While exploring the new environment you’ll find out – the NX-OS is modified CentOS-System. When logging in, you’ll be able to use both – the „traditional“ linux commands and as well the NX-OS commands.

Reference document for all NX-OS commands is available here:


I’ve found as well a nice „cheat sheet“ on the community portal (maybe outdated).


When accessing the ACI components via the CLI – you ought to be really, really careful! When accessing the APIC via the GUI, there is quite a lot of logic active behind the scene to avoid evil things to happen.

In the beginning (APIC release 1.0 – 1.2) the default CLI was the bash shell, this has changed to the NX-OS style CLI.

Being used to CISCO IOS, you’ll find out the command completion is the same – by using the „TAB“ key will help you. As well as using a „?“ to get the next command option.

apic1# show running-config ?
 aaa                      Show Authentication, Authorization, and Accounting configuration
 all                      Show running-config with defaults
 analytics                Show external analytics reachability information
 bd-enf-exp-ip            Enable Enforced BD Flag
 bgp-fabric               Border Gateway Protocol (BGP)
 callhome                 Show Callhome policy
 clock                    Show Clock
 comm-policy              Show communication policy
 controller               Show Controller Node
 coop-fabric              Council Of Oracles Protocol (COOP)
 crypto                   Show crypto settings

To get the entire system setup –

apic1# show running-config all
# Command: show running-config all 
# Time: Thu Jun 18 11:44:32 2020
  power redundancy-policy default
    redundancy-mode combined
  aaa banner 'Application Policy Infrastructure Controller'
  aaa user default-role no-login
  aaa authentication login console
    realm local
  aaa authentication login default
    realm local
  aaa authentication login domain fallback
    realm local

Just as a quick example – the Controller CLI Banner can be changed by either the CLI or the GUI.

After pressing „Submit“ the change is visible as well via the CLI

apic1(config)# show running-config aaa 
# Command: show running-config aaa
# Time: Thu Jun 18 11:54:32 2020
  aaa banner 'APIC 1'
  aaa authentication login console
  aaa authentication login default
  aaa authentication login domain fallback

And after changing it via the CLI:

apic1(config)# aaa banner "Banner name changed via CLI"

you’ll see the change (after pressing the refresh button right over the properties box) immediately.

And the changes will be logged by auditing as well.

From a linux perspective – many of the standard commands are available. But – and this is to protect the environment and in the end yourself – the capabilities are restricted, you won’t be able to root level access.

quite nice – included is my favorite „htop“ command.

If you are used to linux – you should spend some time to explore the box – but don’t waste too much time.

And you’ll see as well, that the simulated components (spine, leaf) are detached processes running on that VM.

apic1# ps -ef | grep leaf
root     18791     1  0 Jun16 ?        00:00:00 SCREEN -dmS leaf1
root     19573     1  0 Jun16 ?        00:00:00 SCREEN -dmS leaf2
apic1# ps -ef | grep spine
root     20919     1  0 Jun16 ?        00:00:00 SCREEN -dmS spine1