Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

How To Configure Cisco Nexus 5500 Port Profiles

For more instructions on the Cisco Nexus 5500, see How to Set Up Cisco Nexus Fabric Extender and How to Configure Cisco Nexus 5500 Virtual Port Channel.

A Cisco Nexus port profile is a group of port configuration directives that can be applied to an interface via a single command. In this way, a network engineer can build a set of profiles appropriate to the environment, and then apply one or more profiles to an interface without having to apply each command individually. Port profiles are useful for:

More Insights


More >>

White Papers

More >>


More >>

Reducing CLI errors committed by network operators. Configuring an interface is simplified by using an "inherit" command to apply much of the needed configuration using a port profile. NX-OS makes sure that the commands in the port profile are applied to the interface.

Enforcing standard interface configurations. Any number of configurations are possible for an interface, but network environments should enforce a specific interface configuration standard to ensure predictable interface behavior across the data center. A hurried network engineer might rush an interface configuration by applying a VLAN ID, while ignoring the rest of the defined standard. A more diligent engineer will probably take the time to input all appropriate configuration commands. And whether hurried or diligent, any engineer can forget to include commands now and then. By using port profiles, engineers ensure the interface configuration conforms to the standard.

Improving configuration readability. Interface configurations can become cluttered with lots of commands, several of which are likely to be used by many interfaces. Applying port profiles tightens up the configuration an engineer must review at the CLI, which makes the configuration more readable, and helps unique configuration details stand out.

Features and Limitations

Cisco Nexus port profiles have several key features and limitations. For example, a port profile name can be as long as 80 characters. While hyphens and underscores can be used, other special characters (including spaces) are not permitted. I recommend naming port profiles (and any other human-created object in a network device configuration) using all capital letters. This helps the object to stand out as obviously human-made, as opposed to being a configuration keyword.

Network engineers must create specific port profiles types to match specific interface types. Ethernet, VLAN, port-channel, and Virtual Ethernet interface types are supported.

Once created, port profiles must be enabled before they will be active. While it's possible to apply a disabled port profile to an interface, the commands in the port profile won't actually be inherited by the interface until the port profile is enabled.

An interface can only inherit a single port profile. However, it’s possible to nest port profiles within one another. When nesting port profiles, the network engineer must pay careful attention to the commands being applied, as NX-OS will not prevent conflicting commands from co-existing in the nested profiles. For example, the nested port profile could contain "switchport trunk" while "switchport fex-fabric" (a conflicting command) is contained in the parent profile. In this situation, the resulting interface configuration would contain the command applied last during port profile inheritance.

[ Join Ethan Banks and other IT experts at Interop Las Vegas for access to 125+ IT sessions and 300+ exhibiting companies. Register today! ]

A specific port profile can only be applied to a limited number of interfaces. On a Nexus 5596 running NX-OS 5.2(1)N1(1), the limit is 512 interfaces, though that number can go as high as 1024 using the "max-ports" command.

When a port profile is deleted, the interfaces that inherited the port profile lose the configuration commands belonging to the deleted port profile. Adding or removing a port profile can take many seconds; a pause at the CLI while a port profile is inherited by an interface is therefore normal.

When you change a port profile being used by one or more interfaces, you change the interfaces as well. That's both powerful and dangerous, as an ill-considered change to a production port profile could negatively impact hundreds of interfaces. This is similar to the power (and danger) of applying commands to large interface ranges.

Let's review the code required to create and apply some simple port profiles.

Example 1: AVAILABLE. By default, switch interfaces are enabled. I don't care for this default behavior, and apply the "AVAILABLE" port profile. In this configuration, I create a port-profile called "AVAILABLE", set the total number of interfaces it can be applied to the max of 1,024, and enable the port profile. The only configuration command is "shutdown".

NEXUS-SWITCH(config)# port-profile AVAILABLE NEXUS-SWITCH(config-port-prof)# shutdown NEXUS-SWITCH(config-port-prof)# max-ports ? <1-1024> Enter the max-number of ports

NEXUS-SWITCH(config-port-prof)# max-ports 1024 NEXUS-SWITCH(config-port-prof)# state enabled NEXUS-SWITCH(config-port-prof)# exit NEXUS-SWITCH(config)# show run port-profile AVAILABLE

!Command: show running-config port-profile AVAILABLE !Time: Wed Mar 13 17:22:02 2013

version 5.2(1)N1(1) port-profile type ethernet AVAILABLE shutdown max-ports 1024 state enabled

Now we're ready to apply this port profile to an interface. First, let's take a look at the default interface configuration and status.

NEXUS-SWITCH# show run interface eth120/1/1

!Command: show running-config interface Ethernet120/1/1 !Time: Wed Mar 13 17:32:54 2013

version 5.2(1)N1(1)

interface Ethernet120/1/1

NEXUS-SWITCH#show interface eth120/1/1 status

-------------------------------------------------------------------------------- Port Name Status Vlan Duplex Speed Type -------------------------------------------------------------------------------- Eth120/1/1 -- notconnec 1 auto auto -- NEXUS-SWITCH#

The interface is at the default configuration and is in a "not connected" status, meaning that there is no host plugged into the port, but the port will light up if a cable is plugged in. Now, let's apply the AVAILABLE port profile and observe the change.

NEXUS-SWITCH# conf t Enter configuration commands, one per line. End with CNTL/Z. NEXUS-SWITCH(config)# interface eth120/1/1 NEXUS-SWITCH(config-if)# inherit port-profile AVAILABLE NEXUS-SWITCH(config-if)# exit NEXUS-SWITCH(config)# exit NEXUS-SWITCH# show run interface eth120/1/1

!Command: show running-config interface Ethernet120/1/1 !Time: Wed Mar 13 17:39:20 2013

version 5.2(1)N1(1)

interface Ethernet120/1/1 inherit port-profile AVAILABLE

NEXUS-SWITCH# show interface eth120/1/1 status

-------------------------------------------------------------------------------- Port Name Status Vlan Duplex Speed Type -------------------------------------------------------------------------------- Eth120/1/1 -- disabled 1 auto auto -- NEXUS-SWITCH#

With the port profile inherited by the interface, the interface status shows as "disabled" instead of "not connected". This is a result of the "shutdown" command that the interface has inherited as a part of its configuration from the AVAILABLE port profile.

Example 2: HOST-ACCESS-VLAN-111. Now let's take our "AVAILABLE" interface, and make it ready to uplink a host requiring service on VLAN 111. First, we'll build a port profile called HOST-ACCESS-VLAN-111, add some configuration commands to it, enable it, and apply it to the same interface used in Example 1.

As you review the configuration output, you'll see the message "ERROR: Interface is already inherited". This is what NX-OS reports when you try to apply a port profile to an interface that's already had a port profile applied. You must remove the existing port-profile inheritance first, which I do in this example.

NEXUS-SWITCH# conf t Enter configuration commands, one per line. End with CNTL/Z. NEXUS-SWITCH(config)# port-profile HOST-ACCESS-VLAN-111 NEXUS-SWITCH(config-port-prof)# switchport access vlan 111 NEXUS-SWITCH(config-port-prof)# flowcontrol receive on NEXUS-SWITCH(config-port-prof)# spanning-tree port type edge NEXUS-SWITCH(config-port-prof)# spanning-tree guard root NEXUS-SWITCH(config-port-prof)# state enabled NEXUS-SWITCH(config-port-prof)# exi NEXUS-SWITCH(config)# interface eth120/1/1 NEXUS-SWITCH(config-if)# inherit port-profile HOST-ACCESS-VLAN-111 ERROR: Interface is already inherited NEXUS-SWITCH(config-if)# no inherit port-profile AVAILABLE NEXUS-SWITCH(config-if)# inherit port-profile HOST-ACCESS-VLAN-111 Warning: Edge port type (portfast) should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when edge port type (portfast) is enabled, can cause temporary bridging loops. Use with CAUTION

Edge Port Type (Portfast) has been configured on Ethernet120/1/1 but will only have effect when the interface is in a non-trunking mode. NEXUS-SWITCH(config-if)# NEXUS-SWITCH# show run interface eth120/1/1

!Command: show running-config interface Ethernet120/1/1 !Time: Wed Mar 13 18:06:12 2013

version 5.2(1)N1(1)

interface Ethernet120/1/1 inherit port-profile HOST-ACCESS-VLAN-111

NEXUS-SWITCH# show interface eth120/1/1 status

-------------------------------------------------------------------------------- Port Name Status Vlan Duplex Speed Type -------------------------------------------------------------------------------- Eth120/1/1 -- AAFlowcon 111 auto auto -- NEXUS-SWITCH# show run interface eth120/1/1 expand-port-profile

!Command: show running-config interface Ethernet120/1/1 expand-port-profile !Time: Wed Mar 13 18:06:55 2013

version 5.2(1)N1(1)

interface Ethernet120/1/1 switchport access vlan 111 spanning-tree port type edge spanning-tree guard root flowcontrol receive on


Finally, note in the output above the "expand-port-profile" directive after the "show running-config interface" command. This allows the network engineer to see what commands the port profile has actually applied to the interface.

Ethan Banks, CCIE #20655, is a hands-on networking practitioner who has designed, built and maintained networks for higher education, state government, financial institutions, and technology corporations.

Related Reading

Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Research and Reports

Network Computing: April 2013

TechWeb Careers