Page 1 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide, Release 4.x Cisco MDS NX-OS Release 4.1(1b) Through 4.1(3)
Page 2 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE.
Page 3 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C O N T E N T S New and Changed Information lvii...
Page 4: Table Of Contents
Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Advanced Configuration Before You Begin C H A P T E R...
Page 5 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m System-Defined Variables 2-23 Using Command Aliases...
Page 6 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Obtaining the License Key File 3-10 Installing the License Key File...
Page 7 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Date, Time, and Time Zone 5-17 Configuring the Time Zone...
Page 8 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m FlexAttach Virtual pWWN Guidelines and Requirements Configuring FlexAttach Virtual pWWN Enabling FlexAttach Virtual pWWN...
Page 9 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Verifying the CFS Over IP Configuration 7-13 Configuring IP Multicast Address for CFS over IP...
Page 10 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Upgrading a Loader 8-28 Upgrading the BIOS...
Page 11 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Switchover Guidelines 10-3 Verifying Switchover Possibilities...
Page 12 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Default Settings 11-21 Managing Modules...
Page 13 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Generation 1 Interfaces Configuration Guidelines 13-2 About Interface Modes...
Page 14 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Switch Port Attribute Default Values 13-20 About SFP Transmitter Types...
Page 15 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Auto 14-6 Traffic Map...
Page 16 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9222i Multiservice Modular Switch BB_Credit Buffers 15-22 Extended BB_Credits...
Page 17 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Trunking 16-1 C H A P T E R...
Page 18 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Interfaces in a PortChannel 17-12 About Interface Addition to a PortChannel...
Page 19 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling Distribution 18-11 Locking the Fabric...
Page 20 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Verifying the Command Scheduler Execution Status 19-9 Execution Logs...
Page 21 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring SDV 21-4 Configuring a Virtual Device...
Page 22 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Database Merge Guidelines 22-8 About Copying DPVM Databases...
Page 23 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling IVR NAT 23-14 About IVR Service Groups...
Page 24 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About QoS in IVR Zones 23-35 Configuring the QoS Attribute...
Page 25 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cloning Zones, Zone Sets, FC Aliases, and Zone Attribute Groups 24-18 Clearing the Zone Server Database...
Page 26 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Merging Device Alias 25-2 Resolving Merge and Device Alias Mode Mismatch...
Page 27 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Retransmitting Intervals 26-8 About Disabling FSPF for Specific Interfaces...
Page 28 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Displaying Name Server Database Entries 27-4 FDMI...
Page 29 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m FICON VSAN Prerequisites 29-7 FICON Port Numbering...
Page 30 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m FICON Configuration Files 29-32 About FICON Configuration Files...
Page 31 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About fctimer Distribution 30-7 Enabling or Disabling fctimer Distribution...
Page 32 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Locking the Fabric 32-5 Committing Role-Based Configuration Changes...
Page 33 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Creating and Modifying Users 33-4 About AES Encryption-Based Privacy...
Page 34 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring the Test Idle Timer 34-12 Configuring Test User Name...
Page 35 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .Merge Guidelines for RADIUS and TACACS+ Configurations 34-33 MSCHAP Authentication...
Page 36 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Manual Enrollment Using Cut-and-Paste Method 36-4 Multiple RSA Key-Pair and Identity CA Support...
Page 37 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Supported IPsec Transforms and Algorithms 37-6 Supported IKE Transforms and Algorithms...
Page 38 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Applying a Crypto Map Set 37-28 IPsec Maintenance...
Page 39 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Port Security with Auto-Learning and CFS Distribution 39-3 Configuring Port Security with Auto-Learning without CFS...
Page 40 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Fabric Binding Configuration 40-3 Enabling Fabric Binding...
Page 41 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Peer IP Address 41-19 Active Connections...
Page 42 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring iSCSI 43-4 Enabling iSCSI...
Page 43 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About iSLB Initiators 43-41 Configuring iSLB Initiators...
Page 44 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m No Authentication 43-67 CHAP with Local Password Database...
Page 45 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Verifying the Default Gateway Configuration 44-4 IPv4 Default Network Configuration...
Page 46 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Module Status Verification 45-2 IPS Module Upgrade...
Page 47 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Clearing ARP Cache 46-9 Displaying IPv4 Statistics...
Page 48 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Default Settings 47-20 Intelligent Storage Services...
Page 49 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Monitoring Network Traffic Using SPAN 51-1 C H A P T E R...
Page 50 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Single Source with One RSPAN Tunnel 51-28 Single Source with Multiple RSPAN Tunnels...
Page 51 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring the Syslog-Based Alerts Using the CLI 53-13 RMON-Based Alerts...
Page 52 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Policies 54-2 Event Statements...
Page 53 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Displaying FCC Settings 56-3 56-3...
Page 54 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Troubleshooting Your Fabric 58-1 C H A P T E R...
Page 55 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Monitoring System Processes and Logs 59-1 C H A P T E R...
Page 56 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide OL-18084-01, Cisco MDS NX-OS Release 4.x...
Page 57: New And Changed Information
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m New and Changed Information This document provides release-specific information for each new and changed feature in the Cisco MDS NX-OS Release 4.x software.
Page 58 New and Changed Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 1-1 New and Changed Features for Cisco MDS NX-OS Release 4.x (continued) Changed...
Page 59 New and Changed Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 1-1 New and Changed Features for Cisco MDS NX-OS Release 4.x (continued) Changed...
Page 60 New and Changed Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide OL-18084-01, Cisco MDS NX-OS Release 4.x...
Page 61 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Preface This preface describes the audience, organization, and conventions of the Cisco MDS 9000 Family Configuration Guide.
Page 62 Preface S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Chapter Title Description...
Page 63: Advanced Configuration
Preface S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Chapter Title Description...
Page 64 Preface S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Chapter Title Description...
Page 65 Preface S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Chapter Title Description...
Page 66: Document Conventions
Preface S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Document Conventions Command descriptions use these conventions: boldface font...
Page 67: Regulatory Compliance And Safety Information
Preface S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Regulatory Compliance and Safety Information Regulatory Compliance and Safety Information for the Cisco MDS 9000 Family •...
Page 68: Intelligent Storage Networking Services Configuration Guides
Preface Obtaining Documentation and Submitting a Service Request S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Intelligent Storage Networking Services Configuration Guides Cisco MDS 9000 Family SANTap Deployment Guide •...
Page 69: Getting Started
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m A R T Getting Started...
Page 70 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m...
Page 71: Product Overview
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Product Overview The Cisco MDS 9000 Family of multilayer directors and fabric switches offers intelligent...
Page 72: Cisco Mds 9500 Series Multilayer Directors
Chapter 1 Product Overview Hardware Overview S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9500 Series Multilayer Directors The Cisco MDS 9500 Series includes the following multilayer, modular directors: •...
Page 73: Cisco Mds 9200 Series Fabric Switches
Chapter 1 Product Overview Hardware Overview S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 74: Cisco Mds 9100 Series Fixed Configuration Fabric Switches
Chapter 1 Product Overview Cisco NX-OS Software Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 75: Tools For Software Configuration
Chapter 1 Product Overview Cisco NX-OS Software Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Tools for Software Configuration You can use one of two configuration management tools to configure your SANs (see Figure...
Page 76: Software Configuration Overview
Chapter 1 Product Overview Cisco NX-OS Software Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 77 Chapter 1 Product Overview Cisco NX-OS Software Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 78 Chapter 1 Product Overview Cisco NX-OS Software Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 79: Before You Begin
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Before You Begin This chapter prepares you to configure switches from the CLI.
Page 80: Chapter 2 Before You Begin
Chapter 2 Before You Begin About the Switch Prompt S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About the Switch Prompt Refer to the Cisco MDS 9200 Series Hardware Installation Guide or the Cisco MDS 9500 Series Note...
Page 81: Default Switch Roles
Chapter 2 Before You Begin Default Switch Roles S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch login:admin101 Password:******* Cisco Nexus Operating System (NX-OS) Software...
Page 82: Cli Command Hierarchy
Chapter 2 Before You Begin Using the CLI S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 2-1 lists and describes the two commonly used modes, how to enter the modes, and the resulting system prompts.
Page 83: Exec Mode Options
Chapter 2 Before You Begin Using the CLI S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 2-1 CLI Command Hierarchy Example switch prompt (switch#)
Page 84: Configuration Mode
Chapter 2 Before You Begin Using the CLI S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m exit Exit from the EXEC fcping...
Page 85 Chapter 2 Before You Begin Using the CLI S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configure aaa functions [no] remove an entry from the ARP cache banner...
Page 86 Chapter 2 Before You Begin Using the CLI S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Config commands for SAN Device Virtualization snmp-server Configure snmp server...
Page 87 Chapter 2 Before You Begin Using the CLI S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Before the MDS NX-OS Release 4.1(1a), you can execute an EXEC mode command from a configuration mode or submode prompt.
Page 88: Cli Command Navigation
Chapter 2 Before You Begin Using the CLI S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m CLI Command Navigation To redisplay a command you previously entered, press the Up Arrow key.
Page 89: Cli Command Configuration Options
Chapter 2 Before You Begin Getting Help S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch(config-zone)# no member pwwn 12:12:12:12:12:12:12:12 WARNING: Zone is empty.
Page 90: Managing The Switch Configuration
Chapter 2 Before You Begin Managing the Switch Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Managing the Switch Configuration This section includes the following topics: Displaying the Switch Configuration, page 2-12...
Page 91 Chapter 2 Before You Begin Managing the Switch Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m loader: version N/A kickstart: version 4.1(1) [build 4.1(0.161)] [gdb]...
Page 92 Chapter 2 Before You Begin Managing the Switch Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m feature iscsi ! iscsi import target fc iscsi virtual-target name vt...
Page 93: Saving A Configuration
Chapter 2 Before You Begin Displaying Users S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Saving a Configuration Use the copy running-config startup-config command to save the new configuration into nonvolatile storage.
Page 94: Using The Extended Ping And Ping Ipv6 Commands
Chapter 2 Before You Begin Using the Extended ping and ping ipv6 Commands S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The IPv4 syntax for this command is ping host or ping ipv4-address.
Page 95: Using Traceroute And Traceroute Ipv6 Commands
Chapter 2 Before You Begin Using traceroute and traceroute ipv6 Commands S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 2-3 Options and Defaults for the ping and ping ipv6 Commands (continued) Option...
Page 96: Configuring Terminal Parameters
Chapter 2 Before You Begin Configuring Terminal Parameters S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m sl-gw11-sj-10-0.sprintlink.net [144.232.3.134] 70 ms 30 ms 30 ms...
Page 97: Displaying Terminal Sessions
Chapter 2 Before You Begin Configuring Terminal Parameters S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Displaying Terminal Sessions Use the show line command to display all configured terminal sessions: switch# show line...
Page 98: Setting The Terminal Screen Length
Chapter 2 Before You Begin Configuring the Switch Banner Message S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Specifies the terminal type.
Page 99: Directing Show Command Output To A File
Chapter 2 Before You Begin Directing show Command Output to a File S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The following example displays the configured banner message.
Page 100: User-Defined Cli Persistent Variables
Chapter 2 Before You Begin Using CLI Variables S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 101: System-Defined Variables
Chapter 2 Before You Begin Using Command Aliases S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch# config t switch(config)# no cli var name mgmtport System-Defined Variables...
Page 102: Defining Command Aliases
Chapter 2 Before You Begin About Flash Devices S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 103: Internal Bootflash
Chapter 2 Before You Begin Formatting Flash Devices and File Systems S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Internal bootflash All switches in the Cisco MDS 9000 Family have one internal bootflash: that resides in the supervisor or switching module.You have access to two locations within the internal bootflash: file system.
Page 104: Formatting External Compactflash
Chapter 2 Before You Begin Using Switch File Systems S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Use the format bootflash: command to only format the bootflash: file system.
Page 105: Specifying File Systems
Chapter 2 Before You Begin Using Switch File Systems S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 106: Setting The Current Directory
Chapter 2 Before You Begin Using Switch File Systems S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 2-4 File System Syntax Components (continued) Scheme...
Page 107: Displaying File Checksums
Chapter 2 Before You Begin Using Switch File Systems S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Displaying File Checksums The show file file md5sum command provides the MD5 checksum of the file.
Page 108: Moving Files
Chapter 2 Before You Begin Using Switch File Systems S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch# rmdir slot0:test This is a directory.
Page 109: Deleting Files
Chapter 2 Before You Begin Using Switch File Systems S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 2-5 copy Command Syntax Scheme...
Page 110: Displaying File Contents
Chapter 2 Before You Begin Using Switch File Systems S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch# delete dns_config.cfg This example shows how to delete a file from an external CompactFlash (slot0): switch# delete slot0:dns_config.cfg...
Page 111: Displaying The Last Lines In A File
Chapter 2 Before You Begin Command Scripts S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Building Configuration ...
Page 112: Using Cli Variables In Scripts
Chapter 2 Before You Begin Command Scripts S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The syntax for this command is run-script filename.
Page 113: Setting The Delay Time
Chapter 2 Before You Begin Command Scripts S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 0 CRC, 0 unknown class 0 too long, 0 too short 1 frames output, 128 bytes...
Page 114 Chapter 2 Before You Begin Command Scripts S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide 2-36 OL-18084-01, Cisco MDS NX-OS Release 4.x...
Page 115 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m A R T Installation and Switch Management...
Page 116 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m...
Page 117: Licensing Terminology
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Obtaining and Installing Licenses Licenses are available in all switches in the Cisco MDS 9000 Family.
Page 118: C H A P T E R 3 Obtaining And Installing Licenses
Chapter 3 Obtaining and Installing Licenses Licensing Model S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 119 Chapter 3 Obtaining and Installing Licenses Licensing Model S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The licensing model defined for the Cisco MDS product line has two options: Feature-based licenses allow features that are applicable to the entire switch.
Page 120 Chapter 3 Obtaining and Installing Licenses Licensing Model S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 3-1 Feature-Based Licenses Feature License...
Page 121 Chapter 3 Obtaining and Installing Licenses Licensing Model S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 3-1 Feature-Based Licenses (continued) Feature License...
Page 122 Chapter 3 Obtaining and Installing Licenses Licensing Model S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 3-1 Feature-Based Licenses (continued) Feature License...
Page 123 Chapter 3 Obtaining and Installing Licenses Licensing Model S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 3-1 Feature-Based Licenses (continued) Feature License...
Page 124: Licensing High Availability
Chapter 3 Obtaining and Installing Licenses Licensing High Availability S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 3-1 Feature-Based Licenses (continued) Feature License...
Page 125: Obtaining A Factory-Installed License
Chapter 3 Obtaining and Installing Licenses Obtaining a Factory-Installed License S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Obtaining a Factory-Installed License You can obtain factory-installed licenses for a new switch.
Page 126: Obtaining The License Key File
Chapter 3 Obtaining and Installing Licenses Obtaining the License Key File S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Obtaining the License Key File Refer to the Cisco MDS 9000 Family Fabric Manager Configuration Guide for details on installing Note...
Page 127 Chapter 3 Obtaining and Installing Licenses Installing the License Key File S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m When you check the check box for a switch, the PAK or license file name field for that switch becomes editable.
Page 128: Installing The License Key File To A Remote Location
Chapter 3 Obtaining and Installing Licenses Backing Up License Files S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch# show license file Permanent.lic Permanent.lic: SERVER this_host ANY...
Page 129: Uninstalling Licenses
Chapter 3 Obtaining and Installing Licenses Uninstalling Licenses S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Application ----------- qos_manager...
Page 130: Updating Licenses
Chapter 3 Obtaining and Installing Licenses Updating Licenses S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enterprise.lic Ficon.lic Disable the features provided by the license to be uninstalled.
Page 131: Grace Period Alerts
Chapter 3 Obtaining and Installing Licenses Grace Period Alerts S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 6 Update the license file using the update license url command, where url specifies the bootflash:, slot0:, or volatile: location of the updated license file.
Page 132: License Transfers Between Switches
Chapter 3 Obtaining and Installing Licenses License Transfers Between Switches S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The following example uses the FICON feature.
Page 133: Displaying License Information
Chapter 3 Obtaining and Installing Licenses Displaying License Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Displaying License Information Use the show license commands to display all license information configured on this switch (see Examples...
Page 134 Chapter 3 Obtaining and Installing Licenses Displaying License Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m INCREMENT MAINFRAME_PKG cisco 1.0 30-Dec-2003 uncounted \ HOSTID=FOX0646S017 \ NOTICE=”0...
Page 135: About On-Demand Port Activation Licensing
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R On-Demand Port Activation Licensing This chapter describes how to use the on-demand port activation licensing feature on the Cisco MDS...
Page 136: Port-Naming Conventions
Chapter 4 On-Demand Port Activation Licensing About On-Demand Port Activation Licensing S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Port-Naming Conventions Table 4-1 describes the port-naming conventions for the four Cisco Fabric switches.
Page 137: C H A P T E R 4 On-Demand Port Activation Licensing
Chapter 4 On-Demand Port Activation Licensing About On-Demand Port Activation Licensing S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 4-3 Cisco Fabric Switch for HP c-Class BladeSystem Default Port Licenses (ext1 - ext4) EXT 1...
Page 138: Default Configuration
Chapter 4 On-Demand Port Activation Licensing About On-Demand Port Activation Licensing S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Default Configuration Example 4-1 shows the default port license configuration for the Cisco MDS 9124 Switch.
Page 139 Chapter 4 On-Demand Port Activation Licensing About On-Demand Port Activation Licensing S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m --------------------------------------------------- Interface Cookie...
Page 140 Chapter 4 On-Demand Port Activation Licensing About On-Demand Port Activation Licensing S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 16830464 16855040 16850944...
Page 141 Chapter 4 On-Demand Port Activation Licensing About On-Demand Port Activation Licensing S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 16822272 16838656 16842752...
Page 142: License Status Definitions
Chapter 4 On-Demand Port Activation Licensing About On-Demand Port Activation Licensing S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 16842752 ----------- License Status Definitions...
Page 143 Chapter 4 On-Demand Port Activation Licensing About On-Demand Port Activation Licensing S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 10G_PORT_ACTIVATION_PKG Unused --------------------------------------------------------------------------------...
Page 144: Configuring Port Activation Licenses
Chapter 4 On-Demand Port Activation Licensing Configuring Port Activation Licenses S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch# show license usage Feature Status...
Page 145: Making A Port Eligible For A License
Chapter 4 On-Demand Port Activation Licensing Configuring Port Activation Licenses S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Making a Port Eligible for a License By default, all ports are eligible to receive a license.
Page 146: Moving Licenses Among Ports
Chapter 4 On-Demand Port Activation Licensing Configuring Port Activation Licenses S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Moving Licenses Among Ports On the Cisco Fabric Switch for HP c-Class BladeSystem and the Cisco Fabric Switch for IBM Note...
Page 147: On-Demand Port Activation License Example
Chapter 4 On-Demand Port Activation Licensing On-Demand Port Activation License Example S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m On-Demand Port Activation License Example The following example shows how to do the following tasks: Make a port ineligible...
Page 148 Chapter 4 On-Demand Port Activation Licensing On-Demand Port Activation License Example S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 3 Make port fc1/8 ineligible to receive a license.
Page 149 Chapter 4 On-Demand Port Activation Licensing On-Demand Port Activation License Example S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m fc1/13 16826368 acquired...
Page 150 Chapter 4 On-Demand Port Activation Licensing On-Demand Port Activation License Example S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m port-license acquire channel-group 122 force no shutdown...
Page 151: Initial Configuration
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Initial Configuration This chapter includes the following sections:...
Page 152: Chapter 5 Initial Configuration
Chapter 5 Initial Configuration Starting a Switch in the Cisco MDS 9000 Family S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Starting a Switch in the Cisco MDS 9000 Family The following procedure is a review of the tasks you should have completed during hardware installation, including starting up the switch.
Page 153: Initial Setup Routine
Chapter 5 Initial Configuration Initial Setup Routine S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Initial Setup Routine The first time that you access a switch in the Cisco MDS 9000 Family, it runs a setup program that prompts you for the IP address and other configuration information necessary for the switch to...
Page 154: Default Login
Chapter 5 Initial Configuration Initial Setup Routine S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Default Login All Cisco MDS 9000 Family switches have the network administrator as a default user (admin).
Page 155: Assigning Setup Information
Chapter 5 Initial Configuration Initial Setup Routine S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 5-1 Management Access to Switches Router...
Page 156: Configuring Out-Of-Band Management
Chapter 5 Initial Configuration Initial Setup Routine S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Out-of-Band Management You can configure both in-band and out-of-band configuration together by entering Yes in both Step 12c...
Page 157 Chapter 5 Initial Configuration Initial Setup Routine S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enter the user password.
Page 158 Chapter 5 Initial Configuration Initial Setup Routine S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Continue with in-band (VSAN1) management configuration? (yes/no) [no]: no Enter yes (yes is the default) to enable IPv4 routing capabilities.
Page 159 Chapter 5 Initial Configuration Initial Setup Routine S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 15 Enter the SSH key type (see the “Overwriting a Generated Key-Pair”...
Page 160 Chapter 5 Initial Configuration Initial Setup Routine S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m If you are executing the setup script after issuing a write erase command, you must explicitly Note change the default zone policy to permit for VSAN 1 after finishing the script using the...
Page 161: Configuring In-Band Management
Chapter 5 Initial Configuration Initial Setup Routine S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m If you do not save the configuration at this point, none of your changes are updated the next Caution time the switch is rebooted.
Page 162 Chapter 5 Initial Configuration Initial Setup Routine S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 5 Enter no (no is the default) if you do not wish to create additional accounts.
Page 163 Chapter 5 Initial Configuration Initial Setup Routine S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configure the DNS IP address? (yes/no) [y]: no Enter no (no is the default) to skip the default domain name configuration.
Page 164 Chapter 5 Initial Configuration Initial Setup Routine S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enable full zoneset distribution (yes/no) [n]: no Disables the switch-wide default for the full zone set distribution feature.
Page 165: Using The Setup Command
Chapter 5 Initial Configuration Accessing the Switch S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Using the setup Command To make changes to the initial configuration at a later time, you can issue the setup command in EXEC mode.
Page 166: Assigning A Switch Name
Chapter 5 Initial Configuration Assigning a Switch Name S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 5-2 Switch Access Options Router...
Page 167: Verifying The Module Status
Chapter 5 Initial Configuration Verifying the Module Status S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To use the Cisco Fabric Manager, refer to the Cisco MDS 9000 Family Fabric Manager Configuration Guide.
Page 168: Configuring The Time Zone
Chapter 5 Initial Configuration Configuring Date, Time, and Time Zone S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Where HH represents hours in military format (15 for 3 p.m.), MM is minutes (58), SS is seconds (09), DD is the date (23), Month is the month in words (September), and YYYY is the year (2002).
Page 169: Ntp Configuration
Chapter 5 Initial Configuration NTP Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 170: About Ntp
Chapter 5 Initial Configuration NTP Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 171: Configuring Ntp
Chapter 5 Initial Configuration NTP Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 5-3 NTP Peer and Server Association From lower stratum...
Page 172 Chapter 5 Initial Configuration NTP Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 5...
Page 173 Chapter 5 Initial Configuration NTP Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure NTP in a server association using DNS names, follow these steps: Command Purpose...
Page 174: Ntp Cfs Distribution
Chapter 5 Initial Configuration NTP Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m NTP CFS Distribution You can enable NTP fabric distribution for all Cisco MDS switches in the fabric.
Page 175: Discarding Ntp Configuration Changes
Chapter 5 Initial Configuration NTP Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Discarding NTP Configuration Changes After making the configuration changes, you can choose to discard the changes or to commit them.
Page 176: Management Interface Configuration
Chapter 5 Initial Configuration Management Interface Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Management Interface Configuration The management interface on the switch allows multiple simultaneous Telnet or SNMP sessions.
Page 177: Using The Force Option During Shutdown
Chapter 5 Initial Configuration Default Gateway Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To obtain remote management access using IPv6 addressing parameters, follow these steps: Command Command...
Page 178: Configuring The Default Gateway
Chapter 5 Initial Configuration Telnet Server Connection S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 5-4 Default Gateway Default...
Page 179: Disabling A Telnet Connection
Chapter 5 Initial Configuration Configuring Console Port Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Disabling a Telnet Connection To disable Telnet connections to the switch, follow these steps: Command...
Page 180: Configuring Com1 Port Settings
Chapter 5 Initial Configuration Configuring COM1 Port Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The following example displays output from an MDS switch with a Supervisor-1 module: switch# show line console line Console:...
Page 181: Verifying Com1 Port Settings
Chapter 5 Initial Configuration Configuring Modem Connections S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Description Step 6...
Page 182: Guidelines To Configure Modems
Chapter 5 Initial Configuration Configuring Modem Connections S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Guidelines to Configure Modems We recommend you use the COM1 port to connect the modem from any director in the Cisco MDS 9500 Series or any switch in the Cisco MDS 9200 Series.
Page 183: Enabling Modem Connections
Chapter 5 Initial Configuration Configuring Modem Connections S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling Modem Connections To configure a modem connection through the COM1 port, follow these steps: Command...
Page 184: Configuring The Default Initialization String
Chapter 5 Initial Configuration Configuring Modem Connections S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 185: Configuring A User-Specified Initialization String
Chapter 5 Initial Configuration Configuring Modem Connections S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring a User-Specified Initialization String To configure a user-specified initialization string through the COM1 port, follow these steps: Command...
Page 186: Verifying The Modem Connection Configuration
Chapter 5 Initial Configuration Configuring Modem Connections S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 2 Connect the modem to the switch as specified in the Cisco MDS 9500 Series Hardware Guide or the Cisco MDS 9200 Series Hardware Installation Guide.
Page 187: Configuring Cdp
Chapter 5 Initial Configuration Configuring CDP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring CDP The Cisco Discovery Protocol (CDP) is an advertisement protocol used by Cisco devices to advertise itself to other Cisco devices in the same network.
Page 188: Clearing Cdp Counters And Tables
Chapter 5 Initial Configuration Configuring CDP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To globally configure the refresh time interval for the CDP protocol, follow these steps: Command Command...
Page 189 Chapter 5 Initial Configuration Configuring CDP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 5-1 Displays All CDP Capable Interfaces and Parameters switch# show cdp all...
Page 190 Chapter 5 Initial Configuration Configuring CDP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 5-5 Displays CDP Parameters for the Management Interface switch# show cdp interface mgmt 0...
Page 191 Chapter 5 Initial Configuration Configuring CDP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Device ID:0 Entry address(es): IP Address: 0.0.0.0...
Page 192 Chapter 5 Initial Configuration Configuring CDP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide 5-42 OL-18084-01, Cisco MDS NX-OS Release 4.x...
Page 193: About Flexattach Virtual Pwwn
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring FlexAttach Virtual pWWN This chapter describes the FlexAttach virtual port world-wide name (pWWN) feature and includes the...
Page 194: Flexattach Virtual Pwwn Guidelines And Requirements
Chapter 6 Configuring FlexAttach Virtual pWWN FlexAttach Virtual pWWN Guidelines and Requirements S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m FlexAttach Virtual pWWN Guidelines and Requirements Following are recommended guidelines and requirements when deploying FlexAttach virtual pWWN: FlexAttach configuration is supported only on NPV switches.
Page 195: C H A P T E R 6 Configuring Flexattach Virtual Pwwn
Chapter 6 Configuring FlexAttach Virtual pWWN Configuring FlexAttach Virtual pWWN S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m When the interface-list value is not included in the command, virtual pWWN is enabled globally.
Page 196: Verifying Flexattach Virtual Pwwn
Chapter 6 Configuring FlexAttach Virtual pWWN Configuring FlexAttach Virtual pWWN S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The interface must be in a shut state and the specified Virtual pWWN should not be logged in.
Page 197: Debugging Flexattach Virtual Pwwn
Chapter 6 Configuring FlexAttach Virtual pWWN Configuring FlexAttach Virtual pWWN S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m -------------------------------------------------------------------------- 0x010000 N 20:01:00:0d:ec:2f:c1:40 (Cisco) npv 0x010001 N 20:02:00:0d:ec:2f:c1:40 (Cisco) npv...
Page 198: Flexattach Virtual Pwwn Cfs Distribution
Chapter 6 Configuring FlexAttach Virtual pWWN Difference Between San Device Virtualization and FlexAttach Port Virtualization S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m FlexAttach Virtual pWWN CFS Distribution The FlexAttach virtual pWWN configuration is distributed for CFS through IPv4, and is enabled by default.
Page 199: About Cfs
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Using the CFS Infrastructure The Cisco MDS NX-OS software uses the Cisco Fabric Services (CFS) infrastructure to enable efficient...
Page 200: Chapter 7 Using The Cf Infrastructure
Chapter 7 Using the CFS Infrastructure About CFS S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m This section includes the following topics: Cisco MDS NX-OS Features Using CFS, page 7-2 •...
Page 201: Cfs Protocol
Chapter 7 Using the CFS Infrastructure About CFS S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m –...
Page 202: Cfs Distribution Modes
Chapter 7 Using the CFS Infrastructure Disabling CFS Distribution on a Switch S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m CFS Distribution Modes CFS supports different distribution modes to support different application requirements: coordinated and uncoordinated distributions.
Page 203: Verifying Cfs Distribution Status
Chapter 7 Using the CFS Infrastructure CFS Application Requirements S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To globally disable or enable CFS distribution on a switch, follow these steps: Command Purpose...
Page 204: Enabling Cfs For An Application
Chapter 7 Using the CFS Infrastructure Enabling CFS for an Application S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling CFS for an Application All CFS-based applications provide an option to enable or disable the distribution capabilities.
Page 205: Locking The Fabric
Chapter 7 Using the CFS Infrastructure Locking the Fabric S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Locking the Fabric When you configure (first time configuration) a Cisco NX-OS feature (or application) that uses the CFS infrastructure, that feature starts a CFS session and locks the fabric.
Page 206: Committing Changes
Chapter 7 Using the CFS Infrastructure Committing Changes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Committing Changes A commit operation saves the pending database for all application peers and releases the lock for all switches.
Page 207: Cfs Merge Support
Chapter 7 Using the CFS Infrastructure CFS Merge Support S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Switch# Conf t Switch(conf)# dpvm abort Clear the sessions from any switch in the fabric.
Page 208 Chapter 7 Using the CFS Infrastructure CFS Merge Support S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m ---------------------------------------------------------------- 20:00:00:05:30:00:6b:9e 10.76.100.167...
Page 209: Cfs Distribution Over Ip
Chapter 7 Using the CFS Infrastructure CFS Distribution over IP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch# show cfs peers name ntp Scope : Physical...
Page 210 Chapter 7 Using the CFS Infrastructure CFS Distribution over IP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 211: Enabling Cfs Over Ip
Chapter 7 Using the CFS Infrastructure CFS Distribution over IP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling CFS Over IP To enable or disable CFS over IPv4, follow these steps: Command...
Page 212: Verifying Ip Multicast Address Configuration For Cfs Over Ip
Chapter 7 Using the CFS Infrastructure CFS Distribution over IP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure an IP multicast address for CFS over IPv4, follow these steps: Command Purpose...
Page 213 Chapter 7 Using the CFS Infrastructure CFS Distribution over IP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m CFS uses the list of configured IP addresses to communicate with each peer and learn the peer switch WWN.
Page 214: Verifying Static Ip Peer Configuration
Chapter 7 Using the CFS Infrastructure CFS Distribution over IP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Verifying Static IP Peer Configuration To verify the IP peer configuration, use the show cfs status command.
Page 215: Cfs Regions
Chapter 7 Using the CFS Infrastructure CFS Regions S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m CFS Regions This section contains the following topics: About CFS Regions, page 7-17...
Page 216: Managing Cfs Regions
Chapter 7 Using the CFS Infrastructure CFS Regions S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Managing CFS Regions This section describes how to manage a CFS region.
Page 217: Removing An Application From A Region
Chapter 7 Using the CFS Infrastructure Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Removing an Application from a Region Removing an application from a region is the same as moving the application back to the default region or to Region 0, that is, bringing the entire fabric into the scope of distribution for the application.
Page 218 Chapter 7 Using the CFS Infrastructure Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 7-1 Default CFS Parameters Parameters...
Page 219: About Software Images
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Software Images This chapter describes how to install and upgrade Cisco MDS software images.
Page 220: Dependent Factors For Software Installation
Chapter 8 Software Images About Software Images S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Dependent Factors for Software Installation The software image install procedure is dependent on the following factors: •...
Page 221: Chapter 8 Software Image
Chapter 8 Software Images Essential Upgrade Prerequisites S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 8-3 Supervisor Module Software Image Naming Conventions for MDS 9500 Series Cisco MDS 9500 Series...
Page 222 Chapter 8 Software Images Essential Upgrade Prerequisites S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 223: Software Upgrade Methods
Chapter 8 Software Images Software Upgrade Methods S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m –...
Page 224: Determining Software Compatibility
Chapter 8 Software Images Software Upgrade Methods S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m For high availability, you need to connect the ethernet port for both active and standby Note supervisors to the same network or virtual LAN.
Page 225: Automated Upgrades
Chapter 8 Software Images Automated Upgrades S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Automated Upgrades The install all command upgrades all modules in any Cisco MDS 9000 Family switch.
Page 226: Recognizing Failure Cases
Chapter 8 Software Images Automated Upgrades S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 227: Using The Install All Command
Chapter 8 Software Images Automated Upgrades S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Using the install all Command Ensure that there is enough space available on the active and standby supervisor module bootflash: to Note...
Page 228 Chapter 8 Software Images Automated Upgrades S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch# copy tftp://10.16.10.100/system-img bootflash:system-img Trying to connect to tftp server..
Page 229 Chapter 8 Software Images Automated Upgrades S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 1.3(2a) 1.3(1) bios...
Page 230: Upgrading Services Modules
Chapter 8 Software Images Automated Upgrades S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Upgrading Services Modules Any Fibre Channel switching module supports nondisruptive upgrades.
Page 231: Sample Install All Commands
Chapter 8 Software Images Automated Upgrades S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Sample install all Commands Example 8-4 displays the result of the install all command issued from a console terminal that is...
Page 232 Chapter 8 Software Images Automated Upgrades S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m bios v1.1.0(10/24/03) v1.1.0(10/24/03)
Page 233 Chapter 8 Software Images Automated Upgrades S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Continue on installation process, please wait.
Page 234 Chapter 8 Software Images Automated Upgrades S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m [####################] 100% -- SUCCESS Verifying image bootflash:/isan-2-1-1a [####################] 100% -- SUCCESS...
Page 235 Chapter 8 Software Images Automated Upgrades S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m [####################] 100% -- SUCCESS Performing configuration copy.
Page 236 Chapter 8 Software Images Automated Upgrades S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Extracting “system”...
Page 237 Chapter 8 Software Images Automated Upgrades S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m [####################] 100% -- SUCCESS Verifying image bootflash:/isan-1.3.2a [####################] 100% -- SUCCESS...
Page 238: Upgrade Status Verification
Chapter 8 Software Images Upgrade Status Verification S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Install is in progress, please wait.
Page 239: Nondisruptive Upgrades On Fabric And Modular Switches
Chapter 8 Software Images Nondisruptive Upgrades on Fabric and Modular Switches S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch# show install all status This is the log of last installation.
Page 240 Chapter 8 Software Images Nondisruptive Upgrades on Fabric and Modular Switches S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Nondisruptive upgrades on these fabric switches take down the control plane for not more than 80 seconds.
Page 241 Chapter 8 Software Images Nondisruptive Upgrades on Fabric and Modular Switches S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Extracting "system"...
Page 242: Performing A Nondisruptive Upgrade On A Fabric Switch
Chapter 8 Software Images Nondisruptive Upgrades on Fabric and Modular Switches S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Performing a Nondisruptive Upgrade on a Fabric Switch To perform a nondisruptive software upgrade on any of the following switches, enter the install all kickstart command using the console port:...
Page 243: Viewing The Status Of A Nondisruptive Upgrade On A Fabric Switch
Chapter 8 Software Images Nondisruptive Upgrades on Fabric and Modular Switches S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Freeing memory in the file system.
Page 244: Troubleshooting A Nondisruptive Upgrade On A Fabric Switch
Chapter 8 Software Images Manual Upgrade on a Dual Supervisor Module Switch S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Performing supervisor state verification.
Page 245: Preparing For A Manual Installation
Chapter 8 Software Images Manual Upgrade on a Dual Supervisor Module Switch S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 246: Upgrading A Loader
Chapter 8 Software Images Manual Upgrade on a Dual Supervisor Module Switch S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m image name: m9500-sf1ek9-kickstart-mzg.1.0.3.bin kickstart: version 1.0(3)
Page 247 Chapter 8 Software Images Manual Upgrade on a Dual Supervisor Module Switch S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m bootflash: 1000944 blocks (block size 512b) slot0: 0 blocks (block size 512b)
Page 248: Upgrading The Bios
Chapter 8 Software Images Manual Upgrade on a Dual Supervisor Module Switch S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Upgrading the BIOS Refer to the release notes to verify if the BIOS has changed for the image version being used.
Page 249: Quick Upgrade
Chapter 8 Software Images Quick Upgrade S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m If the versions are different, issue the install module command as specified in Step 3.
Page 250: Maintaining Supervisor Modules
Chapter 8 Software Images Maintaining Supervisor Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Downgrading from Cisco MDS NX-OS Release 4.1(1a) or later to Cisco MDS SAN-OS Release is Note 3.3(1c) and earlier is disruptive and requires a reload of the switch.
Page 251: Replacing Supervisor Modules
Chapter 8 Software Images Maintaining Supervisor Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Replacing Supervisor Modules To avoid packet loss when removing a supervisor module from a Cisco MDS 9500 Series Director, take the supervisor modules out of service before removing the supervisor module.
Page 252: Standby Supervisor Module Bootflash Memory
Chapter 8 Software Images Installing Generation 2 Modules in Generation 1 Chassis S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Standby Supervisor Module Bootflash Memory When updating software images on the standby supervisor module, verify that there is enough space available for the image using the dir bootflash://sup-standby/ command.
Page 253: Default Settings
Chapter 8 Software Images Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Issue the install all command to copy the Cisco SAN-OS software image to the standby supervisor module bootflash device.
Page 254 Chapter 8 Software Images Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide 8-36 OL-18084-01, Cisco MDS NX-OS Release 4.x...
Page 255: Managing Configuration Files
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Working with Configuration Files This chapter describes how to initially configure switches using the configuration files so they can be...
Page 256: C H A P T E R 9 Working With Configuration Files
Chapter 9 Working with Configuration Files Managing Configuration Files S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m interface mgmt0 ip address 172.22.95.112 255.255.255.0 no shutdown...
Page 257: Using A File From An External Compactflash Disk (Slot0:)
Chapter 9 Working with Configuration Files Managing Configuration Files S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Using a File From an External CompactFlash Disk (slot0:) Note The physical media must be inserted into slot0: after you log into the switch.
Page 258: Saving To An External Compactflash Disk (Slot0:)
Chapter 9 Working with Configuration Files Managing Configuration Files S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Saving to an External CompactFlash Disk (slot0:) To save a configuration file on an external CompactFlash device, follow these steps: Log into the switch through the console port or through a Telnet session.
Page 259: Unlocking The Startup Configuration File
Chapter 9 Working with Configuration Files Managing Configuration Files S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch# show cfs application ---------------------------------------------- Application...
Page 260: Backing Up Configuration Files
Chapter 9 Working with Configuration Files Managing Configuration Files S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 9-1 copy Command Syntax (continued) Scheme...
Page 261: Rolling Back To A Previous Configuration
Chapter 9 Working with Configuration Files Managing Configuration Files S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch# copy nvram:startup-config bootflash:my-config •...
Page 262: Accessing File Systems On The Standby Supervisor Module
Chapter 9 Working with Configuration Files Accessing File Systems on the Standby Supervisor Module S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 2 Wait until all modules are back online.
Page 263: About High Availability
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring High Availability The Cisco MDS 9500 Series of multilayer directors support application restartability and nondisruptive...
Page 264: C H A P T E R 10 Configuring High Availability
Chapter 10 Configuring High Availability Switchover Mechanisms S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Directors in the Cisco MDS 9500 Series have two supervisor modules (sup-1 and sup-2) in slots 5 and 6 (Cisco MDS 9509 and 9506 Switches) or slots 7 and 8 (Cisco MDS 9513 Switch).
Page 265: Switchover Guidelines
Chapter 10 Configuring High Availability Switchover Guidelines S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Switchover Guidelines Be aware of the following guidelines when performing a switchover: When you manually initiate a switchover, system messages indicate the presence of two supervisor...
Page 266: Process Restartability
Chapter 10 Configuring High Availability Process Restartability S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Process Restartability Process restartability provides the high availability functionality in Cisco MDS 9000 Family switches.
Page 267: Displaying Ha Status Information
Chapter 10 Configuring High Availability Displaying HA Status Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m This example output shows that automatic copying is disabled: switch# show boot auto-copy Auto-copy feature disabled...
Page 268 Chapter 10 Configuring High Availability Displaying HA Status Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 10-1 Redundancy States State...
Page 269: Displaying The System Uptime
Chapter 10 Configuring High Availability Displaying the System Uptime S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 10-3 Internal States (continued) State...
Page 270 Chapter 10 Configuring High Availability Displaying the System Uptime S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide 10-8 OL-18084-01, Cisco MDS NX-OS Release 4.x...
Page 271: Displaying Switch Hardware Inventory
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Managing System Hardware This chapter provides details on how to manage system hardware other than services and switching...
Page 272: Chapter 11 Managing System Hardware
Chapter 11 Managing System Hardware Displaying Switch Hardware Inventory S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m NAME: "Slot 6", DESCR: "Supervisor/Fabric-1"...
Page 273 Chapter 11 Managing System Hardware Displaying Switch Hardware Inventory S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Module in slot 1 is empty Module in slot 2 is empty Module in slot 3 is empty...
Page 274: Running Compact Flash Tests
Chapter 11 Managing System Hardware Running Compact Flash Tests S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Running Compact Flash Tests As of Cisco SAN-OS Release 3.1(3) and NX-OS Release 4.1(1a), you can run the CompactFlash CRC checksum test to identify if the CompactFlash firmware is corrupted and needs to be updated.
Page 275: Setting The Compactflash Crc Checksum Test Interval
Chapter 11 Managing System Hardware Running Compact Flash Tests S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch(config)# system health module 4 cf-crc-check To disable automatic CompactFlash CRC checksum testing, use the no system health module cf-crc-check command in EXEC mode.
Page 276: Updating The Compactflash Firmware
Chapter 11 Managing System Hardware Updating the CompactFlash Firmware S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Test Frequency Status...
Page 277: Enabling And Disabling The Compactflash Firmware Update
Chapter 11 Managing System Hardware Updating the CompactFlash Firmware S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling and Disabling the CompactFlash Firmware Update By default, the CompactFlash firmware is updated automatically every 30 days.
Page 278: Displaying The Frequency And Status Of Compactflash Updates
Chapter 11 Managing System Hardware Updating the CompactFlash Firmware S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To disable the CompactFlash CRC firmware update test failure action, use the no system health module cf-re-flash failure-action command in configuration mode.
Page 279: Displaying The Switch Serial Number
Chapter 11 Managing System Hardware Displaying the Switch Serial Number S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Test statistics for module 8 ------------------------------------------------------------------------------ Test Name...
Page 280: Displaying Power Usage Information
Chapter 11 Managing System Hardware Displaying Power Usage Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Displaying Power Usage Information Use the show environment power command to display the actual power usage information for the entire switch.
Page 281: Power Supply Configuration Guidelines
Chapter 11 Managing System Hardware Power Supply Configuration Modes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 282 Chapter 11 Managing System Hardware Power Supply Configuration Modes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 11-1 Redundant Mode Power Supply Scenarios Power...
Page 283: About Crossbar Management
Chapter 11 Managing System Hardware About Crossbar Management S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m You decide to change the switch to redundant mode.
Page 284: Operational Considerations When Removing Crossbars
Chapter 11 Managing System Hardware About Crossbar Management S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 285: Gracefully Shutting Down A Crossbar
Chapter 11 Managing System Hardware About Crossbar Management S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m You can mix and match Generation 1 and Generation 2 hardware on the Cisco MDS 9500 Series Directors running Cisco MDS SAN-OS 3.0(1) or later without compromising the integrity and availability of your SANs based on Cisco MDS 9500 Series Directors.
Page 286: About Module Temperature
Chapter 11 Managing System Hardware About Module Temperature S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m –...
Page 287: Displaying Module Temperature
Chapter 11 Managing System Hardware About Fan Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Displaying Module Temperature Use the show environment temperature command to display temperature sensors for each module (see Example 11-4...
Page 288 Chapter 11 Managing System Hardware About Fan Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 289: About Clock Modules
Chapter 11 Managing System Hardware About Clock Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 11-1 Cisco MDS 9513 Front Fan Module Numbering The rear fan module (DS-13SLT-FAN-R) on the Cisco MDS 9513 Director has only two fans.
Page 290: Displaying Environment Information
Chapter 11 Managing System Hardware Displaying Environment Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m We recommend that the failed clock module be replaced during a maintenance window.
Page 291: Default Settings
Chapter 11 Managing System Hardware Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Power Usage Summary: -------------------- Power Supply redundancy mode:...
Page 292 Chapter 11 Managing System Hardware Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide 11-22 OL-18084-01, Cisco MDS NX-OS Release 4.x...
Page 293 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Managing Modules This chapter describes how to manage switching and services modules (also known as line cards) and...
Page 294: Chapter 12 Managing Module
Chapter 12 Managing Modules About Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Modules Table 12-1 describes the supervisor module options for switches in the Cisco MDS 9000 Family.
Page 295: Switching Modules
Chapter 12 Managing Modules About Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 12-2 Supervisor Module Terms and Usage in Console Displays Module Terms...
Page 296: Verifying The Status Of A Module
Chapter 12 Managing Modules Verifying the Status of a Module S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Verifying the Status of a Module Before you begin configuring the switch, you need to ensure that the modules in the chassis are functioning as designed.
Page 297: Connecting To A Module
Chapter 12 Managing Modules Connecting to a Module S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 12-3 Module States Module Status...
Page 298: Reloading Modules
Chapter 12 Managing Modules Reloading Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m This example shows the output of the dir bootflash: command: root 14502912...
Page 299: Reloading Switching Modules
Chapter 12 Managing Modules Preserving the Module Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 2 Issue the reload module command to reset the identified module.
Page 300: Purging Module Configuration
Chapter 12 Managing Modules Purging Module Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 12-4 Switching Module Configuration Status Scenario...
Page 301: Powering Off Switching Modules
Chapter 12 Managing Modules Powering Off Switching Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m will receive an error message that prevents you from proceeding with the configuration.
Page 302 Chapter 12 Managing Modules Identifying Module LEDs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 12-5 LEDs for the Cisco MDS 9200 Series Supervisor Modules (continued) Status...
Page 303 Chapter 12 Managing Modules Identifying Module LEDs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 12-7 describes the LEDs for the 16-port and 32-port switching modules, and the 4-port, 12-port, 24-port, and 48-port Generation 2 switching modules.
Page 304: Epld Configuration
Chapter 12 Managing Modules EPLD Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 12-8 LEDs for the Cisco MDS 9500 Series Supervisor Modules Status...
Page 305: Upgrading Epld Images
Chapter 12 Managing Modules EPLD Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Refer to the Cisco MDS NX-OS Release Notes to verify if the EPLD has changed for the Cisco NX-OS image version being used.
Page 306 Chapter 12 Managing Modules EPLD Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 2337571 May 31 13:43:02 2005 m9000-epld-2.1.2.img You can find the EPLD images at the following URL: http://www.cisco.com/cgi-bin/tablebuild.pl/mds-epld...
Page 307 Chapter 12 Managing Modules EPLD Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 15944704 Apr 06 16:46:04 2005 m9500-sf1ek9-kickstart-mz.2.1.1a.bin 48063243 Mar 21 15:34:46 2005 m9500-sf1ek9-mz.2.1.1.bin 48036239 Apr 06 16:45:41 2005 m9500-sf1ek9-mz.2.1.1a.bin...
Page 308: Displaying Epld Versions
Chapter 12 Managing Modules EPLD Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 6 Use the install module number epld url command on the active supervisor module to upgrade EPLD images for a module.
Page 309 Chapter 12 Managing Modules EPLD Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Use the show version epld url command to view the available EPLD versions (see Example 12-2).
Page 310: Installing The Ssi Boot Image
Chapter 12 Managing Modules Installing the SSI Boot Image S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Installing the SSI Boot Image This section describes how to install the SSI boot image on the following modules: Storage Services Module (SSM)
Page 311: Upgrading The Ssi Boot Image
Chapter 12 Managing Modules Upgrading the SSI Boot Image S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Upgrading the SSI Boot Image As of Cisco SAN-OS Release 2.0(2b), you can specify the SSI boot image for a Storage Services Module (SSM) to configure Fibre Channel switching and Intelligent Storage Services (see...
Page 312: Verifying The Ssi Boot Image
Chapter 12 Managing Modules Upgrading the SSI Boot Image S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To upgrade or downgrade the SSI boot image Fibre Channel switching and Intelligent Storage Services, perform the following steps: Verify that the correct SSI boot image is present on your switch (see the...
Page 313 Chapter 12 Managing Modules Upgrading the SSI Boot Image S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 4 Issue the dir bootflash: or dir slot0: command to verify that the SSI software image file corresponding to your Cisco MDS SAN-OS release is present on the active supervisor module.
Page 314 Chapter 12 Managing Modules Upgrading the SSI Boot Image S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch(standby)# dir bootflash: 12288 Jan 01 00:01:06 1980 lost+found/ 14765056 Mar 21 15:35:06 2005 m9500-sf1ek9-kickstart-mz.2.1.1.bin...
Page 315: Configuring The Ssi Image Boot Variable
Chapter 12 Managing Modules Upgrading the SSI Boot Image S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch# attach module 6 switch(standby)# delete bootflash:m9500-sf1ek9-kickstart-mz.2.1.1.bin switch(standby)# exit...
Page 316 Chapter 12 Managing Modules Upgrading the SSI Boot Image S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m You can only specify one image for the SSI variable per module.
Page 317: Using The Install Ssi Command
Chapter 12 Managing Modules Upgrading the SSI Boot Image S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m -------------------------------------- ---------- 00-05-30-00-9e-b2 to 00-05-30-00-9e-b6...
Page 318 Chapter 12 Managing Modules Upgrading the SSI Boot Image S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m If the SSM is configured for Layer 3 Fibre Channel switching or Intelligent Storage Services, a Note warning will be displayed at the command prompt indicating that the operation will disrupt...
Page 319 Chapter 12 Managing Modules Upgrading the SSI Boot Image S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m * this terminal session Cisco MDS 9000 Family CLI Configuration Guide 12-27...
Page 320: Managing Ssms And Supervisor Modules
Chapter 12 Managing Modules Managing SSMs and Supervisor Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Managing SSMs and Supervisor Modules This section describes the considerations for replacing SSMs and supervisor modules and for upgrading and downgrading Cisco MDS NX-OS and SAN-OS releases.
Page 321: Recovering An Ssm After Replacing Corrupted Compactflash Memory
Chapter 12 Managing Modules Managing SSMs and Supervisor Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Recovering an SSM After Replacing Corrupted CompactFlash Memory As of Cisco MDS NX-OS Release 4.1(1a) and SAN-OS Release 2.1(2), you can use the CompactFlash memory (modflash:) on the SSM to store the SSI image.
Page 322 Chapter 12 Managing Modules Managing SSMs and Supervisor Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Switch# install all system bootflash:isan-2-1-1a kickstart bootflash:boot-2-1-1a ssi bootflash:ssi-2.1.1a Copying image from bootflash:ssi-2.1.1a to modflash://2-1/ssi-2.1.1a.
Page 323: Default Settings
Chapter 12 Managing Modules Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Install is in progress, please wait.
Page 324 Chapter 12 Managing Modules Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 12-11 lists the default settings for the SSM.
Page 325: Switch Configuration
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m A R T Switch Configuration...
Page 326 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m...
Page 327: Fibre Channel Interfaces
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring Interfaces The main function of a switch is to relay frames from one data link to another.
Page 328: Chapter 13 Configuring Interface
Chapter 13 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 329: About Interface Modes
Chapter 13 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m We recommend that you configure your E ports on a 16-port switching module.
Page 330: Np Ports
Chapter 13 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m When a module is removed and replaced with the same type of module, the configuration is retained.
Page 331 Chapter 13 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m TL Port In translative loop port (TL port) mode, an interface functions as a translative loop port.
Page 332: Tnp Port
Chapter 13 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m TNP Port In trunking NP port (TNP port) mode, an interface functions as a trunking expansion port.
Page 333: Auto Mode
Chapter 13 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Auto Mode Interfaces configured in auto mode can operate in one of the following modes: F port, FL port, E port, TE port, or TF port.
Page 334: Operational States
Chapter 13 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 13-1 Administrative States Administrative State...
Page 335 Chapter 13 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 13-4 Reason Codes for Nonoperational States Applicable...
Page 336 Chapter 13 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 13-4 Reason Codes for Nonoperational States (continued) Applicable...
Page 337: Configuring Fibre Channel Interfaces
Chapter 13 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Fibre Channel Interfaces To configure a Fibre Channel interface, follow these steps: Command...
Page 338: Graceful Shutdown
Chapter 13 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Graceful Shutdown Interfaces on a port are shut down by default (unless you modified the initial configuration).
Page 339: Configuring Interface Modes
Chapter 13 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Interface Modes To configure the interface mode, follow these steps: Command...
Page 340: Configuring Port Speeds
Chapter 13 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To ensure that ports that are part of ISLs do not get changed to port mode F, configure the ports in port Note mode E, rather than in Auto mode.
Page 341: Autosensing
Chapter 13 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m For internal ports on the Cisco Fabric Switch for HP c_Class BladeSystem and Cisco Fabric Switch for IBM BladeCenter, a port speed of 1 Gbps is not supported.
Page 342: Configuring Port Guard
Chapter 13 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Port Guard Using the port guard feature, you can restrict the number of error reports and bring a malfunctioning port to down state dynamically.
Page 343: Enabling N Port Identifier Virtualization
Chapter 13 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Switch (config-if)# errdisable detect cause link-down num-times 5 duration 30 Enabling N Port Identifier Virtualization You must globally enable NPIV for all VSANs on the MDS switch to allow the NPIV-enabled...
Page 344: About Receive Data Field Size
Chapter 13 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Receive Data Field Size You can also configure the receive data field size for Fibre Channel interfaces.
Page 345: About Beacon Mode
Chapter 13 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 346: Switch Port Attribute Default Values
Chapter 13 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 347: About Sfp Transmitter Types
Chapter 13 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 2...
Page 348: Displaying Interface Information
Chapter 13 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Displaying Interface Information The show interface command is invoked from the EXEC mode and displays the interface configurations.
Page 349 Chapter 13 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m fc1/13 is up Hardware is Fibre Channel, SFP is short wave laser Port WWN is 20:0d:00:05:30:00:97:9e...
Page 350 Chapter 13 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 1886 frames output, 887712 bytes 0 discards, 0 errors 0 input OLS, 0 LRR, 0 NOS, 1 loop inits...
Page 351 Chapter 13 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 3 transmit B2B credit remaining.
Page 352 Chapter 13 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m iscsi4/1 down -------------------------------------------------------------------------------...
Page 353 Chapter 13 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 3 transmit B2B credit remaining.
Page 354 Chapter 13 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m fc9/10 4186 4182...
Page 355 Chapter 13 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 13-12 Displays the Running Configuration for a Specified Interface switch# show running-config interface fc1/1 interface fc9/1...
Page 356: Tl Ports For Private Loops
Chapter 13 Configuring Interfaces TL Ports for Private Loops S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Mode (Gbps) -------------------------------------------------------------------------------...
Page 357 Chapter 13 Configuring Interfaces TL Ports for Private Loops S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Private loop devices refer to legacy devices that reside on arbitrated loops.
Page 358: About Tl Port Alpa Caches
Chapter 13 Configuring Interfaces TL Ports for Private Loops S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 13-4 TL Port Translation Support Examples Private...
Page 359 Chapter 13 Configuring Interfaces TL Ports for Private Loops S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The show tlport command displays the TL port interface configurations.
Page 360: Manually Inserting Entries Into Alpa Cache
Chapter 13 Configuring Interfaces Buffer Credits S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Manually Inserting Entries into ALPA Cache To manually insert entries into the ALPA cache, follow these steps: Command...
Page 361: Configuring Buffer-To-Buffer Credits
Chapter 13 Configuring Interfaces Buffer Credits S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The receive BB_credit (fcrxbbcredit) value may be configured for each FC interface.
Page 362: About Performance Buffers
Chapter 13 Configuring Interfaces Buffer Credits S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m This example shows the output of the do show int fc1/1 command: intfc1/1 is up 16 receive B2B credit remaining...
Page 363: Extended Bb_Credits On Generation 1 Switching Modules
Chapter 13 Configuring Interfaces Buffer Credits S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 364: Extended Bb_Credits On Generation 2 And Generation 3 Switching Modules
Chapter 13 Configuring Interfaces Buffer Credits S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The extended BB_credit configuration takes precedence over the receive BB_credit and performance Note buffer configurations.
Page 365: Displaying Bb_Credit Information
Chapter 13 Configuring Interfaces Buffer Credits S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 4...
Page 366: Management Interfaces
Chapter 13 Configuring Interfaces Management Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Receive B2B Credit performance buffers is 48 12 receive B2B credit remaining 0 transmit B2B credit remaining...
Page 367: Displaying Management Interface Configuration
Chapter 13 Configuring Interfaces Management Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 7...
Page 368: Vsan Interfaces
Chapter 13 Configuring Interfaces VSAN Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m VSAN Interfaces VSANs apply to Fibre Channel fabrics and enable you to configure multiple isolated SAN topologies within the same physical infrastructure.
Page 369: Default Settings
Chapter 13 Configuring Interfaces Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Default Settings Table 13-7 lists the default settings for interface parameters.
Page 370 Chapter 13 Configuring Interfaces Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide 13-44 OL-18084-01, Cisco MDS NX-OS Release 4.x...
Page 371: About Npv
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring N Port Virtualization N port virtualization (NPV) reduces the number of Fibre Channel domain IDs in SANs.
Page 372: C H A P T E R 14 Configuring N Port Virtualization
Chapter 14 Configuring N Port Virtualization About NPV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 14-1 Cisco NPV Fabric Configuration NPV-Core Switch...
Page 373: Npv Mode
Chapter 14 Configuring N Port Virtualization About NPV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m NPV Mode A switch is in NPV mode after a user has enabled NPV and the switch has successfully rebooted.
Page 374: Np Links
Chapter 14 Configuring N Port Virtualization About NPV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m NP Ports An NP port (proxy N port) is a port on a device that is in NPV mode and connected to the NPV core switch using an F port.
Page 375: Default Port Numbers
Chapter 14 Configuring N Port Virtualization About NPV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 14-3 shows the internal FLOGI flows between an NPV core switch and an NPV device.
Page 376: Npv Cfs Distribution Over Ip
Chapter 14 Configuring N Port Virtualization About NPV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m NPV CFS Distribution over IP NPV devices use only IP as the transport medium.
Page 377: Disruptive
Chapter 14 Configuring N Port Virtualization NPV Guidelines and Requirements S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Disruptive Disruptive load balance works intependent of automatic selection of interfaces and configured traffic map of external interfaces.
Page 378: Npv Traffic Management Guidelines
Chapter 14 Configuring N Port Virtualization Configuring NPV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m NPV Traffic Management Guidelines When deploying NPV traffic management, follow these guidelines: •...
Page 379 Chapter 14 Configuring N Port Virtualization Configuring NPV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 380: Configuring Npv Traffic Management
Chapter 14 Configuring N Port Virtualization Configuring NPV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring NPV Traffic Management The NPV traffic management feature is enabled after configuring NPV.
Page 381: Dpvm Configuration
Chapter 14 Configuring N Port Virtualization Verifying NPV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m DPVM Configuration When NPV is enabled, the following requirements must be met before you configure DPVM on the NPV core switch:...
Page 382 Chapter 14 Configuring N Port Virtualization Verifying NPV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m ------------------------ VSAN:1 FCID:0x010000 ------------------------...
Page 383: Verifying Npv Traffic Management
Chapter 14 Configuring N Port Virtualization Verifying NPV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Number of External Interfaces: 2 Server Interfaces: ==================...
Page 384 Chapter 14 Configuring N Port Virtualization Verifying NPV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide 14-14 OL-18084-01, Cisco MDS NX-OS Release 4.x...
Page 385: About Generations Of Modules And Switches
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring Generation 2 and Generation 3 Switching Modules...
Page 386: C H A P T E R 15 Configuring Generation 2 And Generation 3 Switching Modules
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules About Generations of Modules and Switches S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 15-1 identifies the modules supported by the Cisco MDS 9500 Series switches and Cisco MDS 9216A and Cisco MDS 9216i switches, as well as the Fabric switches.
Page 387: Port Groups And Port Rate Modes
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Port Groups and Port Rate Modes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Port Groups and Port Rate Modes This section includes the following topics: Port Groups, page 15-3...
Page 388: Port Rate Modes
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Port Groups and Port Rate Modes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 15-2 Bandwidth and Port Groups for the Fibre Channel Modules and Fabric Switches Bandwidth Per...
Page 389 Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Port Groups and Port Rate Modes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Port rate modes are not supported on the Cisco Fabric Switch for HP c-Class BladeSystem, and the Cisco Note Fabric Switch for IBM BladeCenter.
Page 390: Dedicated Rate Mode
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Port Groups and Port Rate Modes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 15-3 Port Rate Mode Support on Generation 2 and Generation 3 Modules and Switches Supports...
Page 391: Shared Rate Mode
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Port Groups and Port Rate Modes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 15-5 show the amount of bandwidth reserved for a configured port speed on 4-Gbps switching modules.
Page 392: Dynamic Bandwidth Management
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Buffer Credit Allocation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 15-6 Dedicated Rate Mode Bandwidth Reservation for Generation 3 Fibre Channel Modules (continued)
Page 393: Buffer Pools
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Buffer Credit Allocation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 394 Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Buffer Credit Allocation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 15-2 shows the default BB_credit buffer allocation model for 48-port 8-Gbps switching modules.
Page 395: Bb_Credit Buffers For Switching Modules
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Buffer Credit Allocation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 15-4 shows the default BB_credit buffer allocation model for 4/44-port 8-Gbps Host-Optimized switching modules.
Page 396: Port 8-Gbps Fibre Channel Module Bb_Credit Buffers
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Buffer Credit Allocation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 397: Port 8-Gbps Fibre Channel Module Bb_Credit Buffers
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Buffer Credit Allocation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 24-Port 8-Gbps Fibre Channel Module BB_Credit Buffers Table 15-8 lists the BB_credit buffer allocation for the 24-port 8-Gbps Fibre Channel switching module.
Page 398: Port 8-Gbps Host-Optimized Fibre Channel Module Bb_Credit Buffers
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Buffer Credit Allocation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 4/44-Port 8-Gbps Host-Optimized Fibre Channel Module BB_Credit Buffers Table 15-9 lists the BB_credit buffer allocation for the 4/44-port 8-Gbps Fibre Channel switching...
Page 399: Port 4-Gbps Fibre Channel Module Bb_Credit Buffers
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Buffer Credit Allocation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 48-Port 4-Gbps Fibre Channel Module BB_Credit Buffers Table 15-10 lists the BB_credit buffer allocation for 48-port 4-Gbps Fibre Channel switching modules.
Page 400 Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Buffer Credit Allocation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 15-6 Example Speed and Rate Configuration on a 48-Port 4-Gbps Switching Module 4-Gbps...
Page 401: Port 4-Gbps Fibre Channel Module Bb_Credit Buffers
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Buffer Credit Allocation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 24-Port 4-Gbps Fibre Channel Module BB_Credit Buffers Table 15-11 lists the BB_credit buffer allocation for 24-port 4-Gbps Fibre Channel switching modules.
Page 402: Port Fibre Channel/4-Port Gigabit Ethernet Multiservice Module Bb_Credit Buffers
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Buffer Credit Allocation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 15-8 Example Speed and Rate Configuration on a 24-Port 4-Gbps Switching Module 4-Gbps...
Page 403 Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Buffer Credit Allocation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 15-13 12-Port 4-Gbps Switching Module BB_Credit Buffer Allocation BB_Credit Buffers Per Port...
Page 404: Port 10-Gbps Switching Module Bb_Credit Buffers
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Buffer Credit Allocation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 4-Port 10-Gbps Switching Module BB_Credit Buffers Table 15-14 lists the BB_credit buffer allocation for 4-port 10-Gbps switching modules.
Page 405: Bb_Credit Buffers For Fabric Switches
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Buffer Credit Allocation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m BB_Credit Buffers for Fabric Switches This section describes how buffer credits are allocated to Cisco MDS 9000 Fabric switches, and includes the following topics:...
Page 406: Cisco Mds 9222I Multiservice Modular Switch Bb_Credit Buffers
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Combining Generation 1, Generation 2, and Generation 3 Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 1.
Page 407: Port Indexes
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Combining Generation 1, Generation 2, and Generation 3 Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 408 Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Combining Generation 1, Generation 2, and Generation 3 Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m range | Total | Index values...
Page 409: Portchannels
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Combining Generation 1, Generation 2, and Generation 3 Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m powered-dn Insufficient resources (dest Index) * this terminal session...
Page 410 Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Combining Generation 1, Generation 2, and Generation 3 Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The number of PortChannels allowed does not depend on the type of supervisor module.
Page 411 Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Combining Generation 1, Generation 2, and Generation 3 Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 15-19 PortChannel Configuration and Addition Results Configured Speed...
Page 412: Configuring Module Interface Shared Resources
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Configuring Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 15-19 PortChannel Configuration and Addition Results (continued) Configured Speed...
Page 413: Displaying Interface Capabilities
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Configuring Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Displaying Interface Capabilities Before configuring a Generation 2 or Generation 3 interface, you can use the show interface capabilities command to display detailed information about the capabilities of the interface.
Page 414: Configuration Guidelines For 48-Port, 24-Port, And 4/44-Port 8-Gbps Fibre Channel Switching Modules
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Configuring Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuration Guidelines for 48-Port, 24-Port, and 4/44-Port 8-Gbps Fibre Channel Switching Modules The 48-Port, 24-Port, and 4/44-Port 8-Gbps Fibre Channel switching modules support the following...
Page 415: Configuration Guidelines For 48-Port And 24-Port 4-Gbps Fibre Channel Switching Modules
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Configuring Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m ISL ports cannot operate in shared rate mode.
Page 416: Migrating From Dedicated Mode To Shared Mode
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Configuring Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Migrating from Dedicated Mode to Shared Mode To configure 48-port and 24-port 4-Gbps Fibre Channel switching modules migrating from dedicated rate mode to shared rate mode, follow these guidelines:...
Page 417: Configuration Guidelines For 4-Port 10-Gbps Switching Module Interfaces
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Configuring Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuration Guidelines for 4-Port 10-Gbps Switching Module Interfaces The 4-port 10-Gbps switching modules support the following features: •...
Page 418 Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Configuring Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure the port speed on an interface on a 4-Gbps or 8-Gbps switching module, follow these steps: Command Purpose...
Page 419: Configuring Rate Mode
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Configuring Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 0 discards, 0 errors 0 CRC, 0 unknown class...
Page 420 Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Configuring Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m fc9/1 shared fc9/2...
Page 421 Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Configuring Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m -------------------------------------------------------------------- Interfaces in the Port-Group B2B Credit...
Page 422 Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Configuring Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m fc4/25 shared fc4/26...
Page 423 Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Configuring Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Interfaces in the Port-Group B2B Credit Bandwidth...
Page 424: Configuring Oversubscription Ratio Restrictions
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Configuring Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Buffers (Gbps) --------------------------------------------------------------------...
Page 425 Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Configuring Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m All ports in the 48-port and 24-port 4-Gbps modules can be configured to operate at 4 Gbps in shared mode even if other ports in the port group are configured in dedicated mode, regardless of available bandwidth.
Page 426: Disabling Restrictions On Oversubscription Ratios
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Configuring Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Port-Group 2 Total bandwidth is 12.8 Gbps Total shared bandwidth is 0.8 Gbps...
Page 427: Oversubscription Ratio Restrictions Example
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Configuring Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 15-1 Module with Restrictions on Oversubscription Ratios Disabled switch# show running-config version 3.1(1)
Page 428 Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Configuring Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m fc2/44 shared fc2/45...
Page 429: Enabling Restrictions On Oversubscription Ratios
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Configuring Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m no rate-mode oversubscription-limit module 2 <---indicates no restrictions on oversubscrption ratios Save the new oversubscription ratio configuration to the startup configuration.
Page 430: Enabling Bandwidth Fairness
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Configuring Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m As of Cisco SAN-OS Release 3.1(2), all 48-port and 24-port 4-Gbps Fibre Channel switching modules, as well as 18-port Fibre Channel/4-port Gigabit Ethernet Multiservice modules, have bandwidth fairness enabled by default.
Page 431: Upgrade Or Downgrade Scenario
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Configuring Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 2...
Page 432: Releasing Shared Resources In A Port Group
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Configuring Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 4...
Page 433: Enabling The Buffer-To-Buffer State Change Number
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Configuring Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To release the shared resources for a port group, follow these steps: Command Purpose...
Page 434: Disabling Acl Adjacency Sharing For System Image Downgrade
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Disabling ACL Adjacency Sharing for System Image Downgrade S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Disabling ACL Adjacency Sharing for System Image Downgrade Fibre Channel ACL adjacency sharing is enabled by default on the switches with an active Generation 2 switching module as of Cisco MDS SAN-OS Release 3.0(3), and with an active Generation 3 module as...
Page 435: Configuring A 48-Port 8-Gbps Fibre Channel Switching Module Example
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 436: Configuring A 24-Port 8-Gbps Fibre Channel Switching Module Example
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring a 24-Port 8-Gbps Fibre Channel Switching Module Example These steps describe how to configure the 24-port 8-Gbps module interfaces: Select interfaces fc 3/1.
Page 437: Configuring A 24-Port 4-Gbps Fibre Channel Switching Module Example
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch# config t switch(config)# interface fc 4/1 Configure the port speed, rate mode, and port mode on the interfaces.
Page 438: Configuring A 48-Port 4-Gbps Fibre Channel Switching Module Example
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch(config-if)# switchport rate-mode shared switch(config-if)# switchport mode f Enable the interfaces and return to configuration mode.
Page 439: Default Settings
Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Default Settings Table 15-21 lists the default settings for Generation 2 interface parameters.
Page 440 Chapter 15 Configuring Generation 2 and Generation 3 Switching Modules Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide 15-56 OL-18084-01, Cisco MDS NX-OS Release 4.x...
Page 441: About Trunking
D r a f t Ve r s i o n 3 - 0 3 D e c 2 0 0 8 - C i s c o C o n f i d e n t i a l C H A P T E R Configuring Trunking This chapter describes the trunking feature provided in Cisco MDS 9000 switches.
Page 442: Trunking E Ports
Chapter 16 Configuring Trunking About Trunking D r a f t Ve r s i o n 3 - 0 3 D e c 2 0 0 8 - C i s c o C o n f i d e n t i a l Trunking E Ports Trunking the E ports enables interconnect ports to transmit and receive frames in more than one VSAN, over the same physical link, using enhanced ISL (EISL) frame format.
Page 443: Chapter 16 Configuring Trunking
Chapter 16 Configuring Trunking Trunking Guidelines and Restrictions D r a f t Ve r s i o n 3 - 0 3 D e c 2 0 0 8 - C i s c o C o n f i d e n t i a l Link Number Link Description 1a and 1b...
Page 444: Trunking Misconfiguration Examples
Chapter 16 Configuring Trunking Trunking Guidelines and Restrictions D r a f t Ve r s i o n 3 - 0 3 D e c 2 0 0 8 - C i s c o C o n f i d e n t i a l The trunk-allowed VSANs configured for TE, TF, and TNP links are used by the trunking protocol •...
Page 445: Upgrade And Downgrade Restrictions
Chapter 16 Configuring Trunking Trunking Guidelines and Restrictions D r a f t Ve r s i o n 3 - 0 3 D e c 2 0 0 8 - C i s c o C o n f i d e n t i a l Figure 16-4 Third-Party Switch VSAN Mismatch Third-party switches...
Page 446 Chapter 16 Configuring Trunking Trunking Guidelines and Restrictions D r a f t Ve r s i o n 3 - 0 3 D e c 2 0 0 8 - C i s c o C o n f i d e n t i a l B2B State Change Number is 14 Receive data field Size is 2112 Beacon is turned off...
Page 447: Enabling The Trunking Protocols
Chapter 16 Configuring Trunking Enabling the Trunking Protocols D r a f t Ve r s i o n 3 - 0 3 D e c 2 0 0 8 - C i s c o C o n f i d e n t i a l Enabling the Trunking Protocols This section explains how to enable or disable the required trunking and channeling protocols represented in...
Page 448: Enabling The Cisco Trunking And Channeling Protocols
Chapter 16 Configuring Trunking Configuring Trunk Mode and VSAN List D r a f t Ve r s i o n 3 - 0 3 D e c 2 0 0 8 - C i s c o C o n f i d e n t i a l Enabling the Cisco Trunking and Channeling Protocols To enable or disable the Cisco trunking and channeling protocol, follow these steps: Command...
Page 449: Configuring Trunk Mode
Chapter 16 Configuring Trunking Configuring Trunk Mode and VSAN List D r a f t Ve r s i o n 3 - 0 3 D e c 2 0 0 8 - C i s c o C o n f i d e n t i a l Table 16-2 Trunk Mode Status Between Switches Your Trunk Mode Configuration...
Page 450 Chapter 16 Configuring Trunking Configuring Trunk Mode and VSAN List D r a f t Ve r s i o n 3 - 0 3 D e c 2 0 0 8 - C i s c o C o n f i d e n t i a l The common set of VSANs that are configured and active in the switch are included in the trunk-allowed VSAN list for an interface, and they are called allowed-active VSANs.
Page 451 Chapter 16 Configuring Trunking Configuring Trunk Mode and VSAN List D r a f t Ve r s i o n 3 - 0 3 D e c 2 0 0 8 - C i s c o C o n f i d e n t i a l Figure 16-5 Default Allowed-Active VSAN Configuration Switch 2...
Page 452: Configuring An Allowed-Active List Of Vsans
Chapter 16 Configuring Trunking Example F Port Trunking Configuration D r a f t Ve r s i o n 3 - 0 3 D e c 2 0 0 8 - C i s c o C o n f i d e n t i a l Figure 16-6 Operational and Allowed VSAN Configuration Switch 2...
Page 453: Displaying Trunking Information
Chapter 16 Configuring Trunking Displaying Trunking Information D r a f t Ve r s i o n 3 - 0 3 D e c 2 0 0 8 - C i s c o C o n f i d e n t i a l switch(config)# feature npiv Step 3 Configure the port mode to auto, F, or Fx on the MDS core switch:...
Page 454: Default Settings
Chapter 16 Configuring Trunking Default Settings D r a f t Ve r s i o n 3 - 0 3 D e c 2 0 0 8 - C i s c o C o n f i d e n t i a l Example 16-2 Displays the Trunking Protocol switch# show trunk protocol Trunk protocol is enabled...
Page 455: About Portchannels
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring PortChannels This chapter discusses the PortChannel feature provided in the switch and includes the following...
Page 456: C H A P T E R 17 Configuring Portchannels
Chapter 17 Configuring PortChannels About PortChannels S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m PortChannels on Cisco MDS 9000 Family switches allow flexibility in configuration.
Page 457: About F And Tf Portchannels
Chapter 17 Configuring PortChannels About PortChannels S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About F and TF PortChannels An F PortChannel is also a logical interface that combines a set of F ports connected to the same Fibre Channel node and operates as one link between the F ports and the NP ports.
Page 458: About Load Balancing
Chapter 17 Configuring PortChannels About PortChannels S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m –...
Page 459 Chapter 17 Configuring PortChannels About PortChannels S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 17-4 SID1 and DID1 Based Load Balancing Link 1...
Page 460: About Portchannel Modes
Chapter 17 Configuring PortChannels About PortChannels S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 17-5 SID1, DID1, and Exchange Based Load Balancing Link 1...
Page 461: Configuration Guidelines And Restrictions
Chapter 17 Configuring PortChannels About PortChannels S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 17-1 compares ON and ACTIVE modes.
Page 462: F And Tf Portchannel Restrictions
Chapter 17 Configuring PortChannels About PortChannels S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 463: Portchannel Configuration
Chapter 17 Configuring PortChannels PortChannel Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m PortChannel Configuration PortChannels are created with default values.
Page 464: About Portchannel Configuration
Chapter 17 Configuring PortChannels PortChannel Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 17-7 Misconfigured Configurations Channel Group 10...
Page 465: Creating A Portchannel
Chapter 17 Configuring PortChannels PortChannel Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m If you misconfigure PortChannels, you may receive a misconfiguration message.
Page 466: About Portchannel Deletion
Chapter 17 Configuring PortChannels Interfaces in a PortChannel S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About PortChannel Deletion When you delete the PortChannel, the corresponding channel membership is also deleted.
Page 467: About Interface Addition To A Portchannel
Chapter 17 Configuring PortChannels Interfaces in a PortChannel S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Interface Addition to a PortChannel You can add a physical interface (or a range of interfaces) to an existing PortChannel.
Page 468: Adding An Interface To A Portchannel
Chapter 17 Configuring PortChannels Interfaces in a PortChannel S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Adding an Interface to a PortChannel To add an interface to a PortChannel, follow these steps: Command...
Page 469: About Interface Deletion From A Portchannel
Chapter 17 Configuring PortChannels PortChannel Protocols S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To force the addition of a port to a PortChannel, follow these steps: Command Purpose...
Page 470: About Channel Group Creation
Chapter 17 Configuring PortChannels PortChannel Protocols S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m A protocol to exchange PortChannel configurations is available in all Cisco MDS switches.
Page 471 Chapter 17 Configuring PortChannels PortChannel Protocols S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 17-8 Autocreating Channel Groups Channel Group 10...
Page 472: About Autocreation
Chapter 17 Configuring PortChannels PortChannel Protocols S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Autocreation The autocreation protocol has the following functionality: •...
Page 473: About Manually Configured Channel Groups
Chapter 17 Configuring PortChannels Example F and TF PortChannel Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 474 Chapter 17 Configuring PortChannels Example F and TF PortChannel Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch(config-if)# switchport mode F switch(config-if)# switchport trunk mode off switch(config-if)# switchport speed 4000...
Page 475: Verifying The Portchannel Configuration
Chapter 17 Configuring PortChannels Verifying the PortChannel Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch(config)# interface fc1/4-6 switch(config-if)# shut switch(config-if)# switchport mode F...
Page 476 Chapter 17 Configuring PortChannels Verifying the PortChannel Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m ------------------------------------------------------------------------------ port-channel 77 port-channel 78...
Page 477 Chapter 17 Configuring PortChannels Verifying the PortChannel Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 17-4 Displays the Consistency Status without Details switch# show port-channel consistency Database is consistent...
Page 478 Chapter 17 Configuring PortChannels Verifying the PortChannel Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 17-6 Displays the PortChannel Usage switch# show port-channel usage Totally 3 port-channel numbers used...
Page 479: Default Settings
Chapter 17 Configuring PortChannels Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Default Settings Table 17-3 lists the default settings for PortChannels.
Page 480 Chapter 17 Configuring PortChannels Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide 17-26 OL-18084-01, Cisco MDS NX-OS Release 4.x...
Page 481: Configuring Domain Parameters
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring Domain Parameters The Fibre Channel domain (fcdomain) feature performs principal switch selection, domain ID...
Page 482: C H A P T E R 18 Configuring Domain Parameters
Chapter 18 Configuring Domain Parameters Fibre Channel Domains S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Fibre Channel Domains This section describes each fcdomain phase: Principal switch selection—This phase guarantees the selection of a unique principal switch across...
Page 483: About Domain Restart
Chapter 18 Configuring Domain Parameters Fibre Channel Domains S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 484: Restarting A Domain
Chapter 18 Configuring Domain Parameters Fibre Channel Domains S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Restarting a Domain To restart the fabric disruptively or nondisruptively, follow these steps: Command...
Page 485: About Switch Priority
Chapter 18 Configuring Domain Parameters Fibre Channel Domains S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Switch Priority By default, the configured priority is 128.
Page 486: Configuring Fabric Names
Chapter 18 Configuring Domain Parameters Fibre Channel Domains S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Fabric Names To set the fabric name value for a disabled fcdomain, follow these steps: Command...
Page 487: Enabling Autoreconfiguration
Chapter 18 Configuring Domain Parameters Domain IDs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling Autoreconfiguration To enable automatic reconfiguration in a specific VSAN (or range of VSANs), follow these steps: Command...
Page 488 Chapter 18 Configuring Domain Parameters Domain IDs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m If you do not configure a domain ID, the local switch sends a random ID in its request.
Page 489: Specifying Static Or Preferred Domain Ids
Chapter 18 Configuring Domain Parameters Domain IDs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m –...
Page 490: About Allowed Domain Id Lists
Chapter 18 Configuring Domain Parameters Domain IDs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To specify a static or preferred domain ID, follow these steps: Command Purpose...
Page 491: Configuring Allowed Domain Id Lists
Chapter 18 Configuring Domain Parameters Domain IDs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Allowed Domain ID Lists To configure the allowed domain ID list, follow these steps: Command...
Page 492: Discarding Changes
Chapter 18 Configuring Domain Parameters Domain IDs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Locking the Fabric The first action that modifies the existing configuration creates the pending configuration and locks the feature in the fabric.
Page 493: Displaying Cfs Distribution Status
Chapter 18 Configuring Domain Parameters Domain IDs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Displaying CFS Distribution Status You can display the status of CFS distribution for allowed domain ID lists using the show fcdomain status command.
Page 494: About Contiguous Domain Id Assignments
Chapter 18 Configuring Domain Parameters FC IDs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Contiguous Domain ID Assignments By default, the contiguous domain assignment is disabled.
Page 495: About Persistent Fc Ids
Chapter 18 Configuring Domain Parameters FC IDs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 496: About Persistent Fc Id Configuration
Chapter 18 Configuring Domain Parameters FC IDs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 2...
Page 497: Configuring Persistent Fc Ids
Chapter 18 Configuring Domain Parameters FC IDs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Persistent FC IDs To configure persistent FC IDs, follow these steps: Command...
Page 498 Chapter 18 Configuring Domain Parameters FC IDs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m INTERFACE VSAN FCID...
Page 499: About Persistent Fc Id Selective Purging
Chapter 18 Configuring Domain Parameters Displaying fcdomain Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Persistent FC ID Selective Purging Persistent FC IDs can be purged selectively.
Page 500 Chapter 18 Configuring Domain Parameters Displaying fcdomain Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Principal switch run time information: Running priority: 128 No interfaces available.
Page 501 Chapter 18 Configuring Domain Parameters Displaying fcdomain Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 18-5 Displays All Persistent FC IDs in the fcdomain switch# show fcdomain fcid persistent Total entries 2.
Page 502: Default Settings
Chapter 18 Configuring Domain Parameters Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Number reserved FCIDs: 61697 Use the show fcdomain address-allocation cache command to display the valid address allocation cache.
Page 503: About The Command Scheduler
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Scheduling Maintenance Jobs The Cisco MDS command scheduler feature helps you schedule configuration and maintenance jobs in...
Page 504: C H A P T E R 19 Scheduling Maintenance Jobs
Chapter 19 Scheduling Maintenance Jobs Configuring the Command Scheduler S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m –...
Page 505: Enabling The Command Scheduler
Chapter 19 Scheduling Maintenance Jobs Configuring the Command Scheduler S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 506: Defining A Job
Chapter 19 Scheduling Maintenance Jobs Configuring the Command Scheduler S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure remote user authentication, follow these steps: Command Purpose...
Page 507: Verifying The Job Definition
Chapter 19 Scheduling Maintenance Jobs Configuring the Command Scheduler S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To define a job for the command scheduler, follow these steps: Command Purpose...
Page 508: Deleting A Job
Chapter 19 Scheduling Maintenance Jobs Configuring the Command Scheduler S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m vsan 99 interface fc1/4 Deleting a Job To delete a job for the command scheduler, follow these steps:...
Page 509: Specifying A One-Time Schedule
Chapter 19 Scheduling Maintenance Jobs Configuring the Command Scheduler S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Specifies a job to be executed every 48 hours switch(config-schedule)# time start now repeat 48:00...
Page 510: Verifying Scheduler Configuration
Chapter 19 Scheduling Maintenance Jobs Configuring the Command Scheduler S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Verifying Scheduler Configuration To display the scheduler configuration, use the show scheduler config command.
Page 511: Deleting A Schedule Time
Chapter 19 Scheduling Maintenance Jobs Execution Logs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Deleting a Schedule Time To delete the schedule time, follow these steps: Command...
Page 512: Configuring Execution Logs
Chapter 19 Scheduling Maintenance Jobs Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Execution Logs To configure the execution log file size, follow these steps: Command...
Page 513 Chapter 19 Scheduling Maintenance Jobs Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 19-1 Default Command Scheduler Parameters Parameters...
Page 514 Chapter 19 Scheduling Maintenance Jobs Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide 19-12 OL-18084-01, Cisco MDS NX-OS Release 4.x...
Page 515 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m A R T Fabric Configuration...
Page 516 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m...
Page 517: About Vsans
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring and Managing VSANs You can achieve higher security and greater stability in Fibre Channel fabrics by using virtual SANs...
Page 518: Chapter 20 Configuring And Managing Vsan
Chapter 20 Configuring and Managing VSANs About VSANs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 519: Vsan Advantages
Chapter 20 Configuring and Managing VSANs About VSANs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 20-2 Example of Two VSANs Link in VSAN 2...
Page 520: Vsans Versus Zones
Chapter 20 Configuring and Managing VSANs About VSANs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 521: Vsan Configuration
Chapter 20 Configuring and Managing VSANs VSAN Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 20-3 VSANS with Zoning Physical Topology...
Page 522: About Vsan Creation
Chapter 20 Configuring and Managing VSANs VSAN Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m OX ID based load balancing of IVR traffic from IVR- enabled switches is not supported on Note Generation 1 switching modules.
Page 523: About Port Vsan Membership
Chapter 20 Configuring and Managing VSANs VSAN Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 4...
Page 524: About The Default Vsan
Chapter 20 Configuring and Managing VSANs VSAN Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 20-1 Displays Membership Information for the Specified VSAN switch # show vsan 1 membership vsan 1 interfaces:...
Page 525: Displaying Isolated Vsan Membership
Chapter 20 Configuring and Managing VSANs VSAN Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m When you configure a port in VSAN 4094 or move a port to VSAN 4094, that port is immediately Note isolated.
Page 526: Deleting Static Vsans
Chapter 20 Configuring and Managing VSANs VSAN Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 20-4 VSAN Port Membership Details Before...
Page 527: Configuring Load Balancing
Chapter 20 Configuring and Managing VSANs Displaying Static VSAN Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Load Balancing To configure load balancing on an existing VSAN, follow these steps: Command...
Page 528: Default Settings
Chapter 20 Configuring and Managing VSANs Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 20-5 Displays the VSAN Usage switch# show vsan usage 4 vsan configured...
Page 529: About Sdv
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R SAN Device Virtualization This chapter describes how to configure virtual devices to represent physical end devices for switches...
Page 530: Chapter 21 San Device Virtualization
Chapter 21 SAN Device Virtualization About SDV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 21-1 Target Virtualization Primary target...
Page 531 Chapter 21 SAN Device Virtualization About SDV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m If a storage array is replaced without using Cisco SDV, then it may require the following actions: Taking down a server to modify zoning and account for the new array.
Page 532: Key Concepts
Chapter 21 SAN Device Virtualization Configuring SDV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Key Concepts The following terms are used throughout this chapter: •...
Page 533: Configuring A Virtual Device
Chapter 21 SAN Device Virtualization Configuring SDV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m When you enable SDV, CFS distribution is also enabled;...
Page 534 Chapter 21 SAN Device Virtualization Configuring SDV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure a virtual device and commit it to the fabric configuration, follow these steps: Command Purpose...
Page 535: Configuring A Zone For A Virtual Device
Chapter 21 SAN Device Virtualization Configuring SDV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m This example shows the virtual device status with automatic failover configuration, after the failover: switch# show sdv database sdv virtual-device name vdev1 vsan 1...
Page 536 Chapter 21 SAN Device Virtualization Configuring SDV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 21-6 Zoning the Virtual Device with Real Devices SAN Device Virtualization Zone...
Page 537: Configuring A Virtual Device With A Static Fc Id
Chapter 21 SAN Device Virtualization Configuring SDV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Set the device alias mode to enhanced when using SDV (because the pWWN of a virtual device could change).
Page 538: Linking A Virtual Device With A Physical Device
Chapter 21 SAN Device Virtualization Configuring SDV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Linking a Virtual Device with a Physical Device After creating a virtual device and configuring it as part of a zone, you can define the primary device for it using the link command, which is also used to fail over to the secondary device.
Page 539: Real Initiator And Sdv Virtual Target With Lun
Chapter 21 SAN Device Virtualization Configuring SDV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 540: Sdv Requirements And Guidelines
Chapter 21 SAN Device Virtualization SDV Requirements and Guidelines S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m A blank commit is a commit operation that does not contain configuration changes, and enforces the SDV configuration of the committing switch fabric-wide.
Page 541: Clearing Sdv Changes
Chapter 21 SAN Device Virtualization SDV Requirements and Guidelines S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m There must be at least one SDV-enabled switch that is not a Cisco MDS 9124 Switch between the server Caution and the device that are being virtualized.
Page 542: Downgrading With Attributes Configured
Chapter 21 SAN Device Virtualization SDV Configuration Example S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Downgrading with Attributes Configured As of MDS NX-OS Release 4.1(1a), SDV supports failover and fallback attribute configuration.
Page 543 Chapter 21 SAN Device Virtualization SDV Configuration Example S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch(config)# do show fcns database vsan 2 VSAN 2: --------------------------------------------------------------------------...
Page 544: Displaying Sdv Information
Chapter 21 SAN Device Virtualization Displaying SDV Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m pwwn 50:00:53:00:01:c9:70:01 [vdev1] pwwn 21:00:03:04:55:cf:d6:40 Activate the new zone configuration.
Page 545: Default Settings
Chapter 21 SAN Device Virtualization Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To display the results of the last CFS SDV fabric merge for a VSAN, enter this command: switch# show sdv merge status vsan Merge Status for VSAN...
Page 546 Chapter 21 SAN Device Virtualization Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide 21-18 OL-18084-01, Cisco MDS NX-OS Release 4.x...
Page 547: Dpvm
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Creating Dynamic VSANs Port VSAN membership on the switch is assigned on a port-by-port basis.
Page 548: Chapter 22 Creating Dynamic Vsan
Chapter 22 Creating Dynamic VSANs DPVM S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m DPVM does not cause any changes to device addressing.
Page 549: About Dpvm Databases
Chapter 22 Creating Dynamic VSANs DPVM S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To enable DPVM on any participating switch, follow these steps: Command Purpose...
Page 550: Activating Dpvm Config Databases
Chapter 22 Creating Dynamic VSANs DPVM S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 4...
Page 551: Enabling Autolearning
Chapter 22 Creating Dynamic VSANs DPVM S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Autolearning is only supported for devices connected to F ports.
Page 552: Dpvm Database Distribution
Chapter 22 Creating Dynamic VSANs DPVM Database Distribution S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m DPVM Database Distribution If the DPVM database is available on all switches in the fabric, devices can be moved anywhere and offer the greatest flexibility.
Page 553: About Locking The Fabric
Chapter 22 Creating Dynamic VSANs DPVM Database Distribution S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Locking the Fabric The first action that modifies the existing configuration creates the DPVM pending database and locks the feature in the fabric.
Page 554: Clearing A Locked Session
Chapter 22 Creating Dynamic VSANs Database Merge Guidelines S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Discarding Changes If you discard (abort) the changes made to the DPVM pending database, the configurations remain unaffected and the lock is released.
Page 555: About Copying Dpvm Databases
Chapter 22 Creating Dynamic VSANs Database Merge Guidelines S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Copying DPVM Databases The following circumstances may require the active DPVM database to be copied to the DPVM config database:...
Page 556: Displaying Dpvm Merge Status And Statistics
Chapter 22 Creating Dynamic VSANs Displaying DPVM Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 557: Sample Dpvm Configuration
Chapter 22 Creating Dynamic VSANs Sample DPVM Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 22-1 Displays the DPVM Configuration Status switch# show dpvm status DB is activated successfully, auto-learn is on...
Page 558 Chapter 22 Creating Dynamic VSANs Sample DPVM Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch1(config)# feature dpvm switch1(config)# end switch1# show dpvm database...
Page 559 Chapter 22 Creating Dynamic VSANs Sample DPVM Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch9# show dpvm status DB is activated successfully, auto-learn is on Access switch3 and issue the following commands.
Page 560: Default Settings
Chapter 22 Creating Dynamic VSANs Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m These basic steps help you ascertain that the information is identical in all the switches in the fabric.
Page 561: Inter-Vsan Routing
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring Inter-VSAN Routing This chapter explains the Inter-VSAN routing (IVR) feature and provides details on sharing resources...
Page 562: C H A P T E R 23 Configuring Inter-Vsan Routing
Chapter 23 Configuring Inter-VSAN Routing Inter-VSAN Routing S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About IVR IVR is not supported on the Cisco MDS 9124 Fabric Switch, the Cisco MDS 9134 Fabric Switch, the Note...
Page 563: Ivr Features
Chapter 23 Configuring Inter-VSAN Routing Inter-VSAN Routing S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m IVR Features IVR supports the following features: •...
Page 564: Ivr Limits Summary
Chapter 23 Configuring Inter-VSAN Routing Inter-VSAN Routing S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 565: Ivr Nat Requirements And Guidelines
Chapter 23 Configuring Inter-VSAN Routing Inter-VSAN Routing S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m IVR NAT Without Network Address Translation (NAT), IVR requires unique domain IDs for all switches in the fabric.
Page 566: Ivr Vsan Topology
Chapter 23 Configuring Inter-VSAN Routing Inter-VSAN Routing S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 23-2 Extended Link Service Messages Supported by IVR NAT (continued) Link Service Command...
Page 567: Autonomous Fabric Id
Chapter 23 Configuring Inter-VSAN Routing Inter-VSAN Routing S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Autonomous Fabric ID The autonomous fabric ID (AFID) distinguishes segmented VSANS (that is, two VSANs that are logically and physically separate but have the same VSAN number).
Page 568: Service Group Activation
Chapter 23 Configuring Inter-VSAN Routing IVR Configuration Task List S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Service Group Activation A configured service group must be activated for it take effect.
Page 569: Enabling Ivr
Chapter 23 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 570: Distributing The Ivr Configuration Using Cfs
Chapter 23 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Distributing the IVR Configuration using CFS The IVR feature uses the Cisco Fabric Services (CFS) infrastructure to enable efficient configuration management and to provide a single point of configuration for the entire fabric in the VSAN (see...
Page 571: Committing The Changes
Chapter 23 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Locking the Fabric The first action that modifies the database creates the pending database and locks the feature in the VSAN.
Page 572: About Ivr Nat And Auto Topology
Chapter 23 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About IVR NAT and Auto Topology Before configuring an IVR SAN fabric to use IVR NAT and auto-topology, consider the following guidelines:...
Page 573: Service Group Guidelines
Chapter 23 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 574: Enabling Ivr Nat
Chapter 23 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling IVR NAT To configure IVR NAT, follow these steps: Command...
Page 575: Copying The Active Ivr Service Group Database
Chapter 23 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 4...
Page 576: About Afids
Chapter 23 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m IVR-SG1 IVR-SG2 Total:...
Page 577: Configuring Individual Afids
Chapter 23 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Individual AFIDs To configure individual AFIDs, follow these steps: Command...
Page 578: Domain Id Guidelines
Chapter 23 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m IVR-enabled VSANs can be configured when the interop mode is enabled (any interop mode) or disabled Note (no interop mode).
Page 579: Configuring Ivr Without Nat
Chapter 23 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 580: Activating A Manually Configured Ivr Topology
Chapter 23 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure a user-defined IVR topology database, follow these steps: Command Purpose...
Page 581: Adding An Ivr-Enabled Switch To An Existing Ivr Topology
Chapter 23 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To activate the manually configured IVR topology database, follow these steps: Command Purpose...
Page 582: Copying The Active Ivr Topology
Chapter 23 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m After adding the switch to the IVR topology, you then enable IVR and CFS for the IVR application on the new switch (see the“Enabling IVR”...
Page 583: Migrating From Ivr Auto Topology Mode To Manual Mode
Chapter 23 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 20:02:00:44:22:00:4a:05 1-2,6 20:02:00:44:22:00:4a:07...
Page 584: Configuring Ivr Virtual Domains
Chapter 23 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Withdrawing an overlapping virtual domain from an IVR VSAN disrupts IVR traffic to and from that Note domain.
Page 585: About Persistent Fc Ids For Ivr
Chapter 23 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Persistent FC IDs for IVR You can configure persistent FC IDs for IVR.
Page 586: Configuring Persistent Fc Ids For Ivr
Chapter 23 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Persistent FC IDs for IVR To configure persistent FC IDs for IVR, follow these steps: Command...
Page 587: Configuring Ivr Logging Levels
Chapter 23 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m ---------------------------------------------------- 11:22:33:44:55:66:77:88 0x114466...
Page 588: Ivr Zones And Ivr Zone Sets
Chapter 23 Configuring Inter-VSAN Routing IVR Zones and IVR Zone Sets S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m IVR Zones and IVR Zone Sets As part of the IVR configuration, you need to configure one or more IVR zone to enable cross-VSAN communication.
Page 589: Automatic Ivr Zone Creation
Chapter 23 Configuring Inter-VSAN Routing IVR Zones and IVR Zone Sets S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Automatic IVR Zone Creation Figure 23-3 depicts an IVR zone consisting of four members.
Page 590: Configuring Ivr Zones And Ivr Zone Sets
Chapter 23 Configuring Inter-VSAN Routing IVR Zones and IVR Zone Sets S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring IVR Zones and IVR Zone Sets To create IVR zones and IVR zone sets, follow these steps: Command...
Page 591: About Activating Zone Sets And Using The Force Option
Chapter 23 Configuring Inter-VSAN Routing IVR Zones and IVR Zone Sets S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 15...
Page 592: Activating Or Deactivating Ivr Zone Sets
Chapter 23 Configuring Inter-VSAN Routing IVR Zones and IVR Zone Sets S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Using the force option of IVR zone set activation may cause traffic disruption, even for devices that are Caution not involved in IVR.
Page 593 Chapter 23 Configuring Inter-VSAN Routing IVR Zones and IVR Zone Sets S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 23-7 Displays Information for a Specified IVR Zone switch# show ivr zone name sample_vsan2-3 zone name sample_vsan2-3...
Page 594: About Luns In Ivr Zoning
Chapter 23 Configuring Inter-VSAN Routing IVR Zones and IVR Zone Sets S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 23-13 Displays Brief Information for the Active IVR Zone Set switch# show ivr zoneset brief Active zoneset name IVR_ZoneSet1...
Page 595: About Qos In Ivr Zones
Chapter 23 Configuring Inter-VSAN Routing IVR Zones and IVR Zone Sets S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 596: Renaming Ivr Zones And Ivr Zone Sets
Chapter 23 Configuring Inter-VSAN Routing Database Merge Guidelines S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Renaming IVR Zones and IVR Zone Sets You can rename IVR zones and IVR zone sets.
Page 597 Chapter 23 Configuring Inter-VSAN Routing Database Merge Guidelines S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m –...
Page 598: Resolving Database Merge Failures
Chapter 23 Configuring Inter-VSAN Routing Database Merge Guidelines S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m If only some of the switches in the fabrics are running Cisco SAN-OS Release 3.0(3) or later, and the Note number of zone members exceeds 10,000, you must either reduce the number of zone members in the...
Page 599: Example Configurations
Chapter 23 Configuring Inter-VSAN Routing Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 600 Chapter 23 Configuring Inter-VSAN Routing Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m ----------------------- fabric distribution disabled Last Action...
Page 601 Chapter 23 Configuring Inter-VSAN Routing Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m AFID SWITCH WWN Active...
Page 602: Auto-Topology Configuration
Chapter 23 Configuring Inter-VSAN Routing Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m mds(config)# exit mds# Verify the IVR zone set activation.
Page 603 Chapter 23 Configuring Inter-VSAN Routing Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 2 Verify that IVR is enabled on every IVR-enabled switch.
Page 604: Default Settings
Chapter 23 Configuring Inter-VSAN Routing Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m -------------------------------------------------------------- 20:00:00:0d:ec:08:6e:40 * 1,336-338...
Page 605: About Zoning
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring and Managing Zones Zoning enables you to set up access control between storage devices or user groups.
Page 606: Chapter 24 Configuring And Managing Zone
Chapter 24 Configuring and Managing Zones About Zoning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m –...
Page 607: Zone Implementation
Chapter 24 Configuring and Managing Zones About Zoning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 24-1 Fabric with Two Zones Zone 1...
Page 608: Zone Member Configuration Guidelines
Chapter 24 Configuring and Managing Zones About Zoning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 609 Chapter 24 Configuring and Managing Zones About Zoning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 610: Zone Configuration
Chapter 24 Configuring and Managing Zones Zone Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 24-3 Active and Full Zone Sets Full zone set...
Page 611: Configuring A Zone
Chapter 24 Configuring and Managing Zones Zone Sets S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring a Zone To configure a zone and assign a zone name, follow these steps: Command...
Page 612 Chapter 24 Configuring and Managing Zones Zone Sets S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 613: Activating A Zone Set
Chapter 24 Configuring and Managing Zones Zone Sets S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Activating a Zone Set Changes to a zone set do not take effect in a full zone set until you activate it.
Page 614: About Fc Alias Creation
Chapter 24 Configuring and Managing Zones Zone Sets S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 2...
Page 615: Creating Zone Sets And Adding Member Zones
Chapter 24 Configuring and Managing Zones Zone Sets S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 616 Chapter 24 Configuring and Managing Zones Zone Sets S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 4...
Page 617: Zone Enforcement
Chapter 24 Configuring and Managing Zones Zone Set Distribution S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m when the pWWN changes.
Page 618: Enabling Full Zone Set Distribution
Chapter 24 Configuring and Managing Zones Zone Set Distribution S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling Full Zone Set Distribution All switches in the Cisco MDS 9000 Family distribute active zone sets when new E port links come up or when a new zone set is activated in a VSAN.
Page 619: Importing And Exporting Zone Sets
Chapter 24 Configuring and Managing Zones Zone Set Distribution S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 620: Zone Set Duplication
Chapter 24 Configuring and Managing Zones Zone Set Duplication S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Zone Set Duplication You can make a copy and then edit it without altering the existing active zone set.
Page 621: Restoring Zones
Chapter 24 Configuring and Managing Zones Zone Set Duplication S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Restoring Zones Figure 24-7 Step 1...
Page 622: Cloning Zones, Zone Sets, Fc Aliases, And Zone Attribute Groups
Chapter 24 Configuring and Managing Zones Advanced Zone Attributes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cloning Zones, Zone Sets, FC Aliases, and Zone Attribute Groups To clone a zone, zone set, fcalias, or zone-attribute-group, follow these steps: Command...
Page 623: About Zone-Based Traffic Priority
Chapter 24 Configuring and Managing Zones Advanced Zone Attributes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Zone-Based Traffic Priority The zoning feature provides an additional segregation mechanism to prioritize select zones in a fabric and set up access control between devices.
Page 624: Configuring Default Zone Qos Priority Attributes
Chapter 24 Configuring and Managing Zones Advanced Zone Attributes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 7...
Page 625: Configuring Broadcast Zoning
Chapter 24 Configuring and Managing Zones Advanced Zone Attributes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Broadcast Zoning To broadcast frames in the basic zoning mode, follow these steps: Command...
Page 626: Configuring A Lun-Based Zone
Chapter 24 Configuring and Managing Zones Advanced Zone Attributes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m When LUN 0 is not included within a zone, then, as per standards requirements, control traffic to LUN Note 0 (for example, REPORT_LUNS, INQUIRY) is supported, but data traffic to LUN 0 (for example,...
Page 627: Assigning Luns To Storage Subsystems
Chapter 24 Configuring and Managing Zones Advanced Zone Attributes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Assigning LUNs to Storage Subsystems LUN masking and mapping restricts server access to specific LUNs.
Page 628: Displaying Zone Information
Chapter 24 Configuring and Managing Zones Displaying Zone Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 629 Chapter 24 Configuring and Managing Zones Displaying Zone Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m interface fc1/5 swwn 20:00:00:05:30:00:2a:1e ip-address 12.2.4.5 255.255.255.0 fcalias name Alias1 vsan 1...
Page 630 Chapter 24 Configuring and Managing Zones Displaying Zone Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 24-4 Displays Configured Zone Set Information for a Range of VSANs switch# show zoneset vsan 2-3 zoneset name ZoneSet2 vsan 2...
Page 631 Chapter 24 Configuring and Managing Zones Displaying Zone Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 24-8 Displays Zone Statistics switch# show zone statistics Statistics For VSAN: 1...
Page 632 Chapter 24 Configuring and Managing Zones Displaying Zone Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m ------------------------------------------------------------ Number of Data Protect Check Condition Sent: Example 24-11 Displays Active Zone Sets...
Page 633 Chapter 24 Configuring and Managing Zones Displaying Zone Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Active zoneset vsan 1667 zone name Zone1 vsan 1667 fcid 0x123456...
Page 634: Enhanced Zoning
Chapter 24 Configuring and Managing Zones Enhanced Zoning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m member fwwn 20:4f:00:0c:88:00:4a:e2 member interface fc2/1 swwn 20:00:00:05:30:00:4a:9e member pwwn 22:00:00:20:37:39:6b:dd...
Page 635: About Enhanced Zoning
Chapter 24 Configuring and Managing Zones Enhanced Zoning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 636: Changing From Enhanced Zoning To Basic Zoning
Chapter 24 Configuring and Managing Zones Enhanced Zoning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 2 Set the operation mode to enhanced zoning mode.
Page 637: Modifying The Zone Database
Chapter 24 Configuring and Managing Zones Enhanced Zoning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Modifying the Zone Database Modifications to the zone database is done within a session.
Page 638: Merging The Database
Chapter 24 Configuring and Managing Zones Enhanced Zoning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Create an attribute group.
Page 639: Merge Process
Chapter 24 Configuring and Managing Zones Enhanced Zoning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Remove all non-pWWN-type zone entries on all MDS switches running Cisco SAN-OS prior to merging Caution fabrics if there is a Cisco MDS 9020 switch running FabricWare in the adjacent fabric.
Page 640: Broadcasting A Zone
Chapter 24 Configuring and Managing Zones Enhanced Zoning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 2...
Page 641: Configuring System Default Zoning Settings
Chapter 24 Configuring and Managing Zones Enhanced Zoning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 5...
Page 642 Chapter 24 Configuring and Managing Zones Enhanced Zoning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m zoneset name testzoneset vsan 2 zone name testzone vsan 2 attribute read-only...
Page 643 Chapter 24 Configuring and Managing Zones Enhanced Zoning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 24-24 Displays the Zone Status for the Specified VSAN switch# show zone status vsan 2 VSAN: 2 default-zone: permit distribute: active only Interop: 100...
Page 644: Compacting The Zone Database For Downgrading
Chapter 24 Configuring and Managing Zones Compacting the Zone Database for Downgrading S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m member pwwn 21:00:00:20:37:60:43:0c Exchange Switch Support (ESS) defines a mechanism for two switches to exchange various supported features (see...
Page 645: Default Settings
Chapter 24 Configuring and Managing Zones Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 24-33 Full Zoning Analysis switch# show zone analysis vsan 1 Zoning database analysis vsan 1...
Page 646 Chapter 24 Configuring and Managing Zones Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 24-5 Default Basic Zone Parameters Parameters...
Page 647: About Device Aliases
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Distributing Device Alias Services All switches in the Cisco MDS 9000 Family support Distributed Device Alias Services (device alias) on...
Page 648: C H A P T E R 25 Distributing Device Alias Services
Chapter 25 Distributing Device Alias Services About Device Alias Modes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m A native device-alias configuration is not accepted in the interop mode VSAN.
Page 649: Resolving Merge And Device Alias Mode Mismatch
Chapter 25 Distributing Device Alias Services About Device Alias Modes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m If the application running on an enhanced fabric has a native device alias configuration, the application must fail the merge.
Page 650: Zone Aliases Versus Device Aliases
Chapter 25 Distributing Device Alias Services Device Alias Databases S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 651: Creating Device Aliases
Chapter 25 Distributing Device Alias Services Device Alias Databases S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 652: Committing Changes
Chapter 25 Distributing Device Alias Services Device Alias Databases S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 653: Fabric Lock Override
Chapter 25 Distributing Device Alias Services Device Alias Databases S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Fabric Lock Override If you have performed a device alias task and have forgotten to release the lock by either committing or discarding the changes, an administrator can release the lock from any switch in the fabric.
Page 654: Imported A Zone Alias
Chapter 25 Distributing Device Alias Services Device Alias Databases S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 25-3 Displays Device Alias Status When Distribution Is Disabled switch# show device-alias status Fabric Distribution: Disabled...
Page 655: Device Alias Statistics Cleanup
Chapter 25 Distributing Device Alias Services Database Merge Guidelines S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 25-5 Displays the Device Aliases in the Active Zone Set switch# show zoneset active zoneset name s1 vsan 1...
Page 656 Chapter 25 Distributing Device Alias Services Device Alias Configuration Verification S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 25-8 Displays the Pending Database with Modifications switch# show device-alias database pending device-alias name x pwwn 21:01:00:e0:8b:2e:80:93...
Page 657: Default Settings
Chapter 25 Distributing Device Alias Services Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 0x670200 21:00:00:e0:8b:0b:66:56 (Qlogic) scsi-fcp:init...
Page 658 Chapter 25 Distributing Device Alias Services Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 25-2 Default Device Alias Parameters Parameters...
Page 659 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring Fibre Channel Routing Services and Protocols...
Page 660: C H A P T E R 26 Configuring Fibre Channel Routing Services And Protocols
Chapter 26 Configuring Fibre Channel Routing Services and Protocols About FSPF S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About FSPF FSPF is the protocol currently standardized by the T11 committee for routing in Fibre Channel networks.
Page 661: Redundant Links
Chapter 26 Configuring Fibre Channel Routing Services and Protocols About FSPF S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Redundant Links To further improve on the topology in Figure...
Page 662: Fspf Global Configuration
Chapter 26 Configuring Fibre Channel Routing Services and Protocols FSPF Global Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 26-2 Shutting Down the Switch for the SmartBits Scenario PortChannel Scenario...
Page 663: Configuring Fspf On A Vsan
Chapter 26 Configuring Fibre Channel Routing Services and Protocols FSPF Global Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 26-3 LSR Default Settings LSR Option...
Page 664: Enabling Or Disabling Fspf
Chapter 26 Configuring Fibre Channel Routing Services and Protocols FSPF Interface Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling or Disabling FSPF To enable or disable FSPF routing protocols, follow these steps: Command...
Page 665: Configuring Fspf Link Cost
Chapter 26 Configuring Fibre Channel Routing Services and Protocols FSPF Interface Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring FSPF Link Cost To configure FSPF link cost, follow these steps: Command...
Page 666: Configuring Dead Time Intervals
Chapter 26 Configuring Fibre Channel Routing Services and Protocols FSPF Interface Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m An error is reported at the command prompt if the configured dead time interval is less than the hello Caution time interval.
Page 667: Disabling Fspf For Specific Interfaces
Chapter 26 Configuring Fibre Channel Routing Services and Protocols FSPF Routes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m FSPF must be enabled at both ends of the interface for the protocol to work.
Page 668: About Fibre Channel Routes
Chapter 26 Configuring Fibre Channel Routing Services and Protocols FSPF Routes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Fibre Channel Routes Each port implements forwarding logic, which forwards frames based on its FC ID.
Page 669 Chapter 26 Configuring Fibre Channel Routing Services and Protocols FSPF Routes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 2...
Page 670: About Broadcast And Multicast Routing
Chapter 26 Configuring Fibre Channel Routing Services and Protocols FSPF Routes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Broadcast and Multicast Routing Broadcast and multicast in a Fibre Channel fabric uses the concept of a distribution tree to reach all switches in the fabric.
Page 671: In-Order Delivery
Chapter 26 Configuring Fibre Channel Routing Services and Protocols In-Order Delivery S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m In-Order Delivery In-Order Delivery (IOD) of data frames guarantees frame delivery to a destination in the same order that they were sent by the originator.
Page 672: About Reordering Portchannel Frames
Chapter 26 Configuring Fibre Channel Routing Services and Protocols In-Order Delivery S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 26-5, the new path from Switch 1 to Switch 4 is faster.
Page 673 Chapter 26 Configuring Fibre Channel Routing Services and Protocols In-Order Delivery S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m We recommend that you only enable this feature when devices that cannot handle any out-of-order frames are present in the switch.
Page 674: Enabling In-Order Delivery Globally
Chapter 26 Configuring Fibre Channel Routing Services and Protocols In-Order Delivery S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling In-Order Delivery Globally To ensure that the in-order delivery parameters are uniform across all VSANs on an MDS switch, enable in-order delivery globally.
Page 675: Configuring The Drop Latency Time
Chapter 26 Configuring Fibre Channel Routing Services and Protocols In-Order Delivery S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m vsan 3451 inorder delivery:guaranteed vsan 3452 inorder delivery:guaranteed Configuring the Drop Latency Time...
Page 676: Flow Statistics Configuration
Chapter 26 Configuring Fibre Channel Routing Services and Protocols Flow Statistics Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m vsan 460 network latency:500 milliseconds Flow Statistics Configuration Flow statistics count the ingress traffic in the aggregated statistics table.
Page 677: Counting Individual Flow Statistics
Chapter 26 Configuring Fibre Channel Routing Services and Protocols Flow Statistics Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Counting Individual Flow Statistics To count the flow statistics for a source and destination FC ID in a VSAN, follow these steps: Command...
Page 678: Displaying Global Fspf Information
Chapter 26 Configuring Fibre Channel Routing Services and Protocols Flow Statistics Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 26-6 Displays Flow Index Usage for the Specified Module switch# show fcflow stats usage module 2 2 flows configured...
Page 679 Chapter 26 Configuring Fibre Channel Routing Services and Protocols Flow Statistics Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 680: Displaying Fspf Interfaces
Chapter 26 Configuring Fibre Channel Routing Services and Protocols Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 0x65(101) 0x00001094 0x00001084 Displaying FSPF Interfaces...
Page 681 Chapter 26 Configuring Fibre Channel Routing Services and Protocols Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 26-4 Default FSPF Settings (continued) Parameters...
Page 682 Chapter 26 Configuring Fibre Channel Routing Services and Protocols Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide 26-24 OL-18084-01, Cisco MDS NX-OS Release 4.x...
Page 683: Flogi
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Managing FLOGI, Name Server, FDMI, and RSCN Databases...
Page 684: C H A P T E R 27 Managing Flogi, Name Server, Fdmi, And Rscn Databases
Chapter 27 Managing FLOGI, Name Server, FDMI, and RSCN Databases FLOGI S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m fc9/13 0xb200d1 21:00:00:04:cf:4c:18:64...
Page 685: Name Server Proxy
Chapter 27 Managing FLOGI, Name Server, FDMI, and RSCN Databases Name Server Proxy S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Name Server Proxy The name server functionality maintains a database containing the attributes for all hosts and storage devices in each VSAN.
Page 686: Rejecting Duplicate Pwwns
Chapter 27 Managing FLOGI, Name Server, FDMI, and RSCN Databases Name Server Proxy S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Rejecting Duplicate pWWNs To reject duplicate pWWNs, follow these steps: Command...
Page 687: Fdmi
Chapter 27 Managing FLOGI, Name Server, FDMI, and RSCN Databases FDMI S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Total number of entries = 4 Example 27-7 Displays the Name Server Database Details switch# show fcns database detail...
Page 688: Displaying Fdmi
Chapter 27 Managing FLOGI, Name Server, FDMI, and RSCN Databases Displaying FDMI S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Using the FDMI functionality, the NX-OS software can extract the following management information about attached HBAs and host operating systems without installing proprietary host agents: Manufacturer, model, and serial number...
Page 689: Rscn
Chapter 27 Managing FLOGI, Name Server, FDMI, and RSCN Databases RSCN S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m ------------------------------- HBA-ID: 10:00:00:00:c9:32:8d:77 -------------------------------...
Page 690: About Rscn Information
Chapter 27 Managing FLOGI, Name Server, FDMI, and RSCN Databases RSCN S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 691: About The Multi-Pid Option
Chapter 27 Managing FLOGI, Name Server, FDMI, and RSCN Databases RSCN S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Number of RSCN received Number of RSCN sent = 24...
Page 692: Clearing Rscn Statistics
Chapter 27 Managing FLOGI, Name Server, FDMI, and RSCN Databases RSCN S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To suppress the transmission of these SW RSCNs over an ISL, follow these steps: Command Purpose...
Page 693: Verifying The Rscn Timer Configuration
Chapter 27 Managing FLOGI, Name Server, FDMI, and RSCN Databases RSCN S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The RSCN timer value must be the same on all switches in the VSAN.
Page 694: Enabling Rscn Timer Configuration Distribution
Chapter 27 Managing FLOGI, Name Server, FDMI, and RSCN Databases RSCN S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Only the RSCN timer configuration is distributed.
Page 695: Committing The Rscn Timer Configuration Changes
Chapter 27 Managing FLOGI, Name Server, FDMI, and RSCN Databases RSCN S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Committing the RSCN Timer Configuration Changes If you commit the changes made to the active database, the configuration is committed to all the switches in the fabric.
Page 696: Default Settings
Chapter 27 Managing FLOGI, Name Server, FDMI, and RSCN Databases Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Use the show rscn session status vsan command to display session status information for RSCN configuration distribution.
Page 697: About Scsi Lun Discovery
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Discovering SCSI Targets This chapter describes the SCSI LUN discovery feature provided in switches in the Cisco MDS 9000...
Page 698: Starting Scsi Lun Discovery
Chapter 28 Discovering SCSI Targets Displaying SCSI LUN Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Starting SCSI LUN Discovery To start SCSI LUN discovery, follow this step: Command...
Page 699: Chapter 28 Discovering Scsi Target
Chapter 28 Discovering SCSI Targets Displaying SCSI LUN Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m This command takes several minutes to complete, especially if the fabric is large or if several devices Note are slow to respond.
Page 700 Chapter 28 Discovering SCSI Targets Displaying SCSI LUN Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m -------------------------------------------------------------------------------- WIN 0x0 36704...
Page 701: About Ficon
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring FICON Fibre Connection (FICON) interface capabilities enhance the Cisco MDS 9000 Family by supporting...
Page 702: Chapter 29 Configuring Ficon
Chapter 29 Configuring FICON About FICON S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The Cisco MDS 9000 Family supports the Fibre Channel Protocol (FCP), FICON, iSCSI, and FCIP capabilities within a single, high availability platform.
Page 703: Mds-Specific Ficon Advantages
Chapter 29 Configuring FICON About FICON S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m MDS-Specific FICON Advantages This section explains the additional FICON advantages in Cisco MDS switches and includes the following topics:...
Page 704: Fcip Support
Chapter 29 Configuring FICON About FICON S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m VSANs enable global SAN consolidation by allowing you to convert existing SAN islands into virtual SAN islands on a single physical network.
Page 705: Vsans For Ficon And Fcp Mixing
Chapter 29 Configuring FICON About FICON S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m VSANs for FICON and FCP Mixing Cisco MDS 9000 Family FICON-enabled switches simplify deployment of even the most complex mixed environments.
Page 706 Chapter 29 Configuring FICON About FICON S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m zoning, read-only zones, and VSAN-based access control.
Page 707: Ficon Cascading
Chapter 29 Configuring FICON FICON Port Numbering S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m FICON Cascading The Cisco MDS NX-OS software allows multiple switches in a FICON network.
Page 708: Default Ficon Port Numbering Scheme
Chapter 29 Configuring FICON FICON Port Numbering S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 709 Chapter 29 Configuring FICON FICON Port Numbering S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Only Fibre Channel, PortChannel, and FCIP ports are mapped to FICON port numbers.
Page 710: Port Addresses
Chapter 29 Configuring FICON FICON Port Numbering S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 29-1 Default FICON Port Numbering in the Cisco MDS 9000 Family (continued) Implemented Port Allocation...
Page 711: Installed And Uninstalled Ports
Chapter 29 Configuring FICON FICON Port Numbering S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m FICON port numbers are not changed for ports that are active.
Page 712: Displaying The Ficon Port Number Assignments
Chapter 29 Configuring FICON FICON Port Numbering S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m When you assign, change, or release a port number, the port reloads.
Page 713: Reserving Ficon Port Numbers For Fcip And Portchannel Interfaces
Chapter 29 Configuring FICON FICON Port Numbering S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m You can use the default port numbers if they are available (see Table 29-1 on page 29-9) or if you reserve...
Page 714: Configuring Ficon
Chapter 29 Configuring FICON Configuring FICON S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m You cannot configure persistent FC IDs in FICON-enabled VSANs.
Page 715: Enabling And Disabling Ficon On The Switch
Chapter 29 Configuring FICON Configuring FICON S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m See the “Setting Up a Basic FICON Configuration”...
Page 716 Chapter 29 Configuring FICON Configuring FICON S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m --- Ficon Configuration Dialog --- This setup utility will guide you through basic Ficon Configuration on the system.
Page 717 Chapter 29 Configuring FICON Configuring FICON S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enable active=saved? (yes/no) [yes]: yes Step 11 Enter yes (the default is yes) if you wish to configure additional FICON VSANs.
Page 718: Manually Enabling Ficon On A Vsan
Chapter 29 Configuring FICON Configuring FICON S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m `zone default-zone permit vsan 2` `ficon vsan 2` `no host port control`...
Page 719: Configuring The Code-Page Option
Chapter 29 Configuring FICON Configuring FICON S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 5...
Page 720: Allowing The Host To Change Ficon Port Parameters
Chapter 29 Configuring FICON Configuring FICON S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To allow the host to move the switch to an offline state, follow these steps: Command Purpose...
Page 721: Clearing The Time Stamp
Chapter 29 Configuring FICON Configuring FICON S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure host control of the timestamp, follow these steps: Command Purpose...
Page 722: About Ficon Device Allegiance
Chapter 29 Configuring FICON Configuring FICON S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About FICON Device Allegiance FICON requires serialization of access among multiple mainframes, CLI, and SNMP sessions be maintained on Cisco MDS 9000 Family switches by controlling device allegiance for the currently...
Page 723: Configuring Ficon Ports
Chapter 29 Configuring FICON Configuring FICON Ports S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 29-2 Saving the Active FICON and Switch Configuration (continued) FICON-...
Page 724: Binding Port Numbers To Portchannels
Chapter 29 Configuring FICON Configuring FICON Ports S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 725: Port Prohibiting
Chapter 29 Configuring FICON Configuring FICON Ports S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m You cannot block or prohibit the CUP port (0XFE).
Page 726: Configuring Port Prohibiting
Chapter 29 Configuring FICON Configuring FICON Ports S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To change the default port prohibiting setting for all implemented interfaces on the switch, follow these steps: Command...
Page 727: About Rlir
Chapter 29 Configuring FICON Configuring FICON Ports S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 728: Displaying Rlir Information
Chapter 29 Configuring FICON Configuring FICON Ports S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To specify the RLIR preferred host for a VSAN, follow these steps: Command Purpose...
Page 729 Chapter 29 Configuring FICON Configuring FICON Ports S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Number of LIRR ACC sent = 26 Number of LIRR RJT sent...
Page 730 Chapter 29 Configuring FICON Configuring FICON Ports S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 29-3, if the column states that an FC ID is...
Page 731 Chapter 29 Configuring FICON Configuring FICON Ports S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 29-6 Displays Recent LIRs for a Specified Interface switch# show rlir recent interface fc1/1-4 Recent link incident records...
Page 732: Clearing Rlir Information
Chapter 29 Configuring FICON FICON Configuration Files S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Clearing RLIR Information Use the clear rlir statistics command to clear all existing statistics for a specified VSAN.
Page 733: About Ficon Configuration Files
Chapter 29 Configuring FICON FICON Configuration Files S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m See the “Managing Configuration Files”...
Page 734: Displaying Ficon Configuration Files
Chapter 29 Configuring FICON FICON Configuration Files S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 735: Copying Ficon Configuration Files
Chapter 29 Configuring FICON FICON Configuration Files S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Prohibited port addresses are 5,250-253,255(0x5,0xfa-0xfd,0xff) Use the show ficon vsan vsan-id file name command to display the contents of a specific FICON configuration file.
Page 736: Port Swapping
Chapter 29 Configuring FICON Port Swapping S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Key Counter is 5 FCID last byte is 0 Date/Time is same as system time (Wed Dec 3 20:10:45.924591 2003)
Page 737: Swapping Ports
Chapter 29 Configuring FICON Port Swapping S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 738: Ficon Tape Acceleration
Chapter 29 Configuring FICON FICON Tape Acceleration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 3 Issue the no shutdown command on each port to enable traffic flow.
Page 739: Configuring Ficon Tape Acceleration
Chapter 29 Configuring FICON FICON Tape Acceleration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 29-7 Host Accessing Peer-to-Peer VTS (Virtual Tape Server) 4 VTCs...
Page 740: Moving A Ficon Vsan To An Offline State
Chapter 29 Configuring FICON Moving a FICON VSAN to an Offline State S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 741: Placing Cups In A Zone
Chapter 29 Configuring FICON CUP In-Band Management S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m CUP is supported by switches and directors in the Cisco MDS 9000 Family.
Page 742: Displaying Ficon Information
Chapter 29 Configuring FICON Displaying FICON Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Control Unit Image:0x80b9c2c VSAN:20 CU:0x20fe00 CUI:0 CUD:0 CURLP:(nil) ASYNC LP:(nil) MODE:1 STATE:1 CQ LEN:0 MAX:0...
Page 743: Displaying Ficon Port Address Information
Chapter 29 Configuring FICON Displaying FICON Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m FCID last byte is 0 Date/Time is set by host to Sun Jun 26 00:04:06.991999 1904 Device allegiance is locked by Host...
Page 744: Displaying Ficon Configuration File Information
Chapter 29 Configuring FICON Displaying FICON Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m fc2/22 notConnected fc2/23...
Page 745 Chapter 29 Configuring FICON Displaying FICON Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Port address 80 Port name is Port is not blocked...
Page 746: Displaying The Configured Ficon State
Chapter 29 Configuring FICON Displaying FICON Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Displaying the Configured FICON State If FICON is enabled on a VSAN, you can display the port address information for that VSAN (see Example...
Page 747: Displaying Buffer Information
Chapter 29 Configuring FICON Displaying FICON Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Displaying Buffer Information Example 29-21, the Key Counter column displays the 32-bit value maintained by Cisco MDS...
Page 748: Displaying Ficon Information In The Startup Configuration
Chapter 29 Configuring FICON Displaying FICON Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 29-22 Displays the Running Configuration Information switch# show running-config Building Configuration ...
Page 749: Displaying Ficon-Related Log Information
Chapter 29 Configuring FICON Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 29-24 displays the switch response to an implicitly-issued copy running start command.
Page 750 Chapter 29 Configuring FICON Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 29-3 Default FICON Settings Parameters...
Page 751: Common Information Model
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Advanced Features and Concepts This chapter describes the advanced features provided in switches in the Cisco MDS 9000 Family.
Page 752: Chapter 30 Advanced Feature And Concept
Chapter 30 Advanced Features and Concepts Common Information Model S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m A CIM client is required to access the CIM server.
Page 753: Configuring The Transport Protocol For The Cim Server
Chapter 30 Advanced Features and Concepts Common Information Model S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring the transport protocol for the CIM server The default transport protocol for the CIM server is HTTP.
Page 754 Chapter 30 Advanced Features and Concepts Common Information Model S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m ----------------------------------------- Handler: root/cimv2:CIM_ListenerDestinationCIMXML.Thu Feb 07 14:32:44 IST...
Page 755: Fibre Channel Time Out Values
Chapter 30 Advanced Features and Concepts Fibre Channel Time Out Values S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 02/07/2008-16:38:27 INFO cimserver: Sent response to: 10.77.91.110 Example 30-10 Configuring CIM Server loglevel...
Page 756: Timer Configuration Across All Vsans
Chapter 30 Advanced Features and Concepts Fibre Channel Time Out Values S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Timer Configuration Across All VSANs You can modify Fibre Channel protocol related timer values for the switch.
Page 757: About Fctimer Distribution
Chapter 30 Advanced Features and Concepts Fibre Channel Time Out Values S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure per-VSAN Fiber Channel timers, follow these steps: Command Purpose...
Page 758: Discarding Fctimer Changes
Chapter 30 Advanced Features and Concepts Fibre Channel Time Out Values S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To commit the fctimer configuration changes, follow these steps: Command Purpose...
Page 759: Displaying Configured Fctimer Values
Chapter 30 Advanced Features and Concepts World Wide Names S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m –...
Page 760: Displaying Wwn Information
Chapter 30 Advanced Features and Concepts World Wide Names S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Changes to the world-wide names should be made by an administrator or individual who is completely Caution familiar with switch operations.
Page 761: Configuring A Secondary Mac Address
Chapter 30 Advanced Features and Concepts FC ID Allocation for HBAs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring a Secondary MAC Address To allocate secondary MAC addresses, follow these steps: Command...
Page 762: Verifying The Company Id Configuration
Chapter 30 Advanced Features and Concepts FC ID Allocation for HBAs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Persistent entries take precedence over company ID configuration.
Page 763: Switch Interoperability
Chapter 30 Advanced Features and Concepts Switch Interoperability S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m FCID area allocation company id info: <-------------------- Default entry 00:50:2E...
Page 764 Chapter 30 Advanced Features and Concepts Switch Interoperability S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 765 Chapter 30 Advanced Features and Concepts Switch Interoperability S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 30-2 Changes in Switch Behavior When Interoperability Is Enabled (continued) Switch Feature...
Page 766: Configuring Interop Mode 1
Chapter 30 Advanced Features and Concepts Switch Interoperability S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Interop Mode 1 The interop mode1 in Cisco MDS 9000 Family switches can be enabled disruptively or nondisruptively.
Page 767: Verifying Interoperating Status
Chapter 30 Advanced Features and Concepts Switch Interoperability S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 768 Chapter 30 Advanced Features and Concepts Switch Interoperability S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 2 Use the show interface brief command to verify if the interface states are as required by your configuration.
Page 769 Chapter 30 Advanced Features and Concepts Switch Interoperability S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m databits 5 speed 110 logging linecard...
Page 770: Default Settings
Chapter 30 Advanced Features and Concepts Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m FSPF Unicast Routes --------------------------- VSAN Number...
Page 771 Chapter 30 Advanced Features and Concepts Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 30-3 Default Settings for Advanced Features (continued) Parameters...
Page 772 Chapter 30 Advanced Features and Concepts Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide 30-22 OL-18084-01, Cisco MDS NX-OS Release 4.x...
Page 773 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m A R T Security...
Page 774 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m...
Page 775: Configuration Guidelines
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring FIPS The Federal Information Processing Standards (FIPS) Publication 140-2, Security Requirements for...
Page 776: Enabling Fips Mode
Chapter 31 Configuring FIPS Enabling FIPS Mode S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling FIPS Mode To enable FIPS mode, follow these steps: Command...
Page 777: Role-Based Authorization
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring Users and Common Roles The CLI and SNMP use common roles in all switches in the Cisco MDS 9000 Family.
Page 778: About Roles
Chapter 32 Configuring Users and Common Roles Role-Based Authorization S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Roles Each role can contain multiple users and each user can be part of multiple roles.
Page 779: Chapter 32 Configuring User And Common Role
Chapter 32 Configuring Users and Common Roles Role-Based Authorization S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The rule command specifies operations that can be performed by a specific role.
Page 780: Modifying The Vsan Policy
Chapter 32 Configuring Users and Common Roles Role Distributions S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Roles can be used to create VSAN administrators.
Page 781: About Role Databases
Chapter 32 Configuring Users and Common Roles Role Distributions S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 782: Enabling Role-Based Configuration Distribution
Chapter 32 Configuring Users and Common Roles Role Distributions S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To discard role-based configuration changes, follow these steps: Command Purpose...
Page 783: Displaying Roles When Distribution Is Enabled
Chapter 32 Configuring Users and Common Roles Role Distributions S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 32-1 Displays Information for All Roles switch# show role Role: network-admin...
Page 784: Configuring Common Roles
Chapter 32 Configuring Users and Common Roles Configuring Common Roles S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 32-3 Displays Information on the Pending Roles Database switch# show role pending Role: network-admin...
Page 785: Mapping Of Cli Operations To Snmp
Chapter 32 Configuring Users and Common Roles Configuring Common Roles S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 32-1 Common Roles Switch 1...
Page 786: Configuring User Accounts
Chapter 32 Configuring Users and Common Roles Configuring User Accounts S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 32-1 CLI Operation to SNMP Operation Mapping (continued) CLI Operation...
Page 787: About Users
Chapter 32 Configuring Users and Common Roles Configuring User Accounts S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Users The passphrase specified in the snmp-server user option and the password specified username option are synchronized (see the...
Page 788: Configuring Users
Chapter 32 Configuring Users and Common Roles Configuring User Accounts S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 789: Logging Out Users
Chapter 32 Configuring Users and Common Roles Configuring User Accounts S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 4...
Page 790: Configuring Ssh Services
Chapter 32 Configuring Users and Common Roles Configuring SSH Services S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m this user account has no expiry date roles:network-operator no password set.
Page 791: About Ssh
Chapter 32 Configuring Users and Common Roles Configuring SSH Services S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About SSH SSH provides secure communications to the Cisco NX-OS CLI.
Page 792: Overwriting A Generated Key-Pair
Chapter 32 Configuring Users and Common Roles Configuring SSH Services S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To specify or delete the SSH key in OpenSSH format for a specified user, follow these steps: Command Purpose...
Page 793: Clearing Ssh Hosts
Chapter 32 Configuring Users and Common Roles Configuring SSH Services S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To overwrite the previously generated key-pair, follow these steps: Command Purpose...
Page 794: Enabling Ssh Or Telnet Service
Chapter 32 Configuring Users and Common Roles Configuring SSH Services S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling SSH or Telnet Service By default, the SSH service is enabledwith the rsa key.
Page 795: Ssh Authentication Using Digital Certificates
Chapter 32 Configuring Users and Common Roles Recovering the Administrator Password S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m SSH Authentication Using Digital Certificates SSH authentication on the Cisco MDS 9000 Family switches provide X.509 digital certificate support for host authentication.
Page 796: Power Cycling The Switch
Chapter 32 Configuring Users and Common Roles Recovering the Administrator Password S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 3 Save the software configuration.
Page 797: Default Settings
Chapter 32 Configuring Users and Common Roles Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m If you boot a system image that is older than the image you used to store the configuration and Caution do not use the install all command to boot the system, the switch erases the binary...
Page 798 Chapter 32 Configuring Users and Common Roles Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 32-2 Default Switch Security Settings (continued) Parameters...
Page 799: About Snmp Security
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring SNMP The CLI and SNMP use common roles in all switches in the Cisco MDS 9000 Family.
Page 800: Chapter 33 Configuring Snmp
Chapter 33 Configuring SNMP About SNMP Security S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m This section includes the following topics: SNMP Version 1 and Version 2c, page 33-2 •...
Page 801: Snmpv3 Cli User Management And Aaa Integration
Chapter 33 Configuring SNMP SNMPv3 CLI User Management and AAA Integration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 2...
Page 802: Restricting Switch Access
Chapter 33 Configuring SNMP Creating and Modifying Users S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 803: About Aes Encryption-Based Privacy
Chapter 33 Configuring SNMP Creating and Modifying Users S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 804: Enforcing Snmpv3 Message Encryption
Chapter 33 Configuring SNMP Creating and Modifying Users S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Specifies the password to be in localized key format...
Page 805: Assigning Snmpv3 Users To Multiple Roles
Chapter 33 Configuring SNMP Creating and Modifying Users S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To enforce the message encryption for a user, follow these steps: Command Purpose...
Page 806: Adding Or Deleting Communities
Chapter 33 Configuring SNMP SNMP Trap and Inform Notifications S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Adding or Deleting Communities You can configure read-only or read-write access for SNMPv1 and SNMPv2 users.
Page 807: Configuring Snmpv2C Notifications
Chapter 33 Configuring SNMP SNMP Trap and Inform Notifications S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring SNMPv2c Notifications To configure SNMPv2c notifications using IPv4, follow these steps: Command...
Page 808: Configuring Snmpv3 Notifications
Chapter 33 Configuring SNMP SNMP Trap and Inform Notifications S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring SNMPv3 Notifications To configure SNMPv3 notifications using IPv4, follow these steps: Command...
Page 809 Chapter 33 Configuring SNMP SNMP Trap and Inform Notifications S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The snmp-server enable traps CLI command enables both traps and informs, depending on how you Note configured .
Page 810: Configuring The Notification Target User
Chapter 33 Configuring SNMP SNMP Trap and Inform Notifications S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To enable individual notifications, follow these steps: Command Purpose...
Page 811: Configuring Linkup/Linkdown Notifications For Switches
Chapter 33 Configuring SNMP SNMP Trap and Inform Notifications S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m For authenticating and decrypting the received INFORM PDU, the SNMP manager should have the same Note user credentials in its local configuration data store of users.
Page 812: Configuring Up/Down Snmp Link-State Traps For Interfaces
Chapter 33 Configuring SNMP SNMP Trap and Inform Notifications S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure the linkUp/linkDown notification for a switch, follow these steps: Command Purpose...
Page 813: Scope Of Link Up/Down Trap Settings
Chapter 33 Configuring SNMP SNMP Trap and Inform Notifications S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To view the SNMP link-state trap configuration for a particular interface, enter the show interface command.
Page 814 Chapter 33 Configuring SNMP SNMP Trap and Inform Notifications S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m NOTIFICATION TARGET USERS (configured for sending V3 Inform) ______________________________________________________________...
Page 815 Chapter 33 Configuring SNMP SNMP Trap and Inform Notifications S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m admin des(no) network-admin...
Page 816: Default Settings
Chapter 33 Configuring SNMP Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Default Settings Table 33-2 lists the default settings for all SNMP features in any switch.
Page 817: Switch Management Security
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring RADIUS and TACACS+ The authentication, authorization, and accounting (AAA) feature verifies the identity of, grants access...
Page 818: Chapter 34 Configuring Radiu And Tacac+
Chapter 34 Configuring RADIUS and TACACS+ Switch AAA Functionalities S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m CLI Security Options You can access the CLI using the console (serial connection), Telnet, or Secure Shell (SSH).
Page 819: Authentication
Chapter 34 Configuring RADIUS and TACACS+ Switch AAA Functionalities S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Authentication Authentication is the process of verifying the identity of the person or device accessing the switch.
Page 820: Remote Aaa Services
Chapter 34 Configuring RADIUS and TACACS+ Switch AAA Functionalities S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Remote AAA Services Remote AAA services provided through RADIUS and TACACS+ protocols have the following advantages over local AAA services:...
Page 821: Error-Enabled Status
Chapter 34 Configuring RADIUS and TACACS+ Switch AAA Functionalities S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS NX-OS does not support all numeric usernames, whether created with TACACS+ or Caution RADIUS, or created locally.
Page 822: Authentication And Authorization Process
Chapter 34 Configuring RADIUS and TACACS+ Switch AAA Functionalities S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m server is in a working state before real AAA requests are sent its way.
Page 823 Chapter 34 Configuring RADIUS and TACACS+ Switch AAA Functionalities S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 3 When you are successfully authenticated through a remote AAA server, then the following possible actions are taken:...
Page 824: Configuring Radius
Chapter 34 Configuring RADIUS and TACACS+ Configuring RADIUS S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m No more server groups left = no response from any server in all server groups.
Page 825 Chapter 34 Configuring RADIUS and TACACS+ Configuring RADIUS S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 6...
Page 826: About The Default Radius Server Encryption Type And Preshared Key
Chapter 34 Configuring RADIUS and TACACS+ Configuring RADIUS S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 827: Setting The Radius Server Timeout Interval
Chapter 34 Configuring RADIUS and TACACS+ Configuring RADIUS S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 2...
Page 828: Configuring Radius Server Monitoring Parameters
Chapter 34 Configuring RADIUS and TACACS+ Configuring RADIUS S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring RADIUS Server Monitoring Parameters You can configure parameters for monitoring RADIUS servers.
Page 829: Configuring The Dead Timer
Chapter 34 Configuring RADIUS and TACACS+ Configuring RADIUS S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 2...
Page 830: About Users Specifying A Radius Server At Login
Chapter 34 Configuring RADIUS and TACACS+ Configuring RADIUS S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To send the test message to the RADIUS server, follow this step: Command Purpose...
Page 831: Vsa Format
Chapter 34 Configuring RADIUS and TACACS+ Configuring RADIUS S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Where protocol is a Cisco attribute for a particular type of authorization, separator is (equal sign) for mandatory attributes, and...
Page 832: Displaying Radius Server Statistics
Chapter 34 Configuring RADIUS and TACACS+ Configuring RADIUS S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 34-2 Displays Configured RADIUS Information switch# show radius-server Global RADIUS shared secret:*******...
Page 833: Configuring Tacacs+
Chapter 34 Configuring RADIUS and TACACS+ Configuring TACACS+ S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring TACACS+ A Cisco MDS switch uses the Terminal Access Controller Access Control System Plus (TACACS+) protocol to communicate with remote AAA servers.
Page 834: About The Default Tacacs+ Server Encryption Type And Preshared Key
Chapter 34 Configuring RADIUS and TACACS+ Configuring TACACS+ S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 835 Chapter 34 Configuring RADIUS and TACACS+ Configuring TACACS+ S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 836: Setting The Global Secret Key
Chapter 34 Configuring RADIUS and TACACS+ Configuring TACACS+ S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 837: About Tacacs+ Servers
Chapter 34 Configuring RADIUS and TACACS+ Configuring TACACS+ S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To set the global timeout value for TACACS+ servers, follow these steps: Command Purpose...
Page 838: Configuring Test Username
Chapter 34 Configuring RADIUS and TACACS+ Configuring TACACS+ S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure the idle timer, follow these steps: Command Purpose...
Page 839 Chapter 34 Configuring RADIUS and TACACS+ Configuring TACACS+ S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 1...
Page 840: Sending Tacacs+ Test Messages For Monitoring
Chapter 34 Configuring RADIUS and TACACS+ Configuring TACACS+ S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Sending TACACS+ Test Messages for Monitoring You can manually send test messages to monitor a TACACS+ server.
Page 841: Allowing Users To Specify A Tacacs+ Server At Login
Chapter 34 Configuring RADIUS and TACACS+ Configuring TACACS+ S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Allowing Users to Specify a TACACS+ Server at Login To allow users logging into an MDS switch to select a TACACS+ server for authentication, follow these steps:...
Page 842: Displaying Tacacs+ Server Details
Chapter 34 Configuring RADIUS and TACACS+ Configuring TACACS+ S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m shell:roles="network-admin"...
Page 843: Configuring Server Groups
Chapter 34 Configuring RADIUS and TACACS+ Configuring Server Groups S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 34-9 Displays All AAA Server Groups switch# show aaa groups radius...
Page 844 Chapter 34 Configuring RADIUS and TACACS+ Configuring Server Groups S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure a RADIUS server group, follow these steps: Command Purpose...
Page 845 Chapter 34 Configuring RADIUS and TACACS+ Configuring Server Groups S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 8...
Page 846: Aaa Server Distribution
Chapter 34 Configuring RADIUS and TACACS+ AAA Server Distribution S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 4...
Page 847: Starting A Distribution Session On A Switch
Chapter 34 Configuring RADIUS and TACACS+ AAA Server Distribution S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To enable RADIUS server distribution, follow these steps: Command Purpose...
Page 848: Displaying The Pending Configuration
Chapter 34 Configuring RADIUS and TACACS+ AAA Server Distribution S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m session db: exists merge protocol status: merge activation done last operation: enable...
Page 849: Merge Guidelines For Radius And Tacacs+ Configurations
Chapter 34 Configuring RADIUS and TACACS+ AAA Server Distribution S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To discard the RADIUS sessionin-progress distribution, follow these steps: Command Purpose...
Page 850: Mschap Authentication
Chapter 34 Configuring RADIUS and TACACS+ MSCHAP Authentication S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m last operation: enable last operation status: success Use the show tacacs+ distribution status command to view the status of the TACACS+ fabric merge as...
Page 851: Local Aaa Services
Chapter 34 Configuring RADIUS and TACACS+ Local AAA Services S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m You can use the show aaa authentication login mschap command to display the MSCHAP authentication configuration.
Page 852: Configuring Accounting Services
Chapter 34 Configuring RADIUS and TACACS+ Configuring Accounting Services S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m default: group TacServer local none console: local none iscsi: local...
Page 853: Clearing Accounting Logs
Chapter 34 Configuring RADIUS and TACACS+ Configuring Accounting Services S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Fri Jan 16 21:35:55 1981:update:/dev/pts/0_348527824:admin:updated RADIUS parameters for group:Group3 Fri Jan 16 21:58:17 1981:start:snmp_348530297_171.71.150.105:admin:...
Page 854: Configuring Cisco Access Control Servers
Chapter 34 Configuring RADIUS and TACACS+ Configuring Cisco Access Control Servers S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Cisco Access Control Servers The Cisco Access Control Server (ACS) uses TACACS+ and RADIUS protocols to provide AAA services that ensure a secure environment.When using the AAA server, user management is normally...
Page 855 Chapter 34 Configuring RADIUS and TACACS+ Configuring Cisco Access Control Servers S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 34-4 Configuring Multiple Roles with SNMPv3 Attributes When Using RADIUS Cisco MDS 9000 Family CLI Configuration Guide...
Page 856 Chapter 34 Configuring RADIUS and TACACS+ Configuring Cisco Access Control Servers S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 34-5 Configuring the network-admin Role with SNMPv3 Attributes When Using TACACS+ Cisco MDS 9000 Family CLI Configuration Guide...
Page 857: Default Settings
Chapter 34 Configuring RADIUS and TACACS+ Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 34-6 Configuring Multiple Roles with SNMPv3 Attributes When Using TACACS+ Default Settings...
Page 858 Chapter 34 Configuring RADIUS and TACACS+ Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 34-3 Default Switch Security Settings (continued) Parameters...
Page 859 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring IPv4 and IPv6 Access Control Lists Cisco MDS 9000 Family switches can route IP version 4 (IPv4) traffic between Ethernet and Fibre...
Page 860: C H A P T E R 35 Configuring Ipv4 And Ipv6 Access Control Lists
Chapter 35 Configuring IPv4 and IPv6 Access Control Lists IPv4-ACL and IPv6-ACL Configuration Guidelines S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m IPv4-ACL and IPv6-ACL Configuration Guidelines Follow these guidelines when configuring IPv4-ACLs or IPv6-ACLs in any switch or director in the Cisco MDS 9000 Family:...
Page 861: Address Information
Chapter 35 Configuring IPv4 and IPv6 Access Control Lists About Filter Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m When configuring IPv4-ACLs or IPv6-ACLs on Gigabit Ethernet interfaces, only use the TCP Note or ICMP options.
Page 862: Icmp Information
Chapter 35 Configuring IPv4 and IPv6 Access Control Lists About Filter Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 35-1 TCP and UDP Port Numbers Protocol...
Page 863: Tos Information
Chapter 35 Configuring IPv4 and IPv6 Access Control Lists Configuring IPv4-ACLs or IPv6-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 1.
Page 864 Chapter 35 Configuring IPv4 and IPv6 Access Control Lists Configuring IPv4-ACLs or IPv6-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To create an IPv6-ACL, follow these steps: Command Purpose...
Page 865: Adding Ip Filters To An Existing Ipv4-Acl Or Ipv6-Acl
Chapter 35 Configuring IPv4 and IPv6 Access Control Lists Configuring IPv4-ACLs or IPv6-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To use the operand and port options for an IPv6-ACL, follow these steps: Command Purpose...
Page 866: Verifying The Ipv4-Acl Or Ipv6-Acl Configuration
Chapter 35 Configuring IPv4 and IPv6 Access Control Lists Configuring IPv4-ACLs or IPv6-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 2...
Page 867: Reading The Ip-Acl Log Dump
Chapter 35 Configuring IPv4 and IPv6 Access Control Lists Reading the IP-ACL Log Dump S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Reading the IP-ACL Log Dump Use the log-deny option at the end of a filter condition to log information about packets that match dropped entries.
Page 868 Chapter 35 Configuring IPv4 and IPv6 Access Control Lists Applying an IP-ACL to an Interface S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 35-1 Denying Traffic on the Inbound Interface traffic...
Page 869: Applying An Ip-Acl To Mgmt0
Chapter 35 Configuring IPv4 and IPv6 Access Control Lists Applying an IP-ACL to mgmt0 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 4...
Page 870: Ip-Acl Counter Cleanup
Chapter 35 Configuring IPv4 and IPv6 Access Control Lists IP-ACL Counter Cleanup S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 0 carrier errors Use the show interface command to display the IPv6-ACL configuration on an interface.
Page 871: About Cas And Digital Certificates
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring Certificate Authorities and Digital Certificates...
Page 872: C H A P T E R 36 Configuring Certificate Authorities And Digital Certificates
Chapter 36 Configuring Certificate Authorities and Digital Certificates About CAs and Digital Certificates S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Purpose of CAs and Digital Certificates CAs manage certificate requests and issue certificates to participating entities such as hosts, network devices, or users.
Page 873: Multiple Trusted Ca Support
Chapter 36 Configuring Certificate Authorities and Digital Certificates About CAs and Digital Certificates S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The following list summarizes the relationship between trust points, RSA key-pairs, and identity certificates: A trust point corresponds to a specific CA that the MDS switch trusts for peer certificate verification...
Page 874: Pki Enrollment Support
Chapter 36 Configuring Certificate Authorities and Digital Certificates About CAs and Digital Certificates S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m PKI Enrollment Support Enrollment is the process of obtaining an identity certificate for the switch that is used for applications such as IPsec/IKE or SSH.
Page 875: Crl Downloading, Caching, And Checking Support
Chapter 36 Configuring Certificate Authorities and Digital Certificates Configuring CAs and Digital Certificates S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 876: Configuring The Host Name And Ip Domain Name
Chapter 36 Configuring Certificate Authorities and Digital Certificates Configuring CAs and Digital Certificates S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 877 Chapter 36 Configuring Certificate Authorities and Digital Certificates Configuring CAs and Digital Certificates S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To generate an RSA key-pair, follow these steps: Command Purpose...
Page 878: Creating A Trust Point Ca Association
Chapter 36 Configuring Certificate Authorities and Digital Certificates Configuring CAs and Digital Certificates S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Creating a Trust Point CA Association To create a trust point CA association, follow these steps: Command...
Page 879: Configuring Certificate Revocation Checking Methods
Chapter 36 Configuring Certificate Authorities and Digital Certificates Configuring CAs and Digital Certificates S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To authenticate the certificate of the CA by cutting and pasting the certificate from an e-mail message or a website, follow these steps: Command...
Page 880: Generating Certificate Requests
Chapter 36 Configuring Certificate Authorities and Digital Certificates Configuring CAs and Digital Certificates S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m You must authenticate the CA before configuring certificate revocation checking.
Page 881: Installing Identity Certificates
Chapter 36 Configuring Certificate Authorities and Digital Certificates Configuring CAs and Digital Certificates S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To generate a request for signed certificates from the CA, follow these steps: Command Purpose...
Page 882: Ensuring Trust Point Configurations Persist Across Reboots
Chapter 36 Configuring Certificate Authorities and Digital Certificates Configuring CAs and Digital Certificates S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To install an identity certificate received from the CA by e-mail or through a web browser, follow these steps: Command...
Page 883: Monitoring And Maintaining Ca And Certificates Configuration
Chapter 36 Configuring Certificate Authorities and Digital Certificates Configuring CAs and Digital Certificates S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Monitoring and Maintaining CA and Certificates Configuration The tasks in the section are optional.
Page 884: Configuring A Crl
Chapter 36 Configuring Certificate Authorities and Digital Certificates Configuring CAs and Digital Certificates S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring a CRL To import the CRL from a file to a trust point, follow these steps: Command...
Page 885: Deleting Rsa Key-Pairs From Your Switch
Chapter 36 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Deleting RSA Key-Pairs from Your Switch Under certain circumstances you may want to delete your switch’s RSA key-pairs.
Page 886: Configuring Certificates On The Mds Switch
Chapter 36 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 887 Chapter 36 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m AQkBFhFhbWFuZGtlQGNpc2NvLmNvbTELMAkGA1UEBhMCSU4xEjAQBgNVBAgTCUth cm5hdGFrYTESMBAGA1UEBxMJQmFuZ2Fsb3JlMQ4wDAYDVQQKEwVDaXNjbzETMBEG A1UECxMKbmV0c3RvcmFnZTESMBAGA1UEAxMJQXBhcm5hIENBMFwwDQYJKoZIhvcN...
Page 888 Chapter 36 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 10 Import the identity certificate.
Page 889: Downloading A Ca Certificate
Chapter 36 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Downloading a CA Certificate To download a CA certificate from the Microsoft Certificate Services web interface, follow these steps: Select the Retrieve the CA certificate or certificate revocation task radio button in the Microsoft...
Page 890 Chapter 36 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Click the Copy to File button in the Certificate dialog box and click OK.
Page 891 Chapter 36 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Click the Finish button on the Certificate Export Wizard dialog box.
Page 892 Chapter 36 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide 36-22 OL-18084-01, Cisco MDS NX-OS Release 4.x...
Page 893: Requesting An Identity Certificate
Chapter 36 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Requesting an Identity Certificate To request an identify certificate from a Microsoft Certificate server using a PKCS#10 certificate signing request (CRS), follow these steps:...
Page 894 Chapter 36 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 3 Select the Submit a certificate request using a base64 encoded PKCS#10 file or a renewal request using a base64 encoded PKCS#7 file radio button and click Next.
Page 895 Chapter 36 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 5 Wait one or two days until the certificate is issued by the CA administrator.
Page 896 Chapter 36 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 7 Select the Check on a pending certificate radio button on the Microsoft Certificate Services web interface and click Next.
Page 897 Chapter 36 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 9 Select Base 64 encoded and click the Download CA certificate link.
Page 898 Chapter 36 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 11 Click the Details tab on the Certificate dialog and click the Copy to File button.
Page 899: Revoking A Certificate
Chapter 36 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 14 Display the identity certificate in base64-encoded format using the Microsoft Windows type command.
Page 900 Chapter 36 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Click the Issued Certificates folder on the Certification Authority tree.
Page 901 Chapter 36 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 3 Select a reason for the revocation from the Reason code drop-down list, and click Yes.
Page 902: Generating And Publishing The Crl
Chapter 36 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Generating and Publishing the CRL To generate and publish the CRL using the Microsoft CA administrator program, follow these steps: Select Action >...
Page 903: Downloading The Crl
Chapter 36 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Downloading the CRL To download the CRL from the Microsoft CA website, follow these steps: Select Request the CA certificate or certificate revocation list radio button on the Microsoft...
Page 904 Chapter 36 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 4 Enter the destination file name in the Save As dialog box and click Save.
Page 905: Importing The Crl
Chapter 36 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Importing the CRL To import the CRL to the trust point corresponding to the CA, follow these steps: Copy the CRL file to the MDS switch bootflash.
Page 906 Chapter 36 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 1.3.6.1.4.1.311.21.1: Revoked Certificates: Serial Number: 611B09A1000000000002...
Page 907: Maximum Limits
Chapter 36 Configuring Certificate Authorities and Digital Certificates Maximum Limits S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Revocation Date: Aug 16 21:53:15 2005 GMT Serial Number: 3F88CBF7000000000019 Revocation Date: Aug 16 21:53:15 2005 GMT...
Page 908: Default Settings
Chapter 36 Configuring Certificate Authorities and Digital Certificates Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Default Settings Table 36-2 lists the default settings for CAs and digital certificate parameters.
Page 909 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring IPsec Network Security IP security (IPsec) protocol is a framework of open standards that provides data confidentiality, data...
Page 910: C H A P T E R 37 Configuring Ipsec Network Security
Chapter 37 Configuring IPsec Network Security About IPsec S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About IPsec IPsec is not supported by the Cisco Fabric Switch for HP c-Class BladeSystem and the Cisco Fabric Note...
Page 911: About Ike
Chapter 37 Configuring IPsec Network Security About IKE S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 37-1 FCIP and iSCSI Scenarios Using MPS-14/2 Modules iSCSI Servers...
Page 912: Using Ipsec
Chapter 37 Configuring IPsec Network Security Using IPsec S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The IPsec feature inserts new headers in existing packets (see the“Configuring the MTU Frame Size”...
Page 913: Ipsec And Ike Terminology
Chapter 37 Configuring IPsec Network Security Using IPsec S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m –...
Page 914: Supported Ipsec Transforms And Algorithms
Chapter 37 Configuring IPsec Network Security Using IPsec S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 915: Ipsec Digital Certificate Support
Chapter 37 Configuring IPsec Network Security IPsec Digital Certificate Support S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 916: Implementing Ipsec With Cas And Digital Certificates
Chapter 37 Configuring IPsec Network Security IPsec Digital Certificate Support S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 37-2 Two IPsec Switches Without CAs and Digital Certificates Cleartext...
Page 917: How Ca Certificates Are Used By Ipsec Devices
Chapter 37 Configuring IPsec Network Security IPsec Digital Certificate Support S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 37-4 Dynamically Authenticating Devices with a CA Certificate...
Page 918: Manually Configuring Ipsec And Ike
Chapter 37 Configuring IPsec Network Security Manually Configuring IPsec and IKE S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 919: Enabling Ike
Chapter 37 Configuring IPsec Network Security Manually Configuring IPsec and IKE S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling IKE To enable IKE, follow these steps: Command...
Page 920 Chapter 37 Configuring IPsec Network Security Manually Configuring IPsec and IKE S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m parameters will be used to protect subsequent IKE negotiations and mandates how peers are authenticated.
Page 921: Configuring An Ike Policy
Chapter 37 Configuring IPsec Network Security Manually Configuring IPsec and IKE S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m A match is found when the two peers have the same encryption, hash algorithm, authentication algorithm, and DH group values.
Page 922: Optional Ike Parameter Configuration
Chapter 37 Configuring IPsec Network Security Optional IKE Parameter Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 9...
Page 923: Configuring The Lifetime Association For A Policy
Chapter 37 Configuring IPsec Network Security Optional IKE Parameter Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The keepalive time only applies to IKEv2 peers and not to all peers.
Page 924: Configuring The Initiator Version
Chapter 37 Configuring IPsec Network Security Crypto IPv4-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring the Initiator Version To configure the initiator version using IPv4, follow these steps: Command...
Page 925: About Crypto Ipv4-Acls
Chapter 37 Configuring IPsec Network Security Crypto IPv4-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m In the context of crypto maps, IPv4-ACLs are different from regular IPv4-ACLs.
Page 926 Chapter 37 Configuring IPsec Network Security Crypto IPv4-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 927: Mirror Image Crypto Ipv4-Acls
Chapter 37 Configuring IPsec Network Security Crypto IPv4-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 37-5 IPsec Processing of Crypto IPv4-ACLs IPSec peers...
Page 928: The Any Keyword In Crypto Ipv4-Acls
Chapter 37 Configuring IPsec Network Security Crypto IPv4-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 37-6 IPsec Processing of Mirror Image Configuration Subnet Y...
Page 929: Creating Crypto Ipv4-Acls
Chapter 37 Configuring IPsec Network Security Crypto IPv4-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The permit any statement causes all outbound traffic to be protected (and all protected traffic sent to the peer specified in the corresponding crypto map entry) and requires protection for all inbound traffic.
Page 930: Configuring Transform Sets
Chapter 37 Configuring IPsec Network Security Crypto IPv4-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 37-2 provides a list of allowed transform combinations for IPsec.
Page 931: About Crypto Map Entries
Chapter 37 Configuring IPsec Network Security Crypto IPv4-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Crypto Map Entries Once you have created the crypto IPv4-ACLs and transform sets, you can create crypto map entries that combine the various parts of the IPsec SA, including the following:...
Page 932: Crypto Map Configuration Guidelines
Chapter 37 Configuring IPsec Network Security Crypto IPv4-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Crypto Map Configuration Guidelines When configuring crypto map entries, follow these guidelines: The sequence number for each crypto map decides the order in which the policies are applied.
Page 933: About Sa Lifetime Negotiation
Chapter 37 Configuring IPsec Network Security Crypto IPv4-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 6...
Page 934: About The Autopeer Option
Chapter 37 Configuring IPsec Network Security Crypto IPv4-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About the AutoPeer Option Setting the peer address as auto-peer in the crypto map indicates that the destination endpoint of the traffic should be used as the peer address for the SA.
Page 935: About Perfect Forward Secrecy
Chapter 37 Configuring IPsec Network Security Crypto IPv4-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 936: Applying A Crypto Map Set
Chapter 37 Configuring IPsec Network Security IPsec Maintenance S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Applying a Crypto Map Set To apply a crypto map set to an interface, follow these steps: Command...
Page 937 Chapter 37 Configuring IPsec Network Security Global Lifetime Values S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m If you change a global lifetime, the new lifetime value will not be applied to currently existing SAs, but will be used in the negotiation of subsequently established SAs.
Page 938: Displaying Ike Configurations
Chapter 37 Configuring IPsec Network Security Displaying IKE Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Displaying IKE Configurations You can verify the IKE information by using the show set of commands.
Page 939 Chapter 37 Configuring IPsec Network Security Displaying IPsec Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Transform set: des-md5 {esp-des esp-md5-hmac} will negotiate {tunnel} Transform set: test {esp-aes-128-cbc esp-md5-hmac}...
Page 940 Chapter 37 Configuring IPsec Network Security Displaying IPsec Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Crypto map tag: cm10, local addr.
Page 941 Chapter 37 Configuring IPsec Network Security Displaying IPsec Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 37-15 Displays Detailed iSCSI Session Information for a Specific Interface switch# show iscsi session detail Initiator iqn.1987-05.com.cisco:01.9f39f09c7468 (ips-host16.cisco.com)
Page 942: Sample Fcip Configuration
Chapter 37 Configuring IPsec Network Security Sample FCIP Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Control connection: Local 10.10.11.2:3225, Remote 10.10.11.1:65520 Data connection: Local 10.10.11.2:3225, Remote 10.10.11.1:65522 2 Attempts for active connections, 0 close of connections...
Page 943 Chapter 37 Configuring IPsec Network Security Sample FCIP Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 37-8 IP Security Usage in an FCIP Scenario MDS A...
Page 944 Chapter 37 Configuring IPsec Network Security Sample FCIP Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 7 Configure FCIP in Switch MDS A.
Page 945 Chapter 37 Configuring IPsec Network Security Sample FCIP Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 11 Configure the ACLs in Switch MDS C.
Page 946 Chapter 37 Configuring IPsec Network Security Sample FCIP Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m permit ip 10.10.100.232 255.255.255.255 10.10.100.231 255.255.255.255 deny ip any any...
Page 947: Sample Iscsi Configuration
Chapter 37 Configuring IPsec Network Security Sample iSCSI Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m You have now configured IPsec in both switches MDS A and MDS C.
Page 948: Default Settings
Chapter 37 Configuring IPsec Network Security Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m sw10.1.1.100(config-crypto-map-ip)# set transform-set tfs-01 sw10.1.1.100(config-crypto-map-ip)# end sw10.1.1.100#...
Page 949: About Fabric Authentication
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring FC-SP and DHCHAP Fibre Channel Security Protocol (FC-SP) capabilities provide switch-switch and host-switch...
Page 950: Dhchap
Chapter 38 Configuring FC-SP and DHCHAP DHCHAP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 38-1 Switch and Host Authentication Trusted hosts...
Page 951: Chapter 38 Configuring Fc-Sp And Dhchap
Chapter 38 Configuring FC-SP and DHCHAP DHCHAP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enable DHCHAP.
Page 952: About Enabling Dhchap
Chapter 38 Configuring FC-SP and DHCHAP DHCHAP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Enabling DHCHAP By default, the DHCHAP feature is disabled in all switches in the Cisco MDS 9000 Family.
Page 953: About Dhchap Authentication Modes
Chapter 38 Configuring FC-SP and DHCHAP DHCHAP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About DHCHAP Authentication Modes The DHCHAP authentication status for each interface depends on the configured DHCHAP port mode.
Page 954: About The Dhchap Hash Algorithm
Chapter 38 Configuring FC-SP and DHCHAP DHCHAP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 955: About The Dhchap Group Settings
Chapter 38 Configuring FC-SP and DHCHAP DHCHAP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About the DHCHAP Group Settings All switches in the Cisco MDS Family support all DHCHAP groups specified in the standard: 0 (null DH group, which does not perform the Diffie-Hellman exchange), 1, 2, 3, or 4.
Page 956: Configuring Dhchap Passwords For The Local Switch
Chapter 38 Configuring FC-SP and DHCHAP DHCHAP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring DHCHAP Passwords for the Local Switch To configure the DHCHAP password for the local switch, follow these steps: Command...
Page 957: Configuring Dhchap Passwords For Remote Devices
Chapter 38 Configuring FC-SP and DHCHAP DHCHAP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring DHCHAP Passwords for Remote Devices To locally configure the remote DHCHAP password for another switch in the fabric, follow these steps: Command...
Page 958: Displaying Protocol Security Information
Chapter 38 Configuring FC-SP and DHCHAP DHCHAP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure the AAA authentication, follow these steps: Command Purpose...
Page 959: Sample Configuration
Chapter 38 Configuring FC-SP and DHCHAP Sample Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m DHCHAP_GROUP_NULL DHCHAP_GROUP_1536 DHCHAP_GROUP_1024...
Page 960 Chapter 38 Configuring FC-SP and DHCHAP Sample Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m MDS-9216(config)# feature fcsp Step 3 Configure a clear text password for this switch.
Page 961: Default Settings
Chapter 38 Configuring FC-SP and DHCHAP Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Default Settings Table 38-2 lists the default settings for all fabric security features in any switch.
Page 962 Chapter 38 Configuring FC-SP and DHCHAP Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide 38-14 OL-18084-01, Cisco MDS NX-OS Release 4.x...
Page 963: About Port Security
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring Port Security All switches in the Cisco MDS 9000 Family provide port security features that reject intrusion attempts...
Page 964: Chapter 39 Configuring Port Security
Chapter 39 Configuring Port Security About Port Security S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 965: Port Security Activation
Chapter 39 Configuring Port Security Port Security Configuration Guidelines S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m If you enable auto-learning before activating port security, you cannot activate until auto-learning is Note disabled.
Page 966: Configuring Port Security With Auto-Learning Without Cfs
Chapter 39 Configuring Port Security Port Security Configuration Guidelines S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 3 Activate port security on each VSAN.
Page 967: Enabling Port Security
Chapter 39 Configuring Port Security Enabling Port Security S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 3 Activate port security on each VSAN.
Page 968: Database Activation Rejection
Chapter 39 Configuring Port Security Activating Port Security S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 2...
Page 969: Database Reactivation
Chapter 39 Configuring Port Security Auto-learning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Database Reactivation If auto-learning is enabled, you cannot activate the database, without the force option until you disable auto-learning.
Page 970: Enabling Auto-Learning
Chapter 39 Configuring Port Security Auto-learning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling Auto-learning To enable auto-learning, follow these steps: Command...
Page 971: Authorization Scenarios
Chapter 39 Configuring Port Security Auto-learning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Authorization Scenarios Assume that the port security feature is activated and the following conditions are specified in the active database:...
Page 972: Port Security Manual Configuration
Chapter 39 Configuring Port Security Port Security Manual Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Port Security Manual Configuration To configure port security on any switch in the Cisco MDS 9000 Family, follow these steps: Identify the WWN of the ports that need to be secured.
Page 973: Port Security Configuration Distribution
Chapter 39 Configuring Port Security Port Security Configuration Distribution S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To add authorized port pairs for port security, follow these steps: Command Purpose...
Page 974: Enabling Distribution
Chapter 39 Configuring Port Security Port Security Configuration Distribution S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling Distribution All the configurations performed in distributed mode are stored in a pending (temporary) database.
Page 975: Discarding The Changes
Chapter 39 Configuring Port Security Port Security Configuration Distribution S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Discarding the Changes If you discard (abort) the changes made to the pending database, the configuration remains unaffected and the lock is released.
Page 976: Database Merge Guidelines
Chapter 39 Configuring Port Security Database Merge Guidelines S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 39-3 Scenarios for Activation and Auto-Learning learning Configurations in Distributed Mode (continued) Scenario...
Page 977: Database Scenarios
Chapter 39 Configuring Port Security Database Interaction S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 39-4 Active and Configuration Port Security Databases (continued) Active Database...
Page 978: Port Security Database Copy
Chapter 39 Configuring Port Security Database Interaction S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 39-1 Port Security Database Scenarios Switch 1...
Page 979: Port Security Database Deletion
Chapter 39 Configuring Port Security Database Interaction S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Use the port-security database copy vsan command to copy from the active to the configured database.
Page 980: Displaying Port Security Configuration
Chapter 39 Configuring Port Security Displaying Port Security Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Displaying Port Security Configuration The show port-security database commands display the configured port security information (see Examples...
Page 981 Chapter 39 Configuring Port Security Displaying Port Security Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 1 20:11:00:33:22:00:2a:4a(pwwn) 20:41:00:05:30:00:4a:1e(fc2/1) [Total 1 entries] Example 39-5 Displays the Difference Between the Temporary Configuration Database and the...
Page 982: Default Settings
Chapter 39 Configuring Port Security Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Number of sWWN deny To verify the status of the active database and the auto-learning configuration, use the show port-security status command (see...
Page 983: About Fabric Binding
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring Fabric Binding This chapter describes the fabric binding feature provided in the Cisco MDS 9000 Family of directors...
Page 984: Fabric Binding Enforcement
Chapter 40 Configuring Fabric Binding About Fabric Binding S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 40-1 Fabric Binding and Port Security Comparison Fabric Binding...
Page 985: Chapter 40 Configuring Fabric Binding
Chapter 40 Configuring Fabric Binding Fabric Binding Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Fabric Binding Configuration To configure fabric binding in each switch in the fabric, follow these steps: Enable the fabric configuration feature.
Page 986: Fabric Binding Activation
Chapter 40 Configuring Fabric Binding Fabric Binding Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure a list of sWWNs and domain IDs for a FICON VSAN, follow these steps: Command Purpose...
Page 987: Forcing Fabric Binding Activation
Chapter 40 Configuring Fabric Binding Fabric Binding Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m By default, the fabric binding feature is not activated.
Page 988: Clearing The Fabric Binding Statistics
Chapter 40 Configuring Fabric Binding Fabric Binding Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m •...
Page 989 Chapter 40 Configuring Fabric Binding Fabric Binding Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 40-2 Displays Active Fabric Binding Information switch# show fabric-binding database active --------------------------------------------------...
Page 990 Chapter 40 Configuring Fabric Binding Fabric Binding Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Statistics For VSAN: 345 ------------------------ Number of sWWN permit: 0...
Page 991: Default Settings
Chapter 40 Configuring Fabric Binding Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m VSAN Switch WWN [domain] Last-Time [Repeat count] Reason...
Page 992 Chapter 40 Configuring Fabric Binding Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 40-2 Default Fabric Binding Settings Parameters...
Page 993 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m A R T IP Services...
Page 994 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m...
Page 995: About Fcip
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring FCIP Cisco MDS 9000 Family IP storage (IPS) services extend the reach of Fibre Channel SANs by using...
Page 996: Chapter 41 Configuring Fcip
Chapter 41 Configuring FCIP About FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 41-1 Fibre Channel SANs Connected by FCIP Virtual (E)ISL...
Page 997: Fcip Links
Chapter 41 Configuring FCIP About FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 41-2 FCIP Links and Virtual ISLs Switch A...
Page 998: Fcip Profiles
Chapter 41 Configuring FCIP About FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m FCIP Profiles The FCIP profile contains information about the local IP address and TCP parameters.
Page 999: Fibre Channel Portchannels
Chapter 41 Configuring FCIP About FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Fibre Channel PortChannels Figure 41-4 provides an example of a PortChannel-based load-balancing configuration.
Page 1000: Vrrp
Chapter 41 Configuring FCIP About FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m VRRP Figure 41-6 displays a Virtual Router Redundancy Protocol (VRRP)-based high availability FCIP...

Cisco AP776A - Nexus Converged Network Switch 5020 Configuration Manual

Chapter 2 before You Begin

CHAPTER 3 Obtaining and Installing Licenses3-1

CHAPTER 4 On-Demand Port Activation Licensing

Chapter 5 Initial Configuration

CHAPTER 6 Configuring Flexattach Virtual Pwwn6-1

Chapter 7 Using the CF Infrastructure

Chapter 8 Software Image

CHAPTER 9 Working with Configuration Files9-1

CHAPTER 10 Configuring High Availability10-1

Chapter 11 Managing System Hardware

Quick Links

Troubleshooting

Related Manuals for Cisco AP776A - Nexus Converged Network Switch 5020

Summary of Contents for Cisco AP776A - Nexus Converged Network Switch 5020