Nexus 3000: Missing transport type tcp command

Document created by cdnadmin on Jan 25, 2014
Version 1Show Document
  • View in full screen mode
This document was generated from CDN thread

Created by: Michael Shevenell on 08-01-2014 12:42:34 PM
I've using a Nexus 3000 running 6.0(2)U2(1) and the command
  onep
    transport type tcp
does not seem to exist; see b elow:
  nexus3048-96.70# conf t
  Enter configuration commands, one per line.  End with CNTL/Z.
   nexus3048-96.70(config)# onep
  nexus3048-96.70(config-onep)# transport type ?
    tls  TLS transport

Executing show onep status returns:
nexus3048-96.70# show one status
Status: enabled
Version: 1.1.0
Transport: tls; Status: running; Port: 15002; localcert: default; remotecert: client cert validation disabled
Transport: tipc; Status: running; Port: 15003Session Max Limit: 10
CPU Interval: 0 secon
History Buffer: Enabled
History Buffer Purge: Oldest
History Buffer Size: 32768 bytes
History Syslog: Disabled
History Archived Session: 0
History Max Archive: 16
Service Set: Base               State: Enabled     Version: 1.1.0
Service Set: Vty                State: Disabled    Version: 0.1.0
----------------------------------------------------
Our system version information is:
Software
  BIOS:      version 1.2.0
  loader:    version N/A
  kickstart: version 6.0(2)U2(1)
  system:    version 6.0(2)U2(1)
  Power Sequencer Firmware:
             Module 1: version v4.4
  BIOS compile time:       08/25/2011
  kickstart image file is: bootflash:///n3000-uk9-kickstart.6.0.2.U2.1.bin
  kickstart compile time:  12/14/2013 13:00:00 [12/14/2013 22:11:27]
  system image file is:    bootflash:///n3000-uk9.6.0.2.U2.1.bin
  system compile time:     12/14/2013 13:00:00 [12/14/2013 23:46:15] 

Subject: RE: Nexus 3000: Missing transport type tcp command
Replied by: Joseph Clarke on 08-01-2014 02:06:58 PM
Correct.  TCP transport is being phased out due to security requirements.  You will need to use TLS, which means you will need a root certificate at the very least.  That said, we haven't started a 1.1 Controlled Availability phase with the N3K yet, so none of our config guides cover NX-OS.

Subject: RE: Nexus 3000: Missing transport type tcp command
Replied by: Joseph Clarke on 08-01-2014 03:53:38 PM
Michael, the N3K is supported for onePK 1.1 Controlled Availability.  If you look at https://developer.cisco.com/media/onePKGettingStarted-v1-1-0/GUID-47153CE1-2452-4AEB-9238-D7E69E06A2D6.html , you'll find the NX-OS instructions for getting the CA-signed cert onto the switch at the bottom of the security section.

Subject: RE: Nexus 3000: Missing transport type tcp command
Replied by: Joseph Clarke on 09-01-2014 12:49:04 PM
I was able to get my N3K up and running with TLS, but the steps in the guide are wrong.  On page 44 (the very first steps for configuring the Nexus switch), you need to do these steps:

 1On the Nexus switch, configure an RSA keypair to use with your CA
 2trustpoint:
 3
 4Switch# config t
 5Switch(config)# crypto key generate rsa label onepKP modulus 1024
 6
 7Next, configure a trustpoint for your CA:
 8
 9Switch# config t
10Switch(config)# crypto ca trustpoint rtrca
11Switch(config-trustpoint)# rsakeypair onepKP
12Switch(config-trustpoint)# enrollment terminal
13Switch(config-trustpoint)# revocation-check none
14Switch(config-trustpoint)# exit
The rest of the instructions are correct.  After doing this, I was able to get the 1.1 tutorials working with my switch.

Subject: RE: Nexus 3000: Missing transport type tcp command
Replied by: Michael Shevenell on 21-01-2014 07:08:50 AM
Just getting back to this...

Thanks for the pointer. That definitely will help. Let me ask this. Will my 1.0 onePK applications (derived from tutorials) run with the recent version of the Nexus 3K 6.0(2)U2(1)? I'm assuming a 1.0 built application will work with the newer switch supporting 1.1.

Subject: RE: Nexus 3000: Missing transport type tcp command
Replied by: Joseph Clarke on 21-01-2014 09:39:11 AM
Open the OnePK Design Guide on the all-in-one VM desktop.  You'll note a section on versioning.  If your app is 1.0 and your NE is 1.1 you should be good to go.

Attachments

    Outcomes