NX-OS to NVUE Common Commands

Cumulus Linux version 4.4 introduces a new CLI called NVUE . NVUE is a complete object model for Cumulus Linux, which makes translating configurations from one vendor to another much more reliable the first time you use Cumulus Linux and across Cumulus Linux versions.

This KB article describes how to translate common NX-OS configurations to NVUE commands.

Feature Enablement

Unlike NX-OS, Cumulus Linux does not require specific features to be enabled.

Hostname and System Commands

NX-OS CommandNVUE CommandComments
hostname <hostname>nv set platform hostname <hostname>
logging server <ip>nv set service syslog default server <ip>The value default is the VRF the server is in.
ntp server <ip>nv set service ntp default server <ip>The value default is the VRF the server is in.
interface breakout module 1 port <port> map 10g-4xnv set interface <interface> link breakout 4x10GMultiple breakout options exist. To see all commands, run nv set interface <interface> link breakout -h.
copy running-config startup-confignv config apply
show startup-configcat /etc/nvue.d/startup.yaml
show running-confignv config diff empty appliedNVUE diff compares an empty configuration against the currently applied configuration.

Interface Commands

You configure NX-OS interface commands under an individual interface; for example:

interface e1/1
   ip address 10.1.1.1/24
NX-OS CommandNVUE CommandComments
ip address <IP>nv set interface <interface> address <IP>In NVUE, you set IPv4 and IPv6 addresses with the same command.
ip address <IP> secondarynv set interface <interface> address <IP>Configuring a second IP address is additive. To replace an address, run nv unset interface <interface> address <IP>.
ipv6 address <IP>nv set interface <interface> address <IP>In NVUE, you set IPv4 and IPv6 addresses with the same command.
mtu <mtu>nv set interface <interface> link mtu <mtu>The default MTU in Cumulus Linux is 9216.
speed <speed>nv set interface <interface> link speed <speed>
fec <mode>nv set interface link fec <mode>
no shutdownnv set interface <interface> link state upThe default state for interfaces is up. To shut down an interface, use link state down.
interface loopback0nv set interface loThe loopback interface on Cumulus Linux is called lo.

Layer 2 and VLANs

Cumulus Linux interfaces are layer 3 routed interfaces by default. To make an interface a layer 2 switchport, you must add the interface to the default bridge called br_default:

cumulus@switch:~$ nv set interface <interface> bridge domain br_default
NX-OS CommandNVUE CommandComments
switchport mode accessnv set interface <interface> bridge domain br_default access
switchport access vlan <vlan>nv set interface <interface> bridge domain br_default access <vlan>
switchport mode trunknv set interface <interface> bridge domain br_defaultPorts you add to a bridge are trunk ports by default.
switchport trunk allowed vlan <vlan-list>nv set interface <interface> bridge domain br_default vlan <vlan-list>
spanning-tree port type edgenv set interface <interface> bridge domain br_default stp admin-edge on
spanning-tree port type networknv set interface <interface> bridge domain br_default stp network on
spanning-tree bpduguard enablenv set interface <interface> bridge domain br_default stp bpdu-guard on
spanning-tree bpdufilter enablenv set interface <interface> bridge domain br_default stp bpdu-filter on
spanning-tree vlan 1 priority <priority>nv set bridge domain br_default stp priority <priority>Cumulus Linux only supports RSTP.

Bonds and Port Channels

Linux uses the term bond whereas Cisco uses the term port channels.

NX-OS CommandNVUE CommandComments
interface port-channel <number>nv set interface <name> bondYou define bonds with a name that must start with a letter.
interface ethernet <mod/port>
   channel-group <number>
nv set interface <name> bond member <name>You create the bond and apply the bond member in a single command.
channel-group <number> mode onnv set interface <name> bond mode staticThe default mode is lacp
lacp rate fastnv set interface <name> bond lacp-rate fast

MLAG and vPC

Cumulus Linux uses MLAG (Multi-chassis Link Aggregation) to describe the feature Cisco calls vPC.

In MLAG configuration, Cumulus Linux also uses the concept of a vPC peer link. To keep MLAG pairs in sync when a direct connection fails, Cumulus Linux uses mlag backup IP instead of the vPC peer-keepalive link.

For more information about MLAG, refer to the Multi-Chassis Link Aggregation - MLAG section of the Cumulus Linux User Guide.

NX-OS CommandNVUE CommandComments
peer-keepalive destination <IP>nv set mlag backup <IP>
system-mac <mac>nv set mlag mac-address <mac>NVUE also supports auto MAC address generation.
interface port-channel <number>
   vpc peer-link
nv set interface peerlink bond member <interface>
nv set mlag peer-ip linklocal
Cumulus Linux requires a unique bond for the peerlink and an associated peer-ip definition.
interface port-channel <number>
   vpc <number>
nv set interface <bond-name> bond mlag id autoThe mlag id must match the bond interface on both MLAG peers connected to the same host. Using auto determines the ID based on the the MAC address of the end host.

Layer 3 Routing Protocols

Most BGP commands require the VRF to be included in the command. This includes the default VRF.

NX-OS CommandNVUE CommandComments
router bgp autonomous-system <ASN>nv set vrf default router bgp autonomous-system <ASN>
router-id <ID>nv set router bgp router-id <ID>
neighbor <IP> remote-as <ASN>nv set vrf default router bgp peer <IP> remote-as <ASN>You can use either external or internal instead of the ASN.
address-family ipv4 unicast
   network <network>
nv set vrf default router bgp address-family ipv4-unicast static-network <network>
address-family ipv6 unicast
   network <network>
nv set vrf default router bgp address-family ipv6-unicast static-network <network>
address-family ipv6 unicast
   redistribute direct
nv set vrf default router bgp address-family ipv4-unicast redistribute connected
ip prefix-list <name> seq <seq> permit <prefix>nv set router policy prefix-list <name> rule <seq> match <prefix>
route-map <name> permit <seq>
   match ip prefix-list <list>
nv set router policy route-map <name> rule <seq> match ip-prefix-list <list>
neighbor <IP> remote-as <ASN>
   address-family ipv4 unicast
      route-map <name> in
nv set vrf default router bgp peer <IP> address-family ipv4-unicast policy inbound route-map <name>
ip route <route> <next hop>nv set vrf default routing static <route> via <next hop>The default value is the VRF name (the default VRF in this example).

Access Control Lists (ACLs)

ACLs in Cumulus Linux are based on Linux iptables and behave differently from NX-OS in the following ways:

  • There is no implicit deny. ACLs must end in a match any and action deny rule to drop all unmatched traffic.
  • There is no support for wildcard masks. You must list subnets individually.

For more information, refer to the Netfilter - ACLs section of the Cumulus Linux User Guide.

NX-OS CommandNVUE CommandComments
ip access-list <name>
   <seq> permit ip <source> <destination>
nv set acl <name> rule <seq> match source-ip <source>
nv set acl <name> rule <seq> match dest-ip <destination>
nv set acl <name> rule <seq> action permit
NVUE links the source, destination, and actions with the <seq> value.
interface <slot/port>
   ip access-group <name> in
nv set interface <interface> acl <name> inbound
mac access-list <name>
   <seq> permit <source mac> <destination mac> <protocol>
nv set acl <name> rule <seq> match source-mac <source mac>
nv set acl <name> rule <seq> match dest-mac <destination mac>
nv set acl <name> rule <seq> match protocol <protocol number>
nv set acl <name> rule <seq> action permit
NVUE links the source, destination, and actions with the <seq> value.
interface <slot/port>
   mac port access-group <name>
nv set interface <interface> acl <name> inbound