Introduction:
In this document you will be learning on "Configuring Session manager" feature of NX-Os. NX-OS allow several configuration commands to be executed in sequence as a batch in configuration session. Once you create such session, its sequence of command will be executed with commit operation. So you can verify your configuration before applying to box. There are some of the guideline and limitation of this feature like session manager only support ACL and Qos feature, please read more for this Guidelines and Limitations.
Configuration Example:
In this example, we will be creating configuration session for deploying access-list on nexus 7k.
I will be creating acl with name "Test_ACL"
N7k1# sh ip access-lists Test_ACL
N7k1#
So as you can see we don’t have any ACL on N7K box.
Step1: Create configure session:
N7k1# configure session test
Config Session started, Session ID is 1
Enter configuration commands, one per line. End with CNTL/Z.
N7k1(config-s)#
Once you type command "configure session <word>”, you can see our normal config mode has changed with (config-s) # prompt. Let's check what option we have under this mode.
N7k1(config-s)# ?
abort Abort the current configuration session
access-list Configure access control list parameters
arp ARP access-list configuration commands
class-map Configure a class map
commit Commit the current configuration session
errdisable Error disable
interface Configure interfaces
ip Configure IP features
ipv6 Configure IPv6 features
line Configure a terminal line
logging Modify message logging facilities
mac MAC configuration commands
no Negate a command or set its defaults
object-group Configure ACL object groups
policy-map Configure a policy map
qos QoS Global Commands
resequence Resequence a list with sequence numbers
save Save the current configuration session to uri
system System management commands
table-map Configure a table map
time-range Define time range entries
verify Verify the current configuration session
vlan Vlan commands
end Go to exec mode
exit Exit from command interpreter
pop Pop mode from stack or restore from name
push Push current mode to stack or save it under name
where Shows the cli context you are in
N7k1(config-s)#
As you can see we have very limited feature option here, major I use this for configuring large ACL so i can configured them in bunch and push them to box in maintenance window time.
Configure ACL under "configure session test"
N7k1(config-s)# ip access-list Test_ACL
N7k1(config-s-acl)# deny tcp any any eq gopher
N7k1(config-s-acl)# permit tcp any any eq 443
N7k1(config-s-acl)# permit tcp any any eq 80
N7k1(config-s-acl)# permit tcp any any eq 23
N7k1(config-s-acl)# permit tcp any any eq ftp
N7k1(config-s-acl)# permit tcp any any eq ftp-data
N7k1(config-s-acl)# exit
N7k1(config-s)# int e1/1
N7k1(config-s-if)# ip access-group Test_ACL in
N7k1(config-s-if)# ip access-group Test_ACL out
N7k1(config-s-if)# exit
N7k1(config-s)#end
N7k1#
Now end this mode and let's check running config for this acl and interface configuration.
N7k1# sh ip access-lists Test_ACL
N7k1#
N7k1# sh run int e1/1
!Command: show running-config interface Ethernet1/1
!Time: Tue Sep 30 12:24:44 2014
version 6.0(2)
interface Ethernet1/1
You can see we have configured ACL and apply to interface but still it hasn't applied to running config of box.
Now we will verify our Configure session and applied to running config with "commit" word.
N7k1# sh configuration session test
config session name test
0001 ip access-list Test_ACL
0002 deny tcp any any eq gopher
0003 permit tcp any any eq 443
0004 permit tcp any any eq 80
0005 permit tcp any any eq 23
0006 permit tcp any any eq ftp
0007 permit tcp any any eq ftp-data
0008 interface Ethernet1/1
0009 ip access-group Test_ACL in
0010 ip access-group Test_ACL out
N7k1# configure session test
Config Session started, Session ID is 1
Enter configuration commands, one per line. End with CNTL/Z.
N7k1(config-s)# commit
Commit Successful
Verifying running config:
N7k1# sh ip access-lists Test_ACL
IP access list Test_ACL
10 deny tcp any any eq gopher
20 permit tcp any any eq 443
30 permit tcp any any eq www
40 permit tcp any any eq telnet
50 permit tcp any any eq ftp
60 permit tcp any any eq ftp-data
N7k1# sh run int e1/1
!Command: show running-config interface Ethernet1/1
!Time: Tue Sep 30 12:30:45 2014
version 6.0(2)
interface Ethernet1/1
ip access-group Test_ACL in
ip access-group Test_ACL out
Related information:
The best way to upload large ACLs to NX-OS Nexus 7009
N7K Configuring Session Manager