Page 1 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide, Release 3.x Cisco MDS SAN-OS for Release 3.0(1) Through 3.3(1a)
Page 2 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE.
Page 3: Table Of Contents
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C O N T E N T S New and Changed Information liii...
Page 4 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m CLI Command Hierarchy EXEC Mode Options Configuration Mode...
Page 5 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Formatting Flash Devices and File Systems 2-25 Initializing Internal bootflash...
Page 6 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m License Transfers Between Switches 3-16 Displaying License Information...
Page 7 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Committing NTP Configuration Changes 5-23 Discarding NTP Configuration Changes...
Page 8 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Verifying CFS Distribution Status CFS Application Requirements Enabling CFS for an Application...
Page 9 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Recognizing Failure Cases Using the install all Command Upgrading Services Modules...
Page 10 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Copying Configuration Files Backing UpConfiguration Files Rolling Back to a Previous Configuration...
Page 11 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Power Supply Configuration Modes 10-10 Power Supply Configuration Guidelines...
Page 12 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring the SSI Image Boot Variable 11-23 Using the install ssi Command...
Page 13 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Receive Data Field Size 12-16 Configuring Receive Data Field Size...
Page 14 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m NPV Mode 13-3 NP Ports...
Page 15 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m PortChannels 14-18 Configuring Generation 2 Module Interface Shared Resources...
Page 16 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring PortChannels 16-1 C H A P T E R...
Page 17 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Fabric Names 17-6 About Incoming RCFs...
Page 18 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Remote User Authentication 18-3 Defining a Job...
Page 19 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About FICON VSANs 19-11 Displaying Static VSAN Configuration...
Page 20 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About DPVM Database Distribution 21-5 Disabling DPVM Database Distribution...
Page 21 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Clearing a Locked Session 22-11 About IVR NAT and Auto Topology...
Page 22 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring IVR Zones and IVR Zone Sets 22-29 About Activating Zone Sets and Using the force Option...
Page 23 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Importing and Exporting Zone Sets 23-15 Zone Set Duplication...
Page 24 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Device Alias Features 24-1 Device Alias Requirements...
Page 25 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Disabling FSPF for Specific Interfaces 25-9 Clearing FSPF Counters for an Interface...
Page 26 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Displaying FDMI 26-6 RSCN...
Page 27 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Default FICON Port Numbering Scheme 28-8 Port Addresses...
Page 28 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Applying the Saved Configuration Files to the Running Configuration 28-33 Editing FICON Configuration Files...
Page 29 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Displaying Configured fctimer Values 29-8 World Wide Names...
Page 30 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling SNMP Notifications 31-10 Configuring the Notification Target User...
Page 31 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Displaying RADIUS Server Statistics 32-16 Configuring TACACS+...
Page 32 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Default Settings 32-41 Configuring IPv4 and IPv6 Access Control Lists...
Page 33 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Generating Certificate Requests 34-10 Installing Identity Certificates...
Page 34 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About IKE Policy Negotiation 35-11 Configuring an IKE Policy...
Page 35 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m DHCHAP 36-1 DHCHAP Compatibility with Existing Cisco MDS Features...
Page 36 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Disabling Auto-learning 37-8 Auto-Learning Device Authorization...
Page 37 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Users and Common Roles 39-1 C H A P T E R...
Page 38 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring FCIP 40-1 C H A P T E R...
Page 39 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring FCIP Tape Acceleration 40-34 Displaying Tape Acceleration Activity Information...
Page 40 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m iSCSI Access Control 42-19 Fibre Channel Zoning-Based Access Control...
Page 41 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Changing iSCSI Interface Parameters and the Impact on Load Balancing 42-51 VRRP Load Balancing Algorithm For Selecting Gigabit Ethernet Interfaces...
Page 42 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling the iSNS Server 42-85 iSNS Configuration Distribution...
Page 43 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Verifying IPv4 Static Route Information 43-11 Displaying and Clearing ARPs...
Page 44 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Displaying Statistics 44-9 Displaying Gigabit Ethernet Interface Statistics...
Page 45 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Link-Local Address 46-4 IPv6 Address Type: Multicast...
Page 46 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring SCSI Flow Identifiers 47-5 SCSI Flow Statistics...
Page 47 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring RMON 51-1 C H A P T E R...
Page 48 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m RSPAN Configuration Example 52-20 Configuration in the Source Switch...
Page 49 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Verifying Alert Group Customization 54-9 Call Home Message Level Feature...
Page 50 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Displaying FCC Settings 56-3 56-3...
Page 51 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Troubleshooting Your Fabric 58-1 C H A P T E R...
Page 52 Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Monitoring System Processes and Logs 59-1 C H A P T E R...
Page 53 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m New and Changed Information This document provides release-specific information for each new and changed feature in the Cisco MDS SAN-OS Release 3.x software.
Page 54 New and Changed Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 1-1 New and Changed Features for Release 3.x (continued) Changed...
Page 55 New and Changed Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 1-1 New and Changed Features for Release 3.x (continued) Changed...
Page 56 New and Changed Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 1-1 New and Changed Features for Release 3.x (continued) Changed...
Page 57 New and Changed Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 1-1 New and Changed Features for Release 3.x (continued) Changed...
Page 58 New and Changed Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 1-1 New and Changed Features for Release 3.x (continued) Changed...
Page 59 New and Changed Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 1-1 New and Changed Features for Release 3.x (continued) Changed...
Page 60 New and Changed Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 1-1 New and Changed Features for Release 3.x (continued) Changed...
Page 61 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Preface This preface describes the audience, organization, and conventions of the Cisco MDS 9000 Family Configuration Guides.
Page 62 Preface Organization S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Chapter Title Description...
Page 63 Preface Organization S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Chapter Title Description...
Page 64 Preface Organization S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Chapter Title Description...
Page 65: Document Conventions
Preface Document Conventions S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Chapter Title Description...
Page 66 Preface Document Conventions S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Screen examples use these conventions: Terminal sessions and information the switch displays are in screen font.
Page 67: Related Documentation
Preface Related Documentation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Related Documentation The documentation set for the Cisco MDS 9000 Family includes the following documents.
Page 68 Preface Related Documentation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco Fabric Manager •...
Page 69 Preface Related Documentation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and...
Page 70: Documentation Feedback
Preface Related Documentation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Documentation Feedback You can rate and provide feedback about Cisco technical documents by completing the online feedback form that appears with the technical documents on Cisco.com.
Page 71: Obtaining Technical Assistance
Preface Related Documentation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m We encourage you to use Pretty Good Privacy (PGP) or a compatible product (for example, GnuPG) to encrypt any sensitive information that you send to Cisco.
Page 72 Preface Related Documentation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Submitting a Service Request Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests.
Page 73 Preface Related Documentation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Obtaining Additional Publications and Information Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
Page 74 Preface Related Documentation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m World-class networking training is available from Cisco.
Page 75: Getting Started
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m A R T Getting Started...
Page 76 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m...
Page 77: Hardware Overview
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Product Overview The Cisco MDS 9000 Family of multilayer directors and fabric switches offers intelligent...
Page 78: Chapter 1 Product Overview
Chapter 1 Product Overview Hardware Overview S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco Fabric Switch for HP c-Class BladeSystem –...
Page 79: Cisco Mds 9200 Series Fabric Switches
Chapter 1 Product Overview Hardware Overview S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Storage Services Module (SSM) •...
Page 80: Cisco Mds 9100 Series Fixed Configuration Fabric Switches
Chapter 1 Product Overview Hardware Overview S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 18/4-port Multiservice FIPS Module with Federal Information Processing Standard (FIPS) 140-2 •...
Page 81: Cisco San-Os Software Configuration
Chapter 1 Product Overview Cisco SAN-OS Software Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco Fabric Switch for IBM BladeCenter (20 ports;...
Page 82: Cisco Mds 9000 Fabric Manager
Chapter 1 Product Overview Cisco SAN-OS Software Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Continue reading this document for more information on configuring the Cisco MDS switch using the CLI.
Page 83: Advanced Configuration
Chapter 1 Product Overview Cisco SAN-OS Software Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Installing licenses (Chapter 3, “Obtaining and Installing Licenses”)
Page 84 Chapter 1 Product Overview Cisco SAN-OS Software Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Switch interoperability (Chapter 29, “Advanced Features and Concepts”)
Page 85: Before You Begin
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Before You Begin This chapter prepares you to configure switches from the CLI.
Page 86: Chapter 2 Before You Begin
Chapter 2 Before You Begin About the Switch Prompt S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About the Switch Prompt Refer to the Cisco MDS 9200 Series Hardware Installation Guide or the Cisco MDS 9500 Series Note...
Page 87: Default Switch Roles
Chapter 2 Before You Begin Default Switch Roles S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Default Switch Roles By default, two roles exist in all switches: Network operator—Has permission to view the configuration.
Page 88: Cli Command Hierarchy
Chapter 2 Before You Begin Using the CLI S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 2-1 Frequently Used Switch Command Modes Mode...
Page 89: Exec Mode Options
Chapter 2 Before You Begin Using the CLI S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To start executing commands, enter the command at the top level of the hierarchy (EXEC mode).
Page 90: Configuration Mode
Chapter 2 Before You Begin Using the CLI S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m purge Deletes unused data View current directory...
Page 91 Chapter 2 Before You Begin Using the CLI S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m exit Exit from configure mode fabric-binding...
Page 92 Chapter 2 Before You Begin Using the CLI S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m username Configure user information.
Page 93: Cli Command Navigation
Chapter 2 Before You Begin Using the CLI S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Displaying the Present Working Context Some features have configuration submode hierarchy nested more than one level deep.
Page 94: The No And Default Forms Of Commands
Chapter 2 Before You Begin Getting Help S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The no and Default Forms of Commands You can issue the no form of any command to perform the following actions: Undo a wrongly issued command.
Page 95: Managing The Switch Configuration
Chapter 2 Before You Begin Managing the Switch Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To list keywords or arguments, enter a question mark in place of a keyword or argument.
Page 96 Chapter 2 Before You Begin Managing the Switch Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 2-3 Displays the Software and Hardware Version switch# show version...
Page 97 Chapter 2 Before You Begin Managing the Switch Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The interface configuration information can be display in multiple entries in the running configuration.
Page 98: Saving A Configuration
Chapter 2 Before You Begin Displaying Users S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 2-8 Displays the Configuration Per VSAN switch# show runnning vsan 1...
Page 99: Using The Ping And Ping Ipv6 Commands
Chapter 2 Before You Begin Using the ping and ping ipv6 Commands S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch# send Shutting down the system in 2 minutes.
Page 100: Using Traceroute And Traceroute Ipv6 Commands
Chapter 2 Before You Begin Using traceroute and traceroute ipv6 Commands S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 2-3 Options and Defaults for the ping and ping ipv6 Commands (continued) Option...
Page 101: Configuring Terminal Parameters
Chapter 2 Before You Begin Configuring Terminal Parameters S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch# traceroute www.cisco.com Tracing route to www.cisco.com [198.133.219.25] 30 hops max, 38 byte packets bras3-l0.pltnca.sbcglobal.net [151.164.184.79] 30 ms...
Page 102: Displaying Terminal Sessions
Chapter 2 Before You Begin Configuring Terminal Parameters S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m From a VTY session (Telnet or SSH): •...
Page 103: Setting The Terminal Type
Chapter 2 Before You Begin Configuring the Switch Banner Message S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Setting the Terminal Type Use the terminal terminal-type command in EXEC mode to specify the terminal type for a switch: The syntax for this command is terminal terminal-type terminal-type.
Page 104: Directing Show Command Output To A File
Chapter 2 Before You Begin Directing show Command Output to a File S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The following example configures a banner message with the following text “Testing the MOTD Feature.”...
Page 105: Using Cli Variables
Chapter 2 Before You Begin Using CLI Variables S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Using CLI Variables The SAN-OS CLI parser supports the definition and use of variables in CLI commands.
Page 106: User-Defined Cli Persistent Variables
Chapter 2 Before You Begin Using CLI Variables S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Use the show cli variables command to display user-defined CLI session variables.
Page 107: System-Defined Variables
Chapter 2 Before You Begin Using Command Aliases S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m System-Defined Variables Cisco MDS SAN-OS supports one predefined variable: TIMESTAMP.
Page 108: Defining Command Aliases
Chapter 2 Before You Begin About Flash Devices S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Defining Command Aliases You can define command aliases using the cli alias name command in configuration mode.
Page 109: Internal Bootflash
Chapter 2 Before You Begin Formatting Flash Devices and File Systems S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Internal bootflash All switches in the Cisco MDS 9000 Family have one internal bootflash: that resides in the supervisor or switching module.You have access to two locations within the internal bootflash: file system.
Page 110: Formatting External Compactflash
Chapter 2 Before You Begin Using Switch File Systems S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Use the format bootflash: command to only format the bootflash: file system.
Page 111: Specifying File Systems
Chapter 2 Before You Begin Using Switch File Systems S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Compressing and Uncompressing Files, page 2-32 •...
Page 112: Displaying The Current Directory
Chapter 2 Before You Begin Using Switch File Systems S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Any file saved in the volatile: file system is erased when the switch reboots.
Page 113: Listing The Files In A Directory
Chapter 2 Before You Begin Using Switch File Systems S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Listing the Files in a Directory The dir command displays the contents of the current directory or the specified directory.
Page 114: Copying Files
Chapter 2 Before You Begin Using Switch File Systems S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m If a file with the same name already exists in the destination directory, that file is overwritten by the Caution moved file.
Page 115: Deleting Files
Chapter 2 Before You Begin Using Switch File Systems S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m If the current directory is slot0:mydir, this command copies slot0:mydir/samplefile to slot0:mydir/mystorage/samplefile.
Page 116: Saving Command Output To A File
Chapter 2 Before You Begin Using Switch File Systems S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Saving Command Output to a File You can force all screen output to go to a file by appending >...
Page 117: Command Scripts
Chapter 2 Before You Begin Command Scripts S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m You see the last 10 lines of the mylog file.
Page 118: Using Cli Variables In Scripts
Chapter 2 Before You Begin Command Scripts S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Using CLI Variables in Scripts You can use CLI variables defined by the cli var command (see the “Using CLI Variables”...
Page 119 Chapter 2 Before You Begin Command Scripts S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m This command is useful within scripts.
Page 120 Chapter 2 Before You Begin Command Scripts S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide 2-36 OL-16184-01, Cisco MDS SAN-OS Release 3.x...
Page 121 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m A R T Cisco MDS SAN-OS Installation and Switch Management...
Page 122 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m...
Page 123: Licensing Terminology
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Obtaining and Installing Licenses Licenses are available in all switches in the Cisco MDS 9000 Family.
Page 124: C H A P T E R 3 Obtaining And Installing Licenses
Chapter 3 Obtaining and Installing Licenses Licensing Model S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m License enforcement—A mechanism that prevents a feature from being used without first obtaining •...
Page 125 Chapter 3 Obtaining and Installing Licenses Licensing Model S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The licensing model defined for the Cisco MDS product line has two options: Feature-based licenses allow features that are applicable to the entire switch.
Page 126 Chapter 3 Obtaining and Installing Licenses Licensing Model S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The Cisco MDS 9216i switch enables SAN extension features on the two fixed IP services ports only.
Page 127 Chapter 3 Obtaining and Installing Licenses Licensing Model S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 3-1 Feature-Based Licenses (continued) Feature License...
Page 128 Chapter 3 Obtaining and Installing Licenses Licensing Model S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 3-1 Feature-Based Licenses (continued) Feature License...
Page 129 Chapter 3 Obtaining and Installing Licenses Licensing Model S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 3-1 Feature-Based Licenses (continued) Feature License...
Page 130: Licensing High Availability
Chapter 3 Obtaining and Installing Licenses Licensing High Availability S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 3-1 Feature-Based Licenses (continued) Feature License...
Page 131: Obtaining A Factory-Installed License
Chapter 3 Obtaining and Installing Licenses Obtaining a Factory-Installed License S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Obtaining a Factory-Installed License You can obtain factory-installed licenses for a new switch.
Page 132: Obtaining The License Key File
Chapter 3 Obtaining and Installing Licenses Obtaining the License Key File S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Obtaining the License Key File Refer to the Cisco MDS 9000 Family Fabric Manager Configuration Guide for details on installing Note...
Page 133 Chapter 3 Obtaining and Installing Licenses Installing the License Key File S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m When you check the check box for a switch, the PAK or license file name field for that switch becomes editable.
Page 134: Installing The License Key File To A Remote Location
Chapter 3 Obtaining and Installing Licenses Backing Up License Files S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch# show license file Permanent.lic Permanent.lic: SERVER this_host ANY...
Page 135: Uninstalling Licenses
Chapter 3 Obtaining and Installing Licenses Uninstalling Licenses S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Application ----------- qos_manager...
Page 136: Application
Chapter 3 Obtaining and Installing Licenses Updating Licenses S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enterprise.lic Ficon.lic Disable the features provided by the license to be uninstalled.
Page 137: Grace Period Alerts
Chapter 3 Obtaining and Installing Licenses Grace Period Alerts S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Update the license file using the update license url command, where url specifies the bootflash:, slot0:, Step 6 or volatile: location of the updated license file.
Page 138: License Transfers Between Switches
Chapter 3 Obtaining and Installing Licenses License Transfers Between Switches S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Daily alerts from January 30th to May 21st.
Page 139: Qos_Manager
Chapter 3 Obtaining and Installing Licenses Displaying License Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 3-2 Displays Information About Current License Usage switch# show license usage...
Page 140 Chapter 3 Obtaining and Installing Licenses Displaying License Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 3-6 Displays a List of Installed License Key Files switch# show license brief...
Page 141: About On-Demand Port Activation Licensing
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R On-Demand Port Activation Licensing This chapter describes how to use the on-demand port activation licensing feature on the Cisco MDS...
Page 142: Port-Naming Conventions
Chapter 4 On-Demand Port Activation Licensing About On-Demand Port Activation Licensing S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Port-Naming Conventions Table 4-1 describes the port-naming conventions for the four Cisco Fabric switches.
Page 143: C H A P T E R 4 On-Demand Port Activation Licensing
Chapter 4 On-Demand Port Activation Licensing About On-Demand Port Activation Licensing S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 4-3 Cisco Fabric Switch for HP c-Class BladeSystem Default Port Licenses (ext1 - ext4) EXT 1...
Page 144: Default Configuration
Chapter 4 On-Demand Port Activation Licensing About On-Demand Port Activation Licensing S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Default Configuration Example 4-1 shows the default port license configuration for the Cisco MDS 9124 Switch.
Page 145 Chapter 4 On-Demand Port Activation Licensing About On-Demand Port Activation Licensing S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m --------------------------------------------------- Interface Cookie...
Page 146 Chapter 4 On-Demand Port Activation Licensing About On-Demand Port Activation Licensing S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 16830464 16855040 16850944...
Page 147 Chapter 4 On-Demand Port Activation Licensing About On-Demand Port Activation Licensing S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 16822272 16838656 16842752...
Page 148: License Status Definitions
Chapter 4 On-Demand Port Activation Licensing About On-Demand Port Activation Licensing S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 16842752 ----------- License Status Definitions...
Page 149 Chapter 4 On-Demand Port Activation Licensing About On-Demand Port Activation Licensing S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 10G_PORT_ACTIVATION_PKG Unused --------------------------------------------------------------------------------...
Page 150: 10G_Port_Activation_Pkg
Chapter 4 On-Demand Port Activation Licensing Configuring Port Activation Licenses S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m You can use the show license usage command to view any licenses assigned to a switch.
Page 151: Making A Port Eligible For A License
Chapter 4 On-Demand Port Activation Licensing Configuring Port Activation Licenses S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Moving Licenses Among Ports, page 4-12 •...
Page 152: Moving Licenses Among Ports
Chapter 4 On-Demand Port Activation Licensing Configuring Port Activation Licenses S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Moving Licenses Among Ports On the Cisco Fabric Switch for HP c-Class BladeSystem and the Cisco Fabric Switch for IBM Note...
Page 153: On-Demand Port Activation License Example
Chapter 4 On-Demand Port Activation Licensing On-Demand Port Activation License Example S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m On-Demand Port Activation License Example The following example shows how to do the following tasks: Make a port ineligible...
Page 154 Chapter 4 On-Demand Port Activation Licensing On-Demand Port Activation License Example S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Make port fc1/8 ineligible to receive a license.
Page 155 Chapter 4 On-Demand Port Activation Licensing On-Demand Port Activation License Example S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m fc1/13 16826368 acquired...
Page 156 Chapter 4 On-Demand Port Activation Licensing On-Demand Port Activation License Example S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m port-license acquire channel-group 122 force no shutdown...
Page 157: Initial Configuration
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Initial Configuration This chapter includes the following sections:...
Page 158: Chapter 5 Initial Configuration
Chapter 5 Initial Configuration Starting a Switch in the Cisco MDS 9000 Family S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Starting a Switch in the Cisco MDS 9000 Family The following procedure is a review of the tasks you should have completed during hardware installation, including starting up the switch.
Page 159: Preparing To Configure The Switch
Chapter 5 Initial Configuration Initial Setup Routine S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The IP address can only be configured from the CLI.
Page 160: Setup Options
Chapter 5 Initial Configuration Initial Setup Routine S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m There is no default password so you must explicitly configure a strong password.
Page 161: Assigning Setup Information
Chapter 5 Initial Configuration Initial Setup Routine S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 5-1 Management Access to Switches Router...
Page 162: Configuring Out-Of-Band Management
Chapter 5 Initial Configuration Initial Setup Routine S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Out-of-Band Management You can configure both in-band and out-of-band configuration together by entering Yes in both Step 11c...
Page 163 Chapter 5 Initial Configuration Initial Setup Routine S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enter yes (yes is the default) to create an SNMPv3 account.
Page 164 Chapter 5 Initial Configuration Initial Setup Routine S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enable the ip routing? (yes/no) [y]: yes Enter yes (yes is the default) to configure a static route (recommended).
Page 165 Chapter 5 Initial Configuration Initial Setup Routine S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enter the number of key bits within the specified range.
Page 166: Configuring In-Band Management
Chapter 5 Initial Configuration Initial Setup Routine S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m ip route dest_prefix dest_mask dest_address ip default-network dest_prefix ip default-gateway default_gateway...
Page 167 Chapter 5 Initial Configuration Initial Setup Routine S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enter yes to enter the setup mode.
Page 168 Chapter 5 Initial Configuration Initial Setup Routine S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enter the IPv4 subnet mask.
Page 169: Using The Setup Command
Chapter 5 Initial Configuration Initial Setup Routine S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enter deny (deny is the default) to deny a default zone policy configuration.
Page 170: Accessing The Switch
Chapter 5 Initial Configuration Accessing the Switch S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Would you like to enter the basic configuration dialog (yes/no): yes The setup utility guides you through the basic configuration process.
Page 171: Assigning A Switch Name
Chapter 5 Initial Configuration Assigning a Switch Name S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Assigning a Switch Name Each switch in the fabric requires a unique name.
Page 172: Configuring Date, Time, And Time Zone
Chapter 5 Initial Configuration Configuring Date, Time, and Time Zone S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m MAC-Address(es) Serial-Num --------------------------------------...
Page 173: Adjusting For Daylight Saving Time Or Summer Time
Chapter 5 Initial Configuration Configuring Date, Time, and Time Zone S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 4...
Page 174 Chapter 5 Initial Configuration Configuring Date, Time, and Time Zone S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To enable the daylight saving time clock adjustment, follow these steps:In 2007, the U.
Page 175: Ntp Configuration
Chapter 5 Initial Configuration NTP Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m If you want to configure daylight savings time on multiple switches simultaneously, see the RUN CLI command feature in the Cisco MDS 9000 Family Fabric Manager Configuration Guide.
Page 176: Configuring Ntp
Chapter 5 Initial Configuration NTP Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m A peer configured alone takes on the role of a server and should be used as backup.
Page 177 Chapter 5 Initial Configuration NTP Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure NTP in a server association using IPv4 addresses, follow these steps: Command Purpose...
Page 178 Chapter 5 Initial Configuration NTP Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 179: Ntp Cfs Distribution
Chapter 5 Initial Configuration NTP Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m NTP CFS Distribution You can enable NTP fabric distribution for all Cisco MDS switches in the fabric.
Page 180: Discarding Ntp Configuration Changes
Chapter 5 Initial Configuration NTP Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Discarding NTP Configuration Changes After making the configuration changes, you can choose to discard the changes or to commit them.
Page 181: Management Interface Configuration
Chapter 5 Initial Configuration Management Interface Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Management Interface Configuration The management interface on the switch allows multiple simultaneous Telnet or SNMP sessions.
Page 182: Using The Force Option During Shutdown
Chapter 5 Initial Configuration Default Gateway Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To obtain remote management access using IPv6 addressing parameters, follow these steps: Command Command...
Page 183: Configuring The Default Gateway
Chapter 5 Initial Configuration Telnet Server Connection S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 5-4 Default Gateway Default...
Page 184: Disabling A Telnet Connection
Chapter 5 Initial Configuration Configuring Console Port Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Disabling a Telnet Connection To disable Telnet connections to the switch, follow these steps: Command...
Page 185: Configuring Com1 Port Settings
Chapter 5 Initial Configuration Configuring COM1 Port Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The following example displays output from an MDS switch with a Supervisor-1 module.
Page 186: Verifying Com1 Port Settings
Chapter 5 Initial Configuration Configuring Modem Connections S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Description Step 6...
Page 187: Guidelines To Configure Modems
Chapter 5 Initial Configuration Configuring Modem Connections S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Guidelines to Configure Modems We recommend you use the COM1 port to connect the modem from any director in the Cisco MDS 9500 Series or any switch in the Cisco MDS 9200 Series.
Page 188: Enabling Modem Connections
Chapter 5 Initial Configuration Configuring Modem Connections S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling Modem Connections To configure a modem connection through the COM1 port, follow these steps: Command...
Page 189: Configuring The Default Initialization String
Chapter 5 Initial Configuration Configuring Modem Connections S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m S0=1—Pick up after one ring •...
Page 190: Configuring A User-Specified Initialization String
Chapter 5 Initial Configuration Configuring Modem Connections S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring a User-Specified Initialization String To configure a user-specified initialization string through the COM1 port, follow these steps: Command...
Page 191: Verifying The Modem Connection Configuration
Chapter 5 Initial Configuration Configuring Modem Connections S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Connect the modem to the switch as specified in the Cisco MDS 9500 Series Hardware Guide or the Step 2 Cisco MDS 9200 Series Hardware Installation Guide.
Page 192: Configuring Cdp
Chapter 5 Initial Configuration Configuring CDP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring CDP The Cisco Discovery Protocol (CDP) is an advertisement protocol used by Cisco devices to advertise itself to other Cisco devices in the same network.
Page 193: Clearing Cdp Counters And Tables
Chapter 5 Initial Configuration Configuring CDP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To globally configure the refresh time interval for the CDP protocol, follow these steps: Command Command...
Page 194 Chapter 5 Initial Configuration Configuring CDP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 5-1 Displays All CDP Capable Interfaces and Parameters switch# show cdp all...
Page 195 Chapter 5 Initial Configuration Configuring CDP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 5-5 Displays CDP Parameters for the Management Interface switch# show cdp interface mgmt 0...
Page 196 Chapter 5 Initial Configuration Configuring CDP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Device ID:0 Entry address(es): IP Address: 0.0.0.0...
Page 197: About Cfs
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Using the CFS Infrastructure The Cisco MDS SAN-OS software uses the Cisco Fabric Services (CFS) infrastructure to enable...
Page 198: Chapter 6 Using The Cf Infrastructure
Chapter 6 Using the CFS Infrastructure About CFS S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m This section includes the following topics: Cisco SAN-OS Features Using CFS, page 6-2 •...
Page 199: Cfs Protocol
Chapter 6 Using the CFS Infrastructure About CFS S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Three modes of distribution.
Page 200: Uncoordinated Distribution
Chapter 6 Using the CFS Infrastructure Disabling CFS Distribution on a Switch S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Uncoordinated Distribution Uncoordinated distributions are used to distribute information that is not expected to conflict with that from a peer.
Page 201: Verifying Cfs Distribution Status
Chapter 6 Using the CFS Infrastructure CFS Application Requirements S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Verifying CFS Distribution Status The show cfs status command displays the status of CFS distribution on the switch.
Page 202: Locking The Fabric
Chapter 6 Using the CFS Infrastructure Locking the Fabric S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The show cfs application command only displays applications registered with CFS.
Page 203: Committing Changes
Chapter 6 Using the CFS Infrastructure Committing Changes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch# show cfs lock Application: ntp Scope...
Page 204: Discarding Changes
Chapter 6 Using the CFS Infrastructure Discarding Changes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Discarding Changes If you discard configuration changes, the application flushes the pending database and releases locks in the fabric.
Page 205: Verifying Cfs Merge Status
Chapter 6 Using the CFS Infrastructure CFS Merge Support S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m In case of a successful merge, the merged database is distributed to all switches in the combined fabric and the entire new fabric remains in a consistent state.
Page 206 Chapter 6 Using the CFS Infrastructure CFS Merge Support S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m --------------------------------------------------------- Switch WWN IP Address...
Page 207: Cfs Distribution Over Ip
Chapter 6 Using the CFS Infrastructure CFS Distribution over IP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m CFS Distribution over IP You can configure CFS to distribute information over IP for networks containing switches that are not reachable over Fibre Channel.
Page 208: Enabling Cfs Over Ip
Chapter 6 Using the CFS Infrastructure CFS Distribution over IP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 6-2 Network Example 2 with Fibre Channel and IP Connections Node A...
Page 209: Verifying The Cfs Over Ip Configuration
Chapter 6 Using the CFS Infrastructure CFS Distribution over IP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Verifying the CFS Over IP Configuration To verify the CFS over IP configuration, use the show cfs status command.
Page 210: Verifying Ip Multicast Address Configuration For Cfs Over Ip
Chapter 6 Using the CFS Infrastructure CFS Distribution over IP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Verifying IP Multicast Address Configuration for CFS over IP To verify the IP multicast address configuration for CFS over IP, use the show cfs status command.
Page 211: Cfs Regions
Chapter 6 Using the CFS Infrastructure CFS Regions S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m CFS Regions This section contains the following topics: About CFS Regions, page 6-15...
Page 212: Managing Cfs Regions
Chapter 6 Using the CFS Infrastructure CFS Regions S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Managing CFS Regions This section describes how to manage a CFS region.
Page 213: Removing An Application From A Region
Chapter 6 Using the CFS Infrastructure Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Removing an Application from a Region Removing an application from a region is the same as moving the application back to the default region or to Region 0, that is, bringing the entire fabric into the scope of distribution for the application.
Page 214 Chapter 6 Using the CFS Infrastructure Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide 6-18 OL-16184-01, Cisco MDS SAN-OS Release 3.x...
Page 215: About Software Images
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Software Images This chapter describes how to install and upgrade Cisco MDS SAN-OS software images.
Page 216: Dependent Factors For Software Installation
Chapter 7 Software Images About Software Images S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Dependent Factors for Software Installation The software image install procedure is dependent on the following factors: Software images—The kickstart and system image files reside in directories or folders that can be...
Page 217: Chapter 7 Software Image
Chapter 7 Software Images Essential Upgrade Prerequisites S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 7-3 Supervisor Module Software Image Naming Conventions for MDS 9500 Series Cisco MDS 9500 Series...
Page 218 Chapter 7 Software Images Essential Upgrade Prerequisites S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Schedule the upgrade when the fabric is stable and steady.
Page 219: Software Upgrade Methods
Chapter 7 Software Images Software Upgrade Methods S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Commands •...
Page 220: Determining Software Compatibility
Chapter 7 Software Images Automated Upgrades S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m For high availability, you need to connect the ethernet port for both active and standby Note supervisors to the same network or virtual LAN.
Page 221: Benefits Of Using The Install All Command
Chapter 7 Software Images Automated Upgrades S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 7-1 The Effect of the install all Command Cisco MDS 9500 Series switch...
Page 222: Recognizing Failure Cases
Chapter 7 Software Images Automated Upgrades S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Recognizing Failure Cases The following situations cause the installation to end: If the standby supervisor module bootflash: file system does not have sufficient space to accept the...
Page 223 Chapter 7 Software Images Automated Upgrades S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 15944704 Apr 06 16:46:04 2005 m9500-sf1ek9-kickstart-mz.2.1.1a.bin 48063243 Mar 21 15:34:46 2005 m9500-sf1ek9-mz.2.1.1.bin 48036239 Apr 06 16:45:41 2005 m9500-sf1ek9-mz.2.1.1a.bin...
Page 224 Chapter 7 Software Images Automated Upgrades S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Verifying image bootflash:/kickstart-img [####################] 100% -- SUCCESS Verifying image bootflash:/system-img...
Page 225: Upgrading Services Modules
Chapter 7 Software Images Automated Upgrades S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Module 6: Waiting for module online.
Page 226: Sample Install All Commands
Chapter 7 Software Images Automated Upgrades S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 7-5 SSI Boot Image Updating Affects on SSM Traffic Cisco MDS SAN-OS Release...
Page 227 Chapter 7 Software Images Automated Upgrades S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Extracting “system”...
Page 228 Chapter 7 Software Images Automated Upgrades S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m INIT: version 2.78 booting Checking all filesystems..r.r..
Page 229 Chapter 7 Software Images Automated Upgrades S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Module 2: Disruptive upgrading.
Page 230 Chapter 7 Software Images Automated Upgrades S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Module Image Running-Version...
Page 231 Chapter 7 Software Images Automated Upgrades S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Please provide a complete URI switch# install all system scp: Please provide a complete URI...
Page 232 Chapter 7 Software Images Automated Upgrades S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m ------ ---------- --------------------...
Page 233 Chapter 7 Software Images Automated Upgrades S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m non-disruptive reset non-disruptive...
Page 234: Upgrade Status Verification
Chapter 7 Software Images Upgrade Status Verification S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Upgrade Status Verification Use the show install all status command to view the ongoing install all command or the log of the last installed install all command from a console, SSH, or Telnet session.
Page 235: Preparing For A Non-Disruptive Upgrade On Fabric And Modular Switches
Chapter 7 Software Images Non-Disruptive Upgrades on Fabric and Modular Switches S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco Fabric Switch for IBM BladeCenter •...
Page 236 Chapter 7 Software Images Non-Disruptive Upgrades on Fabric and Modular Switches S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m If there is insufficient space available in the system to load the new images, then you will be notified •...
Page 237: Performing A Non-Disruptive Upgrade On A Fabric Switch
Chapter 7 Software Images Non-Disruptive Upgrades on Fabric and Modular Switches S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Verifying image bootflash:/isan-164 for boot variable "system".
Page 238 Chapter 7 Software Images Non-Disruptive Upgrades on Fabric and Modular Switches S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Compatibility check is done: Module bootable...
Page 239: Viewing The Status Of A Non-Disruptive Upgrade On A Fabric Switch
Chapter 7 Software Images Non-Disruptive Upgrades on Fabric and Modular Switches S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m It is recommended that you enable port-fast on the ethernet interface of the catalyst to which the Caution management interface of the fabric switch is connected.
Page 240: Manual Upgrade On A Dual Supervisor Module Switch
Chapter 7 Software Images Manual Upgrade on a Dual Supervisor Module Switch S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch# show install all failure-reason Service: "cfs"...
Page 241: Upgrading A Loader
Chapter 7 Software Images Manual Upgrade on a Dual Supervisor Module Switch S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The Cisco MDS 9216 Switch does not have an external CompactFlash (see the “Managing Note...
Page 242 Chapter 7 Software Images Manual Upgrade on a Dual Supervisor Module Switch S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Before issuing this command, be sure to read the release notes to verify compatibility issues between the Caution loader and the kickstart or system images.
Page 243: Upgrading The Bios
Chapter 7 Software Images Manual Upgrade on a Dual Supervisor Module Switch S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Copyright (c) 2002-2003, Cisco Systems, Inc.
Page 244 Chapter 7 Software Images Manual Upgrade on a Dual Supervisor Module Switch S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco Storage Area Networking Operating System (SAN-OS) Software TAC support: http://www.cisco.com/tac Copyright (c) 2002-2003 by Cisco Systems, Inc.
Page 245: Quick Upgrade
Chapter 7 Software Images Quick Upgrade S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Quick Upgrade To perform a quick upgrade on a Cisco MDS 9000 Family switch, follow these steps: Step 1...
Page 246: Maintaining Supervisor Modules
Chapter 7 Software Images Maintaining Supervisor Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Save the running configuration to the startup configuration.
Page 247 Chapter 7 Software Images Maintaining Supervisor Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To migrate from Supervisor-1 modules to Supervisor-2 modules on a Cisco MDS 9509 or 9506 switch, follow these steps: Ensure that the configured domain ID is the same as the current domain ID for every VSAN on the switch...
Page 248 Chapter 7 Software Images Maintaining Supervisor Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch# copy running-config startup-config Verify that the switch is running Cisco SAN-OS Release 3.0(1) or later.
Page 249 Chapter 7 Software Images Maintaining Supervisor Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Install the Supervisor-2 module in the chassis.
Page 250 Chapter 7 Software Images Maintaining Supervisor Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m INIT: version 2.78 booting Checking all filesystems..
Page 251 Chapter 7 Software Images Maintaining Supervisor Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m This supervisor (sup-2) ----------------------- Redundancy state:...
Page 252 Chapter 7 Software Images Maintaining Supervisor Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m INIT: Switching to runlevel: 3 INIT: Sending processes the TERM signal INIT: (boot)#...
Page 253 Chapter 7 Software Images Maintaining Supervisor Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Remove the Supervisor-1 module from the chassis.
Page 254: Standby Supervisor Module Boot Variable Version
Chapter 7 Software Images Installing Generation 2 Modules in Generation 1 Chassis S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Standby Supervisor Module Boot Variable Version If the standby supervisor module boot variable images are not the same version as those running on the active supervisor module, the software forces the standby supervisor module to run the same version as...
Page 255: Replacing Modules
Chapter 7 Software Images Replacing Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Generation 1 and Generation 2 switching modules can be installed on Cisco MDS 9500 Family •...
Page 256 Chapter 7 Software Images Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 7-6 Default Image Settings Parameters...
Page 257: Managing Configuration Files
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Working with Configuration Files This chapter describes how to initially configure switches using the configuration files so they can be...
Page 258: C H A P T E R 8 Working With Configuration Files
Chapter 8 Working with Configuration Files Managing Configuration Files S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m interface mgmt0 ip address 172.22.95.112 255.255.255.0 no shutdown...
Page 259: From An External Compactflash Disk (Slot0:)
Chapter 8 Working with Configuration Files Managing Configuration Files S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m From an External CompactFlash Disk (slot0:) Note The physical media must be inserted into slot0: after you log into the switch.
Page 260: To An External Compactflash Disk (Slot0:)
Chapter 8 Working with Configuration Files Managing Configuration Files S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To an External CompactFlash Disk (slot0:) To save a configuration file on an external CompactFlash device, follow these steps: Step 1...
Page 261: Unlocking The Startup Configuration File
Chapter 8 Working with Configuration Files Managing Configuration Files S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch# show cfs application ---------------------------------------------- Application...
Page 262: Backing Upconfiguration Files
Chapter 8 Working with Configuration Files Managing Configuration Files S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 8-1 copy Command Syntax (continued) Scheme...
Page 263: Rolling Back To A Previous Configuration
Chapter 8 Working with Configuration Files Managing Configuration Files S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch# copy nvram:startup-config bootflash:my-config This example shows how to back up the startup configuration to the TFTP server (ASCII file).
Page 264: Accessing File Systems On The Standby Supervisor Module
Chapter 8 Working with Configuration Files Accessing File Systems on the Standby Supervisor Module S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Wait until all modules are back online—the module status displays in response to the show module Step 2...
Page 265: About High Availability
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring High Availability The Cisco MDS 9500 Series of multilayer directors support application restartability and nondisruptive...
Page 266: C H A P T E R 9 Configuring High Availability
Chapter 9 Configuring High Availability Switchover Mechanisms S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Directors in the Cisco MDS 9500 Series have two supervisor modules (sup-1 and sup-2) in slots 5 and 6 (Cisco MDS 9509 and 9506 Switches) or slots 7 and 8 (Cisco MDS 9513 Switch).
Page 267: Switchover Guidelines
Chapter 9 Configuring High Availability Switchover Guidelines S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Switchover Guidelines Be aware of the following guidelines when performing a switchover: When you manually initiate a switchover, system messages indicate the presence of two supervisor...
Page 268: Process Restartability
Chapter 9 Configuring High Availability Process Restartability S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Process Restartability Process restartability provides the high availability functionality in Cisco MDS 9000 Family switches.
Page 269: Displaying Ha Status Information
Chapter 9 Configuring High Availability Displaying HA Status Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m This example output shows that automatic copying is disabled.
Page 270 Chapter 9 Configuring High Availability Displaying HA Status Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 9-1 Redundancy States State...
Page 271 Chapter 9 Configuring High Availability Displaying HA Status Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 9-3 Internal States (continued) State...
Page 272 Chapter 9 Configuring High Availability Displaying HA Status Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide OL-16184-01, Cisco MDS SAN-OS Release 3.x...
Page 273: Displaying Switch Hardware Inventory
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Managing System Hardware This chapter provides details on how to manage system hardware other than services and switching...
Page 274: Chapter 10 Managing System Hardware
Chapter 10 Managing System Hardware Displaying Switch Hardware Inventory S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m NAME: "Slot 6", DESCR: "Supervisor/Fabric-1"...
Page 275 Chapter 10 Managing System Hardware Displaying Switch Hardware Inventory S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Module in slot 1 is empty Module in slot 2 is empty Module in slot 3 is empty...
Page 276: Running Compact Flash Tests
Chapter 10 Managing System Hardware Running Compact Flash Tests S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Running Compact Flash Tests In Cisco SAN-OS Release 3.1(3), you can run the CompactFlash CRC checksum test to identify if the CompactFlash firmware is corrupted and needs to be updated.
Page 277: Setting The Compactflash Crc Checksum Test Interval
Chapter 10 Managing System Hardware Running Compact Flash Tests S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch(config)# system health module 4 cf-crc-check To disable automatic CompactFlash CRC checksum testing, use the no system health module cf-crc-check command in EXEC mode.
Page 278: Updating The Compactflash Firmware
Chapter 10 Managing System Hardware Updating the CompactFlash Firmware S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Test Frequency Status...
Page 279: Enabling And Disabling The Compactflash Firmware Update
Chapter 10 Managing System Hardware Updating the CompactFlash Firmware S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling and Disabling the CompactFlash Firmware Update By default, the CompactFlash firmware is updated automatically every30 days.
Page 280: Displaying The Frequency And Status Of Compactflash Updates
Chapter 10 Managing System Hardware Updating the CompactFlash Firmware S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To disable the CompactFlash CRC firmware update test failure action, use the no system health module cf-re-flash failure-action command in configuration mode.
Page 281: Displaying The Switch Serial Number
Chapter 10 Managing System Hardware Displaying the Switch Serial Number S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Test statistics for module 8 ------------------------------------------------------------------------------ Test Name...
Page 282: Displaying Power Usage Information
Chapter 10 Managing System Hardware Displaying Power Usage Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Displaying Power Usage Information Use the show environment power command to display the actual power usage information for the entire switch.
Page 283: Power Supply Configuration Guidelines
Chapter 10 Managing System Hardware Power Supply Configuration Modes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Combined mode—Uses the combined capacity of both power supplies.
Page 284 Chapter 10 Managing System Hardware Power Supply Configuration Modes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 10-1 Redundant Mode Power Supply Scenarios Power...
Page 285: About Crossbar Management
Chapter 10 Managing System Hardware About Crossbar Management S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m You decide to change the switch to redundant mode.
Page 286: Operational Considerations When Removing Crossbars
Chapter 10 Managing System Hardware About Crossbar Management S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 32-port 2-Gbps Fibre Channel switching module •...
Page 287: Backward Compatibility For Generation 1 Modules In Cisco Mds 9513 Directors
Chapter 10 Managing System Hardware About Module Temperature S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To reactivate the external crossbar module, you must remove and reinsert or replace the Note crossbar module.
Page 288: Displaying Module Temperature
Chapter 10 Managing System Hardware About Module Temperature S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m A threshold value of -127 indicates that no thresholds are configured or applicable.
Page 289: About Fan Modules
Chapter 10 Managing System Hardware About Fan Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Outlet Intake Outlet...
Page 290 Chapter 10 Managing System Hardware About Fan Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 10-6 Displays Chassis Fan Information switch# show environment fan ------------------------------------------------------...
Page 291: About Clock Modules
Chapter 10 Managing System Hardware About Clock Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 10-1 Cisco MDS 9513 Front Fan Module Numbering The rear fan module (DS-13SLT-FAN-R) on the Cisco MDS 9513 Director has only two fans.
Page 292: Displaying Environment Information
Chapter 10 Managing System Hardware Displaying Environment Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m We recommend that the failed clock module be replaced during a maintenance window.
Page 293: Default Settings
Chapter 10 Managing System Hardware Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Power Usage Summary: -------------------- Power Supply redundancy mode:...
Page 294 Chapter 10 Managing System Hardware Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide 10-22 OL-16184-01, Cisco MDS SAN-OS Release 3.x...
Page 295: About Modules
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Managing Modules This chapter describes how to manage switching and services modules (also known as line cards) and...
Page 296: Chapter 11 Managing Module
Chapter 11 Managing Modules About Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 11-1 Supervisor Module Options Number of...
Page 297: Switching Modules
Chapter 11 Managing Modules About Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 11-2 Supervisor Module Terms and Usage in Console Displays Module Terms...
Page 298: Verifying The Status Of A Module
Chapter 11 Managing Modules Verifying the Status of a Module S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Verifying the Status of a Module Before you begin configuring the switch, you need to ensure that the modules in the chassis are functioning as designed.
Page 299: Connecting To A Module
Chapter 11 Managing Modules Connecting to a Module S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 11-3 Module States Module Status...
Page 300: Reloading Modules
Chapter 11 Managing Modules Reloading Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To attach to a module, follow these steps: Command Purpose...
Page 301: Power Cycling Modules
Chapter 11 Managing Modules Preserving Module Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Power Cycling Modules To power cycle any module, follow these steps: Identify the module that needs to be reset.
Page 302: Purging Module Configuration
Chapter 11 Managing Modules Purging Module Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 11-4 Switching Module Configuration Status Scenario...
Page 303: Powering Off Switching Modules
Chapter 11 Managing Modules Powering Off Switching Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m will receive an error message that prevents you from proceeding with the configuration.
Page 304 Chapter 11 Managing Modules Identifying Module LEDs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 11-5 LEDs for the Cisco MDS 9200 Series Supervisor Modules (continued) Status...
Page 305 Chapter 11 Managing Modules Identifying Module LEDs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 11-7 describes the LEDs for the 16-port and 32-port switching modules, and the 4-port, 12-port, 24-port, and 48-port Generation 2 switching modules.
Page 306: Epld Configuration
Chapter 11 Managing Modules EPLD Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 11-8 LEDs for the Cisco MDS 9500 Series Supervisor Modules Status...
Page 307: Upgrading Epld Images
Chapter 11 Managing Modules EPLD Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Refer to the Cisco MDS SAN-OS Release Notes to verify if the EPLD has changed for the Cisco SAN-OS image version being used.
Page 308 Chapter 11 Managing Modules EPLD Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 2337571 May 31 13:43:02 2005 m9000-epld-2.1.2.img You can find the EPLD images at the following URL: http://www.cisco.com/cgi-bin/tablebuild.pl/mds-epld...
Page 309 Chapter 11 Managing Modules EPLD Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 15944704 Apr 06 16:46:04 2005 m9500-sf1ek9-kickstart-mz.2.1.1a.bin 48063243 Mar 21 15:34:46 2005 m9500-sf1ek9-mz.2.1.1.bin 48036239 Apr 06 16:45:41 2005 m9500-sf1ek9-mz.2.1.1a.bin...
Page 310: Displaying Epld Versions
Chapter 11 Managing Modules EPLD Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Use the install module number epld url command on the active supervisor module to upgrade EPLD Step 6 images for a module.
Page 311 Chapter 11 Managing Modules EPLD Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Use the show version epld url command to view the available EPLD versions (see Example 11-2).
Page 312: Ssm Feature Support
Chapter 11 Managing Modules SSM Feature Support S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m SSM Feature Support Table 11-9 lists the features supported on the Cisco MDS SAN-OS Release 2.x for the SSM.
Page 313: Upgrading The Ssi Boot Image On An Ssm
Chapter 11 Managing Modules Upgrading the SSI Boot Image on an SSM S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Use the install ssi command to install the SSI boot image on the SSM.
Page 314: Verifying The Ssi Boot Image
Chapter 11 Managing Modules Upgrading the SSI Boot Image on an SSM S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 11-10 SSI Boot Image Updating Affects on SSM Traffic Cisco MDS SAN-OS Release...
Page 315 Chapter 11 Managing Modules Upgrading the SSI Boot Image on an SSM S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Issue the show version command to ensure that your switch is running Cisco MDS SAN-OS Release Step 2 2.1(1a) or later system and kickstart images.
Page 316 Chapter 11 Managing Modules Upgrading the SSI Boot Image on an SSM S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch# dir bootflash: 12288 Jan 01 00:01:06 1980 lost+found/ 14765056 Mar 21 15:35:06 2005 m9500-sf1ek9-kickstart-mz.2.1.1.bin...
Page 317: Configuring The Ssi Image Boot Variable
Chapter 11 Managing Modules Upgrading the SSI Boot Image on an SSM S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The show module command output shows that the standby supervisor is in slot 6.
Page 318 Chapter 11 Managing Modules Upgrading the SSI Boot Image on an SSM S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Log into the switch through the console port, an SSH session, or a Telnet session.
Page 319: Using The Install Ssi Command
Chapter 11 Managing Modules Upgrading the SSI Boot Image on an SSM S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The reload command power cycles the SSM.
Page 320 Chapter 11 Managing Modules Upgrading the SSI Boot Image on an SSM S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Storage Services Module DS-X9032-SSM Supervisor/Fabric-1...
Page 321 Chapter 11 Managing Modules Upgrading the SSI Boot Image on an SSM S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Ports Module-Type Model...
Page 322: Managing Ssms And Supervisor Modules
Chapter 11 Managing Modules Managing SSMs and Supervisor Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Managing SSMs and Supervisor Modules This section describes the considerations for replacing SSMs and supervisor modules and for upgrading and downgrading Cisco MDS SAN-OS releases.
Page 323: Considerations For Upgrading And Downgrading Cisco Mds San-Os Releases
Chapter 11 Managing Modules Managing SSMs and Supervisor Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch(config)# boot ssi modflash://2-1/m9000-ek9-ssi-mz.2.1.2.bin module 2 Considerations for Upgrading and Downgrading Cisco MDS SAN-OS Releases Consider the following when upgrading and downgrading the Cisco MDS SAN-OS software on a switch...
Page 324 Chapter 11 Managing Modules Managing SSMs and Supervisor Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Extracting "loader"...
Page 325: Default Settings
Chapter 11 Managing Modules Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m -- SUCCESS "Switching over onto standby".
Page 326 Chapter 11 Managing Modules Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide 11-32 OL-16184-01, Cisco MDS SAN-OS Release 3.x...
Page 327: Switch Configuration
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m A R T Switch Configuration...
Page 328 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m...
Page 329: Configuring Interfaces
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring Interfaces A switch's main function is to relay frames from one data link to another.
Page 330: Chapter 12 Configuring Interface
Chapter 12 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Fibre Channel Interfaces, page 12-11 •...
Page 331: About Interface Modes
Chapter 12 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m We recommend that you configure your E ports on a 16-port switching module.
Page 332: Np Ports
Chapter 12 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m When a module is removed and replaced with the same type of module, the configuration is retained.
Page 333: Sd Port
Chapter 12 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m TL Port In translative loop port (TL port) mode, an interface functions as a translative loop port.
Page 334: Auto Mode
Chapter 12 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m ST Port In the SPAN tunnel port (ST port) mode, an interface functions as an entry point port in the source switch for the RSPAN Fibre Channel tunnel.
Page 335: N Port Identifier Virtualization
Chapter 12 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m N Port Identifier Virtualization N port identifier virtualization (NPIV) provides a means to assign multiple FC IDs to a single N port.
Page 336: Reason Codes
Chapter 12 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 12-2 Operational States Operational State...
Page 337 Chapter 12 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 12-4 Reason Codes for Nonoperational States Applicable...
Page 338 Chapter 12 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 12-4 Reason Codes for Nonoperational States (continued) Applicable...
Page 339: Configuring Fibre Channel Interfaces
Chapter 12 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Fibre Channel Interfaces To configure a Fibre Channel interface, follow these steps: Command...
Page 340: Graceful Shutdown
Chapter 12 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Graceful Shutdown Interfaces on a port are shutdown by default (unless you modified the initial configuration).
Page 341: Configuring Interface Modes
Chapter 12 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Interface Modes To configure the interface mode, follow these steps: Command...
Page 342: Configuring Port Speeds
Chapter 12 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To ensure that ports that are part of ISLs do not get changed to port mode F, configure the ports in port Note mode E, rather than in Auto mode.
Page 343: Autosensing
Chapter 12 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Autosensing Autosensing speed is enabled on all 4-Gbps switching module interfaces by default.
Page 344: About Frame Encapsulation
Chapter 12 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 345: About Speed Leds
Chapter 12 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 12-3 Cisco MDS 9000 Family Switch Interface Modes Status LED...
Page 346: About Bit Error Thresholds
Chapter 12 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 347: Switch Port Attribute Default Values
Chapter 12 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Switch Port Attribute Default Values You can configure attribute default values for various switch port attributes.
Page 348: Displaying Interface Information
Chapter 12 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 12-5 SFP Transmitter Acronym Definitions (continued) Definition...
Page 349 Chapter 12 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Trunk vsans (up) (1,100,3000) Trunk vsans (isolated)
Page 350 Chapter 12 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Hardware is Fibre Channel, SFP is short wave laser Port WWN is 20:8d:00:05:30:00:97:9e Admin port mode is FX...
Page 351 Chapter 12 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Belongs to port-channel 2 Trunk vsans (admin allowed and active) (1,100,3000) Trunk vsans (up)
Page 352 Chapter 12 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m fc3/16 3000 fc3/17...
Page 353 Chapter 12 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 5 minutes output rate 0 bits/sec, 0 bytes/sec, 0 frames/sec 0 frames input, 0 bytes 0 class-2 frames, 0 bytes...
Page 354 Chapter 12 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 12-9 Display Interface Counters in Brief Format switch# show interface counters brief -------------------------------------------------------------------------------...
Page 355 Chapter 12 Configuring Interfaces Fibre Channel Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m interface fc9/1 switchport speed 2000 interface fc9/1...
Page 356: Tl Ports For Private Loops
Chapter 12 Configuring Interfaces TL Ports for Private Loops S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m interface fc4/9 interface fc4/1 Example 12-15...
Page 357: About Tl Ports
Chapter 12 Configuring Interfaces TL Ports for Private Loops S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Displaying the ALPA Cache Contents, page 12-32 •...
Page 358: About Tl Port Alpa Caches
Chapter 12 Configuring Interfaces TL Ports for Private Loops S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 12-4 TL Port Translation Support Examples Private...
Page 359 Chapter 12 Configuring Interfaces TL Ports for Private Loops S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The show tlport command displays the TL port interface configurations.
Page 360: Manually Inserting Entries Into Alpa Cache
Chapter 12 Configuring Interfaces Buffer Credits S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Manually Inserting Entries into ALPA Cache To manually insert entries into the ALPA cache, follow these steps: Command...
Page 361: Configuring Buffer-To-Buffer Credits
Chapter 12 Configuring Interfaces Buffer Credits S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The receive BB_credit ( ) value may be configured for each FC interface.
Page 362: About Performance Buffers
Chapter 12 Configuring Interfaces Buffer Credits S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Performance Buffers Performance buffers are not supported on the Cisco MDS 9124 Fabric Switch, the Cisco Fabric Switch Note...
Page 363: Extended Bb_Credits On Generation 1 Switching Modules
Chapter 12 Configuring Interfaces Buffer Credits S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Extended BB_credits on Generation 1 Switching Modules The BB_credits feature allows you to configure up to 255 receive buffers on Generation 1 switching modules.
Page 364: Extended Bb_Credits On Generation 2 Switching Modules
Chapter 12 Configuring Interfaces Buffer Credits S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The extended BB_credit configuration takes precedence over the receive BB_credit and performance Note buffer configurations.
Page 365: Displaying Bb_Credit Information
Chapter 12 Configuring Interfaces Management Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Displaying BB_Credit Information To display the BB_credit information, use the show interface bbcredit command (see Example 12-21...
Page 366: About Management Interfaces
Chapter 12 Configuring Interfaces Management Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Management Interfaces Before you begin to configure the management interface manually, obtain the switch’s IPv4 address and subnet mask, or the IPv6 address.
Page 367: Displaying Management Interface Configuration
Chapter 12 Configuring Interfaces VSAN Interfaces S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 6...
Page 368: Creating Vsan Interfaces
Chapter 12 Configuring Interfaces Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m After configuring the VSAN interface, you can configure an IP address or Virtual Router Redundancy Protocol (VRRP) feature (see Chapter 43, “Configuring IP...
Page 369: Configuring N Port Virtualization
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring N Port Virtualization N Port virtualization (NPV) reduces the number of Fibre Channel domain IDs in SANs.
Page 370: C H A P T E R 13 Configuring N Port Virtualization
Chapter 13 Configuring N Port Virtualization About NPV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 13-1 Cisco NPV Fabric Configuration NPV-Core Switch...
Page 371: Npv Mode
Chapter 13 Configuring N Port Virtualization About NPV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 13-2 Cisco NPV Configuration–Interface View Host...
Page 372: Npv Mode
Chapter 13 Configuring N Port Virtualization About NPV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m rate-mode Configure rate mode oversubscription limit rmon...
Page 373: Internal Flogi Parameters
Chapter 13 Configuring N Port Virtualization About NPV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 13-3 Internal FLOGI Flows NPV Core Switch...
Page 374: Npv Traffic Management
Chapter 13 Configuring N Port Virtualization NPV Guidelines and Requirements S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m a new external interface was brought up, the existing load was not distributed automatically to the newly available external interface.
Page 375: Npv Traffic Management Guidelines
Chapter 13 Configuring N Port Virtualization Configuring NPV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m NPV Traffic Management Guidelines When deploying NPV traffic management, follow theseguidelines: Use NPV traffic management only when the automatic traffic engineering by the NPV device is not...
Page 376: Configuring Npv
Chapter 13 Configuring N Port Virtualization Configuring NPV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m On the 91x4 platform, before you downgrade from 3.2(2b) to prior versions, shut the F-port, enable and disable the FC domain persistency for that VSAN and then up the F-port.
Page 377: Multiple Vsan Support
Chapter 13 Configuring N Port Virtualization Configuring NPV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure list of external interfaces per server interfaces, perform the following tasks: Command Purpose...
Page 378: Dpvm Configuration
Chapter 13 Configuring N Port Virtualization Verifying NPV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m You must explicitly configure the WWN of the internal FLOGI in DPVM.If DPVM is configured on •...
Page 379: Verifying Npv
Chapter 13 Configuring N Port Virtualization Verifying NPV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m symbolic-node-name :para-3 port-type :N port-ip-addr :0.0.0.0...
Page 380: Verifying Npv Traffic Management
Chapter 13 Configuring N Port Virtualization Verifying NPV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Verifying NPV Traffic Management To display the NPV traffic map, enter the show npv traffic-map command.
Page 381: About Generation 2 Modules And Switches
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring Generation 2 Switches and Modules The Cisco MDS 9500 Series switches and Cisco MDS 9216A and Cisco MDS 9216i switches support a...
Page 382: Port Groups
Chapter 14 Configuring Generation 2 Switches and Modules About Generation 2 Modules and Switches S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 14-1 Generation 2 Fibre Channel Modules and Fabric Switches (continued) Part Number...
Page 383: C H A P T E R 14 Configuring Generation 2 Switches And Modules
Chapter 14 Configuring Generation 2 Switches and Modules About Generation 2 Modules and Switches S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 14-2 Bandwidth and Port Groups for Generation 2 FC Modules and Fabric Switches Product Name/...
Page 384: Port Rate Modes
Chapter 14 Configuring Generation 2 Switches and Modules About Generation 2 Modules and Switches S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 14-2 Bandwidth and Port Groups for Generation 2 FC Modules and Fabric Switches Product Name/...
Page 385 Chapter 14 Configuring Generation 2 Switches and Modules About Generation 2 Modules and Switches S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 14-3 Port Rate Mode Support on Generation 2 Modules and Switches (continued) Product Name/...
Page 386: Dedicated Mode
Chapter 14 Configuring Generation 2 Switches and Modules About Generation 2 Modules and Switches S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 2.
Page 387: Out-Of-Service Interfaces
Chapter 14 Configuring Generation 2 Switches and Modules Buffer Credit Allocation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Ports configured in dedicated mode are allocated the required bandwidth to sustain a line rate of traffic at the maximum configured operating speed, and ports configured in shared mode share the available remaining bandwidth within the port group.
Page 388: Buffer Pools
Chapter 14 Configuring Generation 2 Switches and Modules Buffer Credit Allocation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Buffer Pools In the architecture of Generation 2 modules, receive buffers shared by a set of ports are called buffer groups.
Page 389: Bb_Credit Buffers For Switching Modules
Chapter 14 Configuring Generation 2 Switches and Modules Buffer Credit Allocation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 24-port module All ports All ports...
Page 390 Chapter 14 Configuring Generation 2 Switches and Modules Buffer Credit Allocation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m BB_credit buffers for ISL connections can be configured from a minimum of 2 buffers to a •...
Page 391: Port 4-Gbps Fibre Channel Module Bb_Credit Buffers
Chapter 14 Configuring Generation 2 Switches and Modules Buffer Credit Allocation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m For an example of the configuration of the this example, see “Configuring a 48-port 4-Gbps Fibre Note...
Page 392: Port Fibre Channel/4-Port Gigabitethernet Multiservice Module Bb_Credit Buffers
Chapter 14 Configuring Generation 2 Switches and Modules Buffer Credit Allocation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Two ports with dedicated rate mode and 4-Gbps speed plus •...
Page 393: Port 10-Gbps Switching Module Bb_Credit Buffers
Chapter 14 Configuring Generation 2 Switches and Modules Buffer Credit Allocation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 14-8 12-Port 4-Gbps Switching Module BB_Credit Buffer Allocation Defaults BB_Credit Buffers Per Port Defaults...
Page 394: Bb_Credit Buffers For Fabric Switches
Chapter 14 Configuring Generation 2 Switches and Modules Buffer Credit Allocation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The ports in the 4-port 10-Gbps switching module only support 10-Gbps dedicated rate mode.
Page 395: Cisco Mds 9124 Fabric Switch Bb_Credit Buffers
Chapter 14 Configuring Generation 2 Switches and Modules Buffer Credit Allocation S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9124 Fabric Switch BB_Credit Buffers Table 14-11 lists the BB_credit buffer allocation for 24-port 4-Gbps Fibre Channel switches.
Page 396: About Combining Generation 1 And Generation 2 Switching Modules
Chapter 14 Configuring Generation 2 Switches and Modules About Combining Generation 1 and Generation 2 Switching Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m for how many extended BB_credits you can assign to a port (except for the maximum and minimum limits).
Page 397 Chapter 14 Configuring Generation 2 Switches and Modules About Combining Generation 1 and Generation 2 Switching Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 0- 255| | (None) 0- 255|...
Page 398: Portchannels
Chapter 14 Configuring Generation 2 Switches and Modules About Combining Generation 1 and Generation 2 Switching Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m -------------------------------------- ---------- 00-0b-be-f7-4c-24 to 00-0b-be-f7-4c-28...
Page 399 Chapter 14 Configuring Generation 2 Switches and Modules About Combining Generation 1 and Generation 2 Switching Modules S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m When configuring PortChannels on switches with both Generation 1 and Generation 2 switching modules, configure the PortChannel and Generation 2 switching modules interfaces to auto with a maximum of 2 Gbps or configure the Generation 1 switching modules followed by the Generation 2...
Page 400: Configuring Generation 2 Module Interface Shared Resources
Chapter 14 Configuring Generation 2 Switches and Modules Configuring Generation 2 Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Use the show port-channel compatibility parameters command to obtain information about PortChannel addition errors.
Page 401: Configuration Guidelines For 48-Port And 24-Port 4-Gbps Fibre Channel Switching Modules
Chapter 14 Configuring Generation 2 Switches and Modules Configuring Generation 2 Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuration Guidelines for 48-Port and 24-Port 4-Gbps Fibre Channel Switching Modules The 48-port and 24-port 4-Gbps Fibre Channel switching modules support the following features:...
Page 402: Configuration Guidelines For 12-Port 4-Gbps Switching Module Interfaces
Chapter 14 Configuring Generation 2 Switches and Modules Configuring Generation 2 Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m ISL ports cannot operate in shared rate mode.
Page 403: Configuring Port Speed
Chapter 14 Configuring Generation 2 Switches and Modules Configuring Generation 2 Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Use the following guidelines to configure 4-port 10-Gbps switching modules when starting with the default configuration: Configure the port mode.
Page 404: Configuring Rate Mode
Chapter 14 Configuring Generation 2 Switches and Modules Configuring Generation 2 Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m fc9/1 is up Hardware is Fibre Channel, SFP is short wave laser w/o OFC (SN) Port WWN is 22:01:00:05:30:01:9f:02...
Page 405 Chapter 14 Configuring Generation 2 Switches and Modules Configuring Generation 2 Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure the rate mode (dedicated or shared) on an interface on a 48-port or 24-port 4-Gbps Fibre Channel switching module, follow these steps: Command...
Page 406: Configuring Oversubscription Ratio Restrictions
Chapter 14 Configuring Generation 2 Switches and Modules Configuring Generation 2 Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m fc9/9 shared fc9/10...
Page 407 Chapter 14 Configuring Generation 2 Switches and Modules Configuring Generation 2 Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m By default, all 48-port and 24-port 4-Gbps Fibre Channel switching modules have restrictions on oversubscription ratios enabled.
Page 408: Disabling Restrictions On Oversubscription Ratios
Chapter 14 Configuring Generation 2 Switches and Modules Configuring Generation 2 Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m -------------------------------------------------------------------- fc8/7 dedicated...
Page 409: Oversubscription Ratio Restrictions Example
Chapter 14 Configuring Generation 2 Switches and Modules Configuring Generation 2 Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m interface fc2/1 Oversubscription Ratio Restrictions Example To disable restrictions on oversubscription ratios for ports on a 48-port Gen2 switch that is configured...
Page 410 Chapter 14 Configuring Generation 2 Switches and Modules Configuring Generation 2 Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch (config-if)# shutdown Display the interface status to confirm the shutdown of all shared ports.
Page 411: Enabling Restrictions On Oversubscription Ratios
Chapter 14 Configuring Generation 2 Switches and Modules Configuring Generation 2 Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling Restrictions on Oversubscription Ratios You must enable restrictions on oversubscription ratios before you can downgrade modules to a previous Caution...
Page 412: Enabling Bandwidth Fairness
Chapter 14 Configuring Generation 2 Switches and Modules Configuring Generation 2 Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m This feature is only supported onthe 48-port and 24-port 4-Gbps Fibre Channel switching modules, as Note well as the 18-port Fibre Channel/4-port GigabitEthernet Multiservice module.
Page 413: Taking Interfaces Out Of Service
Chapter 14 Configuring Generation 2 Switches and Modules Configuring Generation 2 Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m After the downgrade, any insertion of a module or module reload will have bandwidth fairness disabled.
Page 414: Releasing Shared Resources In A Port Group
Chapter 14 Configuring Generation 2 Switches and Modules Configuring Generation 2 Module Interface Shared Resources S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m -------------------------------------------------------------------- fc9/1 shared...
Page 415: Disabling Acl Adjacency Sharing For System Image Downgrade
Chapter 14 Configuring Generation 2 Switches and Modules Disabling ACL Adjacency Sharing for System Image Downgrade S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m For Generation 2 modules, the BB_SCN on ISLs (E or TE ports) is enabled by default.
Page 416: Example Configurations
Chapter 14 Configuring Generation 2 Switches and Modules Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Nominal bit rate is 2100 MBits/sec Link length supported for 50/125mm fiber is 300 m(s) Link length supported for 62.5/125mm fiber is 150 m(s)
Page 417: Configuring A 48-Port 4-Gbps Fibre Channel Switching Module Example
Chapter 14 Configuring Generation 2 Switches and Modules Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch# Configuring a 48-port 4-Gbps Fibre Channel Switching Module Example This section describes how to configure the example shown in...
Page 418: Default Settings
Chapter 14 Configuring Generation 2 Switches and Modules Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Default Settings Table 14-16 lists the default settings for Generation 2 interface parameters.
Page 419: About Trunking
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring Trunking This chapter describes the trunking feature provided in Cisco MDS 9000 switches.
Page 420: Chapter 15 Configuring Trunking
Chapter 15 Configuring Trunking Trunking Protocol S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Trunking Configuration Guidelines If you misconfigure VSAN configurations across E ports, you could face consequences such as merging the traffic in two VSANs (thus causing both VSANs to mismatch).
Page 421: Enabling Or Disabling The Trunking Protocol
Chapter 15 Configuring Trunking Trunking Protocol S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m We recommend that both ends of a trunking ISL belong to the same port VSAN.
Page 422: Configuring Trunk Mode
Chapter 15 Configuring Trunking Trunking Protocol S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The preferred configuration on the Cisco MDS 9000 Family switches is one side of the trunk set to auto and the other set to on.
Page 423 Chapter 15 Configuring Trunking Trunking Protocol S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 15-4 Default Allowed-Active VSAN Configuration Switch 2...
Page 424: Configuring An Allowed-Active List Of Vsans
Chapter 15 Configuring Trunking Displaying Trunking Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 15-5 Operational and Allowed VSAN Configuration Switch 2...
Page 425: Default Settings
Chapter 15 Configuring Trunking Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Hardware is Fibre Channel Port WWN is 20:0d:00:05:30:00:58:1e Peer port WWN is 20:0d:00:05:30:00:59:1e...
Page 426 Chapter 15 Configuring Trunking Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 15-2 Default Trunk Configuration Parameters Parameters...
Page 427: About Portchannels
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring PortChannels PortChannels refer to the aggregation of multiple physical interfaces into one logical interface to provide...
Page 428: C H A P T E R 16 Configuring Portchannels
Chapter 16 Configuring PortChannels About PortChannels S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family switches with Generation 1 switching modules, or a combination of Generation 1 and Generation 2 switching modules, support a maximum of 128 PortChannels.
Page 429: About Portchanneling And Trunking
Chapter 16 Configuring PortChannels About PortChannels S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m If you execute the write erase command on a 32-port switching module, and then copy a saved •...
Page 430: About Load Balancing
Chapter 16 Configuring PortChannels About PortChannels S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 16-3 PortChanneling and Trunking Switch 1...
Page 431 Chapter 16 Configuring PortChannels About PortChannels S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 16-4 SID1 and DID1 Based Load Balancing Link 1...
Page 432: Portchannel Configuration
Chapter 16 Configuring PortChannels PortChannel Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 16-5 SID1, DID1, and Exchange Based Load Balancing Link 1...
Page 433 Chapter 16 Configuring PortChannels PortChannel Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 16-6 Valid PortChannel Configurations Channel Group 10...
Page 434: About Portchannel Configuration
Chapter 16 Configuring PortChannels PortChannel Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About PortChannel Deletion, page 16-10 •...
Page 435 Chapter 16 Configuring PortChannels PortChannel Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m ON (default)—The member ports only operate as part of a PortChannel or remain inactive.
Page 436: About Portchannel Deletion
Chapter 16 Configuring PortChannels Interfaces in a PortChannel S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About PortChannel Deletion When you delete the PortChannel, the corresponding channel membership is also deleted.
Page 437: About Interface Addition To A Portchannel
Chapter 16 Configuring PortChannels Interfaces in a PortChannel S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Interface Addition to a PortChannel You can add a physical interface (or a range of interfaces) to an existing PortChannel.
Page 438: Forcing An Interface Addition
Chapter 16 Configuring PortChannels Interfaces in a PortChannel S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 2...
Page 439: About Interface Deletion From A Portchannel
Chapter 16 Configuring PortChannels PortChannel Protocol S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To force the addition of a port to a PortChannel, follow these steps: Command Purpose...
Page 440: About Channel Group Creation
Chapter 16 Configuring PortChannels PortChannel Protocol S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m cases, the channel groups have the same capability and configurational parameters.
Page 441: About Autocreation
Chapter 16 Configuring PortChannels PortChannel Protocol S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 16-8 Autocreating Channel Groups Channel Group 10...
Page 442: Enabling And Configuring Autocreation
Chapter 16 Configuring PortChannels PortChannel Protocol S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m A port is not allowed to be configured as part of a PortChannel when the autocreation feature is •...
Page 443: About Manually Configured Channel Groups
Chapter 16 Configuring PortChannels PortChannel Configuration Verification S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Manually Configured Channel Groups A user-configured channel group cannot be converted to an autocreated channel group.
Page 444 Chapter 16 Configuring PortChannels PortChannel Configuration Verification S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Last membership update succeeded 2 ports in total, 0 ports up Ports:...
Page 445 Chapter 16 Configuring PortChannels PortChannel Configuration Verification S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m fcip101 [up] fcip200...
Page 446: Default Settings
Chapter 16 Configuring PortChannels Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 16-8 Displays Autocreated PortChannels switch# show interface fc1/1 fc1/1 is trunking...
Page 447 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring Domain Parameters The Fibre Channel domain (fcdomain) feature performs principal switch selection, domain ID...
Page 448: C H A P T E R 17 Configuring Domain Parameters
Chapter 17 Configuring Domain Parameters Fibre Channel Domains S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Fibre Channel Domains This section describes each fcdomain phase: Principal switch selection—This phase guarantees the selection of a unique principal switch across...
Page 449: About Domain Restart
Chapter 17 Configuring Domain Parameters Fibre Channel Domains S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Restarting a Domain, page 17-4 •...
Page 450: Restarting A Domain
Chapter 17 Configuring Domain Parameters Fibre Channel Domains S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Restarting a Domain To restart the fabric disruptively or nondisruptively, follow these steps: Command...
Page 451: About Switch Priority
Chapter 17 Configuring Domain Parameters Fibre Channel Domains S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Switch Priority By default, the configured priority is 128.
Page 452: Configuring Fabric Names
Chapter 17 Configuring Domain Parameters Fibre Channel Domains S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Fabric Names To set the fabric name value for a disabled fcdomain, follow these steps: Command...
Page 453: Enabling Autoreconfiguration
Chapter 17 Configuring Domain Parameters Domain IDs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling Autoreconfiguration To enable automatic reconfiguration in a specific VSAN (or range of VSANs), follow these steps: Command...
Page 454 Chapter 17 Configuring Domain Parameters Domain IDs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m If you do not configure a domain ID, the local switch sends a random ID in its request.
Page 455: Specifying Static Or Preferred Domain Ids
Chapter 17 Configuring Domain Parameters Domain IDs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m If the configured type is preferred, the local switch accepts the domain ID assigned by the –...
Page 456: About Allowed Domain Id Lists
Chapter 17 Configuring Domain Parameters Domain IDs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To specify a static or preferred domain ID, follow these steps: Command Purpose...
Page 457: Configuring Allowed Domain Id Lists
Chapter 17 Configuring Domain Parameters Domain IDs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Allowed Domain ID Lists To configure the allowed domain ID list, follow these steps: Command...
Page 458: Clearing A Fabric Lock
Chapter 17 Configuring Domain Parameters Domain IDs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Locking the Fabric The first action that modifies the existing configuration creates the pending configuration and locks the feature in the fabric.
Page 459: Displaying Cfs Distribution Status
Chapter 17 Configuring Domain Parameters Domain IDs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Displaying CFS Distribution Status You can display the status of CFS distribution for allowed domain ID lists using the show fcdomain status command.
Page 460: About Contiguous Domain Id Assignments
Chapter 17 Configuring Domain Parameters FC IDs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Contiguous Domain ID Assignments By default, the contiguous domain assignment is disabled.
Page 461: About Persistent Fc Ids
Chapter 17 Configuring Domain Parameters FC IDs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Persistent FC IDs, page 17-15 •...
Page 462: About Persistent Fc Id Configuration
Chapter 17 Configuring Domain Parameters FC IDs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 2...
Page 463: Configuring Persistent Fc Ids
Chapter 17 Configuring Domain Parameters FC IDs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Persistent FC IDs To configure persistent FC IDs, follow these steps: Command...
Page 464 Chapter 17 Configuring Domain Parameters FC IDs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m INTERFACE VSAN FCID...
Page 465: About Persistent Fc Id Selective Purging
Chapter 17 Configuring Domain Parameters Displaying fcdomain Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Persistent FC ID Selective Purging Persistent FC IDs can be purged selectively.
Page 466 Chapter 17 Configuring Domain Parameters Displaying fcdomain Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Principal switch run time information: Running priority: 128 No interfaces available.
Page 467 Chapter 17 Configuring Domain Parameters Displaying fcdomain Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 17-5 Displays All Persistent FC IDs in the fcdomain switch# show fcdomain fcid persistent Total entries 2.
Page 468: Default Settings
Chapter 17 Configuring Domain Parameters Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Number reserved FCIDs: 61697 Use the show fcdomain address-allocation cache command to display the valid address allocation cache.
Page 469: About The Command Scheduler
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Scheduling Maintenance Jobs The Cisco MDS command scheduler feature helps you schedule configuration and maintenance jobs in...
Page 470: C H A P T E R 18 Scheduling Maintenance Jobs
Chapter 18 Scheduling Maintenance Jobs Configuring the Command Scheduler S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Monthly—The job is executed once a month.
Page 471: Enabling The Command Scheduler
Chapter 18 Scheduling Maintenance Jobs Configuring the Command Scheduler S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Specifying a Schedule, page 18-6 •...
Page 472: Defining A Job
Chapter 18 Scheduling Maintenance Jobs Configuring the Command Scheduler S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure remote user authentication, follow these steps: Command Purpose...
Page 473: Verifying The Job Definition
Chapter 18 Scheduling Maintenance Jobs Configuring the Command Scheduler S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To define a job for the command scheduler, follow these steps: Command Purpose...
Page 474: Deleting A Job
Chapter 18 Scheduling Maintenance Jobs Configuring the Command Scheduler S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Deleting a Job To delete a job for the command scheduler, follow these steps: Command...
Page 475: Specifying A One-Time Schedule
Chapter 18 Scheduling Maintenance Jobs Configuring the Command Scheduler S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 5...
Page 476: Verifying Scheduler Configuration
Chapter 18 Scheduling Maintenance Jobs Configuring the Command Scheduler S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 477: Removing An Assigned Job
Chapter 18 Scheduling Maintenance Jobs Execution Logs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Removing an Assigned Job To remove an assigned job, follow these steps: Command...
Page 478: About Execution Logs
Chapter 18 Scheduling Maintenance Jobs Execution Logs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Execution Logs The command scheduler maintains a log file.
Page 479: Default Settings
Chapter 18 Scheduling Maintenance Jobs Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Default Settings Table 18-1 lists the default settings for command scheduling parameters.
Page 480 Chapter 18 Scheduling Maintenance Jobs Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide 18-12 OL-16184-01, Cisco MDS SAN-OS Release 3.x...
Page 481: Fabric Configuration
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m A R T Fabric Configuration...
Page 482 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m...
Page 483: About Vsans
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring and Managing VSANs You can achieve higher security and greater stability in Fibre Channel fabrics by using virtual SANs...
Page 484 Chapter 19 Configuring and Managing VSANs About VSANs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Fabric-related configurations in one VSAN do not affect the associated traffic in another VSAN.
Page 485: Chapter 19 Configuring And Managing Vsan
Chapter 19 Configuring and Managing VSANs About VSANs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 19-2 Example of two VSANs Link in VSAN 2...
Page 486: Vsans Versus Zones
Chapter 19 Configuring and Managing VSANs About VSANs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Traffic isolation—Traffic is contained within VSAN boundaries and devices reside only in one •...
Page 487: Vsan Configuration
Chapter 19 Configuring and Managing VSANs VSAN Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 19-3 VSANS with Zoning Physical Topology...
Page 488: About Vsan Creation
Chapter 19 Configuring and Managing VSANs VSAN Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m OX ID based load balancing of IVR traffic from IVR- enabled switches is not supported on Note Generation 1 switching modules.
Page 489: About Port Vsan Membership
Chapter 19 Configuring and Managing VSANs VSAN Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 4...
Page 490: About The Default Vsan
Chapter 19 Configuring and Managing VSANs VSAN Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 19-1 Displays Membership Information for the Specified VSAN switch # show vsan 1 membership vsan 1 interfaces:...
Page 491: Displaying Isolated Vsan Membership
Chapter 19 Configuring and Managing VSANs VSAN Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m When you configure a port in VSAN 4094 or move a port to VSAN 4094, that port is immediately Note isolated.
Page 492: Deleting Static Vsans
Chapter 19 Configuring and Managing VSANs VSAN Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 19-4 VSAN Port Membership Details Before...
Page 493: Configuring Load Balancing
Chapter 19 Configuring and Managing VSANs Displaying Static VSAN Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Load Balancing To configure load balancing on an existing VSAN, follow these steps: Command...
Page 494: Default Settings
Chapter 19 Configuring and Managing VSANs Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 19-5 Displays the VSAN Usage switch# show vsan usage 4 vsan configured...
Page 495: About Sdv
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R SAN Device Virtualization This chapter describes how to configure virtual devices to represent physical end devices for switches...
Page 496: Chapter 20 San Device Virtualization
Chapter 20 SAN Device Virtualization About SDV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 20-1 Target Virtualization Primary target...
Page 497 Chapter 20 SAN Device Virtualization About SDV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m If a storage array is replaced without using Cisco SDV, then it may require the following: Taking down a server to modify zoning and account for the new array.
Page 498: Key Concepts
Chapter 20 SAN Device Virtualization Configuring SDV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Key Concepts The following terms are used throughout this chapter: Virtual device...
Page 499 Chapter 20 SAN Device Virtualization Configuring SDV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 20-5 shows a configuration that includes a new virtual device, vt1.
Page 500: Configuring A Zone For A Virtual Device
Chapter 20 SAN Device Virtualization Configuring SDV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring a Zone for a Virtual Device After configuring a virtual device, you must create a zone that includes all the other real devices and the virtual device as members, and add this zone to a zone set, which you can activate.
Page 501: Configuring A Virtual Device With A Static Fc Id
Chapter 20 SAN Device Virtualization Configuring SDV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 7 Displays the zone sets configured for the VSAN, switch# show zoneset...
Page 502: Linking A Virtual Device With A Physical Device
Chapter 20 SAN Device Virtualization Configuring SDV S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure a static FC ID when creating a virtual device, follow these steps: Command Purpose...
Page 503: Sdv Virtual Initiator And Sdv Virtual Target With Lun
Chapter 20 SAN Device Virtualization SDV Requirements and Guidelines S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 20-2 SDV Virtual Initiator and Real Target with LUN zoneset name zs2 vsan 1 zone name z2 vsan 1...
Page 504: Discarding Changes
Chapter 20 SAN Device Virtualization SDV Requirements and Guidelines S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m IVR and SDV cannot be used for the same device.
Page 505: Clearing Sdv Changes
Chapter 20 SAN Device Virtualization SDV Requirements and Guidelines S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Clearing SDV Changes If you have performed a SDV task and have forgotten to release the lock by either committing or discarding the changes, an administrator can release the lock from any switch in the fabric.
Page 506: Sdv Configuration Example
Chapter 20 SAN Device Virtualization SDV Configuration Example S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m In each of these cases, a configuration check is registered to prevent users from downgrading to SAN-OS Release 3.1(2).
Page 507 Chapter 20 SAN Device Virtualization SDV Configuration Example S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enter the show device-alias database command, which displays the contents of the device alias Step 8 database.
Page 508: Displaying Sdv Information
Chapter 20 SAN Device Virtualization Displaying SDV Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m virtual-device name vdev2 vsan 2 [ WWN:50:00:53:00:00:0b:50:01 ] Displaying SDV Information...
Page 509: Dpvm
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Creating Dynamic VSANs Port VSAN membership on the switch is assigned on a port-by-port basis.
Page 510: Chapter 21 Creating Dynamic Vsan
Chapter 21 Creating Dynamic VSANs DPVM S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m DPVM does not cause any changes to device addressing.
Page 511: About Dpvm Databases
Chapter 21 Creating Dynamic VSANs DPVM S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To enable DPVM on any participating switch, follow these steps: Command Purpose...
Page 512: Activating Dpvm Config Databases
Chapter 21 Creating Dynamic VSANs DPVM S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Activating DPVM Config Databases When you explicitly activate the DPVM config database, the DPVM config database becomes the active DPVM database.
Page 513: Enabling Autolearning
Chapter 21 Creating Dynamic VSANs DPVM Database Distribution S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling Autolearning To enable autolearning, follow these steps: Command...
Page 514: Disabling Dpvm Database Distribution
Chapter 21 Creating Dynamic VSANs DPVM Database Distribution S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m If fabric distribution is enabled, all changes to the configuration database are stored in the DPVM pending database.
Page 515: Committing Changes
Chapter 21 Creating Dynamic VSANs DPVM Database Distribution S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 4...
Page 516: Clearing A Locked Session
Chapter 21 Creating Dynamic VSANs Database Merge Guidelines S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Discarding Changes If you discard (abort) the changes made to the DPVM pending database, the configurations remain unaffected and the lock is released.
Page 517: About Copying Dpvm Databases
Chapter 21 Creating Dynamic VSANs Database Merge Guidelines S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Copying DPVM Databases The following circumstances may require the active DPVM database to be copied to the DPVM config database:...
Page 518: Displaying Dpvm Configurations
Chapter 21 Creating Dynamic VSANs Displaying DPVM Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 519: Sample Dpvm Configuration
Chapter 21 Creating Dynamic VSANs Sample DPVM Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Legend: “+”...
Page 520 Chapter 21 Creating Dynamic VSANs Sample DPVM Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m switch195# show dpvm status DB is activated successfully, auto-learn is on At this stage, the currently logged in devices (and their current VSAN assignment) populate the active...
Page 521: Default Settings
Chapter 21 Creating Dynamic VSANs Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m DB is activated successfully, auto-learn is off Access switch3 and issue the following commands.
Page 522 Chapter 21 Creating Dynamic VSANs Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide 21-14 OL-16184-01, Cisco MDS SAN-OS Release 3.x...
Page 523: Configuring Inter-Vsan Routing
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring Inter-VSAN Routing This chapter explains the Inter-VSAN routing (IVR) feature and provides details on sharing resources...
Page 524: C H A P T E R 22 Configuring Inter-Vsan Routing
Chapter 22 Configuring Inter-VSAN Routing Inter-VSAN Routing S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About IVR IVR is not supported on the Cisco MDS 9124 Fabric Switch, the Cisco MDS 9134 Fabric Switch, the Note...
Page 525: Ivr Features
Chapter 22 Configuring Inter-VSAN Routing Inter-VSAN Routing S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m IVR Features IVR supports the following features: Accesses resources across VSANs without compromising other VSAN benefits.
Page 526: Ivr Limits Summary
Chapter 22 Configuring Inter-VSAN Routing Inter-VSAN Routing S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Border switch—An IVR-enabled switch that is a member of two or more VSANs.
Page 527: Ivr Nat
Chapter 22 Configuring Inter-VSAN Routing Inter-VSAN Routing S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m IVR NAT Without Network Address Translation (NAT), IVR requires unique domain IDs for all switches in the fabric.
Page 528: Ivr Vsan Topology
Chapter 22 Configuring Inter-VSAN Routing Inter-VSAN Routing S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 22-2 Extended Link Service Messages Supported by IVR NAT (continued) Link Service Command...
Page 529: Autonomous Fabric Id
Chapter 22 Configuring Inter-VSAN Routing Inter-VSAN Routing S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Autonomous Fabric ID The autonomous fabric ID (AFID) distinguishes segmented VSANS (that is, two VSANs that are logically and physically separate but have the same VSAN number).
Page 530: Service Group Activation
Chapter 22 Configuring Inter-VSAN Routing IVR Configuration Task List S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Service Group Activation A configured service group must be activated for it take effect.
Page 531: Enabling Ivr
Chapter 22 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Copying the Active IVR Service Group Database, page 22-15 •...
Page 532: Distributing The Ivr Configuration Using Cfs
Chapter 22 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Distributing the IVR Configuration using CFS The IVR feature uses the Cisco Fabric Services (CFS) infrastructure to enable efficient configuration management and to provide a single point of configuration for the entire fabric in the VSAN (see...
Page 533: Committing The Changes
Chapter 22 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Locking the Fabric The first action that modifies the database creates the pending database and locks the feature in the VSAN.
Page 534: About Ivr Nat And Auto Topology
Chapter 22 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About IVR NAT and Auto Topology Before configuring an IVR SAN fabric to use IVR NAT and auto-topology, consider the following guidelines:...
Page 535: Service Group Guidelines
Chapter 22 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m IVR can (optionally) be enabled on additional border switches to provide redundant paths between •...
Page 536: Enabling Ivr Nat
Chapter 22 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling IVR NAT To configure IVR NAT, follow these steps: Command...
Page 537: Copying The Active Ivr Service Group Database
Chapter 22 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 4...
Page 538: About Afids
Chapter 22 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m IVR-SG1 IVR-SG2 Total:...
Page 539: Configuring Individual Afids
Chapter 22 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Individual AFIDs To configure individual AFIDs, follow these steps: Command...
Page 540: Domain Id Guidelines
Chapter 22 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m IVR-enabled VSANs can be configured when the interop mode is enabled (any interop mode) or disabled Note (no interop mode).
Page 541: Configuring Ivr Without Nat
Chapter 22 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The VSAN topology configuration must be updated before a border switch is added or removed.
Page 542: Activating A Manually Configured Ivr Topology
Chapter 22 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure a user-defined IVR topology database, follow these steps: Command Purpose...
Page 543: Adding An Ivr-Enabled Switch To An Existing Ivr Topology
Chapter 22 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To activate the manually configured IVR topology database, follow these steps: Command Purpose...
Page 544: Copying The Active Ivr Topology
Chapter 22 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m After adding the switch to the IVR topology, you then enable IVR and CFS for the IVR application on the new switch (see the“Enabling IVR”...
Page 545: Migrating From Ivr Auto Topology Mode To Manual Mode
Chapter 22 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 20:02:00:44:22:00:4a:05 1-2,6 20:02:00:44:22:00:4a:07...
Page 546: Configuring Ivr Virtual Domains
Chapter 22 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Withdrawing an overlapping virtual domain from an IVR VSAN disrupts IVR traffic to and from that Note domain.
Page 547: Configuring Persistent Fc Ids For Ivr
Chapter 22 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Host devices always see the same FC ID for targets.
Page 548: Verifying The Persistent Fc Id Configuration
Chapter 22 Configuring Inter-VSAN Routing Configuring IVR S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 2...
Page 549: Configuring Ivr Logging Levels
Chapter 22 Configuring Inter-VSAN Routing IVR Zones and IVR Zone Sets S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 22-5 Displays the IVR fcdomain Database Entries for a Specific AFID and VSAN switch# show ivr fcdomain database autonomous-fabric-num 21 vsan 22 ----------------------------------------------------...
Page 550: About Ivr Zones
Chapter 22 Configuring Inter-VSAN Routing IVR Zones and IVR Zone Sets S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The same IVR zone set must be activated on all of the IVR-enabled switches.
Page 551: Configuring Ivr Zones And Ivr Zone Sets
Chapter 22 Configuring Inter-VSAN Routing IVR Zones and IVR Zone Sets S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 22-3 Creating Zones Upon IVR Zone Activation Active zone in VSAN 1:...
Page 552 Chapter 22 Configuring Inter-VSAN Routing IVR Zones and IVR Zone Sets S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 553: About Activating Zone Sets And Using The Force Option
Chapter 22 Configuring Inter-VSAN Routing IVR Zones and IVR Zone Sets S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Activating Zone Sets and Using the force Option Once the zone sets have been created and populated, you must activate the zone set.
Page 554: Activating Or Deactivating Ivr Zone Sets
Chapter 22 Configuring Inter-VSAN Routing IVR Zones and IVR Zone Sets S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Activating or Deactivating IVR Zone Sets To activate or deactivate an existing IVR zone set, follow these steps: Command...
Page 555 Chapter 22 Configuring Inter-VSAN Routing IVR Zones and IVR Zone Sets S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m zone name sample_vsan2-3 pwwn 21:00:00:e0:8b:02:ca:4a vsan 3 pwwn 21:00:00:20:37:c8:5c:6b vsan 2...
Page 556: About Luns In Ivr Zoning
Chapter 22 Configuring Inter-VSAN Routing IVR Zones and IVR Zone Sets S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 22-14 Displays Status Information for the IVR Zone Set switch# show ivr zoneset status Zoneset Status...
Page 557: About Qos In Ivr Zones
Chapter 22 Configuring Inter-VSAN Routing IVR Zones and IVR Zone Sets S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 558: Renaming Ivr Zones And Ivr Zone Sets
Chapter 22 Configuring Inter-VSAN Routing Database Merge Guidelines S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Renaming IVR Zones and IVR Zone Sets You can rename IVR zones and IVR zone sets.
Page 559 Chapter 22 Configuring Inter-VSAN Routing Database Merge Guidelines S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m If dissimilar zones exist in two merged fabrics, the zone from each fabric is cloned in the –...
Page 560: Resolving Database Merge Failures
Chapter 22 Configuring Inter-VSAN Routing Database Merge Guidelines S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m If only some of the switches in the fabrics are running Cisco SAN-OS Release 3.0(3) or later, and the Note number of zone members exceeds 10,000, you must either reduce the number of zone members in the...
Page 561: Manual Topology Configuration
Chapter 22 Configuring Inter-VSAN Routing Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m If the failure is due to exceeding the maximum configuration limits in a fabric where the switches •...
Page 562 Chapter 22 Configuring Inter-VSAN Routing Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m ----------------------- fabric distribution disabled Last Action...
Page 563 Chapter 22 Configuring Inter-VSAN Routing Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m AFID SWITCH WWN Active...
Page 564: Auto-Topology Configuration
Chapter 22 Configuring Inter-VSAN Routing Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m mds(config)# exit mds# Verify the IVR zone set activation.
Page 565 Chapter 22 Configuring Inter-VSAN Routing Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Verify that IVR is enabled on every IVR-enabled switch.
Page 566: Default Settings
Chapter 22 Configuring Inter-VSAN Routing Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m -------------------------------------------------------------- 20:00:00:0d:ec:08:6e:40 * 1,336-338...
Page 567: About Zoning
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring and Managing Zones Zoning enables you to set up access control between storage devices or user groups.
Page 568: Chapter 23 Configuring And Managing Zone
Chapter 23 Configuring and Managing Zones About Zoning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Zones can vary in size.
Page 569: Zone Implementation
Chapter 23 Configuring and Managing Zones About Zoning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 23-1 Fabric with Two Zones Zone 1...
Page 570 Chapter 23 Configuring and Managing Zones About Zoning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Each VSAN has a full database and an active database.
Page 571: Active And Full Zone Set Considerations
Chapter 23 Configuring and Managing Zones About Zoning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Active and Full Zone Set Considerations Before configuring a zone set, consider the following guidelines: Each VSAN can have multiple zone sets but only one zone set can be active at any given time.
Page 572: Zone Configuration
Chapter 23 Configuring and Managing Zones Zone Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 23-3 Active and Full Zone Sets Full zone set...
Page 573: Configuring A Zone
Chapter 23 Configuring and Managing Zones Zone Sets S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring a Zone To configure a zone and assign a zone name, follow these steps: Command...
Page 574 Chapter 23 Configuring and Managing Zones Zone Sets S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Creating FC Aliases, page 23-10 •...
Page 575: Activating A Zone Set
Chapter 23 Configuring and Managing Zones Zone Sets S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Activating a Zone Set Changes to a zone set do not take effect in a full zone set until you activate it.
Page 576: About Fc Alias Creation
Chapter 23 Configuring and Managing Zones Zone Sets S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 2...
Page 577: Creating Zone Sets And Adding Member Zones
Chapter 23 Configuring and Managing Zones Zone Sets S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 578 Chapter 23 Configuring and Managing Zones Zone Sets S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 4...
Page 579: Zone Enforcement
Chapter 23 Configuring and Managing Zones Zone Set Distribution S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m when the pWWN changes.
Page 580: Enabling Full Zone Set Distribution
Chapter 23 Configuring and Managing Zones Zone Set Distribution S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling Full Zone Set Distribution All switches in the Cisco MDS 9000 Family distribute active zone sets when new E port links come up or when a new zone set is activated in a VSAN.
Page 581: Importing And Exporting Zone Sets
Chapter 23 Configuring and Managing Zones Zone Set Distribution S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Import the neighboring switch's active zone set database and replace the current active zone set (see •...
Page 582: Zone Set Duplication
Chapter 23 Configuring and Managing Zones Zone Set Duplication S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Zone Set Duplication You can make a copy and then edit it without altering the existing active zone set.
Page 583: Renaming Zones, Zone Sets, And Aliases
Chapter 23 Configuring and Managing Zones Zone Set Duplication S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Renaming Zones, Zone Sets, and Aliases To rename a zone, zone set, fcalias, or zone-attribute-group, follow these steps: Command...
Page 584: Advanced Zone Attributes
Chapter 23 Configuring and Managing Zones Advanced Zone Attributes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Advanced Zone Attributes This section describes advanced zone attributes and includes the following topics: About Zone-Based Traffic Priority, page 23-18...
Page 585: Configuring Default Zone Qos Priority Attributes
Chapter 23 Configuring and Managing Zones Advanced Zone Attributes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 586: About Broadcast Zoning
Chapter 23 Configuring and Managing Zones Advanced Zone Attributes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 587: About Lun Zoning
Chapter 23 Configuring and Managing Zones Advanced Zone Attributes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure the broadcast attribute for a default zone, follow these steps: Command Purpose...
Page 588: Configuring A Lun-Based Zone
Chapter 23 Configuring and Managing Zones Advanced Zone Attributes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 23-6 LUN Zoning Access Zone 1...
Page 589: About Read-Only Zones
Chapter 23 Configuring and Managing Zones Advanced Zone Attributes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Read-Only Zones By default, an initiator has both read and write access to the target's media when they are members of the same Fibre Channel zone.
Page 590: Displaying Zone Information
Chapter 23 Configuring and Managing Zones Displaying Zone Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 591 Chapter 23 Configuring and Managing Zones Displaying Zone Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 23-2 Displays Zone Information for a Specific VSAN switch# show zone vsan 1 zone name Zone3 vsan 1...
Page 592 Chapter 23 Configuring and Managing Zones Displaying Zone Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m zoneset name ZoneSet3 vsan 3 zone name Zone1 vsan 1 pwwn 21:00:00:20:37:6f:db:dd...
Page 593 Chapter 23 Configuring and Managing Zones Displaying Zone Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Statistics For VSAN: 2 ********************************** Number of Merge Requests Sent: 4...
Page 594 Chapter 23 Configuring and Managing Zones Displaying Zone Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 23-12 Displays Brief Descriptions of Zone Sets switch# show zoneset brief zoneset name ZoneSet1 vsan 1...
Page 595 Chapter 23 Configuring and Managing Zones Displaying Zone Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Active Zoning Database : Name: zoneset-1 Zonesets:1...
Page 596: Enhanced Zoning
Chapter 23 Configuring and Managing Zones Enhanced Zoning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 23-19 Displays the Local Interface Active Zone Details for a Remote Switch switch# show zone active zone name if-zone vsan 1...
Page 597: Changing From Basic Zoning To Enhanced Zoning
Chapter 23 Configuring and Managing Zones Enhanced Zoning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 23-2 Advantages of Enhanced Zoning Basic Zoning...
Page 598: Changing From Enhanced Zoning To Basic Zoning
Chapter 23 Configuring and Managing Zones Enhanced Zoning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m After moving from basic zoning to enhanced zoning we recommend that you save the running configuration.
Page 599: Modifying The Zone Database
Chapter 23 Configuring and Managing Zones Enhanced Zoning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Modifying the Zone Database Modifications to the zone database is done within a session.
Page 600: Merging The Database
Chapter 23 Configuring and Managing Zones Enhanced Zoning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Create an attribute group.
Page 601: The Merge Process
Chapter 23 Configuring and Managing Zones Enhanced Zoning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Remove all non-pWWN-type zone entries on all MDS switches running Cisco SAN-OS prior to merging Caution fabrics if there is a Cisco MDS 9020 switch running FabricWare in the adjacent fabric.
Page 602: Broadcasting A Zone
Chapter 23 Configuring and Managing Zones Enhanced Zoning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Broadcasting a Zone You can specify an enhanced zone to restrict broadcast frames generated by a member in this zone to members within that zone.
Page 603: Configuring System Default Zoning Settings
Chapter 23 Configuring and Managing Zones Enhanced Zoning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 6...
Page 604 Chapter 23 Configuring and Managing Zones Enhanced Zoning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m attribute read-only attribute qos priority high attribute broadcast]...
Page 605 Chapter 23 Configuring and Managing Zones Enhanced Zoning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Name: testzoneset Zonesets:1 Zones:2...
Page 606: Compacting The Zone Database For Downgrading
Chapter 23 Configuring and Managing Zones Compacting the Zone Database for Downgrading S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 23-32 Displays the Pending fcalias Information for the VSAN to be Committed switch# show fcalias pending vsan 2 No pending info found...
Page 607: Default Settings
Chapter 23 Configuring and Managing Zones Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Unassigned Zones: 1 zone name z1 vsan 1 The maximum size of the full zone database per VSAN is 2000 KB.
Page 608 Chapter 23 Configuring and Managing Zones Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 23-5 Default Basic Zone Parameters (continued) Parameters...
Page 609: About Device Aliases
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Distributing Device Alias Services All switches in the Cisco MDS 9000 Family support Distributed Device Alias Services (device alias) on...
Page 610: C H A P T E R 24 Distributing Device Alias Services
Chapter 24 Distributing Device Alias Services Device Alias Databases S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m When you configure zones, IVR zones, or QoS features using device aliases, and if you display these •...
Page 611: Creating Device Aliases
Chapter 24 Distributing Device Alias Services Device Alias Databases S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m If you modify the device alias configuration, you need to commit or discard the changes as the fabric remains locked during this period.
Page 612: Committing Changes
Chapter 24 Distributing Device Alias Services Device Alias Databases S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Fabric Distribution: Disabled Database:- Device Aliases 25 Status of the last CFS operation issued from this switch:...
Page 613: Fabric Lock Override
Chapter 24 Distributing Device Alias Services Device Alias Databases S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To display the status of the discard operation, use the show device alias status command.
Page 614: Imported A Zone Alias
Chapter 24 Distributing Device Alias Services Device Alias Databases S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To display the status of device alias distribution, use the show device-alias status command (see Example 24-2 Example...
Page 615: Device Alias Statistics Cleanup
Chapter 24 Distributing Device Alias Services Database Merge Guidelines S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To display device alias information in zone sets, use the show zoneset command (see Example 24-4 Example...
Page 616 Chapter 24 Distributing Device Alias Services Device Alias Configuration Verification S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 24-6 Displays All Configured Device Aliases from the Effective Database switch# show device-alias database device-alias name SampleName pwwn 21:00:00:e0:8b:0b:66:56...
Page 617 Chapter 24 Distributing Device Alias Services Device Alias Configuration Verification S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m fc2/12 0x670200 21:00:00:e0:8b:0b:66:56...
Page 618 Chapter 24 Distributing Device Alias Services Device Alias Configuration Verification S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Activation requests received: 0 Activation request rejects sent: 0 Activation requests sent: 2...
Page 619: Default Settings
Chapter 24 Distributing Device Alias Services Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Default Settings Table 24-2 lists the default settings for device alias parameters.
Page 620 Chapter 24 Distributing Device Alias Services Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide 24-12 OL-16184-01, Cisco MDS SAN-OS Release 3.x...
Page 621 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring Fibre Channel Routing Services and Protocols...
Page 622: C H A P T E R 25 Configuring Fibre Channel Routing Services And Protocols
Chapter 25 Configuring Fibre Channel Routing Services and Protocols About FSPF S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About FSPF FSPF is the protocol currently standardized by the T11 committee for routing in Fibre Channel networks.
Page 623: Redundant Links
Chapter 25 Configuring Fibre Channel Routing Services and Protocols About FSPF S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Redundant Links To further improve on the topology in Figure...
Page 624: Fspf Global Configuration
Chapter 25 Configuring Fibre Channel Routing Services and Protocols FSPF Global Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 25-2 Shutting Down the Switch for the SmartBits Scenario PortChannel Scenario...
Page 625: Configuring Fspf On A Vsan
Chapter 25 Configuring Fibre Channel Routing Services and Protocols FSPF Global Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 25-3 LSR Default Settings LSR Option...
Page 626: Enabling Or Disabling Fspf
Chapter 25 Configuring Fibre Channel Routing Services and Protocols FSPF Interface Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling or Disabling FSPF To enable or disable FSPF routing protocols, follow these steps: Command...
Page 627: Configuring Fspf Link Cost
Chapter 25 Configuring Fibre Channel Routing Services and Protocols FSPF Interface Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring FSPF Link Cost To configure FSPF link cost, follow these steps: Command...
Page 628: Configuring Dead Time Intervals
Chapter 25 Configuring Fibre Channel Routing Services and Protocols FSPF Interface Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m An error is reported at the command prompt if the configured dead time interval is less than the hello Caution time interval.
Page 629: Disabling Fspf For Specific Interfaces
Chapter 25 Configuring Fibre Channel Routing Services and Protocols FSPF Routes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m FSPF must be enabled at both ends of the interface for the protocol to work.
Page 630: About Fibre Channel Routes
Chapter 25 Configuring Fibre Channel Routing Services and Protocols FSPF Routes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Fibre Channel Routes Each port implements forwarding logic, which forwards frames based on its FC ID.
Page 631 Chapter 25 Configuring Fibre Channel Routing Services and Protocols FSPF Routes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 2...
Page 632: About Broadcast And Multicast Routing
Chapter 25 Configuring Fibre Channel Routing Services and Protocols FSPF Routes S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Broadcast and Multicast Routing Broadcast and multicast in a Fibre Channel fabric uses the concept of a distribution tree to reach all switches in the fabric.
Page 633: In-Order Delivery
Chapter 25 Configuring Fibre Channel Routing Services and Protocols In-Order Delivery S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m In-Order Delivery In-Order Delivery (IOD) of data frames guarantees frame delivery to a destination in the same order that they were sent by the originator.
Page 634 Chapter 25 Configuring Fibre Channel Routing Services and Protocols In-Order Delivery S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Frames in the network are delivered in the order in which they are transmitted.
Page 635: About Reordering Portchannel Frames
Chapter 25 Configuring Fibre Channel Routing Services and Protocols In-Order Delivery S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Reordering PortChannel Frames When a link change occurs in a PortChannel, the frames for the same exchange or the same flow can switch from one path to another faster path.
Page 636: Enabling In-Order Delivery Globally
Chapter 25 Configuring Fibre Channel Routing Services and Protocols In-Order Delivery S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling In-Order Delivery Globally To ensure that the in-order delivery parameters are uniform across all VSANs on an MDS switch, enable in-order delivery globally.
Page 637: Configuring The Drop Latency Time
Chapter 25 Configuring Fibre Channel Routing Services and Protocols In-Order Delivery S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m vsan 3451 inorder delivery:guaranteed vsan 3452 inorder delivery:guaranteed Configuring the Drop Latency Time...
Page 638: Flow Statistics Configuration
Chapter 25 Configuring Fibre Channel Routing Services and Protocols Flow Statistics Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m vsan 460 network latency:500 milliseconds Flow Statistics Configuration Flow statistics count the ingress traffic in the aggregated statistics table.
Page 639: Counting Individual Flow Statistics
Chapter 25 Configuring Fibre Channel Routing Services and Protocols Flow Statistics Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Counting Individual Flow Statistics To count the flow statistics for a source and destination FC ID in a VSAN, follow these steps: Command...
Page 640: Displaying Global Fspf Information
Chapter 25 Configuring Fibre Channel Routing Services and Protocols Flow Statistics Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 25-6 Displays Flow Index Usage for the Specified Module switch# show fcflow stats usage module 2 2 flows configured...
Page 641 Chapter 25 Configuring Fibre Channel Routing Services and Protocols Flow Statistics Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Domain ID of the LSR owner •...
Page 642: Displaying Fspf Interfaces
Chapter 25 Configuring Fibre Channel Routing Services and Protocols Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 0x65(101) 0x00001094 0x00001084 Displaying FSPF Interfaces...
Page 643 Chapter 25 Configuring Fibre Channel Routing Services and Protocols Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 25-4 Default FSPF Settings (continued) Parameters...
Page 644 Chapter 25 Configuring Fibre Channel Routing Services and Protocols Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide 25-24 OL-16184-01, Cisco MDS SAN-OS Release 3.x...
Page 645: Flogi
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Managing FLOGI, Name Server, FDMI, and RSCN Databases...
Page 646: C H A P T E R 26 Managing Flogi, Name Server, Fdmi, And Rscn Databases
Chapter 26 Managing FLOGI, Name Server, FDMI, and RSCN Databases FLOGI S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m fc9/13 0xb200cd 21:00:00:04:cf:4c:18:f7...
Page 647: Name Server Proxy
Chapter 26 Managing FLOGI, Name Server, FDMI, and RSCN Databases Name Server Proxy S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Name Server Proxy The name server functionality maintains a database containing the attributes for all hosts and storage devices in each VSAN.
Page 648: Rejecting Duplicate Pwwns
Chapter 26 Managing FLOGI, Name Server, FDMI, and RSCN Databases Name Server Proxy S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Rejecting Duplicate pWWNs To reject duplicate pWWNs, follow these steps: Command...
Page 649: Fdmi
Chapter 26 Managing FLOGI, Name Server, FDMI, and RSCN Databases FDMI S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Total number of entries = 4 Example 26-7 Displays the Name Server Database Details switch# show fcns database detail...
Page 650: Displaying Fdmi
Chapter 26 Managing FLOGI, Name Server, FDMI, and RSCN Databases Displaying FDMI S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Using the FDMI functionality, the SAN-OS software can extract the following management information about attached HBAs and host operating systems without installing proprietary host agents: •...
Page 651: Rscn
Chapter 26 Managing FLOGI, Name Server, FDMI, and RSCN Databases RSCN S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m ------------------------------- HBA-ID: 10:00:00:00:c9:32:8d:77 -------------------------------...
Page 652: About Rscn Information
Chapter 26 Managing FLOGI, Name Server, FDMI, and RSCN Databases RSCN S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m IP address change.
Page 653: About The Multi-Pid Option
Chapter 26 Managing FLOGI, Name Server, FDMI, and RSCN Databases RSCN S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Number of RSCN received Number of RSCN sent = 24...
Page 654: Clearing Rscn Statistics
Chapter 26 Managing FLOGI, Name Server, FDMI, and RSCN Databases RSCN S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To suppress the transmission of these SW RSCNs over an ISL, follow these steps: Command Purpose...
Page 655: Verifying The Rscn Timer Configuration
Chapter 26 Managing FLOGI, Name Server, FDMI, and RSCN Databases RSCN S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The RSCN timer value must be the same on all switches in the VSAN.
Page 656: Enabling Rscn Timer Configuration Distribution
Chapter 26 Managing FLOGI, Name Server, FDMI, and RSCN Databases RSCN S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Only the RSCN timer configuration is distributed.
Page 657: Committing The Rscn Timer Configuration Changes
Chapter 26 Managing FLOGI, Name Server, FDMI, and RSCN Databases RSCN S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Committing the RSCN Timer Configuration Changes If you commit the changes made to the active database, the configuration is committed to all the switches in the fabric.
Page 658: Default Settings
Chapter 26 Managing FLOGI, Name Server, FDMI, and RSCN Databases Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Use the show rscn session status vsan command to display session status information for RSCN configuration distribution.
Page 659: About Scsi Lun Discovery
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Discovering SCSI Targets This chapter describes the SCSI LUN discovery feature provided in switches in the Cisco MDS 9000...
Page 660: Starting Scsi Lun Discovery
Chapter 27 Discovering SCSI Targets Displaying SCSI LUN Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Starting SCSI LUN Discovery To start SCSI LUN discovery, follow this step: Command...
Page 661: Chapter 27 Discovering Scsi Target
Chapter 27 Discovering SCSI Targets Displaying SCSI LUN Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m This command takes several minutes to complete, especially if the fabric is large or if several devices Note are slow to respond.
Page 662 Chapter 27 Discovering SCSI Targets Displaying SCSI LUN Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m -------------------------------------------------------------------------------- WIN 0x0 36704...
Page 663: About Ficon
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring FICON Fibre Connection (FICON) interface capabilities enhance the Cisco MDS 9000 Family by supporting...
Page 664: Chapter 28 Configuring Ficon
Chapter 28 Configuring FICON About FICON S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The Cisco MDS 9000 Family supports the Fibre Channel Protocol (FCP), FICON, iSCSI, and FCIP capabilities within a single, high availability platform.
Page 665: Mds-Specific Ficon Advantages
Chapter 28 Configuring FICON About FICON S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m MDS-Specific FICON Advantages This section explains the additional FICON advantages in Cisco MDS switches and includes the following topics:...
Page 666: Fcip Support
Chapter 28 Configuring FICON About FICON S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m VSANs enable global SAN consolidation by allowing you to convert existing SAN islands into virtual SAN islands on a single physical network.
Page 667: Vsans For Ficon And Fcp Mixing
Chapter 28 Configuring FICON About FICON S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m VSANs for FICON and FCP Mixing Cisco MDS 9000 Family FICON-enabled switches simplify deployment of even the most complex mixed environments.
Page 668 Chapter 28 Configuring FICON About FICON S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m zoning, read-only zones, and VSAN-based access control.
Page 669: Ficon Cascading
Chapter 28 Configuring FICON FICON Port Numbering S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m FICON Cascading The Cisco MDS SAN-OS software allows multiple switches in a FICON network.
Page 670: Default Ficon Port Numbering Scheme
Chapter 28 Configuring FICON FICON Port Numbering S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m FC ID Allocation, page 28-13 •...
Page 671 Chapter 28 Configuring FICON FICON Port Numbering S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Only Fibre Channel, PortChannel, and FCIP ports are mapped to FICON port numbers.
Page 672: Port Addresses
Chapter 28 Configuring FICON FICON Port Numbering S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 28-1 Default FICON Port Numbering in the Cisco MDS 9000 Family (continued) Implemented Port Allocation...
Page 673: Installed And Uninstalled Ports
Chapter 28 Configuring FICON FICON Port Numbering S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m FICON port numbers are not changed for ports that are active.
Page 674: Displaying The Ficon Port Number Assignments
Chapter 28 Configuring FICON FICON Port Numbering S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m When you assign, change, or release a port number, the port reloads.
Page 675: Reserving Ficon Port Numbers For Fcip And Portchannel Interfaces
Chapter 28 Configuring FICON FICON Port Numbering S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m You can use the default port numbers if they are available (see Table 28-1 on page 28-9) or if you reserve...
Page 676: Configuring Ficon
Chapter 28 Configuring FICON Configuring FICON S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m You cannot configure persistent FC IDs in FICON-enabled VSANs.
Page 677: Enabling And Disabling Ficon On The Switch
Chapter 28 Configuring FICON Configuring FICON S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m See the “Setting Up a Basic FICON Configuration”...
Page 678 Chapter 28 Configuring FICON Configuring FICON S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m --- Ficon Configuration Dialog --- This setup utility will guide you through basic Ficon Configuration on the system.
Page 679 Chapter 28 Configuring FICON Configuring FICON S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enable active=saved? (yes/no) [yes]: yes Enter yes (the default is yes) if you wish to configure additional FICON VSANs.
Page 680: Manually Enabling Ficon On A Vsan
Chapter 28 Configuring FICON Configuring FICON S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m `zone default-zone permit vsan 2` `ficon vsan 2` `no host port control`...
Page 681: Configuring The Code-Page Option
Chapter 28 Configuring FICON Configuring FICON S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 5...
Page 682: Allowing The Host To Change Ficon Port Parameters
Chapter 28 Configuring FICON Configuring FICON S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To allow the host to move the switch to an offline state, follow these steps: Command Purpose...
Page 683: Clearing The Time Stamp
Chapter 28 Configuring FICON Configuring FICON S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure host control of the timestamp, follow these steps: Command Purpose...
Page 684: About Ficon Device Allegiance
Chapter 28 Configuring FICON Configuring FICON S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About FICON Device Allegiance FICON requires serialization of access among multiple mainframes, CLI, and SNMP sessions be maintained on Cisco MDS 9000 Family switches by controlling device allegiance for the currently...
Page 685: Configuring Ficon Ports
Chapter 28 Configuring FICON Configuring FICON Ports S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 28-2 Saving the Active FICON and Switch Configuration (continued) FICON-...
Page 686: Binding Port Numbers To Portchannels
Chapter 28 Configuring FICON Configuring FICON Ports S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Port Prohibiting, page 28-25 •...
Page 687: Port Prohibiting
Chapter 28 Configuring FICON Configuring FICON Ports S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m You cannot block or prohibit the CUP port (0XFE).
Page 688: Configuring Port Prohibiting
Chapter 28 Configuring FICON Configuring FICON Ports S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To change the default port prohibiting setting for all implemented interfaces on the switch, follow these steps: Command...
Page 689: About Rlir
Chapter 28 Configuring FICON Configuring FICON Ports S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 690: Displaying Rlir Information
Chapter 28 Configuring FICON Configuring FICON Ports S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To specify the RLIR preferred host for a VSAN, follow these steps: Command Purpose...
Page 691 Chapter 28 Configuring FICON Configuring FICON Ports S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Number of LIRR ACC sent = 26 Number of LIRR RJT sent...
Page 692 Chapter 28 Configuring FICON Configuring FICON Ports S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 28-3, if the column states that an FC ID is...
Page 693 Chapter 28 Configuring FICON Configuring FICON Ports S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 28-6 Displays Recent LIRs for a Specified Interface switch# show rlir recent interface fc1/1-4 Recent link incident records...
Page 694: Clearing Rlir Information
Chapter 28 Configuring FICON FICON Configuration Files S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Clearing RLIR Information Use the clear rlir statistics command to clear all existing statistics for a specified VSAN.
Page 695: About Ficon Configuration Files
Chapter 28 Configuring FICON FICON Configuration Files S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m See the “Managing Configuration Files”...
Page 696: Displaying Ficon Configuration Files
Chapter 28 Configuring FICON FICON Configuration Files S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 697: Copying Ficon Configuration Files
Chapter 28 Configuring FICON FICON Configuration Files S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Prohibited port addresses are 5,250-253,255(0x5,0xfa-0xfd,0xff) Use the show ficon vsan vsan-id file name command to display the contents of a specific FICON configuration file.
Page 698: Port Swapping
Chapter 28 Configuring FICON Port Swapping S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m FCID last byte is 0 Date/Time is same as system time (Wed Dec 3 20:10:45.924591 2003) Device Allegiance not locked...
Page 699: Swapping Ports
Chapter 28 Configuring FICON Port Swapping S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Port swapping is not supported for logical ports (PortChannels, FCIP links).
Page 700: Ficon Tape Acceleration
Chapter 28 Configuring FICON FICON Tape Acceleration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Issue the no shutdown command on each port to enable traffic flow.
Page 701: Configuring Ficon Tape Acceleration
Chapter 28 Configuring FICON FICON Tape Acceleration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 28-7 Host Accessing Peer-to-Peer VTS (Virtual Tape Server) 4 VTCs...
Page 702: Moving A Ficon Vsan To An Offline State
Chapter 28 Configuring FICON Moving a FICON VSAN to an Offline State S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m You can enable both Fibre Channel write acceleration and FICON tape acceleration on the same •...
Page 703: Placing Cups In A Zone
Chapter 28 Configuring FICON CUP In-Band Management S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m CUP is supported by switches and directors in the Cisco MDS 9000 Family.
Page 704: Displaying Ficon Information
Chapter 28 Configuring FICON Displaying FICON Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Control Unit Image:0x80b9c2c VSAN:20 CU:0x20fe00 CUI:0 CUD:0 CURLP:(nil) ASYNC LP:(nil) MODE:1 STATE:1 CQ LEN:0 MAX:0...
Page 705: Displaying Ficon Port Address Information
Chapter 28 Configuring FICON Displaying FICON Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m FCID last byte is 0 Date/Time is set by host to Sun Jun 26 00:04:06.991999 1904 Device allegiance is locked by Host...
Page 706: Displaying Ficon Configuration File Information
Chapter 28 Configuring FICON Displaying FICON Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m fc2/22 notConnected fc2/23...
Page 707 Chapter 28 Configuring FICON Displaying FICON Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Port address 80 Port name is Port is not blocked...
Page 708: Displaying The Configured Ficon State
Chapter 28 Configuring FICON Displaying FICON Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Displaying the Configured FICON State If FICON is enabled on a VSAN, you can display the port address information for that VSAN (see Example...
Page 709: Displaying Buffer Information
Chapter 28 Configuring FICON Displaying FICON Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Displaying Buffer Information Example 28-21, the...
Page 710: Displaying Ficon Information In The Startup Configuration
Chapter 28 Configuring FICON Displaying FICON Information S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 28-22 Displays the Running Configuration Information switch# show running-config Building Configuration ...
Page 711: Displaying Ficon-Related Log Information
Chapter 28 Configuring FICON Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 28-24 displays the switch response to an implicitly-issued copy running start command.
Page 712 Chapter 28 Configuring FICON Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 28-3 Default FICON Settings Parameters...
Page 713: Common Information Model
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Advanced Features and Concepts This chapter describes the advanced features provided in switches in the Cisco MDS 9000 Family.
Page 714: Chapter 29 Advanced Feature And Concept
Chapter 29 Advanced Features and Concepts Common Information Model S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Added Security on a CIM Server For added security, you can install an SSL certificate to encrypt the login information and enable the HTTPS server before enabling the CIM server.
Page 715 Chapter 29 Advanced Features and Concepts Common Information Model S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 29-3 Displays the CIM Server HTTP Status switch# show cimserver httpstatus cimserver Http is not enabled...
Page 716: Fibre Channel Time Out Values
Chapter 29 Advanced Features and Concepts Fibre Channel Time Out Values S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m cimserver is enabled cimserver Http is not enabled cimserver Https is enabled...
Page 717: Timer Configuration Across All Vsans
Chapter 29 Advanced Features and Concepts Fibre Channel Time Out Values S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About fctimer Distribution, page 29-6 •...
Page 718: About Fctimer Distribution
Chapter 29 Advanced Features and Concepts Fibre Channel Time Out Values S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m If a switch is downgraded to Cisco MDS SAN-OS Release 1.2 or 1.1 after the timer is configured for a VSAN, an error message is issued to warn against strict incompatibilities.
Page 719: Discarding Fctimer Changes
Chapter 29 Advanced Features and Concepts Fibre Channel Time Out Values S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To commit the fctimer configuration changes, follow these steps: Command Purpose...
Page 720: Displaying Configured Fctimer Values
Chapter 29 Advanced Features and Concepts World Wide Names S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The global fctimer values are not distributed.
Page 721: Displaying Wwn Information
Chapter 29 Advanced Features and Concepts World Wide Names S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Changes to the world-wide names should be made by an administrator or individual who is completely Caution familiar with switch operations.
Page 722: Configuring A Secondary Mac Address
Chapter 29 Advanced Features and Concepts FC ID Allocation for HBAs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring a Secondary MAC Address To allocate secondary MAC addresses, follow these steps: Command...
Page 723: Verifying The Company Id Configuration
Chapter 29 Advanced Features and Concepts FC ID Allocation for HBAs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Persistent entries take precedence over company ID configuration.
Page 724: Switch Interoperability
Chapter 29 Advanced Features and Concepts Switch Interoperability S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m FCID area allocation company id info: <-------------------- Default entry 00:50:2E...
Page 725 Chapter 29 Advanced Features and Concepts Switch Interoperability S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Mode 1—...
Page 726 Chapter 29 Advanced Features and Concepts Switch Interoperability S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 29-2 Changes in Switch Behavior When Interoperability Is Enabled (continued) Switch Feature...
Page 727: Configuring Interop Mode 1
Chapter 29 Advanced Features and Concepts Switch Interoperability S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Interop Mode 1 The interop mode1 in Cisco MDS 9000 Family switches can be enabled disruptively or nondisruptively.
Page 728: Verifying Interoperating Status
Chapter 29 Advanced Features and Concepts Switch Interoperability S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Force a fabric reconfiguration with the disruptive option.
Page 729 Chapter 29 Advanced Features and Concepts Switch Interoperability S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Use the show interface brief command to verify if the interface states are as required by your Step 2 configuration.
Page 730 Chapter 29 Advanced Features and Concepts Switch Interoperability S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m databits 5 speed 110 logging linecard...
Page 731: Default Settings
Chapter 29 Advanced Features and Concepts Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m FSPF Unicast Routes --------------------------- VSAN Number...
Page 732 Chapter 29 Advanced Features and Concepts Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 29-3 Default Settings for Advanced Features (continued) Parameters...
Page 733 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m A R T Security...
Page 734 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m...
Page 735: Configuration Guidelines
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring FIPS The Federal Information Processing Standards (FIPS) Publication 140-2, Security Requirements for...
Page 736: Checking For Fips Status
Chapter 30 Configuring FIPS Configuration Guidelines S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuration Guidelines Follow these guidelines before enabling FIPS mode.
Page 737: Chapter 30 Configuring Fip
Chapter 30 Configuring FIPS FIPS Self-Tests S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Conditional self-tests must be run when an applicable security function or operation is invoked.
Page 738 Chapter 30 Configuring FIPS FIPS Self-Tests S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide 30-4 OL-16184-01, Cisco MDS SAN-OS Release 3.x...
Page 739: About Snmp Security
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring SNMP The CLI and SNMP use common roles in all switches in the Cisco MDS 9000 Family.
Page 740: Chapter 31 Configuring Snmp
Chapter 31 Configuring SNMP About SNMP Security S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m SNMP Version 1 and Version 2c, page 31-2 •...
Page 741: Snmpv3 Cli User Management And Aaa Integration
Chapter 31 Configuring SNMP SNMPv3 CLI User Management and AAA Integration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 742: Restricting Switch Access
Chapter 31 Configuring SNMP Creating and Modifying Users S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Restricting Switch Access You can restrict access to a Cisco MDS 9000 Family switch using IP Access Control Lists (IP-ACLs).
Page 743: About Aes Encryption-Based Privacy
Chapter 31 Configuring SNMP Creating and Modifying Users S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About AES Encryption-Based Privacy The Advanced Encryption Standard (AES) is the symmetric cipher algorithm.
Page 744: Enforcing Snmpv3 Message Encryption
Chapter 31 Configuring SNMP Creating and Modifying Users S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To create or modify passwords for SNMP users from the CLI, follow these steps: Command Purpose...
Page 745: Assigning Snmpv3 Users To Multiple Roles
Chapter 31 Configuring SNMP Creating and Modifying Users S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Alternatively, you can enforce the SNMPv3 message encryption globally on all the users using the following commands: Command...
Page 746: Snmp Trap And Inform Notifications
Chapter 31 Configuring SNMP SNMP Trap and Inform Notifications S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m SNMP Trap and Inform Notifications You can configure the Cisco MDS switch to send notifications to SNMP managers when particular events occur.
Page 747: Configuring Snmpv3 Notifications
Chapter 31 Configuring SNMP SNMP Trap and Inform Notifications S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure SNMPv2c notifications using IPv6, follow these steps: Command Purpose...
Page 748: Enabling Snmp Notifications
Chapter 31 Configuring SNMP SNMP Trap and Inform Notifications S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure SNMPv3 notifications using IPv6, follow these steps: Command Purpose...
Page 749 Chapter 31 Configuring SNMP SNMP Trap and Inform Notifications S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 31-1 Enabling SNMP Notifications (continued) Related Commands...
Page 750: Configuring The Notification Target User
Chapter 31 Configuring SNMP SNMP Trap and Inform Notifications S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m fdmi fspf license...
Page 751: Configuring Up/Down Snmp Link-State Traps For Interfaces
Chapter 31 Configuring SNMP SNMP Trap and Inform Notifications S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m IEFT extended—Only notifications (linkUp, linkDown) defined in IF-MIB are sent for an interface, •...
Page 752: Displaying Snmp Security Information
Chapter 31 Configuring SNMP SNMP Trap and Inform Notifications S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To disable SNMP link-state traps for specific interfaces, follow these steps: Command Purpose...
Page 753 Chapter 31 Configuring SNMP SNMP Trap and Inform Notifications S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m User Auth Priv(enforce) Groups...
Page 754 Chapter 31 Configuring SNMP SNMP Trap and Inform Notifications S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m public ______________________________________________________________ SNMP USERS...
Page 755: Default Settings
Chapter 31 Configuring SNMP Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m readview: network-operator-rd writeview: network-operator-wr notifyview: network-operator-rd...
Page 756 Chapter 31 Configuring SNMP Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide 31-18 OL-16184-01, Cisco MDS SAN-OS Release 3.x...
Page 757: Switch Management Security
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring RADIUS and TACACS+ The authentication, authorization, and accounting (AAA) feature verifies the identity of, grants access...
Page 758: Chapter 32 Configuring Radiu And Tacac+
Chapter 32 Configuring RADIUS and TACACS+ Switch AAA Functionalities S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m CLI Security Options You can access the CLI using the console (serial connection), Telnet, or Secure Shell (SSH).
Page 759: Authentication
Chapter 32 Configuring RADIUS and TACACS+ Switch AAA Functionalities S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Authentication Authentication is the process of verifying the identity of the person or device accessing the switch.
Page 760: Remote Aaa Services
Chapter 32 Configuring RADIUS and TACACS+ Switch AAA Functionalities S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Remote AAA Services Remote AAA services provided through RADIUS and TACACS+ protocols have the following advantages over local AAA services:...
Page 761: Error-Enabled Status
Chapter 32 Configuring RADIUS and TACACS+ Switch AAA Functionalities S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS SAN-OS does not support all numeric usernames, whether created with TACACS+ or Caution RADIUS, or created locally.
Page 762: Authentication And Authorization Process
Chapter 32 Configuring RADIUS and TACACS+ Switch AAA Functionalities S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m server is in a working state before real AAA requests are sent its way.
Page 763 Chapter 32 Configuring RADIUS and TACACS+ Switch AAA Functionalities S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m When you are successfully authenticated through a remote AAA server, then the following possible Step 3 actions are taken:...
Page 764: Configuring Radius
Chapter 32 Configuring RADIUS and TACACS+ Configuring RADIUS S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m No more server groups left = no response from any server in all server groups.
Page 765 Chapter 32 Configuring RADIUS and TACACS+ Configuring RADIUS S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 6...
Page 766: About The Default Radius Server Encryption Type And Preshared Key
Chapter 32 Configuring RADIUS and TACACS+ Configuring RADIUS S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 767: Setting The Radius Server Timeout Interval
Chapter 32 Configuring RADIUS and TACACS+ Configuring RADIUS S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 2...
Page 768: Configuring Radius Server Monitoring Parameters
Chapter 32 Configuring RADIUS and TACACS+ Configuring RADIUS S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring RADIUS Server Monitoring Parameters You can configure parameters for monitoring RADIUS servers.
Page 769: Configuring The Dead Timer
Chapter 32 Configuring RADIUS and TACACS+ Configuring RADIUS S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 2...
Page 770: About Users Specifying A Radius Server At Login
Chapter 32 Configuring RADIUS and TACACS+ Configuring RADIUS S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To send the test message to the RADIUS server, follow this step: Command Purpose...
Page 771: Vsa Format
Chapter 32 Configuring RADIUS and TACACS+ Configuring RADIUS S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Where protocol is a Cisco attribute for a particular type of authorization, separator is (equal sign) for mandatory attributes, and...
Page 772: Displaying Radius Server Statistics
Chapter 32 Configuring RADIUS and TACACS+ Configuring RADIUS S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 32-2 Displays Configured RADIUS Information switch# show radius-server Global RADIUS shared secret:*******...
Page 773: Configuring Tacacs+
Chapter 32 Configuring RADIUS and TACACS+ Configuring TACACS+ S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring TACACS+ A Cisco MDS switch uses the Terminal Access Controller Access Control System Plus (TACACS+) protocol to communicate with remote AAA servers.
Page 774: About The Default Tacacs+ Server Encryption Type And Preshared Key
Chapter 32 Configuring RADIUS and TACACS+ Configuring TACACS+ S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Allowing the user to specify a TACACS+ server at login •...
Page 775 Chapter 32 Configuring RADIUS and TACACS+ Configuring TACACS+ S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 776: Setting The Global Secret Key
Chapter 32 Configuring RADIUS and TACACS+ Configuring TACACS+ S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 777: About Tacacs+ Servers
Chapter 32 Configuring RADIUS and TACACS+ Configuring TACACS+ S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To set the global timeout value for TACACS+ servers, follow these steps: Command Purpose...
Page 778: Configuring Test Username
Chapter 32 Configuring RADIUS and TACACS+ Configuring TACACS+ S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure the idle timer, follow these steps: Command Purpose...
Page 779 Chapter 32 Configuring RADIUS and TACACS+ Configuring TACACS+ S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 1...
Page 780: Sending Tacacs+ Test Messages For Monitoring
Chapter 32 Configuring RADIUS and TACACS+ Configuring TACACS+ S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Sending TACACS+ Test Messages for Monitoring You can manually send test messages to monitor a TACACS+ server.
Page 781: Allowing Users To Specify A Tacacs+ Server At Login
Chapter 32 Configuring RADIUS and TACACS+ Configuring TACACS+ S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Allowing Users to Specify a TACACS+ Server at Login To allow users logging into an MDS switch to select a TACACS+ server for authentication, follow these steps:...
Page 782: Displaying Tacacs+ Server Details
Chapter 32 Configuring RADIUS and TACACS+ Configuring TACACS+ S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco ACS TACACS+ •...
Page 783: Configuring Server Groups
Chapter 32 Configuring RADIUS and TACACS+ Configuring Server Groups S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 32-9 Displays All AAA Server Groups switch# show aaa groups radius...
Page 784 Chapter 32 Configuring RADIUS and TACACS+ Configuring Server Groups S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure a RADIUS server group, follow these steps: Command Purpose...
Page 785 Chapter 32 Configuring RADIUS and TACACS+ Configuring Server Groups S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 8...
Page 786: Aaa Server Distribution
Chapter 32 Configuring RADIUS and TACACS+ AAA Server Distribution S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 4...
Page 787: Starting A Distribution Session On A Switch
Chapter 32 Configuring RADIUS and TACACS+ AAA Server Distribution S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To enable RADIUS server distribution, follow these steps: Command Purpose...
Page 788: Displaying The Pending Configuration
Chapter 32 Configuring RADIUS and TACACS+ AAA Server Distribution S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m session db: exists merge protocol status: merge activation done last operation: enable...
Page 789: Merge Guidelines For Radius And Tacacs+ Configurations
Chapter 32 Configuring RADIUS and TACACS+ AAA Server Distribution S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To discard the RADIUS session-in-progress distribution, follow these steps: Command Purpose...
Page 790: Mschap Authentication
Chapter 32 Configuring RADIUS and TACACS+ MSCHAP Authentication S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m last operation: enable last operation status: success Use the show tacacs+ distribution status command to view the status of the TACACS+ fabric merge as...
Page 791: Local Aaa Services
Chapter 32 Configuring RADIUS and TACACS+ Local AAA Services S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m You can use the show aaa authentication login mschap command to display the MSCHAP authentication configuration.
Page 792: Configuring Accounting Services
Chapter 32 Configuring RADIUS and TACACS+ Configuring Accounting Services S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m default: group TacServer local none console: local none iscsi: local...
Page 793: Clearing Accounting Logs
Chapter 32 Configuring RADIUS and TACACS+ Configuring Accounting Services S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Fri Jan 16 21:35:55 1981:update:/dev/pts/0_348527824:admin:updated RADIUS parameters for group:Group3 Fri Jan 16 21:58:17 1981:start:snmp_348530297_171.71.150.105:admin:...
Page 794: Configuring Cisco Access Control Servers
Chapter 32 Configuring RADIUS and TACACS+ Configuring Cisco Access Control Servers S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Cisco Access Control Servers The Cisco Access Control Server (ACS) uses TACACS+ and RADIUS protocols to provide AAA services that ensure a secure environment.When using the AAA server, user management is normally...
Page 795 Chapter 32 Configuring RADIUS and TACACS+ Configuring Cisco Access Control Servers S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 32-4 Configuring Multiple Roles with SNMPv3 Attributes When Using RADIUS Cisco MDS 9000 Family CLI Configuration Guide...
Page 796 Chapter 32 Configuring RADIUS and TACACS+ Configuring Cisco Access Control Servers S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 32-5 Configuring the network-admin Role with SNMPv3 Attributes When Using TACACS+ Cisco MDS 9000 Family CLI Configuration Guide...
Page 797: Default Settings
Chapter 32 Configuring RADIUS and TACACS+ Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 32-6 Configuring Multiple Roles with SNMPv3 Attributes When Using TACACS+ Default Settings...
Page 798 Chapter 32 Configuring RADIUS and TACACS+ Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 32-3 Default Switch Security Settings (continued) Parameters...
Page 799 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring IPv4 and IPv6 Access Control Lists Cisco MDS 9000 Family switches can route IP version 4 (IPv4) traffic between Ethernet and Fibre...
Page 800: C H A P T E R 33 Configuring Ipv4 And Ipv6 Access Control Lists
Chapter 33 Configuring IPv4 and IPv6 Access Control Lists IPv4-ACL and IPv6-ACL Configuration Guidelines S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m IPv4-ACL and IPv6-ACL Configuration Guidelines Follow these guidelines when configuring IPv4-ACLs or IPv6-ACLs in any switch or director in the Cisco MDS 9000 Family:...
Page 801: Address Information
Chapter 33 Configuring IPv4 and IPv6 Access Control Lists About Filter Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Address Information The address information is required in each filter.
Page 802: Icmp Information
Chapter 33 Configuring IPv4 and IPv6 Access Control Lists About Filter Contents S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 33-1 TCP and UDP Port Numbers (continued) Protocol...
Page 803: Configuring Ipv4-Acls Or Ipv6-Acls
Chapter 33 Configuring IPv4 and IPv6 Access Control Lists Configuring IPv4-ACLs or IPv6-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring IPv4-ACLs or IPv6-ACLs Traffic coming into the switch is compared to IPv4-ACL or IPv6-ACL filters based on the order that the filters occur in the switch.
Page 804 Chapter 33 Configuring IPv4 and IPv6 Access Control Lists Configuring IPv4-ACLs or IPv6-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 805: Adding Ip Filters To An Existing Ipv4-Acl Or Ipv6-Acl
Chapter 33 Configuring IPv4 and IPv6 Access Control Lists Configuring IPv4-ACLs or IPv6-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To use the operand and port options for an IPv6-ACL, follow these steps: Command Purpose...
Page 806: Verifying The Ipv4-Acl Or Ipv6-Acl Configuration
Chapter 33 Configuring IPv4 and IPv6 Access Control Lists Configuring IPv4-ACLs or IPv6-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 2...
Page 807: Reading The Ip-Acl Log Dump
Chapter 33 Configuring IPv4 and IPv6 Access Control Lists Reading the IP-ACL Log Dump S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Reading the IP-ACL Log Dump Use the log-deny option at the end of a filter condition to log information about packets that match dropped entries.
Page 808 Chapter 33 Configuring IPv4 and IPv6 Access Control Lists Applying an IP-ACL to an Interface S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 33-1 Denying Traffic on the Inbound Interface traffic...
Page 809: Verifying Interface Ip-Acl Configuration
Chapter 33 Configuring IPv4 and IPv6 Access Control Lists Applying an IP-ACL to an Interface S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 4...
Page 810: Ip-Acl Counter Cleanup
Chapter 33 Configuring IPv4 and IPv6 Access Control Lists IP-ACL Counter Cleanup S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Port mode is IPS Speed is 1 Gbps Beacon is turned off...
Page 811: About Cas And Digital Certificates
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring Certificate Authorities and Digital Certificates...
Page 812: C H A P T E R 34 Configuring Certificate Authorities And Digital Certificates
Chapter 34 Configuring Certificate Authorities and Digital Certificates About CAs and Digital Certificates S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Purpose of CAs and Digital Certificates CAs manage certificate requests and issue certificates to participating entities such as hosts, network devices, or users.
Page 813: Multiple Trusted Ca Support
Chapter 34 Configuring Certificate Authorities and Digital Certificates About CAs and Digital Certificates S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The following list summarizes the relationship between trust points, RSA key-pairs, and identity certificates: •...
Page 814: Pki Enrollment Support
Chapter 34 Configuring Certificate Authorities and Digital Certificates About CAs and Digital Certificates S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m PKI Enrollment Support Enrollment is the process of obtaining an identity certificate for the switch that is used for applications like IPsec/IKE or SSH.
Page 815: Crl Downloading, Caching, And Checking Support
Chapter 34 Configuring Certificate Authorities and Digital Certificates Configuring CAs and Digital Certificates S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Verifies that the peer certificate is valid (not expired) with respect to current time.
Page 816: Configuring The Host Name And Ip Domain Name
Chapter 34 Configuring Certificate Authorities and Digital Certificates Configuring CAs and Digital Certificates S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Generating Certificate Requests, page 34-10 •...
Page 817 Chapter 34 Configuring Certificate Authorities and Digital Certificates Configuring CAs and Digital Certificates S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To generate an RSA key-pair, follow these steps: Command Purpose...
Page 818: Creating A Trust Point Ca Association
Chapter 34 Configuring Certificate Authorities and Digital Certificates Configuring CAs and Digital Certificates S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Creating a Trust Point CA Association To create a trust point CA association, follow these steps: Command...
Page 819: Configuring Certificate Revocation Checking Methods
Chapter 34 Configuring Certificate Authorities and Digital Certificates Configuring CAs and Digital Certificates S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To authenticate the certificate of the CA by cutting and pasting the certificate from an e-mail message or a website, follow these steps: Command...
Page 820: Generating Certificate Requests
Chapter 34 Configuring Certificate Authorities and Digital Certificates Configuring CAs and Digital Certificates S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m You must authenticate the CA before configuring certificate revocation checking.
Page 821: Installing Identity Certificates
Chapter 34 Configuring Certificate Authorities and Digital Certificates Configuring CAs and Digital Certificates S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To generate a request for signed certificates from the CA, follow these steps: Command Purpose...
Page 822: Ensuring Trust Point Configurations Persist Across Reboots
Chapter 34 Configuring Certificate Authorities and Digital Certificates Configuring CAs and Digital Certificates S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To install an identity certificate received from the CA by e-mail or through a web browser, follow these steps: Command...
Page 823: Monitoring And Maintaining Ca And Certificates Configuration
Chapter 34 Configuring Certificate Authorities and Digital Certificates Configuring CAs and Digital Certificates S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Monitoring and Maintaining CA and Certificates Configuration The tasks in the section are optional.
Page 824: Configuring A Crl
Chapter 34 Configuring Certificate Authorities and Digital Certificates Configuring CAs and Digital Certificates S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring a CRL To import the CRL from a file to a trust point, follow these steps: Command...
Page 825: Deleting Rsa Key-Pairs From Your Switch
Chapter 34 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Deleting RSA Key-Pairs from Your Switch Under certain circumstances you may want to delete your switch’s RSA key-pairs.
Page 826: Configuring Certificates On The Mds Switch
Chapter 34 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Downloading the CRL, page 34-33 •...
Page 827 Chapter 34 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m AQkBFhFhbWFuZGtlQGNpc2NvLmNvbTELMAkGA1UEBhMCSU4xEjAQBgNVBAgTCUth cm5hdGFrYTESMBAGA1UEBxMJQmFuZ2Fsb3JlMQ4wDAYDVQQKEwVDaXNjbzETMBEG A1UECxMKbmV0c3RvcmFnZTESMBAGA1UEAxMJQXBhcm5hIENBMFwwDQYJKoZIhvcN...
Page 828 Chapter 34 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Import the identity certificate.
Page 829: Downloading A Ca Certificate
Chapter 34 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Downloading a CA Certificate To download a CA certificate from the Microsoft Certificate Services web interface, follow these steps: Select the Retrieve the CA certificate or certificate revocation task radio button in the Microsoft...
Page 830 Chapter 34 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 4 Click the Copy to File button in the Certificate dialog box and click OK.
Page 831 Chapter 34 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 6 Click the Finish button on the Certificate Export Wizard dialog box.
Page 832 Chapter 34 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide 34-22 OL-16184-01, Cisco MDS SAN-OS Release 3.x...
Page 833: Requesting An Identity Certificate
Chapter 34 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Requesting an Identity Certificate To request an identify certificate from a Microsoft Certificate server using a PKCS#10 certificate signing request (CRS), follow these steps:...
Page 834 Chapter 34 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Select the Submit a certificate request using a base64 encoded PKCS#10 file or a renewal request Step 3 using a base64 encoded PKCS#7 file radio button and click Next.
Page 835 Chapter 34 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Wait one or two days until the certificate is issued by the CA administrator.
Page 836 Chapter 34 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Select the Check on a pending certificate radio button on the Microsoft Certificate Services web Step 7 interface and click Next.
Page 837 Chapter 34 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Select Base 64 encoded and click the Download CA certificate link.
Page 838 Chapter 34 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Click the Details tab on the Certificate dialog and click the Copy to File button.
Page 839: Revoking A Certificate
Chapter 34 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Step 14 Display the identity certificate in base64-encoded format using the Microsoft Windows type command.
Page 840 Chapter 34 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Click the Issued Certificates folder on the Certification Authority tree.
Page 841 Chapter 34 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Select a reason for the revocation from the Reason code drop-down list, and click Yes.
Page 842: Generating And Publishing The Crl
Chapter 34 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Generating and Publishing the CRL To generate and publish the CRL using the Microsoft CA administrator program, follow these steps: Select Action >...
Page 843: Downloading The Crl
Chapter 34 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Downloading the CRL To download the CRL from the Microsoft CA website, follow these steps:.
Page 844 Chapter 34 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enter the destination file name in the Save As dialog box and click Save.
Page 845: Importing The Crl
Chapter 34 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Importing the CRL To import the CRL to the trust point corresponding to the CA, follow these steps: Step 1...
Page 846 Chapter 34 Configuring Certificate Authorities and Digital Certificates Example Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 1.3.6.1.4.1.311.21.1: Revoked Certificates: Serial Number: 611B09A1000000000002...
Page 847: Maximum Limits
Chapter 34 Configuring Certificate Authorities and Digital Certificates Maximum Limits S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Revocation Date: Aug 16 21:53:15 2005 GMT Serial Number: 3F88CBF7000000000019 Revocation Date: Aug 16 21:53:15 2005 GMT...
Page 848: Default Settings
Chapter 34 Configuring Certificate Authorities and Digital Certificates Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Default Settings Table 34-2 lists the default settings for CAs and digital certificate parameters.
Page 849 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring IPsec Network Security IP security (IPsec) protocol is a framework of open standards that provides data confidentiality, data...
Page 850: C H A P T E R 35 Configuring Ipsec Network Security
Chapter 35 Configuring IPsec Network Security About IPsec S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About IPsec IPsec is not supported by the Cisco Fabric Switch for HP c-Class BladeSystem and the Cisco Fabric Note...
Page 851: About Ike
Chapter 35 Configuring IPsec Network Security About IKE S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 35-1 FCIP and iSCSI Scenarios Using MPS-14/2 Modules iSCSI Servers...
Page 852: Using Ipsec
Chapter 35 Configuring IPsec Network Security Using IPsec S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The IPsec feature inserts new headers in existing packets (see the“Configuring the MTU Frame Size”...
Page 853: Ipsec And Ike Terminology
Chapter 35 Configuring IPsec Network Security Using IPsec S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Manually configuring security associations.
Page 854: Supported Ipsec Transforms And Algorithms
Chapter 35 Configuring IPsec Network Security Using IPsec S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Data flow—A grouping of traffic, identified by a combination of source address and mask or prefix, •...
Page 855: Ipsec Digital Certificate Support
Chapter 35 Configuring IPsec Network Security IPsec Digital Certificate Support S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Data Encryption Standard (DES) is used to encrypt packet data and implements the mandatory •...
Page 856: Implementing Ipsec With Cas And Digital Certificates
Chapter 35 Configuring IPsec Network Security IPsec Digital Certificate Support S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 35-2 Two IPsec Switches Without CAs and Digital Certificates Cleartext...
Page 857: How Ca Certificates Are Used By Ipsec Devices
Chapter 35 Configuring IPsec Network Security IPsec Digital Certificate Support S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 35-4 Dynamically Authenticating Devices with a CA Certificate...
Page 858: Manually Configuring Ipsec And Ike
Chapter 35 Configuring IPsec Network Security Manually Configuring IPsec and IKE S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m If the peer asks for a certificate which is signed by a CA that it trusts, then IKE uses that certificate, •...
Page 859: Enabling Ike
Chapter 35 Configuring IPsec Network Security Manually Configuring IPsec and IKE S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling IKE To enable IKE, follow these steps: Command...
Page 860 Chapter 35 Configuring IPsec Network Security Manually Configuring IPsec and IKE S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m parameters will be used to protect subsequent IKE negotiations and mandates how peers are authenticated.
Page 861: Configuring An Ike Policy
Chapter 35 Configuring IPsec Network Security Manually Configuring IPsec and IKE S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m A match is found when the two peers have the same encryption, hash algorithm, authentication algorithm, and DH group values.
Page 862: Optional Ike Parameter Configuration
Chapter 35 Configuring IPsec Network Security Optional IKE Parameter Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 9...
Page 863: Configuring The Lifetime Association For A Policy
Chapter 35 Configuring IPsec Network Security Optional IKE Parameter Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The keepalive time only applies to IKEv2 peers and not to all peers.
Page 864: Configuring The Initiator Version
Chapter 35 Configuring IPsec Network Security Crypto IPv4-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring the Initiator Version To configure the initiator version using IPv4, follow these steps: Command...
Page 865: About Crypto Ipv4-Acls
Chapter 35 Configuring IPsec Network Security Crypto IPv4-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m In the context of crypto maps, IPv4-ACLs are different from regular IPv4-ACLs.
Page 866 Chapter 35 Configuring IPsec Network Security Crypto IPv4-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The Cisco SAN-OS software only allows name-based IPv4-ACLs.
Page 867: Mirror Image Crypto Ipv4-Acls
Chapter 35 Configuring IPsec Network Security Crypto IPv4-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 35-5 IPsec Processing of Crypto IPv4-ACLs IPSec peers...
Page 868: The Any Keyword In Crypto Ipv4-Acls
Chapter 35 Configuring IPsec Network Security Crypto IPv4-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 35-6 IPsec Processing of Mirror Image Configuration Subnet Y...
Page 869: Creating Crypto Ipv4-Acls
Chapter 35 Configuring IPsec Network Security Crypto IPv4-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The permit any statement causes all outbound traffic to be protected (and all protected traffic sent to the peer specified in the corresponding crypto map entry) and requires protection for all inbound traffic.
Page 870: Configuring Transform Sets
Chapter 35 Configuring IPsec Network Security Crypto IPv4-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 35-2 provides a list of allowed transform combinations for IPsec.
Page 871: About Crypto Map Entries
Chapter 35 Configuring IPsec Network Security Crypto IPv4-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 2...
Page 872: Crypto Map Configuration Guidelines
Chapter 35 Configuring IPsec Network Security Crypto IPv4-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The crypto map entries must contain compatible crypto IPv4-ACLs (for example, mirror image •...
Page 873: About Sa Lifetime Negotiation
Chapter 35 Configuring IPsec Network Security Crypto IPv4-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 874: About The Autopeer Option
Chapter 35 Configuring IPsec Network Security Crypto IPv4-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 4...
Page 875: Configuring The Autopeer Option
Chapter 35 Configuring IPsec Network Security Crypto IPv4-ACLs S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 35-7 iSCSI with End-to-End IPsec Using the auto-peer Option Subnet X...
Page 876: Configuring Perfect Forward Secrecy
Chapter 35 Configuring IPsec Network Security IPsec Maintenance S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring Perfect Forward Secrecy To configure the PFS value, follow these steps: Command...
Page 877: Global Lifetime Values
Chapter 35 Configuring IPsec Network Security Global Lifetime Values S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m IPsec traffic, it is desirable to clear only the portion of the security association database that would be affected by the configuration changes (that is, clear only the security associations established by a given crypto map set).
Page 878: Displaying Ike Configurations
Chapter 35 Configuring IPsec Network Security Displaying IKE Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure global SA lifetimes, follow these steps: Command Purpose...
Page 879: Displaying Ipsec Configurations
Chapter 35 Configuring IPsec Network Security Displaying IPsec Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 35-5 Displays the Currently Established SAs for IKE switch# show crypto ike domain ipsec sa Tunn...
Page 880 Chapter 35 Configuring IPsec Network Security Displaying IPsec Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 35-9 Displays the Crypto Map Information for a Specific Interface switch# show crypto map domain ipsec interface gigabitethernet 4/1 Crypto Map “cm10”...
Page 881 Chapter 35 Configuring IPsec Network Security Displaying IPsec Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m lifetimes in seconds:: 120 lifetimes in bytes:: 423624704 Example 35-13 Displays Information About the Policy Database...
Page 882 Chapter 35 Configuring IPsec Network Security Displaying IPsec Configurations S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 35-16 Displays FCIP Information for a Specific Interface switch# show interface fcip 1 fcip1 is trunking...
Page 883: Sample Fcip Configuration
Chapter 35 Configuring IPsec Network Security Sample FCIP Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 35-18 Displays the IPsec Statistics for the Specified Interface switch# show crypto global domain ipsec interface gigabitethernet 3/1 IPSec interface statistics:...
Page 884 Chapter 35 Configuring IPsec Network Security Sample FCIP Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m sw10.1.1.100(config)# crypto transform-set domain ipsec tfs-02 esp-aes 128 esp-sha1-hmac Configure the crypto map in Switch MDS A.
Page 885 Chapter 35 Configuring IPsec Network Security Sample FCIP Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m keepalive 3600 sw10.1.1.100# show crypto ike domain ipsec key key ctct address 10.10.100.232...
Page 886 Chapter 35 Configuring IPsec Network Security Sample FCIP Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m sw11.1.1.100(config)# exit Verify the configuration in Switch MDS C.
Page 887: Sample Iscsi Configuration
Chapter 35 Configuring IPsec Network Security Sample iSCSI Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Verify the configuration in Switch MDS A.
Page 888 Chapter 35 Configuring IPsec Network Security Sample iSCSI Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 35-9 iSCSI with End-to-End IPsec Subnet 12.12.1/24...
Page 889: Default Settings
Chapter 35 Configuring IPsec Network Security Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m You have now configured IPsec in MDS A using the Cisco MDS IPsec and iSCSI features.
Page 890 Chapter 35 Configuring IPsec Network Security Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide 35-42 OL-16184-01, Cisco MDS SAN-OS Release 3.x...
Page 891: About Fabric Authentication
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring FC-SP and DHCHAP Fibre Channel Security Protocol (FC-SP) capabilities provide switch-switch and host-switch...
Page 892: Chapter 36 Configuring Fc-Sp And Dhchap
Chapter 36 Configuring FC-SP and DHCHAP DHCHAP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The terms FC-SP and DHCHAP are used interchangeably in this chapter.
Page 893: Dhchap Compatibility With Existing Cisco Mds Features
Chapter 36 Configuring FC-SP and DHCHAP DHCHAP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m DHCHAP Compatibility with Existing Cisco MDS Features This sections identifies the impact of configuring the DHCHAP feature along with existing Cisco MDS features:...
Page 894: About Dhchap Authentication Modes
Chapter 36 Configuring FC-SP and DHCHAP DHCHAP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About DHCHAP Authentication Modes The DHCHAP authentication status for each interface depends on the configured DHCHAP port mode.
Page 895: About The Dhchap Hash Algorithm
Chapter 36 Configuring FC-SP and DHCHAP DHCHAP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 896: About The Dhchap Group Settings
Chapter 36 Configuring FC-SP and DHCHAP DHCHAP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About the DHCHAP Group Settings All switches in the Cisco MDS Family support all DHCHAP groups specified in the standard: 0 (null DH group, which does not perform the Diffie-Hellman exchange), 1, 2, 3, or 4.
Page 897: Configuring Dhchap Passwords For The Local Switch
Chapter 36 Configuring FC-SP and DHCHAP DHCHAP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring DHCHAP Passwords for the Local Switch To configure the DHCHAP password for the local switch, follow these steps: Command...
Page 898: Configuring Dhchap Passwords For Remote Devices
Chapter 36 Configuring FC-SP and DHCHAP DHCHAP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring DHCHAP Passwords for Remote Devices To locally configure the remote DHCHAP password for another switch in the fabric, follow these steps: Command...
Page 899: Displaying Protocol Security Information
Chapter 36 Configuring FC-SP and DHCHAP DHCHAP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure the AAA authentication , follow these steps: Command Purpose...
Page 900: Sample Configuration
Chapter 36 Configuring FC-SP and DHCHAP Sample Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m DHCHAP_GROUP_NULL DHCHAP_GROUP_1536 DHCHAP_GROUP_1024...
Page 901 Chapter 36 Configuring FC-SP and DHCHAP Sample Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m MDS-9216(config)# fcsp enable Configure a clear text password for this switch.
Page 902: Default Settings
Chapter 36 Configuring FC-SP and DHCHAP Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Default Settings Table 36-2 lists the default settings for all fabric security features in any switch.
Page 903: About Port Security
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring Port Security All switches in the Cisco MDS 9000 Family provide port security features that reject intrusion attempts...
Page 904: Chapter 37 Configuring Port Security
Chapter 37 Configuring Port Security About Port Security S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Login requests from unauthorized Fibre Channel devices (Nx ports) and switches (xE ports) are •...
Page 905: Port Security Activation
Chapter 37 Configuring Port Security Port Security Configuration Guidelines S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m If you enable auto-learning before activating port security, you cannot activate until auto-learning is Note disabled.
Page 906: Configuring Port Security With Auto-Learning Without Cfs
Chapter 37 Configuring Port Security Port Security Configuration Guidelines S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Activate port security on each VSAN.
Page 907: Enabling Port Security
Chapter 37 Configuring Port Security Enabling Port Security S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Activate port security on each VSAN.
Page 908: Database Activation Rejection
Chapter 37 Configuring Port Security Activating Port Security S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 2...
Page 909: Database Reactivation
Chapter 37 Configuring Port Security Auto-learning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Database Reactivation If auto-learning is enabled, you cannot activate the database, without the force option until you disable auto-learning.
Page 910: Enabling Auto-Learning
Chapter 37 Configuring Port Security Auto-learning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling Auto-learning To enable auto-learning, follow these steps: Command...
Page 911: Authorization Scenarios
Chapter 37 Configuring Port Security Auto-learning S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Authorization Scenarios Assume that the port security feature is activated and the following conditions are specified in the active database:...
Page 912: Port Security Manual Configuration
Chapter 37 Configuring Port Security Port Security Manual Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Port Security Manual Configuration To configure port security on any switch in the Cisco MDS 9000 Family, follow these steps: Step 1...
Page 913: Port Security Configuration Distribution
Chapter 37 Configuring Port Security Port Security Configuration Distribution S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To add authorized port pairs for port security, follow these steps: Command Purpose...
Page 914: Enabling Distribution
Chapter 37 Configuring Port Security Port Security Configuration Distribution S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling Distribution All the configurations performed in distributed mode are stored in a pending (temporary) database.
Page 915: Discarding The Changes
Chapter 37 Configuring Port Security Port Security Configuration Distribution S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Discarding the Changes If you discard (abort) the changes made to the pending database, the configuration remains unaffected and the lock is released.
Page 916: Database Merge Guidelines
Chapter 37 Configuring Port Security Database Merge Guidelines S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 37-3 Scenarios for Activation and Auto-Learning learning Configurations in Distributed Mode (continued) Scenario...
Page 917: Database Scenarios
Chapter 37 Configuring Port Security Database Interaction S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 37-4 Active and Configuration Port Security Databases (continued) Active Database...
Page 918: Port Security Database Copy
Chapter 37 Configuring Port Security Database Interaction S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Switch 1 Switch 1 config Database...
Page 919: Port Security Database Deletion
Chapter 37 Configuring Port Security Database Interaction S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Use the port-security database copy vsan command to copy from the active to the configured database.
Page 920: Displaying Port Security Configuration
Chapter 37 Configuring Port Security Displaying Port Security Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Displaying Port Security Configuration The show port-security database commands display the configured port security information (see Examples...
Page 921 Chapter 37 Configuring Port Security Displaying Port Security Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 1 20:11:00:33:22:00:2a:4a(pwwn) 20:41:00:05:30:00:4a:1e(fc2/1) [Total 1 entries] Example 37-5 Displays the Difference Between the Temporary Configuration Database and the...
Page 922: Default Settings
Chapter 37 Configuring Port Security Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Number of sWWN deny To verify the status of the active database and the auto-learning configuration, use the show port-security status command (see...
Page 923 Chapter 37 Configuring Port Security Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 37-6 Default Security Settings (continued) Parameters...
Page 924 Chapter 37 Configuring Port Security Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide 37-22 OL-16184-01, Cisco MDS SAN-OS Release 3.x...
Page 925: About Fabric Binding
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring Fabric Binding This chapter describes the fabric binding feature provided in the Cisco MDS 9000 Family of directors...
Page 926: Fabric Binding Enforcement
Chapter 38 Configuring Fabric Binding About Fabric Binding S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 38-1 Fabric Binding and Port Security Comparison Fabric Binding...
Page 927: Chapter 38 Configuring Fabric Binding
Chapter 38 Configuring Fabric Binding Fabric Binding Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Fabric Binding Configuration To configure fabric binding in each switch in the fabric, follow these steps.
Page 928: Fabric Binding Activation
Chapter 38 Configuring Fabric Binding Fabric Binding Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure a list of sWWNs and domain IDs for a FICON VSAN, follow these steps: Command Purpose...
Page 929: Forcing Fabric Binding Activation
Chapter 38 Configuring Fabric Binding Fabric Binding Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m By default, the fabric binding feature is not activated.
Page 930: Clearing The Fabric Binding Statistics
Chapter 38 Configuring Fabric Binding Fabric Binding Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Use the fabric-binding database diff active vsan command to view the differences between the •...
Page 931 Chapter 38 Configuring Fabric Binding Fabric Binding Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 38-2 Displays Active Fabric Binding Information switch# show fabric-binding database active --------------------------------------------------...
Page 932 Chapter 38 Configuring Fabric Binding Fabric Binding Configuration S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Statistics For VSAN: 345 ------------------------ Number of sWWN permit: 0...
Page 933: Default Settings
Chapter 38 Configuring Fabric Binding Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m VSAN Switch WWN [domain] Last-Time [Repeat count] Reason...
Page 934 Chapter 38 Configuring Fabric Binding Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 38-2 Default Fabric Binding Settings Parameters...
Page 935: Role-Based Authorization
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring Users and Common Roles The CLI and SNMP use common roles in all switches in the Cisco MDS 9000 Family.
Page 936: About Roles
Chapter 39 Configuring Users and Common Roles Role-Based Authorization S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Roles Each role can contain multiple users and each user can be part of multiple roles.
Page 937: Chapter 39 Configuring User And Common Role
Chapter 39 Configuring Users and Common Roles Role-Based Authorization S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The rule command specifies operations that can be performed by a specific role.
Page 938: Modifying The Vsan Policy
Chapter 39 Configuring Users and Common Roles Role Distributions S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Roles can be used to create VSAN administrators.
Page 939: About Role Databases
Chapter 39 Configuring Users and Common Roles Role Distributions S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Clearing Sessions, page 39-6 •...
Page 940: Enabling Role-Based Configuration Distribution
Chapter 39 Configuring Users and Common Roles Role Distributions S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To discard role-based configuration changes, follow these steps: Command Purpose...
Page 941: Displaying Roles When Distribution Is Enabled
Chapter 39 Configuring Users and Common Roles Role Distributions S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 39-1 Displays Information for All Roles switch# show role Role: network-admin...
Page 942: Configuring Common Roles
Chapter 39 Configuring Users and Common Roles Configuring Common Roles S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 39-3 Displays Information on the Pending Roles Database switch# show role pending Role: network-admin...
Page 943: Mapping Of Cli Operations To Snmp
Chapter 39 Configuring Users and Common Roles Configuring Common Roles S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 39-1 Common Roles Switch 1...
Page 944: Configuring User Accounts
Chapter 39 Configuring Users and Common Roles Configuring User Accounts S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 39-1 CLI Operation to SNMP Operation Mapping (continued) CLI Operation...
Page 945: About Users
Chapter 39 Configuring Users and Common Roles Configuring User Accounts S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About Users The passphrase specified in the snmp-server user option and the password specified username option are synchronized (see the...
Page 946: Configuring Users
Chapter 39 Configuring Users and Common Roles Configuring User Accounts S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Contains numbers •...
Page 947: Logging Out Users
Chapter 39 Configuring Users and Common Roles Configuring User Accounts S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 4...
Page 948: Configuring Ssh Services
Chapter 39 Configuring Users and Common Roles Configuring SSH Services S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m this user account has no expiry date roles:network-operator no password set.
Page 949: About Ssh
Chapter 39 Configuring Users and Common Roles Configuring SSH Services S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m About SSH SSH provides secure communications to the Cisco SAN-OS CLI.
Page 950: Overwriting A Generated Key-Pair
Chapter 39 Configuring Users and Common Roles Configuring SSH Services S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To specify or delete the SSH key in OpenSSH format for a specified user, follow these steps: Command Purpose...
Page 951: Clearing Ssh Hosts
Chapter 39 Configuring Users and Common Roles Configuring SSH Services S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To overwrite the previously generated key-pair, follow these steps: Command Purpose...
Page 952: Enabling Ssh Or Telnet Service
Chapter 39 Configuring Users and Common Roles Configuring SSH Services S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Enabling SSH or Telnet Service By default, the SSH service is disabled.
Page 953: Ssh Authentication Using Digital Certificates
Chapter 39 Configuring Users and Common Roles Recovering the Administrator Password S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m SSH Authentication Using Digital Certificates SSH authentication on the Cisco MDS 9000 Family switches provide X.509 digital certificate support for host authentication.
Page 954: Power Cycling The Switch
Chapter 39 Configuring Users and Common Roles Recovering the Administrator Password S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Save the software configuration.
Page 955: Default Settings
Chapter 39 Configuring Users and Common Roles Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m If you boot a system image that is older than the image you used to store the configuration and Caution do not use the install all command to boot the system, the switch erases the binary...
Page 956 Chapter 39 Configuring Users and Common Roles Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 39-2 Default Switch Security Settings (continued) Parameters...
Page 957 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m A R T IP Services...
Page 958 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m...
Page 959: About Fcip
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring FCIP Cisco MDS 9000 Family IP storage (IPS) services extend the reach of Fibre Channel SANs by using...
Page 960: Chapter 40 Configuring Fcip
Chapter 40 Configuring FCIP About FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 40-1 Fibre Channel SANs Connected by FCIP Virtual (E)ISL...
Page 961: Fcip Links
Chapter 40 Configuring FCIP About FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 40-2 FCIP Links and Virtual ISLs Switch A...
Page 962: Fcip Profiles
Chapter 40 Configuring FCIP About FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m FCIP Profiles The FCIP profile contains information about the local IP address and TCP parameters.
Page 963: Fibre Channel Portchannels
Chapter 40 Configuring FCIP About FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Fibre Channel PortChannels Figure 40-4 provides an example of a PortChannel-based load-balancing configuration.
Page 964: Vrrp
Chapter 40 Configuring FCIP About FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m VRRP Figure 40-6 displays a Virtual Router Redundancy Protocol (VRRP)-based high availability FCIP...
Page 965: Ethernet Portchannels And Fibre Channel Portchannels
Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The FCIP link stays up during the failover.
Page 966: Enabling Fcip
Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Advanced FCIP Profile Configuration, page 40-12 •...
Page 967: Creating Fcip Profiles
Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Creating FCIP Profiles You must assign a local IP address of a Gigabit Ethernet interface or subinterface to the FCIP profile to create an FCIP profile.
Page 968: Creating Fcip Links
Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 40-2 Displays the Specified FCIP Profile Information switch# show fcip profile 7 FCIP Profile 7...
Page 969 Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 4...
Page 970: Advanced Fcip Profile Configuration
Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Advanced FCIP Profile Configuration A basic FCIP configuration uses the local IP address to configure the FCIP profile.
Page 971: Configuring Tcp Parameters
Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Configuring TCP Parameters You can control TCP behavior in a switch by configuring the following TCP parameters.
Page 972 Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure the first keepalive timeout interval, follow these steps: Command Purpose...
Page 973 Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure SACK, follow these steps: Command Purpose...
Page 974 Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The interaction of bandwidth parameters and CWM and the resulting TCP behavior is outlined as follows: •...
Page 975: Displaying Fcip Profile Configuration Information
Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To configure the maximum jitter value, follow these steps: Command Purpose...
Page 976: Advanced Fcip Interface Configuration
Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 1...
Page 977: Peer Ip Address
Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Peer IP address—Configures both ends of the FCIP link.
Page 978: Active Connections
Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m By default, the special frame feature is disabled.
Page 979: Time Stamp Control
Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m any switch in the Cisco MDS 9000 Family.
Page 980: B Port Interoperability Mode
Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m B Port Interoperability Mode While E ports typically interconnect Fibre Channel switches, some SAN extender devices, such as Cisco’s PA-FC-1G Fibre Channel port adapter and the SN 5428-2 storage router, implement a bridge port...
Page 981 Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m interact with the B port.
Page 982: Quality Of Service
Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m To enable B port mode, follow these steps: Command Purpose...
Page 983: Displaying Fcip Interface Information
Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Displaying FCIP Interface Information Use the show interface commands to view the summary, counter, description, and status of the FCIP link.
Page 984 Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Advertized window: Current: 0 KB, Maximum: 14 KB, Scale: 14336 Peer receive window: Current: 0 KB, Maximum: 0 KB, Scale: 51200 Congestion window: Current: 14 KB, Slow start threshold: 49344 KB...
Page 985: Advanced Fcip Features
Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Advanced FCIP Features You can significantly improve application performance by configuring one or more of the following options for the FCIP interface.
Page 986 Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 40-13 FCIP Link Write Acceleration Initiator...
Page 987: Configuring Fcip Write Acceleration
Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m FCIP write acceleration with FCIP ports as members of PortChannels in Cisco MDS SAN-OS Release Caution 2.0(1b) and later are incompatible with the FCIP write acceleration in earlier releases.
Page 988: Fcip Tape Acceleration
Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m TCP Connection Information Write Accelerator statistics 6091 packets in...
Page 989 Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 40-14 FCIP Link Tape Acceleration for Write Operations Backup...
Page 990 Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 40-15 FCIP Link Tape Acceleration for Read Operations Restore...
Page 991 Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m amount of data has been buffered at the local Cisco MDS switch, the read operations to the tape drive are flow controlled by the remote Cisco MDS switch by not issuing any further reads.
Page 992: Configuring Fcip Tape Acceleration
Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Table 40-1 Correct LUN Mapping Example with Single Host Access Host...
Page 993: Displaying Tape Acceleration Activity Information
Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 994: Fcip Compression
Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Example 40-13 Displays Information About Tapes for Which Exchanges are Tape Accelerated at the Target-End FCIP Link switch# show fcip tape-session tunnel 1 targ-end...
Page 995: Configuring Fcip Compression
Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m The "auto"...
Page 996: Displaying Fcip Compression Information
Chapter 40 Configuring FCIP Configuring FCIP S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Command Purpose Step 3...
Page 997: Default Settings
Chapter 40 Configuring FCIP Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m 0 comp expanded Default Settings Table 40-4...
Page 998 Chapter 40 Configuring FCIP Default Settings S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Cisco MDS 9000 Family CLI Configuration Guide 40-40 OL-16184-01, Cisco MDS SAN-OS Release 3.x...
Page 999: About The San Extension Tuner
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m C H A P T E R Configuring the SAN Extension Tuner The SAN extension tuner (SET) feature is unique to the Cisco MDS 9000 Family of switches.
Page 1000: C H A P T E R 41 Configuring The San Extension Tuner
Chapter 41 Configuring the SAN Extension Tuner About the SAN Extension Tuner S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m Figure 41-1 SCSI Command Generation to the Virtual Target Virtual initiator...

This manual is also suitable for:

Aj732a - cisco mds 9134 fabric switch Cisco mds 9124 - fabric switch Mds 9000 series Cisco mds 9120 - fabric switch Cisco mds 9134 - fabric switch Cisco mds 9140 - fabric switch ... Show all

HP Cisco MDS 9020 - Fabric Switch Configuration Manual

Table of Contents

Chapter 1 Product Overview

Chapter 2 before You Begin

CHAPTER 3 Obtaining and Installing Licenses

Uninstalling Licenses

CHAPTER 4 On-Demand Port Activation Licensing

Chapter 5 Initial Configuration

Chapter 6 Using the CF Infrastructure

Chapter 7 Software Image

CHAPTER 8 Working with Configuration Files

CHAPTER 9 Configuring High Availability9-1

Chapter 10 Managing System Hardware

Chapter 11 Managing Module

Chapter 12 Configuring Interface

CHAPTER 13 Configuring N Port Virtualization

CHAPTER 14 Configuring Generation 2 Switches and Modules

Chapter 15 Configuring Trunking

CHAPTER 16 Configuring Portchannels

CHAPTER 17 Configuring Domain Parameters

CHAPTER 18 Scheduling Maintenance Jobs

Chapter 19 Configuring and Managing VSAN

Chapter 20 SAN Device Virtualization

Chapter 21 Creating Dynamic VSAN

CHAPTER 22 Configuring Inter-VSAN Routing

Chapter 23 Configuring and Managing Zone

CHAPTER 24 Distributing Device Alias Services

CHAPTER 25 Configuring Fibre Channel Routing Services and Protocols

CHAPTER 26 Managing FLOGI, Name Server, FDMI, and RSCN Databases

Chapter 27 Discovering SCSI Target

Chapter 28 Configuring FICON

Chapter 29 Advanced Feature and Concept

Chapter 30 Configuring FIP

Chapter 31 Configuring SNMP

Chapter 32 Configuring RADIU and TACAC+

CHAPTER 33 Configuring Ipv4 and Ipv6 Access Control Lists

CHAPTER 34 Configuring Certificate Authorities and Digital Certificates

CHAPTER 35 Configuring Ipsec Network Security

Chapter 36 Configuring FC-SP and DHCHAP

Chapter 37 Configuring Port Security

Chapter 38 Configuring Fabric Binding

Chapter 39 Configuring User and Common Role

Chapter 40 Configuring FCIP

CHAPTER 41 Configuring the SAN Extension Tuner

Chapter 42 Configuring Iscsi

Chapter 43 Configuring IP Service

Chapter 44 Configuring IP Storage

CHAPTER 45 Configuring Ipv4 for Gigabit Ethernet Interfaces

CHAPTER 46 Configuring Ipv6 for Gigabit Ethernet Interfaces

CHAPTER 47 SCSI Flow Services

CHAPTER 48 Configuring Fibre Channel Write Acceleration

Chapter 49 Configuring Santap

Chapter 50 Configuring NASB

Chapter 51 Configuring RMON

CHAPTER 52 Monitoring Network Traffic Using SPAN

CHAPTER 53 Configuring System Message Logging

Chapter 54 Configuring Call Home

CHAPTER 55 Configuring Fabric Configuration Servers

CHAPTER 56 Configuring Fabric Congestion Control and Qos

Chapter 57 Configuring Port Tracking

CHAPTER 58 Troubleshooting

CHAPTER 59 Monitoring System Processes and Logs

Quick Links

Chapters

Troubleshooting

Related Manuals for HP Cisco MDS 9020 - Fabric Switch

Summary of Contents for HP Cisco MDS 9020 - Fabric Switch