Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
3008
Views
5
Helpful
0
Comments

Understanding and Configure NX-OS “ Session manager” feature

ashirkar
Level 7
Level 7

‎09-30-2014 03:00 PM - edited ‎03-01-2019 05:04 PM

Introduction:

In this document you will be learning on "Configuring Session manager" feature of NX-Os. NX-OS allow several configuration commands to be executed in sequence as a batch in configuration session. Once you create such session, its sequence of command will be executed with commit operation. So you can verify your configuration before applying to box. There are some of the guideline and limitation of this feature like session manager only support ACL and Qos feature, please read more for this Guidelines and Limitations.

Configuration Example:

In this example, we will be creating configuration session for deploying access-list on nexus 7k.

I will be creating acl with name "Test_ACL"

N7k1# sh ip access-lists Test_ACL
N7k1#

 

So as you can see we don’t have any ACL on N7K box.

Step1: Create configure session:

N7k1# configure session test
Config Session started, Session ID is 1
Enter configuration commands, one per line.  End with CNTL/Z.
N7k1(config-s)#

Once you type command "configure session <word>”, you can see our normal config mode has changed with (config-s) # prompt. Let's check what option we have under this mode.

 

N7k1(config-s)# ?
  abort         Abort the current configuration session
  access-list   Configure access control list parameters
  arp           ARP access-list configuration commands
  class-map     Configure a class map
  commit        Commit the current configuration session
  errdisable    Error disable
  interface     Configure interfaces
  ip            Configure IP features
  ipv6          Configure IPv6 features
  line          Configure a terminal line
  logging       Modify message logging facilities
  mac           MAC configuration commands
  no            Negate a command or set its defaults
  object-group  Configure ACL object groups
  policy-map    Configure a policy map
  qos           QoS Global Commands
  resequence    Resequence a list with sequence numbers
  save          Save the current configuration session to uri
  system        System management commands
  table-map     Configure a table map
  time-range    Define time range entries
  verify        Verify the current configuration session
  vlan          Vlan commands
  end           Go to exec mode
  exit          Exit from command interpreter
  pop           Pop mode from stack or restore from name
  push          Push current mode to stack or save it under name
  where         Shows the cli context you are in
N7k1(config-s)#

As you can see we have very limited feature option here, major I use this for configuring large ACL so i can configured them in bunch and push them to box in maintenance window time.

Configure ACL under "configure session test"

N7k1(config-s)# ip access-list Test_ACL

N7k1(config-s-acl)# deny tcp any any eq gopher

N7k1(config-s-acl)# permit tcp any any eq 443

N7k1(config-s-acl)# permit tcp any any eq 80

N7k1(config-s-acl)# permit tcp any any eq 23

N7k1(config-s-acl)# permit tcp any any eq ftp

N7k1(config-s-acl)# permit tcp any any eq ftp-data

N7k1(config-s-acl)# exit

N7k1(config-s)# int e1/1

N7k1(config-s-if)# ip access-group Test_ACL in

N7k1(config-s-if)# ip access-group Test_ACL out

N7k1(config-s-if)# exit

N7k1(config-s)#end

N7k1#

 

Now end this mode and let's check running config for this acl and interface configuration.

N7k1# sh ip access-lists Test_ACL
N7k1#
N7k1# sh run int e1/1

!Command: show running-config interface Ethernet1/1

!Time: Tue Sep 30 12:24:44 2014

version 6.0(2)

interface Ethernet1/1

You can see we have configured ACL and apply to interface but still it hasn't applied to running config of box.

Now we will verify our Configure session and applied to running config with "commit" word.

N7k1# sh configuration session test

config session name test

0001  ip access-list Test_ACL

0002  deny tcp any any eq gopher

0003  permit tcp any any eq 443

0004  permit tcp any any eq 80

0005  permit tcp any any eq 23

0006  permit tcp any any eq ftp

0007  permit tcp any any eq ftp-data

0008  interface Ethernet1/1

0009  ip access-group Test_ACL in

0010  ip access-group Test_ACL out

 

N7k1# configure session test

Config Session started, Session ID is 1

Enter configuration commands, one per line.  End with CNTL/Z.

N7k1(config-s)# commit

Commit Successful

 

Verifying running config:

 

N7k1# sh ip access-lists Test_ACL

IP access list Test_ACL

        10 deny tcp any any eq gopher

        20 permit tcp any any eq 443

        30 permit tcp any any eq www

        40 permit tcp any any eq telnet

        50 permit tcp any any eq ftp

        60 permit tcp any any eq ftp-data

N7k1# sh run int e1/1

!Command: show running-config interface Ethernet1/1

!Time: Tue Sep 30 12:30:45 2014

version 6.0(2)

interface Ethernet1/1

  ip access-group Test_ACL in

  ip access-group Test_ACL out

Related information:

The best way to upload large ACLs to NX-OS Nexus 7009

N7K Configuring Session Manager

Labels:
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents