A Cisco Nexus port profile is a group of port configuration directives that can be applied to an interface via a single command. In this way, a network engineer can build a set of profiles appropriate to the environment, and then apply one or more profiles to an interface without having to apply each command individually. Port profiles are useful for:
Reducing CLI errors committed by network operators. Configuring an interface is simplified by using an “inherit” command to apply much of the needed configuration using a port profile. NX-OS makes sure that the commands in the port profile are applied to the interface.
Enforcing standard interface configurations. Any number of configurations are possible for an interface, but network environments should enforce a specific interface configuration standard to ensure predictable interface behavior across the data center. A hurried network engineer might rush an interface configuration by applying a VLAN ID, while ignoring the rest of the defined standard. A more diligent engineer will probably take the time to input all appropriate configuration commands. And whether hurried or diligent, any engineer can forget to include commands now and then. By using port profiles, engineers ensure the interface configuration conforms to the standard.
Improving configuration readability. Interface configurations can become cluttered with lots of commands, several of which are likely to be used by many interfaces. Applying port profiles tightens up the configuration an engineer must review at the CLI, which makes the configuration more readable, and helps unique configuration details stand out.
Features and Limitations
Cisco Nexus port profiles have several key features and limitations. For example, a port profile name can be as long as 80 characters. While hyphens and underscores can be used, other special characters (including spaces) are not permitted. I recommend naming port profiles (and any other human-created object in a network device configuration) using all capital letters. This helps the object to stand out as obviously human-made, as opposed to being a configuration keyword.
Network engineers must create specific port profiles types to match specific interface types. Ethernet, VLAN, port-channel, and Virtual Ethernet interface types are supported.
Once created, port profiles must be enabled before they will be active. While it’s possible to apply a disabled port profile to an interface, the commands in the port profile won’t actually be inherited by the interface until the port profile is enabled.
An interface can only inherit a single port profile. However, it’s possible to nest port profiles within one another. When nesting port profiles, the network engineer must pay careful attention to the commands being applied, as NX-OS will not prevent conflicting commands from co-existing in the nested profiles. For example, the nested port profile could contain “switchport trunk” while “switchport fex-fabric” (a conflicting command) is contained in the parent profile. In this situation, the resulting interface configuration would contain the command applied last during port profile inheritance.
A specific port profile can only be applied to a limited number of interfaces. On a Nexus 5596 running NX-OS 5.2(1)N1(1), the limit is 512 interfaces, though that number can go as high as 1024 using the “max-ports” command.
When a port profile is deleted, the interfaces that inherited the port profile lose the configuration commands belonging to the deleted port profile. Adding or removing a port profile can take many seconds; a pause at the CLI while a port profile is inherited by an interface is therefore normal.
When you change a port profile being used by one or more interfaces, you change the interfaces as well. That’s both powerful and dangerous, as an ill-considered change to a production port profile could negatively impact hundreds of interfaces. This is similar to the power (and danger) of applying commands to large interface ranges.
Let’s review the code required to create and apply some simple port profiles.
Example 1: AVAILABLE. By default, switch interfaces are enabled. I don’t care for this default behavior, and apply the “AVAILABLE” port profile. In this configuration, I create a port-profile called “AVAILABLE”, set the total number of interfaces it can be applied to the max of 1,024, and enable the port profile. The only configuration command is “shutdown”.
NEXUS-SWITCH(config)# port-profile AVAILABLE NEXUS-SWITCH(config-port-prof)# shutdown NEXUS-SWITCH(config-port-prof)# max-ports ? <1-1024> Enter the max-number of ports
NEXUS-SWITCH(config-port-prof)# max-ports 1024 NEXUS-SWITCH(config-port-prof)# state enabled NEXUS-SWITCH(config-port-prof)# exit NEXUS-SWITCH(config)# show run port-profile AVAILABLE
!Command: show running-config port-profile AVAILABLE !Time: Wed Mar 13 17:22:02 2013
version 5.2(1)N1(1) port-profile type ethernet AVAILABLE shutdown max-ports 1024 state enabled
Now we’re ready to apply this port profile to an interface. First, let’s take a look at the default interface configuration and status.
NEXUS-SWITCH# show run interface eth120/1/1
!Command: show running-config interface Ethernet120/1/1 !Time: Wed Mar 13 17:32:54 2013
version 5.2(1)N1(1)
interface Ethernet120/1/1
NEXUS-SWITCH#show interface eth120/1/1 status
——————————————————————————– Port Name Status Vlan Duplex Speed Type ——————————————————————————– Eth120/1/1 — notconnec 1 auto auto — NEXUS-SWITCH#
The interface is at the default configuration and is in a “not connected” status, meaning that there is no host plugged into the port, but the port will light up if a cable is plugged in. Now, let’s apply the AVAILABLE port profile and observe the change.
NEXUS-SWITCH# conf t Enter configuration commands, one per line. End with CNTL/Z. NEXUS-SWITCH(config)# interface eth120/1/1 NEXUS-SWITCH(config-if)# inherit port-profile AVAILABLE NEXUS-SWITCH(config-if)# exit NEXUS-SWITCH(config)# exit NEXUS-SWITCH# show run interface eth120/1/1
!Command: show running-config interface Ethernet120/1/1 !Time: Wed Mar 13 17:39:20 2013
version 5.2(1)N1(1)
interface Ethernet120/1/1 inherit port-profile AVAILABLE
NEXUS-SWITCH# show interface eth120/1/1 status
——————————————————————————– Port Name Status Vlan Duplex Speed Type ——————————————————————————– Eth120/1/1 — disabled 1 auto auto — NEXUS-SWITCH#
With the port profile inherited by the interface, the interface status shows as “disabled” instead of “not connected”. This is a result of the “shutdown” command that the interface has inherited as a part of its configuration from the AVAILABLE port profile.
Example 2: HOST-ACCESS-VLAN-111. Now let’s take our “AVAILABLE” interface, and make it ready to uplink a host requiring service on VLAN 111. First, we’ll build a port profile called HOST-ACCESS-VLAN-111, add some configuration commands to it, enable it, and apply it to the same interface used in Example 1.
As you review the configuration output, you’ll see the message “ERROR: Interface is already inherited”. This is what NX-OS reports when you try to apply a port profile to an interface that’s already had a port profile applied. You must remove the existing port-profile inheritance first, which I do in this example.
NEXUS-SWITCH# conf t Enter configuration commands, one per line. End with CNTL/Z. NEXUS-SWITCH(config)# port-profile HOST-ACCESS-VLAN-111 NEXUS-SWITCH(config-port-prof)# switchport access vlan 111 NEXUS-SWITCH(config-port-prof)# flowcontrol receive on NEXUS-SWITCH(config-port-prof)# spanning-tree port type edge NEXUS-SWITCH(config-port-prof)# spanning-tree guard root NEXUS-SWITCH(config-port-prof)# state enabled NEXUS-SWITCH(config-port-prof)# exi NEXUS-SWITCH(config)# interface eth120/1/1 NEXUS-SWITCH(config-if)# inherit port-profile HOST-ACCESS-VLAN-111 ERROR: Interface is already inherited NEXUS-SWITCH(config-if)# no inherit port-profile AVAILABLE NEXUS-SWITCH(config-if)# inherit port-profile HOST-ACCESS-VLAN-111 Warning: Edge port type (portfast) should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc… to this interface when edge port type (portfast) is enabled, can cause temporary bridging loops. Use with CAUTION
Edge Port Type (Portfast) has been configured on Ethernet120/1/1 but will only have effect when the interface is in a non-trunking mode. NEXUS-SWITCH(config-if)# NEXUS-SWITCH# show run interface eth120/1/1
!Command: show running-config interface Ethernet120/1/1 !Time: Wed Mar 13 18:06:12 2013
version 5.2(1)N1(1)
interface Ethernet120/1/1 inherit port-profile HOST-ACCESS-VLAN-111
NEXUS-SWITCH# show interface eth120/1/1 status
——————————————————————————– Port Name Status Vlan Duplex Speed Type ——————————————————————————– Eth120/1/1 — AAFlowcon 111 auto auto — NEXUS-SWITCH# show run interface eth120/1/1 expand-port-profile
!Command: show running-config interface Ethernet120/1/1 expand-port-profile !Time: Wed Mar 13 18:06:55 2013
version 5.2(1)N1(1)
interface Ethernet120/1/1 switchport access vlan 111 spanning-tree port type edge spanning-tree guard root flowcontrol receive on
NEXUS-SWITCH#
Finally, note in the output above the “expand-port-profile” directive after the “show running-config interface” command. This allows the network engineer to see what commands the port profile has actually applied to the interface.
Guide resource from: https://www.networkcomputing.com/
Cisco Nexus 5500 Series NX-OS Interfaces Configuration Guide, Release 6.0(2)N1(1)
https://www.cisco.com/en/US/docs/switches/datacenter/nexus5500/sw/interfaces/602_N1_1/b_5500_Interfaces_Config_Guide_Release_602N11.pdf
More Cisco Tutorials:
Cisco Nexus 6000 Switches: High-Density, Compact Form Factor