Nexus’ improved CLI

The Cisco Nexus Series platform has some good things going. Having spent much of my time recently using them, I have come to appreciate some very neat improvements NX-OS is offering over standard IOS. For the most part driving NX-OS is very similar to IOS, but it’s been greatly improved.

One such example is the output from the most used IOS command “show ip int brief”, which on NX-OS only shows ‘IP’ (being layer 3) interfaces. To see the brief state of all types of interfaces use “sh int brief” instead.

N5K-2(config)# sh ip int brief
IP Interface Status for VRF "default"(1)
Interface            IP Address      Interface Status
Vlan19               10.1.19.6       protocol-up/link-up/admin-up
Vlan22               10.1.22.6       protocol-up/link-up/admin-up

N5K-2(config)# sh int brief
--------------------------------------------------------------------------------
Ethernet      VLAN   Type Mode   Status  Reason                   Speed     Port
Interface                                                                   Ch #
--------------------------------------------------------------------------------
Eth1/1        1      eth  trunk  up      none                       1000(D) 51
Eth1/2        22     eth  access up      none                        10G(D) -
Eth1/3        1      eth  trunk  down    SFP not inserted            10G(D) 50
Eth1/4        1      eth  trunk  down    SFP not inserted            10G(D) 50
Eth1/5        1      eth  trunk  down    SFP not inserted            10G(D) -
Eth1/6        19     eth  access down    SFP not inserted            10G(D) -
Eth1/7        1      eth  trunk  down    Link not connected          10G(D) 5
Eth1/8        1      eth  trunk  down    Link not connected          10G(D) 5
Eth1/9        1      eth  fabric down    Administratively down       10G(D) 9
Eth1/10       1      eth  fabric down    FEX identity mismatch       10G(D) 7
Eth1/11       1      eth  fabric down    vpc peerlink is down        10G(D) 34
Eth1/12       1      eth  fabric down    SFP not inserted            10G(D) 12
Eth1/13       1      eth  fabric up      none                        10G(D) 15
Eth1/14       1      eth  fabric down    Administratively down       10G(D) 9

As you might have noticed, ‘DO’ keyword is not necessary. EXEC level commands may be used in any CONFIGURATION mode. This makes one very lazy, when working on IOS device forgetting to use the ‘DO’ keyword again.

#SH RUN

The “show run” was extended somewhat too, to show portions of config related to certain technologies. A “show run ?” will display all the options and the list below I use daily:

show run vtp
show run spanning-tree
show run interface
show run fex
show run vpc
show run aaa
show run tacacs
show run diff
show run ip

5K-2(config)# sh run spanning-tree
spanning-tree mode mst
spanning-tree mst configuration
name LAB
revision 1
instance 1 vlan 100-199
instance 1 vlan 200-299

The “show run diff” is useful, since it displays the difference between running and startup configuration.

#RANGES

The NX-OS also allows multiple interfaces to be configured, but without using the keyword ‘range’. Additionally the same new range syntax can be used with show commands:

N5K-2(config)# int e1/3-5
N5K-2(config-if-range)# description GREEN
N5K-2(config-if-range)#
N5K-2(config-if-range)# sh run int e1/3-5

interface Ethernet1/3
description GREEN

interface Ethernet1/4
description GREEN

interface Ethernet1/5
description GREEN

#OUTPUT SEARCHING

The screen output searching functionality was extended too making life a lot easier when working with large configurations.
This applies to any output from a show command that extends beyond one page of output. Compared to IOS which offered three options: SPACEBAR (one more page), RETURN (one more line) or SLASH ‘/’ (jump-to search function), NX-OS provides the following options:

Most commands optionally preceded by integer argument k.  Defaults in brackets.
Star (*) indicates argument becomes new default.
-------------------------------------------------------------------------------
<space>                 Display next k lines of text [current screen size]
z                       Display next k lines of text [current screen size]*
<return>                Display next k lines of text [1]*
d or ctrl-D             Scroll k lines [current scroll size, initially 11]*
q or Q or <interrupt>   Exit from more
s                       Skip forward k lines of text [1]
f                       Skip forward k screenfuls of text [1]
b or ctrl-B             Skip backwards k screenfuls of text [1]
'                       Go to place where previous search started
=                       Display current line number
/   Search for kth occurrence of regular expression [1]
n                       Search for kth occurrence of last r.e [1]
!<cmd> or :!<cmd>       Execute <cmd> in a subshell
v                       Start up /usr/bin/vi at current line
ctrl-L                  Redraw screen
:n                      Go to kth next file [1]
:p                      Go to kth previous file [1]
:f                      Display current file name and line number
.                       Repeat previous command
-------------------------------------------------------------------------------

#THE PIPE

I left the best for last. With the NX-OS VSH (Virtual Shell) running over a native implementation of linux, some well-known commands have been added to extend the all powerful Pipe ‘|’ function. The list now available is:

N5K-2(config-if-range)# sh run | ?
cut      Print selected parts of lines.
diff     Show difference between current and previous invocation
egrep    Egrep - print lines matching a pattern
grep     Grep - print lines matching a pattern
head     Display first lines
human    Output in human format (if permanently set to xml, else it will turn on xml for next command)
last     Display last lines
less     Filter for paging
no-more  Turn-off pagination for command output
section  Show lines that include the pattern as well as the subsequent lines
sed      Stream Editor
sort     Stream Sorter
tr       Translate, squeeze, and/or delete characters
uniq     Discard all but one of successive identical lines
vsh      The shell that understands cli command
wc       Count words, lines, characters
xml      Output in xml format (according to .xsd definitions)
begin    Begin with the line that matches
count    Count number of lines
end      End with the line that matches
exclude  Exclude lines that match
include  Include lines that match

The IOS function INCLUDE, BEGIN, and SECTION is boring in comparison to sorting, counting, grepping and displaying 5 lines above the search string, displaying the end or beginning of the output, etc.

XML output is also supported natively, which allows more integration than IOS.

Some of the more crazy outputs I have seen:

N5K-2(config)# show vpc brief | xml | grep vpc-ifindex | sed 's/<[^>]*>//g' | sed 's/^/conf t ; interface /' | sed 's/$/ ; no shut/'
conf t ; interface          Po109 ; no shut
conf t ; interface          Po110 ; no shut
conf t ; interface          Po111 ; no shut
conf t ; interface          Po112 ; no shut

Outputs like this can be used to script via EEM and/or TCL as an action to do those commands by adding a ” | vsh” on the end.

Outputs can also be redirected flash or even off-boxes:

N5K-2(config)# sh run > >?
>   Redirect it to a file
>>  Redirect output to the end of a file (append)

N5K-2(config)# sh run > ?
bootflash:  Destination filesystem path
ftp:        Destination filesystem path
scp:        Destination filesystem path
sftp:       Destination filesystem path
tftp:       Destination filesystem path
volatile:   Destination filesystem path

Working on NX-OS, you can’t help feel that the CLI was finally given some attention with network engineers in mind.