# Get Information # Perform Nexus Health and Configuration Check
Updated:November 7, 2023
Document ID:217990
## Contents
[Introduction](https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/nx-os-software/217990-configure-an-automated-nexus-health-chec.html#toc-hId--504483000)
[Prerequisites](https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/nx-os-software/217990-configure-an-automated-nexus-health-chec.html#toc-hId-1983029833)
[Requirements](https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/nx-os-software/217990-configure-an-automated-nexus-health-chec.html#toc-hId--1621375989)
[Components Used](https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/nx-os-software/217990-configure-an-automated-nexus-health-chec.html#toc-hId-866136844)
[Conventions](https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/nx-os-software/217990-configure-an-automated-nexus-health-chec.html#toc-hId--941317619)
[Health and Configuration Check Procedure](https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/nx-os-software/217990-configure-an-automated-nexus-health-chec.html#toc-hId--951820723)
[Health and Configuration Check Modules](https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/nx-os-software/217990-configure-an-automated-nexus-health-chec.html#toc-hId--271762353)
[Reports and Caveats](https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/nx-os-software/217990-configure-an-automated-nexus-health-chec.html#toc-hId--405447077)
[FAQs](https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/nx-os-software/217990-configure-an-automated-nexus-health-chec.html#toc-hId-2082065756)
[Feedback](https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/nx-os-software/217990-configure-an-automated-nexus-health-chec.html#toc-hId--1532843170)
## Introduction This document describes the procedure and requirements to perform automatic health and configuration checks for Nexus 3000/9000 and 7000 platforms. ## Prerequisites ### Requirements Automated Health and Configuration Check is supported only for the Nexus platforms that run standalone NX-OS software, and not the switches that run ACI software. These hardware platforms are supported:
- Nexus 3000/9000 series switches that run unified NX-OS software image: 7.0(3)Ix or newer - Nexus 7000/7700 series switches that run NX-OS software version 7.x or newer
### Components Used This document is not restricted to specific software and hardware versions. The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command. ### Conventions Refer to [Cisco Technical Tips Conventions](https://www.cisco.com/c/en/us/support/docs/dial-access/asynchronous-connections/17016-techtip-conventions.html) for more information on document conventions. ## Health and Configuration Check Procedure Please collect **` show tech-support details`** or **`show tech-support `**logs from the Nexus switch for which you would like to perform health and config check. The **`show tech-support details` is preferred, as it provides higher value with more checks done. Please make sure the logs are captured either in .txt or .gz/.tar format. Currently the **`show tech-support`** or **`show tech-support details`** file captured in ASCII and UTF-8 text formats are supported. Open a regular TAC Service Request at Cisco [Support Case Manager](https://mycase.cloudapps.cisco.com/) with these set of keywords (Technology / Sub-Technology / Problem Code): **Tech:** Data Center and Storage Networking **Sub-Tech:** (choose an appropriate platform) Nexus 3000 (N3000 series only) - Health and Config Check (AUTOMATED) Nexus 3000 (N3100-N3600 series) - Health and Config Check (AUTOMATED) Nexus 7000 Series Switch - Health and Config Check (AUTOMATED) Nexus 9200 - Health and Config Check (AUTOMATED) Nexus 9300 (Non EX/FX/R Series) - Health and Config Check (AUTOMATED) Nexus 9300 (EX/FX/R Series) - Health and Config Check (AUTOMATED) Nexus 9400 series switches - Health and Config Check (AUTOMATED) Nexus 9500 (Non EX/FX/R Series) - Health and Config Check (AUTOMATED) Nexus 9500 (EX/FX/R Series) - Health and Config Check (AUTOMATED) Nexus 9800 series switches - Health and Config Check (AUTOMATED) **Problem Code:** Health and Config Check Once the SR opened, a Cisco [Guided Workflow](https://community.cisco.com/t5/online-tools-and-resources-blogs/introduction-to-guided-workflow/ba-p/4563039) walks you through the steps to upload the**` show tech-support details`** or **`show tech-support` logs. After the required output uploaded, Cisco analyzes the logs and provides a report (in PDF format) attached to an email sent to you. The report contains a list of issues detected, relevant steps to troubleshoot the problems, and recommended actions plan. If there are questions in regards to the health check failures reported, users are advised to open a separate service request(s) with appropriate keywords to get further expert assistance. It is strongly recommended to refer the Service Request (SR) number opened for the Automated Health and Config Check along with the report generated to expedite the investigation. ## Health and Configuration Check Modules Automated Nexus Health and Configuration Check **Version 1**, August 2022 release, performs the checks listed in the Table 1. **Table 1: Health Check Modules and Associated CLIs used by the Modules**
**Index** **Health Check Module** **Brief Description of the Module** **CLI(s) Used to Perform Health Check**
1\. NX-OS Release Check Checks if the device runs a Cisco recommended NX-OS software release **`show version`**
2\. Nexus EoS/EoL Product Check Verifies if any of the components (hardware/software) has reached End-of-Life (EOL) or End-of-Sale (EOS) `show versionshow moduleshow inventory`
3\. Field Notice Check Checks if the device is potentially affected by a known PSIRT/CVE or Field Notice. **`show versionshow moduleshow inventoryshow running-config`** and, any command needed to check the file against a given FN/PSIRT.
4\. NX-OS CPU Health Check Checks the symptoms for the elevated CPU utilization. It is reported when the current/historical CPU usage is >60%. **`show processes cpushow processes cpu sortshow processes cpu historyshow system resources`**
5\. NX-OS Memory Health Check Checks if memory usage on the device is over the system memory thresholds (default or user configured values). **`show versionshow processes memoryshow system resources`**
6\. NX-OS Interfaces Check Checks if any of the interfaces reported drops in either RX or TX direction. The module prints 5 interfaces with the highest error rates in each direction. **`show interfaceshow interface briefshow queuing`**
7\. CoPP Health Check Checks if CoPP is disabled, or incorrectly configured (for example, all CPU-bound traffic that hits default-class), or have outdated CoPP policy (for example, carried over from older releases), or >1000 drops reported in non-default classes. `show copp statusshow policy-map interface control-planeshow running-config`
8\. Inter-process Communication (MTS) Health Check Detects if there are any inter-process communication (referred as MTS) messages stuck for more than 1 day. `show system internal mts buffer summaryshow system internal mts buffer details`
9\. Nexus Module Health Check Checks if any of the modules (linecard, fabric, and so on) reported diagnostic failures or in powered down / failed state **`show moduleshow inventoryshow diagnostic result module all detail`**
10\. PSU & FAN Health Check Detects if any of the power supplies is not in operational state. **`show inventoryshow environment show logging logshow logging nvram`**
11\. vPC Best Practices Check Validates the device configuration meets vPC best practices, like peer-router, peer-switch, and peer-gateway configurations. Layer3 Peer Router: **`show running-config`** (to check if OSPF, EIGRP and BGP adjacencies formed) Peer-Gateway / Peer-switch: **`show running-configshow spanning-treeshow vpc briefshow interface brief`**
12\. MTU Check Detects inconsistent MTU configurations, like Layer2 Interface and Layer3 SVI have mismatch MTU configs, Incorrect MTU on OTV Join Interfaces, or Jumbo MTU not enabled on interfaces where it is needed and so on. **`show running-configshow interfaceshow ip arp show mac address-tableshow ip route detail show ip eigrp neighbors show ip ospf neighbors show bgp `**
13\. Layer2 feature Configuration Health Check Checks if any L2 feature enabled but not used **`show running-config`**
14\. NX-OS vPC Compatibility Check Checks if type1/type 2 incompatibility errors reported of Virtual Port-Channels (vPC). **`show running-configshow vpc `**
15\. Spanning Tree Protocol Health Check Checks the attached outputs for an indication of Spanning Tree Protocol instabilities or in unexpected state. Module reports vlans where most recent topology changes occurred together with some additional information: timestamp, interface and Root bridge ID. Currently, this health check module supports only RSTP; the support for MST is planned for the future versions. **`show spanning-tree detailshow spanning-tree internal errorsshow spanning-tree internal event-history show spanning-tree activeshow logging log`** **`show mac address-table notification mac-move`** **`show system internal `**
16\. PortChannel Health Check Detects if any of the configured port-channel members is in unhealthy state: (I), (s) (D) or (H) **`show port-channel summary`**
17\. SFP Validation Check Detects any transceivers which reported "SFP Validation Failed" error `show interface brief`
18\. Layer3 Feature Configuration Health Check Checks if any L3 feature enabled but not used **`show running-config`**
19\. Default Route via Management VRF Check Checks if the device has a default route configured in the Default vrf pointing through Management vrf. **`show running-configshow accounting log`**
20\. Unsupported Multicast Routing over vPC Check Checks for unsupported PIM adjacency over vPC `show running-configshow ip pim interface vrf all internalshow ip pim neighbor vrf all detail`
21\. OSPF Health Check Checks for a possible adjacency issues observed on the device.For example: - multiple neighbors detected on interface configured as P2P - router ID not configured manually or that used a loopback IP - adjacencies not in FULL state - adjacencies which reached FULL state recently and indicates potential instability **`show running-configshow ip interface brief vrf allshow ip ospf neighbors detail vrf all privateshow ip ospf interface vrf all privateshow logging log`**
22\. EIGRP Health Check Checks for a possible adjacency issues observed on the device. For example: - AS number not configured - No active neighbors detected - High Values of SRTT, RTO or Q Cnt detected - High number of dropped EIGRP packets detected - Lesser than 15 mins uptime of adjacency, and indicates potential instability - Adjacency went down in last 7 days **`show running-configshow logging logshow ip eigrp neighbors detail vrf allshow ip eigrp detail vrf all`**
23\. BGP Peers Health Check Checks for BGP adjacency in IDLE state. **`show running-configshow bgp vrf all all summary`**
24\. First-Hop Redundancy Protocol (FHRP) Checks for the non-default timer configurations, as these configurations can result in a sub-optimal performance. This health check module covers ONLY Hot-Standby Routing Protocol (HSRP) **`show running-config`**
## Reports and Caveats
- The Health and Config Check SR is automated and handled by the Virtual TAC Engineer. - The report (in PDF format) is usually generated within 24 business hours after all necessary logs attached to the SR. - The report is automatically shared over email (sourced at jhwatson@cisco.com) with all contacts (primary as well as secondary) associated with the service request. - The report is also attached to the Service Request to allow its availability at any later point in time. - Be advised that the issues listed in the report are based on the logs provided and within the scope of the health check modules listed previously in Table 1. - The list of health and configuration checks performed is non-exhaustive and users are advised to perform further health checks as needed. - For Nexus 7000 with multiple Virtual Device Context (VDC) a show tech-support details file can be needed from each VDC for best results.
## FAQs **Q1: Can I upload `show tech-support details` for more than one switch in the same SR to get Health Check report for all the switches?** A1: This is an automated case handling and the health checks are performed by the Virtual TAC Engineer. The health check is done for only the first **`show tech-support details`** uploaded. **Q2: Can I upload more than one *`s`*`how tech-support details` for the same device say, captured few hours apart, to get health check done for both?** A2: This is an automated and stateless case handling performed by the Virtual TAC Engineer and the Health and Config Check is done for the first the **`show tech-support details`** file uploaded to the SR, irrespective of whether the files uploaded are from the same switch or different switches. **Q3: Can I get health checks done for the switches whose `show tech-support details` files compressed as a single rar/gz file and uploaded to the SR?** A3: No. if multiple **`show tech-support details`** are uploaded as a single rar/zip/gz file, only the first file in the archive is processed for health checks. **Q4: I do not see the health and configuration check that covers the Nexus 5000/6000 platforms. Is it covered at later point in time?** A4: No. As of now, there is no plan to cover Nexus5000/6000 platforms in near future. **Q5: What can I do if I have questions about one of the health check failures reported?** A5: Please open a separate TAC Service Request to get further assistance on the specific health check result. It is highly recommended to attach the health check report and refer the Service Request (SR) Case number opened for the automated health and config check. **Q6: Can I use the same SR opened for the Automated Health and Config Check to troubleshoot the issues found?** A6: No. As the proactive health check is automated, please open a new Service Request to troubleshoot and resolve the issues reported. Please be advised that the SR opened for health check is closed with in 24 hours after the health report published. **Q7: Does the automated health and config check run against the `show tech-support details` file for the switch that runs versions older than the one mentioned previously?** A7: The automated health and configuration check is built for the platforms and software releases mentioned below. For devices that run older versions, it is best effort and there is no guarantee on the accuracy of the report.
- Nexus 3x00 series switches that run unified NX-OS software image: 7.0(3)Ix or newer - Nexus 7000/7700 series switches that run NX-OS software version 7.x or newer - Nexus 9x00 series switches that run unified NX-OS software image: 7.0(3)Ix or newer
**Q8: How do I close the SR opened for Health Check?** A8: The SR is closed within 24 hours after the first Health Check report is sent. No action needed from the user towards SR closure. **Q9: How do I share comments or feedback about the Proactive health and configuration Check?** A9: Please share them through email to [Nexus-HealthCheck-Feedback@cisco.com](mailto:nexus-healthcheck-feedback@cisco.com) **Q10. What is the recommended method to capture `show tech-support ` or `show tech-support details` from a switch?** A10: It is highly recommended to capture the output of **`show tech-support`** or **`show tech-support details`** command by directing it to **`bootflash:`** (as shown in the next example) rather than capturing it to a log file in the terminal application (for example, SecureCRT, PuTTY). Please remember the log file captured by the terminal application could be in UTF-8-BOM format (or similar) which is NOT supported by the automated health check. The Automated Health & Config check supports file only in ASCII or UTF-8 formats. Example CLIs to redirect the output to **`bootflash:`** and compress the file. **`SwitchA# show tech-support details >> bootflash:show-tech-support-details-SwitchA-2023Jan01.txtSwitchA# gzip bootflash:show-tech-support-details-SwitchA-2023Jan01.txt`** ## Feedback Any feedback on the operations of these tool is highly appreciated. If you have any observations or suggestions (for example, about the ease of use, scope, quality of the reports generated) please share them with us at [Nexus-HealthCheck-Feedback@cisco.com.](mailto:nexus-healthcheck-feedback@cisco.com) ### Revision History
RevisionPublish DateComments
9.0
07-Nov-2023
Update
8.0
08-Jun-2023
Recertification. Informational update.
7.0
07-Jun-2023
Informational update.
5.0
09-Jan-2023
Updated.+
4.0
19-Oct-2022
Informational update
3.0
04-Sep-2022
Revision
2.0
25-Jul-2022
Initial Release
1.0
25-Jul-2022
Initial Release