Command Line Interface

The Cisco Nexus 3550-F Fusion (formerly ExaLINK Fusion) can be configured via a command line interface. This interface can be accessed via SSH, telnet, or an industry standard serial interface.

Configuration Mode

The command line interface can be used to both inspect the current configurations of the Nexus 3550-F, and modify the configuration. The command line can be used in either a modal or non-modal way. For example, commands that change the current configuration are prefixed with config. When executing multiple configuration commands, it is convenient to enter config mode. For example, to set a port alias, one can enter:

admin@N3550-F> configure port A1 alias exchange
Alias set on port A1

Alternatively, you can enter config mode and then set the port alias:

admin@N3550-F> config
admin@N3550-F(config)> port A1 alias exchange
Alias set on port A1

Note: in the above example that the command line prompt indicates that config mode is in use. To exit a mode, simply type exit:

admin@N3550-F(config)> exit
admin@N3550-F>

Note: that the interface has dropped back to the default mode. Importantly, typing exit within the default mode will log you out of the device.

Modal states can be nested, and typing exit will drop out of that level and up to the previous level. Typing end will drop out of all levels and return you to the top modal level. For example:

admin@N3550-F> config
admin@N3550-F(config)> port A1
admin@N3550-F(config-port:A1)> end
admin@N3550-F>

Creating and Removing Objects

The Nexus 3550-F is configured by creating or removing objects. An object represents a specific configuration and usually has one or more ports as members, as well as a number of properties. There is no limit to the number of objects that can be created on the Nexus 3550-F apart from that imposed by the number of ports on the device.

All objects are created or removed using the same convention. Creation of an object is achieved by entering the desired object type followed by any required properties. For example, to create a tap:

admin@N3550-F> config tap A1 A4
Added input tap on port "A1", send to port "A4"

Removal of an object from the configuration is the same as creating the object, however the command is prefixed with no. To remove the tap created above, one would enter:

admin@N3550-F> config no tap A1 A4
Removed input tap on port "A1", send to port "A4"

Some objects are more complicated than taps. For example, the mux object and switch object. These objects have a name property and are configured from within their own mode, however the convention for creation and removal is the same.

Help and Autocompletion

The interface includes help and tab completion. Help can be requested at any point during use by pressing the ? character. If there are multiple parameter options that are valid from that point on, pressing ? will list them, for example:

admin@N3550-F> config management ?
configure management access-list allow Allow connections from the supplied IPv4 address ranges
configure management access-list deny  Deny connections from the supplied IPv4 address ranges
configure management address dhcp      Configure management interface using DHCP
configure management address none      Disable IPv4
configure management address static    Configure a static IPv4 address on the management interface
configure management name-server       Configure name servers for the management interface

If there are no further parameter options valid, and ? is pressed, detailed usage information will be displayed, for example:

admin@N3550-F> config management address static ?
Usage: configure management address static <address> <netmask> [<gateway>]
Configure a static IPv4 address on the management interface

Autocompletion and suggestions for any command can be obtained by pressing tab after having entered any partial command. For example, when creating a tap object, a list of available source or output ports can be obtained by pressing tab whilst the interface is expecting a port. In this example, the interface shows a list of available source ports after pressing tab:

admin@N3550-F> config tap
A1        A2        A3        A4        A5        A6        A7        A8
A9        A10       A11       A12       A13       A14       A15       A16
down      exchange  output

Command Pipelines

Version

This feature requires version 1.11.0 or later

The command line interface supports redirecting command output to standard Unix utilities such as grep and less, for example:

admin@N3550-F> show port A16 | grep 'Link status'
Link status        : up

Because this feature allows the user to run arbitrary shell commands, it is only available to users with the admin role.

Login Banner

A login banner can be installed by uploading a file to the device with the name banner.txt using sftp, for example:

$ sftp admin@192.168.220.10
admin@192.168.220.10's password:
sftp> put banner.txt

The contents of banner.txt will be displayed prior to the login prompt, for example:

$ ssh admin@192.168.220.10

You are attempting to log into an ExaLINK Fusion - unauthorized access prohibited!

admin@192.168.220.10's password:
admin@192.168.220.10>

MOTD Banner

A message of the day banner can be installed by uploading a file to the device with the name motd.txt using sftp, for example:

$ sftp admin@192.168.220.10
admin@192.168.220.10's password:
sftp> put motd.txt

The contents of motd.txt will be displayed on a successful login to the command line interface, for example:

$ ssh admin@192.168.220.10
admin@192.168.220.10's password:

Welcome.  This device is located in ROW AF, CAB 2, RU 36

admin@192.168.220.10>

Session Timeouts

An idle timeout can be configured where command line sessions will be logged out after a certain amount of inactivity. This can be set with the session-timeout command and passing in a timeout value in seconds, for example:

admin@N3550-F> config session-timeout 600
Session idle timeout set

A maximum value of 60 minutes applies to the session timeout (3600s).

SSH Keys

Users can authenticate their login into the Nexus 3550-F through the use of SSH keys, rather than entering a password. This is done by adding the user's public key into the Nexus 3550-F, for example:

admin@N3550-F> config user admin sshkey "ssh-rsa AAAAB3NzaC1yc2EAAAA
DAQABAAABAQC15sjG4cYSAbYU0VIwPkdQkIKb0A2xxhPCjOAnzt91CrRQZibirZNqqW71TX3QVt
Ruqp2ZQjo19Nd9bk2iwa3qDITQIOlRdSJgwEBdklfgjkrjkd8KLSDfklwjkrjksjkXyztI3sKRM
mcYOEFjt9Bv+5JPw3o3Pja5GQOO5VEjM//QhsbMZ+G/4Sfx5GiLTaktenqNWflPaMcDWqq1wuuf
6mG7lEM55UDp5xWRrh5vIfyOh9Llosdfsasjkejk89sv9+cjkfhjksjhcjkhskhkljashdfiuhs
dfv98734kjFDjhjhdjhbfjh489jkJKZDJKHFVjkhi6SBbTu5v9 bob@myserver.com"
Added ssh key for user "admin"

The user will then be able to login without being prompted for a password:

$ ssh admin@N3550-F
admin@N3550-F>

In order to remove a key for a user, use the no form of the command, passing in the public key to remove, for example:

admin@N3550-F> config user admin no sshkey "ssh-rsa AAAAB3NzaC1yc2EA
AAADAQABAAABAQC15sjG4cYSAbYU0VIwPkdQkIKb0A2xxhPCjOAnzt91CrRQZibirZNqqW71TX3
QVtRuqp2ZQjo19Nd9bk2iwa3qDITQIOlRdSJgwEBdklfgjkrjkd8KLSDfklwjkrjksjkXyztI3s
KRMmcYOEFjt9Bv+5JPw3o3Pja5GQOO5VEjM//QhsbMZ+G/4Sfx5GiLTaktenqNWflPaMcDWqq1w
uuf6mG7lEM55UDp5xWRrh5vIfyOh9Llosdfsasjkejk89sv9+cjkfhjksjhcjkhskhkljashdfi
uhsdfv98734kjFDjhjhdjhbfjh489jkJKZDJKHFVjkhi6SBbTu5v9 bob@myserver.com"
Removed ssh key for user "admin"