • You cannot perform a configuration synchronization between a multichassis EtherChannel trunk (MCT) configuration and a virtual peer-link configuration. This config-sync operation is not supported.

  • You must configure synchronized peers with the same switch profile name.

  • Commands that are qualified for a switch profile configuration are allowed to be configured in the configuration switch profile mode (config-sync-sp).

  • Supported switch profile commands relate to vPC commands.

  • Only one switch profile session can be in progress at a time. Attempts to start another session will fail.

  • Command changes made from the global configuration mode are blocked when a switch profile session is in progress.

  • When you enter the commit command and a peer switch is reachable, the configuration is applied to both peer switches or neither switch. If a commit failure occurs, the commands remain in the switch profile buffer. You can then make necessary corrections and try the commit again.

  • The configuration synchronization (config-sync) mode is an L2 mode parallel to the config-terminal mode (config t). Config-sync uses the switch-profile to update config t mode in the same switch as well as the peer switch. To prevent sync issues in switch-profile mode, Cisco recommends that you perform a commit action after each CLI command before overriding, or replacing the current CLI command.

    For example, if you want to overwrite CLI_command_A and change it to CLI_command_B, commit CLI_command_A first, then configure CLI_command_B and perform another commit action. 

    switch# conf sync
Enter configuration commands, one per line. End with CNTL/Z.
switch(config-sync)# switch-profile test
Resyncing db before starting Switch-profile.Re-synchronization of switch-profile db takes a few minutes...
Re-synchronize switch-profile db completed successfully.
Switch-Profile started, Profile ID is 1
switch(config-sync-sp)#
switch(config-sync-sp)# int e 1/3
switch(config-sync-sp-if)# switchport trunk allowed vlan 100-150
switch(config-sync-sp-if)# commit
Verification successful...
Proceeding to apply configuration. This might take a while depending on amount of configuration in buffer.
Please avoid other configuration changes during this time.
Commit Successful
switch(config-sync)#
switch(config-sync)# switch-profile test
Resyncing db before starting Switch-profile.Re-synchronization of switch-profile db takes a few minutes...
Re-synchronize switch-profile db completed successfully.
Switch-Profile started, Profile ID is 1
switch(config-sync-sp)#
switch(config-sync-sp)# int e 1/3
switch(config-sync-sp-if)# switchport trunk allowed vlan 45-90
switch(config-sync-sp-if)# commit
Verification successful...
Proceeding to apply configuration. This might take a while depending on amount of configuration in buffer.
Please avoid other configuration changes during this time.
Commit Successful
switch(config-sync)# end
switch#

  • Layer 3 commands are not supported.

The config-sync feature has the following guidelines and limitations:

  • Port-channels created in the switch profile mode should not be configured using global configuration (config terminal) mode.

  • If a port-channel is created in global configuration mode, channel groups including member interfaces must also be created using global configuration mode.

  • Port-channels that are configured within the switch profile mode may have members both inside and outside of a switch profile.

  • If you want to import a member interface to a switch profile, the port-channel that corresponds with the member interface must also be present within the switch profile.

  • For "no system default switchport" configuration at global level, the "switchport" command under port-channel is also considered for mutual exclusion.

Configuring Switch Profiles

You can create and configure a switch profile on the local switch and then add a second switch that will be included in the synchronization.

You must create the switch profile with the same name on each switch, and the switches must configure each other as a peer. When connectivity is established between switches with the same active switch profile, the switch profiles are synchronized.

Procedure

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

cfs ipv4 distribute

Example:

switch(config)# cfs ipv4 distribute

Enables Cisco Fabric Services (CFS) distribution between the peer switches.

Step 3

config sync

Example:

switch(config)# config sync
switch(config-sync)#

Enters the configuration synchronization mode.

Step 4

switch-profile name

Example:

switch(config-sync)# switch-profile abc
switch(config-sync-sp)#

Configures the switch profile, names the switch profile, and enters the switch profile configuration mode.

Step 5

[no] sync-peers destination ip-address

Example:

switch(config-sync-sp)# sync-peers destination 10.1.1.1

Adds a switch to the switch profile. The destination IP address is the IP address of the switch that you want to synchronize.

The no form of this command removes the specified switch from the switch profile.

Note

 
You need to wait for peer switches to show the switch-profile status of "In sync" before any commit is done.

Step 6

For Cisco Nexus 3164Q switches only, follow these steps:

  1. interface type slot/port

    Example:

    switch(config-sync-sp)# interface ethernet 1/1
switch(config-sync-sp-if)#

    Enters the switch profile interface configuration mode.

  2. switchport

    Example:

    switch(config-sync-sp-if)# switchport

    Changes a Layer 3 interface into a Layer 2 interface.

  3. exit

    Example:

    switch(config-sync-sp-if)# exit
switch(config-sync-sp)#

    Exits the switch profile interface configuration mode.

  4. commit

    Example:

    switch(config-sync-sp)# commit

    Commits the current configuration.

    Note

     
    Verify that the switch-profile status shows as "In sync" before any commit is done.

Step 7

(Optional) end

Example:

switch(config-sync-sp)# end
switch#

Exits the switch profile configuration mode and returns to EXEC mode.

Step 8

(Optional) show switch-profile name status

Example:

switch# show switch-profile abc status

Displays the switch profile on the local switch and the peer switch information.

Step 9

(Optional) show switch-profile name peer ip-address

Example:

switch# show switch-profile abc peer 10.1.1.1

Displays the switch profile peer configuration.

Step 10

(Optional) copy running-config startup-config

Example:

switch# copy running-config startup-config

Copies the running configuration to the startup configuration.

Adding or Modifying Switch Profile Commands

After you configure a switch profile on the local and the peer switch, you must add and commit the supported commands to the switch profile.

Commands that are added or modified are buffered until you enter the commit command. Commands are executed in the same order in which they are buffered. If there is an order dependency for certain commands (for example, a QoS policy must be defined before being applied), you must maintain that order; otherwise, the commit might fail. You can use utility commands, such as the show switch-profile name buffer command, the buffer-delete command, and the buffer-move command, to change the buffer and correct the order of already entered commands.

SUMMARY STEPS

  1. config sync
  2. switch-profile name
  3. command
  4. (Optional) show switch-profile name buffer
  5. verify
  6. commit
  7. (Optional) end
  8. (Optional) show switch-profile name status
  9. (Optional) copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

config sync

Example:

switch# config sync
switch(config-sync)#

Enters the configuration synchronization mode.

Step 2

switch-profile name

Example:

switch(config-sync)# switch-profile abc
switch(config-sync-sp)#

Configures the switch profile, names the switch profile, and enters the switch profile configuration mode.

Step 3

command

Example:

switch(config-sync-sp)# interface Port-channel100
switch(config-sync-sp-if)# speed 1000
switch(config-sync-sp-if)# interface Ethernet1/1
switch(config-sync-sp-if)# speed 1000
switch(config-sync-sp-if)# channel-group 100
switch(config-sync-sp-if)# exit
switch(config-sync-sp)#

Adds a command to the switch profile.

Step 4

(Optional) show switch-profile name buffer

Example:

switch(config-sync-sp)# show switch-profile abc buffer
 (Optional)

Displays the configuration commands in the switch profile buffer.

Step 5

verify

Example:

switch(config-sync-sp)# verify

Verifies the commands in the switch profile buffer.

Step 6

commit

Example:

switch(config-sync-sp)# commit

Saves the commands in the switch profile and synchronizes the configuration with the peer switch. This command also does the following:

  • Triggers the mutex check and the merge check to verify the synchronization.

  • Creates a checkpoint with a rollback infrastructure.

  • Executes a rollback on all switches if an application failure occurs on any of the switches in the switch profile.

  • Deletes the checkpoint.

Step 7

(Optional) end

Example:

switch(config-sync-sp)# end
switch#
(Optional)

Exits the switch profile configuration mode and returns to EXEC mode.

Step 8

(Optional) show switch-profile name status

Example:

switch# show switch-profile abc status
(Optional)

Displays the status of the switch profile on the local switch and the status on the peer switch.

Step 9

(Optional) copy running-config startup-config

Example:

switch# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration.

Importing a Switch Profile

You can import a switch profile based on the set of commands that you want to import.

Before you begin

Make sure that the switch profile buffer is empty before you import commands to a switch profile.

SUMMARY STEPS

  1. (Optional) Configure the interface that will be imported in Step 4.
  2. config sync
  3. switch-profile name
  4. import [interface interface port/slot | running-config]
  5. commit
  6. (Optional) abort
  7. (Optional) end
  8. (Optional) show switch-profile
  9. (Optional) copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

(Optional) Configure the interface that will be imported in Step 4.

Example:

switch(config)# interface ethernet 1/2
switch(config-if)# switchport
switch(config-if)# switchport mode trunk 
switch(config-if)# switchport trunk allowed vlan 12
switch(config-if)# speed 10000
switch(config-if)# spanning-tree port type edge trunk 
switch(config)# end
switch#
(Optional)

Enters configuration synchronization mode.

Step 2

config sync

Example:

switch# config sync
switch(config-sync)#

Enters configuration synchronization mode.

Step 3

switch-profile name

Example:

switch(config-sync)# switch-profile abc
switch(config-sync-sp)#

Configures the switch profile, names the switch profile, and enters the switch profile configuration mode.

Step 4

import [interface interface port/slot | running-config]

Example:

switch(config-sync-sp)# import interface ethernet 1/2
switch(config-sync-sp-import)#

Identifies the commands that you want to import and enters the switch profile import mode. The following options are available:

  • Entering the import command without any options adds the selected commands to the switch profile.

  • The import interface option adds the supported commands for a specified interface.

  • The running-config option adds supported system-level commands.

Note

 

If new commands are added during the import, the switch profile remains unsaved, and the switch remains in the switch profile import mode.

Step 5

commit

Example:

switch(config-sync-sp-import)# commit

Imports the commands and saves the commands to the switch profile.

Step 6

(Optional) abort

Example:

switch(config-sync-sp-import)# abort
 (Optional)

Aborts the import process.

Step 7

(Optional) end

Example:

switch(config-sync-sp-import)# end
switch#
(Optional)

Exits the switch profile import mode and returns to EXEC mode.

Step 8

(Optional) show switch-profile

Example:

switch# show switch-profile
(Optional)

Displays the switch profile configuration.

Step 9

(Optional) copy running-config startup-config

Example:

switch# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration.

Importing Configurations in a vPC Topology

You can import configurations in a two-switch vPC topology.


Note

For specific information on the following steps, see the appropriate sections in this chapter.

  1. Configure the switch profile with the same name on both switches.

  2. Import the configurations to both switches independently.

    Note

    Make sure that the configuration moved to the switch profile on both switches is identical; otherwise, a merge-check failure might occur.

  3. Configure the switches by entering the sync-peers destination command.

  4. Verify that the switch profiles are the same by entering the appropriate show commands.

Isolating a Peer Switch

You can isolate a peer switch in order to make changes to a switch profile. This process can be used when you want to block configuration synchronization, debug configurations, or recover from a situation when the config-sync feature becomes out of sync.

Isolating a peer switch requires that you break the peer connection from the switch profile and then add the peer switch back to the switch profile.


Note

For specific information on the following steps, see the appropriate sections in this chapter.

  1. Remove the peer switch from the switch profile on both switches.

  2. Add the no sync-peers destination command to the switch profile and commit the changes on both switches.

  3. Add any necessary troubleshooting configurations.

  4. Verify that the show running switch-profile is identical on both switches.

  5. Add the sync-peers destination ip-address command to both switches and commit the changes.

  6. Verify that the peers are in sync.

Deleting a Switch Profile

You can delete a switch profile.

SUMMARY STEPS

  1. config sync
  2. no switch-profile name {all-config | local-config}
  3. (Optional) end
  4. (Optional) copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

config sync

Example:

switch# config sync
switch(config-sync)#

Enters configuration synchronization mode.

Step 2

no switch-profile name {all-config | local-config}

Example:

switch(config-sync)# no switch-profile abc local-config
switch(config-sync-sp)#

Deletes the switch profile as follows:

  • all-config—Deletes the switch profile on the local and the peer switch. If the peer switch is not reachable, only the local switch profile is deleted.

  • local-config—Deletes the switch profile and local configuration.

Note

 
It is recommended that you execute resync-database prior to deleting a switch-profile: 
switch(config-sync)# resync-database

Step 3

(Optional) end

Example:

switch(config-sync-sp)# end
switch#
(Optional)

Exits the switch profile configuration mode and returns to EXEC mode.

Step 4

(Optional) copy running-config startup-config

Example:

switch# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration. When you enter this command, the config-sync feature triggers the same operation on the peer switch.

Manually Correcting Mutex and Merge Failures

You can manually correct mutex and merge failures when they occur.


Note

If the conflict is on the peer switch, follow the steps in Isolating a Peer Switch to correct the problem on that switch.

  1. Import the offending command into the switch profile using the switch profile import mode.

  2. Change the behavior as desired.

Verifying the Switch Profile Configuration

To display information about a switch profile, perform one of the following tasks:

Command

Purpose

show switch-profile name

Displays the commands in a switch profile.

show switch-profile name buffer

Displays the uncommitted commands in a switch profile, the commands that were moved, and the commands that were deleted.

show switch-profile name peer ip-address

Displays the synchronization status for a peer switch.

show switch-profile name session-history

Displays the status of the last 20 switch profile sessions.

show switch-profile name status

Displays the configuration synchronization status of a peer switch.

show running-config switch-profile

Displays the running configuration for the switch profile on the local switch.

show startup-config switch-profile

Displays the startup configuration for the switch profile on the local switch.

Configuration Examples for Switch Profiles

Creating a Switch Profile on a Local and a Peer Switch

The following example shows how to create a successful switch profile configuration on a local and a peer switch, including configuring QoS policies, a vPC peer link, and a vPC in a switch profile.

  1. Enable CFS distribution on the local and the peer switch and configure the destination IP address of the switch that you want to synchronize with, such as the management interface on the switch. 

    —Local switch-1#---
switch-1# configure terminal
switch-1(config)# cfs ipv4 distribute 
switch-1(config)# interface mgmt 0
switch-1(config-if)# ip address 30.0.0.81/8

—Peer switch-2#--
switch-2# configure terminal
switch-2(config)# cfs ipv4 distribute 
switch-2(config)# interface mgmt 0
switch-2(config-if)# ip address 30.0.0.82/8

  2. Create a new switch profile on the local and the peer switch. 

    —Local switch-1#--- 
switch-1# config sync 
switch-1(config-sync)# switch-profile A
Switch-Profile started, Profile ID is 1
switch-1(config-sync-sp)# sync-peers destination 30.0.0.82
switch-1(config-sync-sp)# end

—Peer switch-2#--
switch-1# config sync
switch-1(config-sync)# switch-profile A
Switch-Profile started, Profile ID is 1
switch-1(config-sync-sp)# sync-peers destination 30.0.0.81
switch-1(config-sync-sp)# end

  3. Verify that the switch profiles are the same on the local and the peer switch. 

    switch-1(config-sync-sp)# show switch-profile status
 
switch-profile : A
----------------------------------------------------------

Start-time: 843992 usecs after Wed Aug 19 17:00:01 2015
End-time: 770051 usecs after Wed Aug 19 17:00:03 2015

Profile-Revision: 1
Session-type: Initial-Exchange
Session-subtype: Init-Exchange-All
Peer-triggered: Yes
Profile-status: Sync Success

Local information:
----------------
Status: Commit Success
Error(s): 

Peer information:
----------------
IP-address: 30.0.0.82
Sync-status: In sync
Status: Commit Success
Error(s):

  4. Add the configuration commands to the switch profile on the local switch. The commands will be applied to the peer switch when the commands are committed. 

    switch-1# config sync 
switch-1(config-sync)# switch-profile A
Switch-Profile started, Profile ID is 1
switch-1(config-sync-sp)# interface port-channel 10
switch-1(config-sync-sp-if)# switchport
switch-1(config-sync-sp-if)# commit 
Verification successful...
Proceeding to apply configuration. This might take a while depending on amount of configuration in buffer.
Please avoid other configuration changes during this time.
Commit Successful
switch-1(config-sync)# switch-profile A
Switch-Profile started, Profile ID is 1
switch-1(config-sync-sp)# interface port-channel 10
switch-1(config-sync-sp-if)# switchport mode trunk
switch-1(config-sync-sp-if)# switchport trunk allowed vlan 10
switch-1(config-sync-sp-if)# spanning-tree port type network 
switch-1(config-sync-sp-if)# vpc peer-link 
switch-1(config-sync-sp-if)# switch-profile switching-mode switchname
switch-1(config-sync-sp-if)# show switch-profile buffer 

switch-profile : A
----------------------------------------------------------
Seq-no Command
----------------------------------------------------------
1 interface port-channel10
1.1 switchport mode trunk
1.2 switchport trunk allowed vlan 10
1.3 spanning-tree port type network
1.4 vpc peer-link

switch-1(config-sync-sp-if)# commit 
Verification successful...
Proceeding to apply configuration. This might take a while depending on amount of
configuration in buffer.
Please avoid other configuration changes during this time.
Commit Successful
switch-1(config-sync)# switch-profile A
Switch-Profile started, Profile ID is 1
switch-1(config-sync-sp)# interface ethernet 2/1
switch-1(config-sync-sp-if)# switchport mode trunk 
switch-1(config-sync-sp-if)# switchport trunk allowed vlan 10
switch-1(config-sync-sp-if)# spanning-tree port type network 
switch-1(config-sync-sp-if)# channel-group 10 mode active

  5. View the buffered commands. 

    switch-1(config-sync-sp-if)# show switch-profile buffer

switch-profile : A
----------------------------------------------------------
Seq-no Command
----------------------------------------------------------
1 interface Ethernet2/1
1.1 switchport mode trunk
1.2 switchport trunk allowed vlan 10
1.3 spanning-tree port type network
1.4 channel-group 10 mode active

  6. Verify the commands in the switch profile. 

    switch-1(config-sync-sp-if)# verify
Verification Successful

  7. Apply the commands to the switch profile and synchronize the configurations between the local and the peer switch. 

    —Local switch-2#--
switch-1(config-sync-sp)# commit 
Verification successful...
Proceeding to apply configuration. This might take a while depending on amount of
configuration in buffer.
Please avoid other configuration changes during this time.
Commit Successful
switch-1(config-sync)# end

switch-1# show running-config switch-profile 

switch-profile A
sync-peers destination 30.0.0.82

interface port-channel10
switchport mode trunk
switchport trunk allowed vlan 10
spanning-tree port type network
vpc peer-link

interface Ethernet2/1
switchport mode trunk
switchport trunk allowed vlan 10
spanning-tree port type network
channel-group 10 mode active


—Peer switch-2#--
switch-2# show running-config switch-profile  

switch-profile A
sync-peers destination 30.0.0.81

interface port-channel10
switchport mode trunk
switchport trunk allowed vlan 10
spanning-tree port type network
vpc peer-link

interface Ethernet2/1
switchport mode trunk
switchport trunk allowed vlan 10
spanning-tree port type network
channel-group 10 mode active

Verifying the Synchronization Status

The following example shows how to verify the synchronization status between the local and the peer switch: 

switch-1# show switch-profile status

switch-profile : A
-------------switch-1---------------------------------------------

Start-time: 912776 usecs after Wed Aug 19 17:03:43 2015
End-time: 868379 usecs after Wed Aug 19 17:03:48 2015

Profile-Revision: 4
Session-type: Commit
Session-subtype: -
Peer-triggered: No
Profile-status: Sync Success

Local information:
----------------
Status: Commit Success
Error(s): 

Peer information:
----------------
IP-address: 30.0.0.82
Sync-status: In sync
Status: Commit Success
Error(s):

Showing the Running Configuration

The following example shows the running configuration of the switch profile on the local switch: 

——— PEER SWITCH-1 ———
switch-1# show running-config switch-profile 

switch-profile A
 sync-peers destination 30.0.0.82

 interface port-channel10
 switchport mode trunk
 switchport trunk allowed vlan 10
 spanning-tree port type network
 vpc peer-link

 interface Ethernet2/1
 switchport mode trunk
 switchport trunk allowed vlan 10
 spanning-tree port type network
 channel-group 10 mode active
switch-1# 

——— PEER SWITCH-2 ———
switch-2# show running-config switch-profile 

switch-profile A
 sync-peers destination 30.0.0.81

 interface port-channel10
 switchport mode trunk
 switchport trunk allowed vlan 10
 spanning-tree port type network
 vpc peer-link

 interface Ethernet2/1
 switchport mode trunk
 switchport trunk allowed vlan 10
 spanning-tree port type network
 channel-group 10 mode active
switch-2#

Displaying the Switch Profile Synchronization Between the Local and the Peer Switch

The following example shows how to display the initial successful synchronization between the two peers: 

switch1# show switch-profile sp status

Start-time: 491815 usecs after Mon Jul 20 11:54:51 2015
End-time: 449475 usecs after Mon Jul 20 11:54:58 2015

Profile-Revision: 1
Session-type: Initial-Exchange
Peer-triggered: No
Profile-status: Sync Success

Local information:
----------------
Status: Commit Success
Error(s): 

Peer information:
----------------
IP-address: 10.193.194.52
Sync-status: In Sync.
Status: Commit Success
Error(s): 


switch2# show switch-profile sp status

Start-time: 503194 usecs after Mon Jul 20 11:54:51 2015
End-time: 532989 usecs after Mon Jul 20 11:54:58 2015

Profile-Revision: 1
Session-type: Initial-Exchange
Peer-triggered: Yes
Profile-status: Sync Success

Local information:
----------------
Status: Commit Success
Error(s): 

Peer information:
----------------
IP-address: 10.193.194.51
Sync-status: In Sync.
Status: Commit Success
Error(s):

Displaying Verify and Commit on the Local and the Peer Switch

The following example shows how to perform a successful verify and commit of the local and the peer switch: 

switch1# config sync
switch1(config-sync)# switch-profile sp
Switch-Profile started, Profile ID is 1
switch1(config-sync-sp)# interface Ethernet1/1
switch1(config-sync-sp-if)# description foo
switch1(config-sync-sp-if)# exit
switch1(config-sync-sp)# verify
Verification Successful
switch1(config-sync-sp)# commit
Commit Successful
switch1(config-sync)# show running-config switch-profile
switch-profile sp
  sync-peers destination 10.193.194.52
  interface Ethernet1/1
    description foo
switch1(config-sync)# show switch-profile sp status

Start-time: 171513 usecs after Wed Jul 20 17:51:28 2015
End-time: 676451 usecs after Wed Jul 20 17:51:43 2015

Profile-Revision: 3
Session-type: Commit
Peer-triggered: No
Profile-status: Sync Success

Local information:
----------------
Status: Commit Success
Error(s): 

Peer information:
----------------
IP-address: 10.193.194.52
Sync-status: In Sync.
Status: Commit Success
Error(s): 

switch1(config-sync)# 


switch2# show running-config switch-profile
switch-profile sp
  sync-peers destination 10.193.194.51
  interface Ethernet1/1
    description foo
switch2# show switch-profile sp status

Start-time: 265716 usecs after Mon Jul 20 16:51:28 2015
End-time: 734702 usecs after Mon Jul 20 16:51:43 2015

Profile-Revision: 3
Session-type: Commit
Peer-triggered: Yes
Profile-status: Sync Success

Local information:
----------------
Status: Commit Success
Error(s): 

Peer information:
----------------
IP-address: 10.193.194.51
Sync-status: In Sync.
Status: Commit Success
Error(s):

Displaying the Successful and Unsuccessful Synchronization Between the Local and the Peer Switch

The following example shows how to configure the synchronization status of the switch profile on the peer switch. The first example shows a successful synchronization, and the second example shows a peer-not-reachable status. 

switch1# show switch-profile sp peer

switch1# show switch-profile sp peer 10.193.194.52
Peer-sync-status           : In Sync.
Peer-status                : Commit Success
Peer-error(s)              : 
switch1# 


switch1# show switch-profile sp peer 10.193.194.52
Peer-sync-status           : Not yet merged. pending-merge:1 received_merge:0
Peer-status                : Peer not reachable
Peer-error(s)              :

Displaying the Switch Profile Buffer

The following example shows how to configure the switch profile buffer, the buffer-move configuration, and the buffer-delete configuration: 

switch1# config sync
switch1(config-sync)# switch-profile sp
Switch-Profile started, Profile ID is 1
switch1(config-sync-sp)# vlan 101
switch1(config-sync-sp-vlan)# ip igmp snooping querier 10.101.1.1
switch1(config-sync-sp-vlan)# exit
switch1(config-sync-sp)# mac address-table static 0000.0000.0001 vlan 101 drop
switch1(config-sync-sp)# interface Ethernet1/2
switch1(config-sync-sp-if)# switchport mode trunk 
switch1(config-sync-sp-if)# switchport trunk allowed vlan 101
switch1(config-sync-sp-if)# exit
switch1(config-sync-sp)# show switch-profile sp buffer
----------------------------------------------------------
Seq-no  Command
----------------------------------------------------------
1       vlan 101
1.1       ip igmp snooping querier 10.101.1.1
2       mac address-table static 0000.0000.0001 vlan 101 drop
3       interface Ethernet1/2
3.1       switchport mode trunk
3.2       switchport trunk allowed vlan 101

switch1(config-sync-sp)# buffer-move 3 1
switch1(config-sync-sp)# show switch-profile sp buffer
----------------------------------------------------------
Seq-no  Command
----------------------------------------------------------
1       interface Ethernet1/2
1.1       switchport mode trunk
1.2       switchport trunk allowed vlan 101
2       vlan 101
2.1       ip igmp snooping querier 10.101.1.1
3       mac address-table static 0000.0000.0001 vlan 101 drop

switch1(config-sync-sp)# buffer-delete 1
switch1(config-sync-sp)# show switch-profile sp buffer
----------------------------------------------------------
Seq-no  Command
----------------------------------------------------------
2       vlan 101
2.1       ip igmp snooping querier 10.101.1.1
3       mac address-table static 0000.0000.0001 vlan 101 drop

switch1(config-sync-sp)# buffer-delete all
switch1(config-sync-sp)# show switch-profile sp buffer

Importing Configurations

The following example shows how to import an interface configuration: 

switch# show running-config interface Ethernet1/3

!Command: show running-config interface Ethernet1/3
!Time: Wed Jul 20 18:12:44 2015

version 7.0(3)I2(1)

interface Ethernet1/3
  switchport mode trunk
  switchport trunk allowed vlan 1-100

switch# config sync 
switch(config-sync)# switch-profile sp
Switch-Profile started, Profile ID is 1

switch(config-sync-sp)# import interface Ethernet1/3
switch(config-sync-sp-import)# show switch-profile sp buffer
----------------------------------------------------------
Seq-no  Command
----------------------------------------------------------
1       interface Ethernet1/3
1.1       switchport mode trunk
1.2       switchport trunk allowed vlan 1-100

switch(config-sync-sp-import)# verify
Verification Successful
switch(config-sync-sp-import)# commit
Commit Successful

The following example shows how to import the supported commands in a running configuration: 

switch(config-sync)# switch-profile sp
Switch-Profile started, Profile ID is 1
switch(config-sync-sp)# import running-config 
switch(config-sync-sp-import)# show switch-profile sp buffer
----------------------------------------------------------
Seq-no  Command
----------------------------------------------------------
1       logging event link-status default
2       vlan 1
3       interface port-channel 3
3.1       switchport mode trunk
3.2       vpc peer-link
3.3       spanning-tree port type network
4       interface port-channel 30
4.1       switchport mode trunk
4.2       vpc 30
4.3       switchport trunk allowed vlan 2-10
5       interface port-channel 31
5.1       switchport mode trunk
5.2       vpc 31
5.3       switchport trunk allowed vlan 11-20
6       interface port-channel 101
6.1       switchport mode fex-fabric
6.2       fex associate 101
7       interface port-channel 102
7.1       switchport mode fex-fabric
7.2       vpc 102
7.3       fex associate 102
8       interface port-channel 103
8.1       switchport mode fex-fabric
8.2       vpc 103
8.3       fex associate 103
9      interface Ethernet1/1
10      interface Ethernet1/2
11      interface Ethernet1/3
12      interface Ethernet1/4
12.1      switchport mode trunk
12.2      channel-group 3
13      interface Ethernet1/5
13.1      switchport mode trunk
13.2      channel-group 3
14      interface Ethernet1/6
14.1      switchport mode trunk
14.2      channel-group 3
15      interface Ethernet1/7
15.1      switchport mode trunk
15.2      channel-group 3
16      interface Ethernet1/8
17      interface Ethernet1/9
17.1      switchport mode trunk
17.2      switchport trunk allowed vlan 11-20
17.3      channel-group 31 mode active
18      interface Ethernet1/10
18.1      switchport mode trunk
18.2      switchport trunk allowed vlan 11-20
18.3      channel-group 31 mode active
19      interface Ethernet1/11
20      interface Ethernet1/12
...
45      interface Ethernet2/4
45.1      fex associate 101
45.2      switchport mode fex-fabric
45.3      channel-group 101
46      interface Ethernet2/5
46.1      fex associate 101
46.2      switchport mode fex-fabric
46.3      channel-group 101
47      interface Ethernet2/6
47.1      fex associate 101
47.2      switchport mode fex-fabric
47.3      channel-group 101
48      interface Ethernet2/7
48.1      fex associate 101
48.2      switchport mode fex-fabric
48.3      channel-group 101
49      interface Ethernet2/8
49.1      fex associate 101
...
89      interface Ethernet100/1/32
90      interface Ethernet100/1/33
91      interface Ethernet100/1/34
92      interface Ethernet100/1/35
93      interface Ethernet100/1/36
...
105     interface Ethernet100/1/48

Migrating to Cisco NX-OS Release 7.0(3)I2(1) or Higher in a Fabric Extender Straight-Through Topology

This example shows the tasks used to migrate to Cisco NX-OS Release 7.0(3)I2(1) or higher in a Fabric Extender active/active or straight-through topology. For details on the tasks, see the appropriate sections in this chapter.

  1. Make sure configurations are the same on both switches.

  2. Configure the switch profile with the same name on both switches.

  3. Enter the import interface port-channel x-y, port-channel z command for all vPC port channels on both switches.

  4. Enter the show switch-profile name buffer command to ensure all configurations are correctly imported on both switches.

  5. Remove unwanted configuration settings by editing the buffer.

  6. Enter the commit command on both switches.

  7. Enter the sync-peers destination ip-address command to configure the peer switch on both switches.

  8. Enter the show switch-profile name status command to ensure both switches are synchronized.

Replacing a Cisco Nexus 9000 Series Switch

When a Cisco Nexus 9000 Series switch has been replaced, perform the following configuration steps on the replacement switch to synchronize it with the existing Cisco Nexus 9000 Series switch. This procedure can be done in a hybrid Fabric Extender active/active topology and Fabric Extender straight-through topology.

  1. Do not connect any peer link, vPC, active/active, or straight-through topology fabric ports to the replacement switch.

  2. Boot the replacement switch. The switch comes up with no configuration.

  3. Configure the replacement switch:

    • If the running configuration was saved offline, follow Steps 4 through 8 to apply the configuration.

    • If the running configuration was not saved offline, you can obtain it from the peer switch if the configuration synchronization feature is enabled. (See Steps 1 and 2 in Creating a Switch Profile on a Local and a Peer Switch; then begin with Step 9 below).

    • If neither condition is met, manually add the configuration and then begin with Step 9 below.

  4. Edit the configuration file to remove the sync-peer command if you are using the configuration synchronization feature.

  5. Configure the mgmt port IP address and download the configuration file.

  6. Copy the saved configuration file to the running configuration.

  7. Verify that the configuration is correct by entering the show running-config command.

  8. If the switch profile configuration changes were made on the peer switch while the replacement switch was out of service, apply those configurations in the switch profile and then enter the commit command.

  9. Shut down all Fabric Extender straight-through topology ports that are included in a vPC topology.

  10. Connect the Fabric Extender straight-through topology fabric ports.

  11. Wait for the Fabric Extender straight-through topology switches to come online.

  12. Make sure that the vPC role priority of the existing switch is better than the replacement switch.

  13. Connect the peer-link ports to the peer switch.

  14. Connect the switch vPC ports.

  15. Enter the no shutdown command on all Fabric Extender straight-through vPC ports.

  16. Verify that all vPC switches and the Fabric Extenders on the replacement switch come online and that there is no disruption in traffic.

  17. If you are using the configuration synchronization feature, add the sync-peer configuration to the switch profile if it was not enabled in Step 3.

  18. If you are using the configuration synchronization feature, enter the show switch-profile name status command to ensure both switches are synchronized.

Synchronizing Configurations

Synchronizing Configurations After a Cisco Nexus 9000 Series Switch Reboots

If a Cisco Nexus 9000 Series switch reboots while a new configuration is committed on a peer switch using a switch profile, follow these steps to synchronize the peer switches after the reload:

  1. Remove the peer switch from the switch profile on both switches.

  2. Add the no sync-peers destination command to the switch profile and commit the changes on both switches.

  3. Add any missing or changed commands.

  4. Verify that the show running switch-profile is identical on both switches.

  5. Add the sync-peers destination ip-address command to both switches and commit the changes.

  6. Verify that the peers are in sync.

Synchronizing Configurations When the mgmt0 Interface Connectivity Is Lost

When the mgmt0 interface connectivity is lost and configuration changes are required, apply the configuration changes on both switches using the switch profile. When connectivity to the mgmt0 interface is restored, both switches are synchronized.

If a configuration change is made on only one switch in this scenario, a merge will succeed when the mgmt0 interface comes up and the configuration gets applied on the other switch.

Reverting an Inadvertent Port Mode Change of Layer 2 to Layer 3 in Global Configuration Mode

The configurations related to a port imported in config-sync mode should never be configured in the global configuration mode. Normally any attempt to do so will be denied by the config-sync feature, and a mutex warning will appear. However, due to limitations in mutex checks, if a port configured as Layer 2 in the config-sync mode is changed to Layer 3 (no switchport) in the global configuration mode, the config-sync feature is unable to detect and prevent it. As a result, the config-sync mode might become out of sync with the global configuration mode. In this case, follow these steps to revert the change:

  1. Remove the peer switch from the switch profile on both switches.

  2. Add the no sync-peers destination command to the switch profile and commit the changes on both switches.

  3. Import the current interface configuration.

  4. Make any necessary changes and commit them.

  5. Verify that the show running switch-profile is identical on both switches.

  6. Add the sync-peers destination ip-address command to both switches and commit the changes.

  7. Verify that the peers are in sync.