Configuring CFS - Cisco
S e n d d o c u m e n t c o m m e n t s t o n ex u s 7 k - d o c f e e d b a ck @ c i s c o . c o m .CH A P T E R2Configuring CFSThis chapter describes how to use Cisco Fabric Services (CFS), a Cisco proprietary feature thatdistributes data, including configuration changes, to all Cisco NX-OS devices in a network.This chapter includes the following sections: Information About CFS, page 2-1 Licensing Requirements for CFS, page 2-4 Prerequisites for CFS, page 2-4 Guidelines and Limitations, page 2-4 Configuring CFS Distribution, page 2-5 Verifying the CFS Configuration, page 2-23 Default Settings, page 2-23 Additional References, page 2-23 Feature History for CFS, page 2-24Information About CFSYou can use CFS over IP (CFSoIP) to distribute and synchronize a configuration on one Cisco device orwith all other Cisco devices in your network. CFSoIP provides you with consistent and, in most cases,identical configurations and behavior in your network.This section includes the following topics: Merging Application Databases, page 2-2 Applications that Use CFS to Distribute Configuration Changes, page 2-2 CFS Distribution, page 2-2 CFS Regions, page 2-3 High Availability, page 2-3 Virtualization Support, page 2-3Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 4.xOL-20086-012-1
Chapter 2Configuring CFSInformation About CFSSe n d d o c u m e n t c o m m e n t s t o n ex u s 7 k - d o c f e e d b a ck @ c i s c o . c o m .Merging Application DatabasesWhen a new device is detected in your network, CFS manages the merging, or synchronizing, of itsconfiguration with that of the other devices. CFS also coordinates and minimizes the number of mergesby designating one device to manage merges per application per region. The other devices do not playany role in the merge process.During a merger of two networks, their designated managers exchange configuration databases. Theapplication on one of them merges the databases, decides if the merger is successful, and notifies allother devices.If the merger is successful, the merged database is distributed to all devices in the combined fabric andthe entire new fabric emerges in a consistent state. You can recover from a merge failure by starting adistribution from any device in the new fabric. This distribution restores all peers in the fabric to the sameconfiguration database.Applications that Use CFS to Distribute Configuration ChangesCFS distributes configuration changes for the applications shown in Table 2-2.Table 2-1CFS-Supported ApplicationsApplicationDefault stateRADIUSDisabledTACACS DisabledUser and administrator rolesDisabledCall HomeDisabledNTPDisabledCFS DistributionCFS distributes configuration changes to multiple devices in a defined region or across a completenetwork.The following steps provide an overview of how CFS distributes application configurations.1.You enable CFS to distribute configurations for an application, such as Call Home.2.You enter a command to change the configuration for a CFS application, such as Call Home.3.CFS checks if an active fabric lock indicates that a configuration change is already in progress forthis application.NoteOnly one CFS session for an application can be active at a time. CFS uses locks to enforcethis restriction. Distribution is not allowed to start if locks are in place for the applicationanywhere else in the fabric.Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 4.x2-2OL-20086-01
Chapter 2Configuring CFSInformation About CFSS e n d d o c u m e n t c o m m e n t s t o n ex u s 7 k - d o c f e e d b a ck @ c i s c o . c o m .4.One of the following occurs:– If an active fabric lock exists for this application, CFS rejects the command. No changes arepermitted until the existing fabric lock is released.– If there is not an active fabric lock for this application, then CFS starts a session and locks thefabric for this application.5.You enter the remaining configuration commands for the application.6.You commit the configuration by using the commit command.7.CFS distributes the configuration and releases the lock.CFS RegionsA CFS region is a user-defined subset of devices for a given feature or application. You will usuallydefine regions to localize or restrict distribution based on devices that are close to one another.When a network covers many geographies with many different administrators who are responsible forsubsets of devices, you can manage the physical scope of an application by setting up a CFS region.CFS regions are identified by numbers 0 through 200. Region 0 is the default region. You can configureregion number 1 through 200.NoteIf a feature is moved, that is, assigned to a new region, its scope is restricted to that region and it ignoresall other regions for distribution or merging purposes.You can set up a CFS region to distribute configurations for multiple features. However, on a givendevice, you can configure only one CFS region at a time to distribute the configuration for a givenfeature. Once you assign a feature to a CFS region, its configuration cannot be distributed within anotherCFS region.NoteThe default region is used to distribute changes to all devices in a fabric. Region 0 is reserved as thedefault region and contains every device in the fabric. If you remove an application from a region anddo not assign it to a different region, it is added to the default region (region 0).High AvailabilityStateless restarts are supported for CFS. After a reboot or a supervisor switchover, the runningconfiguration is applied. For more information on high availability, see the Cisco Nexus 7000 SeriesNX-OS High Availability and Redundancy Guide.Virtualization SupportCFS is configured per VDC.When you access Cisco NX-OS, it places you in the default VDC unless you specify a different VDC.For more information on VDCs, see the Cisco Nexus 7000 Series NX-OS Virtual Device ContextConfiguration Guide, Release 4.x.Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 4.xOL-20086-012-3
Chapter 2Configuring CFSLicensing Requirements for CFSSe n d d o c u m e n t c o m m e n t s t o n ex u s 7 k - d o c f e e d b a ck @ c i s c o . c o m .Licensing Requirements for CFSProductLicense RequirementNX-OSCFS requires no license. Any feature not included in a license package is bundled with the Cisco NX-OSsystem images and is provided at no extra charge to you. For a complete explanation of the NX-OS licensingscheme, see the Cisco NX-OS Licensing Guide.Prerequisites for CFSCFS has the following prerequisites: CFS is enabled by default. All devices in the fabric must have CFS enabled or they do not receivedistributions. If CFS is disabled for an application, then that application does not distribute any configuration andit does not accept a distribution from other devices in the fabric.Guidelines and LimitationsCFS has the following configuration guidelines and limitations: CautionIf the virtual port channel (vPC) feature is enabled for your device, do not disable CFS overEthernet.CFS over Ethernet must be enabled for the vPC feature to work. CFS distributions for application data use directed unicast. All CFS over IP enabled devices with similar multicast addresses form one CFS over IP fabric. Make sure that CFS is enabled for the applications you want to configure. For detailed information,see the “Enabling CFS Distribution for Applications” procedure on page 2-5. Any time you lock a fabric, your username is remembered across restarts and switchovers. Any time you lock a fabric, configuration changes attempted by anyone else are rejected. While a fabric is locked, the application holds a working copy of configuration changes in a pendingdatabase or temporary storage area—not in the running configuration. Configuration changes that have not been committed yet (still saved as a working copy) are not inthe running configuration and do not display in the output of show commands. The working copy overwrites the running configuration when you commit the changes. If you start a CFS session that requires a fabric lock but forget to end the session, an administratorcan clear the session. For more information, see the “Clearing a Locked Session” procedure onpage 2-19. CFSoIP and CFSoE are not supported for use together. CFS regions can be applied only to CFSoIP and CFSoFC clients.Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 4.x2-4OL-20086-01
Chapter 2Configuring CFSConfiguring CFS DistributionS e n d d o c u m e n t c o m m e n t s t o n ex u s 7 k - d o c f e e d b a ck @ c i s c o . c o m . An empty commit is allowed if configuration changes are not previously made. In this case, thecommit command results in a session that acquires locks and distributes the current database. You can only use the commit command on the specific device where the fabric lock was acquired.Configuring CFS DistributionThis section describes how to configure CFS and includes the following topics: Enabling CFS Distribution for Applications, page 2-5 Specifying a CFS Distribution Mode, page 2-10 Configuring an IP Multicast Address for CFS Over IP, page 2-11 Configuring CFS Regions, page 2-12 Creating and Distributing a CFS Configuration, page 2-18 Discarding a Configuration, page 2-20 Disabling CFS Distribution Globally, page 2-21Enabling CFS Distribution for ApplicationsThis section includes the following topics:Note Enabling CFS to Distribute Call Home Configurations, page 2-5 Enabling CFS to Distribute RADIUS Configurations, page 2-6 Enabling CFS to Distribute TACACS Configurations, page 2-7 Enabling CFS to Distribute Role Configurations, page 2-8 Enabling CFS to Distribute NTP Configurations, page 2-9See the Cisco Nexus 7000 Series NX-OS Security Configuration Guide, Release 4.x for more informationon CFS for RADIUS, TACACS , and roles. See Chapter 6, “Configuring Smart Call Home” for moreinformation on Call Home, and see Chapter 3, “Configuring NTP” for more information on NTP.Enabling CFS to Distribute Call Home ConfigurationsYou can enable CFS to distribute Call Home configurations.BEFORE YOU BEGINMake sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.SUMMARY STEPS1.config t2.callhome3.distributeCisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 4.xOL-20086-012-5
Chapter 2Configuring CFSConfiguring CFS DistributionSe n d d o c u m e n t c o m m e n t s t o n ex u s 7 k - d o c f e e d b a ck @ c i s c o . c o m .4.show application name status5.copy running-config startup-configDETAILED STEPSStep 1CommandPurposeconfig tPlaces you in global configuration mode.Example:switch# config tswitch(config)#Step 2switch(config)# callhomePlaces you in callhome configuration mode.Example:switch(config)# callhomeswitch(config-callhome)#Step 3switch(config)# distributeExample:switch(config-callhome)# distributeswitch(config-callhome)#Step 4show application name statusExample:switch(config-callhome)# show callhomestatusStep 5copy running-config startup-configExample:switch(config)# copy running-configstartup-configEnables CFS to distribute Call Home configurationupdates.(Optional) For the specified application, displays theCFS distribution status.(Optional) Saves the change persistently throughreboots and restarts by copying the runningconfiguration to the startup configuration.This example shows how to enable CFS to distribute Call Home configurations:switch(config)# callhomeswitch(config-callhome)# distributeswitch(config-callhome)# show callhome statusDistribution : Enabledswitch(config-callhome)# copy running-config #####] 100%Enabling CFS to Distribute RADIUS ConfigurationsYou can enable CFS to distribute RADIUS configurations.BEFORE YOU BEGINMake sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.SUMMARY STEPS1.config t2.radius distributeCisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 4.x2-6OL-20086-01
Chapter 2Configuring CFSConfiguring CFS DistributionS e n d d o c u m e n t c o m m e n t s t o n ex u s 7 k - d o c f e e d b a ck @ c i s c o . c o m .3.show radius status4.copy running-config startup-configDETAILED STEPSStep 1CommandPurposeconfig tPlaces you in global configuration mode.Example:switch# config tswitch(config)#Step 2switch(config)# radius distributeExample:switch(config)# radius distributeStep 3show radius statusExample:switch(config)# show radius statusStep 4copy running-config startup-configExample:switch(config)# copy running-configstartup-configFor the specified application, enables the device toreceive configuration updates that are distributedthrough CFS.(Optional) For the specified application, displays theCFS distribution status.(Optional) Saves the change persistently throughreboots and restarts by copying the runningconfiguration to the startup configuration.This example shows how to enable CFS to distribute RADIUS configurations:switch(config)# radius distributeswitch(config)# show radius statusDistribution : Enabledswitch(config)# copy running-config #####] 100%Enabling CFS to Distribute TACACS ConfigurationsYou can enable CFS to distribute TACACS configurations.BEFORE YOU BEGINMake sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.SUMMARY STEPS1.config t2.tacacs distribute3.show tacacs status4.copy running-config startup-configCisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 4.xOL-20086-012-7
Chapter 2Configuring CFSConfiguring CFS DistributionSe n d d o c u m e n t c o m m e n t s t o n ex u s 7 k - d o c f e e d b a ck @ c i s c o . c o m .DETAILED STEPSStep 1CommandPurposeconfig tPlaces you in global configuration mode.Example:switch# config tswitch(config)#Step 2switch(config)# tacacs distributeExample:switch(config)# tacacs distributeStep 3show tacacs statusExample:switch(config)# show tacacs statusStep 4copy running-config startup-configExample:switch(config)# copy running-configstartup-configEnables CFS to distribute configuration updates forTACACS .(Optional) Displays the CFS distribution status forTACACS .(Optional) Saves the change persistently throughreboots and restarts by copying the runningconfiguration to the startup configuration.This example shows how to enable CFS to distribute TACACS configurations:switch(config)# tacacs distributeswitch(config)# show tacacs statusDistribution : EnabledLast operational state: No sessionswitch(config)# copy running-config #####] 100%Enabling CFS to Distribute Role ConfigurationsYou can enable CFS to distribute role configurations.BEFORE YOU BEGINMake sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.SUMMARY STEPS1.config t2.role distribute3.show role status4.copy running-config startup-configCisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 4.x2-8OL-20086-01
Chapter 2Configuring CFSConfiguring CFS DistributionS e n d d o c u m e n t c o m m e n t s t o n ex u s 7 k - d o c f e e d b a ck @ c i s c o . c o m .DETAILED STEPSStep 1CommandPurposeconfig tPlaces you in global configuration mode.Example:switch# config tswitch(config)#Step 2switch(config)# role distributeEnables CFS to distribute role configurations.Example:switch(config)# role distributeStep 3(Optional) Displays the CFS distribution status.show role statusExample:switch(config)# show role statusStep 4copy running-config startup-configExample:switch(config)# copy running-configstartup-config(Optional) Saves the change persistently throughreboots and restarts by copying the runningconfiguration to the startup configuration.This example shows how to enable CFS to distribute Call Home configurations:switch(config)# role distributeswitch(config)# show role statusDistribution : Enabledswitch(config)# copy running-config #####] 100%Enabling CFS to Distribute NTP ConfigurationsYou can enable CFS to distribute NTP configurations.BEFORE YOU BEGINMake sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.SUMMARY STEPS1.config t2.ntp distribute3.show application name status4.copy running-config startup-configCisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 4.xOL-20086-012-9
Chapter 2Configuring CFSConfiguring CFS DistributionSe n d d o c u m e n t c o m m e n t s t o n ex u s 7 k - d o c f e e d b a ck @ c i s c o . c o m .DETAILED STEPSStep 1CommandPurposeconfig tPlaces you in global configuration mode.Example:switch# config tswitch(config)#Step 2ntp distributeEnables CFS to distribute NTP configuration updates.Example:switch(config)# ntp distributeStep 3show application name statusExample:switch(config)# show ntp statusStep 4copy running-config startup-configExample:switch(config)# copy running-configstartup-config(Optional) For the specified application, displays theCFS distribution status.(Optional) Saves the change persistently throughreboots and restarts by copying the runningconfiguration to the startup configuration.This example shows how to enable CFS to distribute Call Home configurations:switch(config)# ntp distributeswitch(config)# show ntp statusDistribution : Enabledswitch(config)# copy running-config #####] 100%Specifying a CFS Distribution ModeYou can specify and enable a CFS distribution mode (Ethernet or IPv4).BEFORE YOU BEGINMake sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.SUMMARY STEPS1.config t2.cfs [eth ipv4] distribute3.show cfs status4.copy running-config startup-configCisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 4.x2-10OL-20086-01
Chapter 2Configuring CFSConfiguring CFS DistributionS e n d d o c u m e n t c o m m e n t s t o n ex u s 7 k - d o c f e e d b a ck @ c i s c o . c o m .DETAILED STEPSStep 1CommandPurposeconfig tPlaces you in global configuration mode.Example:switch# config tEnter configuration commands, one perline. End with CNTL/Z.switch(config)#Step 2cfs [eth ipv4] distributeExample:switch(config)# cfs ipv4 distributeswitch(config)#Globally enables CFS distribution over one of thefollowing for all applications on the device. Ethernet IPv4In this example, CFS distribution is enabled overIPv4.Step 3show cfs statusExample:switch(config)# show cfs statusDistribution : EnabledDistribution over IP : Enabled - modeIPv4IPv4 multicast address : 239.255.70.83switch(config)#Step 4copy running-config startup-configExample:switch(config)# copy running-configstartup-configShows the current state of CFS including distributionmode.In this example, CFS is shown as being distributedover IPv4.(Optional) Saves the change persistently throughreboots and restarts by copying the runningconfiguration to the startup configuration.Configuring an IP Multicast Address for CFS Over IPFor CFS protocol-specific distributions, such as the keepalive mechanism for detecting networktopology changes, use the IP multicast address to send and receive information.You can configure the IP multicast address used to distribute CFS over IP for either of the following: IPv4—The default IPv4 multicast address is 239.255.70.83.BEFORE YOU BEGINMake sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.You must disable CFS IP distribution before changing the multicast address.SUMMARY STEPS1.config t2.no cfs [ipv4] distribute3.cfs [ipv4] mcast-address ip addressCisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 4.xOL-20086-012-11
Chapter 2Configuring CFSConfiguring CFS DistributionSe n d d o c u m e n t c o m m e n t s t o n ex u s 7 k - d o c f e e d b a ck @ c i s c o . c o m .4.show cfs status5.copy
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 4.x OL-20086-01 2 Configuring CFS This chapter describes how to use Cisco Fabric Services (CFS), a Cisco proprietary feature that distributes data, including configuration changes, to all Cisco NX-OS devices in a network. This chapter includes the following sections:
Cisco ASA 5505 Cisco ASA 5505SP Cisco ASA 5510 Cisco ASA 5510SP Cisco ASA 5520 Cisco ASA 5520 VPN Cisco ASA 5540 Cisco ASA 5540 VPN Premium Cisco ASA 5540 VPN Cisco ASA 5550 Cisco ASA 5580-20 Cisco ASA 5580-40 Cisco ASA 5585-X Cisco ASA w/ AIP-SSM Cisco ASA w/ CSC-SSM Cisco C7600 Ser
Trade name CFS-P BA, CP 617, CP 618, CP 619, CFS-D 1", CFS-D 25 Product code BU Fire Protection 1.2. Relevant identified uses of the substance or mixture and uses advised against Use of the substance/mixture Firestop putty pad 1.3. Details of the supplier of the safety data sheet Hilti, Inc. Legacy Tower, Suite 1000 7250 Dallas Parkway
Solution Hilti / Hilti solution N ATE EI 240 EI 180 EI 120 EI 90 EI 60 Sans traversant Béton Dalle 150 Sans traversant CFS-CT 11/0429 Béton Dalle 150 CFS-IS 10/0406 Béton Dalle 150 CFS-PL 13/0125 Béton Dalle 150 CFS-BL 13/0099 Traversants électriques Béton Dalle 150 CFS-PL 13/0125 Béton Dalle 150 CFS-CT 11/0429
CFS 9 Personal Financial Recordkeeping CFS 10 Legal Issues of PFM CFS 11 Your Credit and Your Clearance CFS 12 Financial Referral Resources . Introduction to the Financial Planning Worksheet (CFS 7) Instructor was knowledgeable _ Content was clear and understandable eFP
Supported Devices - Cisco SiSi NetFlow supported Cisco devices Cisco Catalyst 3560 Cisco 800 Cisco 7200 Cisco Catalyst 3750 Cisco 1800 Cisco 7600 Cisco Catalyst 4500 Cisco 1900 Cisco 12000 Cisco Catalyst 6500 Cisco 2800 Cisco ASR se
Cisco Nexus 1000V Cisco Nexus 1010 Cisco Nexus 4000 Cisco MDS 9100 Series Cisco Nexus 5000 Cisco Nexus 2000 Cisco Nexus 6000 Cisco MDS 9250i Multiservice Switch Cisco MDS 9700 Series Cisco Nexus 7000/7700 Cisco Nexus 3500 and 3000 CISCO NX-OS: From Hypervisor to Core CISCO DCNM: Single
Cisco Nexus 7706 Cisco ASR1001 . Cisco ISR 4431 Cisco Firepower 1010 Cisco Firepower 1140 Cisco Firepower 2110 Cisco Firepower 2130 Cisco FMC 1600 Cisco MDS 91485 Cisco Catalyst 3750X Cisco Catalyst 3850 Cisco Catalyst 4507 Cisco 5500 Wireless Controllers Cisco Aironet Access Points .
Preparing for the Test 5 Taking the Practice Tests Taking the TOEFL ITP Practice Tests will give you a good idea of what the actual test is like in terms of the types of questions you will be asked, and
