Page 3
Brocade Communications Systems, Incorporated Corporate Headquarters Asia-Pacific Headquarters Brocade Communications Systems, Inc. Brocade Communications Singapore Pte. Ltd. 1745 Technology Drive 30 Cecil Street San Jose, CA 95110 #19-01 Prudential Tower Tel: 1-408-333-8000 Singapore 049712 Fax: 1-408-333-8101 Singapore Email: info@brocade.com Tel: +65-6538-4700 Fax: +65-6538-0302 Email: apac-info@brocade.com European and Latin American Headquarters...
Page 4
Document Title Publication Number Summary of Changes Publication Date Fabric OS Command Reference 53-1000436-01 June 2007 Fabric OS Command Reference 53-1000599-01 Added 13 new commands, October 2007 Updated 23 commands with new options in support of v6.0. Removed 46 obsolete commands.
Page 21
• portCfgFportBuffers • setContext The following commands have been modified to support new command options: • ad --clear - New -f option to remove all Admin Domains before enabling Virtual Fabrics. • auditCfg - New operand to set severity for audit messages. •...
• portShow - New operands to support FCIP inband management, interface IP address and route configuration display, byte streaming, and TCP connection history and snapshot display. • secPolicyDelete - New option to delete all stale security policies. • supportShowcfgDisable, supportShowcfgEnable, supportShowcfgShow - New crypto operand to set encryption command group.
text Identifies CLI output code Identifies syntax examples For readability, command names in the narrative portions of this guide are presented in mixed letter case, for example, switchShow. In examples, command letter case is all lowercase. If there are exceptions, this manual specifically notes those cases in which a command is case-sensitive. Command syntax conventions Command syntax in the synopsis section follows these conventions: command...
CAUTION A Caution statement alerts you to situations that can cause damage to hardware, firmware, software, or data. DANGER A Danger statement indicates conditions or situations that can be potentially lethal or extremely hazardous to you. Safety labels are also attached directly to products to warn of these conditions or situations.
Additional information This section lists additional Brocade and industry-specific documentation that you may find helpful. Brocade resources The following related documentation is provided on the Brocade Documentation CD-ROM and on the Brocade Web site, through Brocade Connect. To get up-to-the-minute information, join Brocade Connect. It is free! Go to http://www.brocade.com and click Brocade Connect to register at no cost for a user ID and password.
Page 26
• Error numbers and messages received • supportSave command output • Detailed description of the problem, including the switch or fabric behavior immediately • following the problem, and specific questions • Description of any troubleshooting steps already performed and the results •...
Document feedback Quality is our first concern at Brocade, and we have made every effort to ensure the accuracy and completeness of this document. However, if you find an error or an omission, or you think that a topic needs further development, we want to hear from you. Forward your feedback to: documentation@brocade.com Provide the title and version number and as much detail as possible about your issue, including the topic heading and page number and your suggestions for improvement.
Page 28
xxviii Fabric OS Command Reference 53-1001186-01...
DRAFT: BROCADE CONFIDENTIAL Understanding Virtual Fabric restrictions Appendix A, “Appendix A: Command availability” explains the Role-Based Access Control checks in place to validate command execution, and provides the RBAC permissions for the commands included in this manual. Additional command restrictions apply depending on whether Virtual Fabrics or Admin Domains are enabled in a fabric.
DRAFT: BROCADE CONFIDENTIAL Understanding Admin Domain restrictions • Accounts with user or admin permissions can be granted chassis permissions. A user account with the chassis role can execute chassis-level commands at the user RBAC access level. An admin account with the chassis role can execute chassis-level commands at the admin RBAC access level.
Page 32
DRAFT: BROCADE CONFIDENTIAL Using the command line interface • Access to the full range of Fabric OS features, given the license keys installed. • Assistance with configuration, monitoring, dynamic provisioning, and daily management of every aspect of storage area networks (SAN). •...
Chapter Fabric OS Commands aaaConfig Manages RADIUS and LDAP configuration information. Synopsis aaaconfig aaaconfig --show aaaconfig --add | --change server -conf radius|ldap [-p port] [-d domain][-t timeout] [-s secret] [-a chap | pap | peap-mschapv2] aaaconfig --remove server -conf radius|ldap aaaconfig --move server -conf radius|ldap to_position aaaconfig --authspec aaa1[;aaa2 [-backup] aaaconfig --help...
Page 34
aaaConfig Notes Customers can use centralized RADIUS servers to manage AAA services for a switch, as defined in the RFC 2865 RADIUS specification. Fabric OS v6.1.0 or later is required to configure LDAP while in FIPS mode. Refer to the Fabric OS Administrator’s Guide for configuration procedures.
Page 35
aaaConfig -s secret Specifies a common secret between the switch and the RADIUS server. The secret must be between 8 and 40 characters long. This option is valid only with the -conf radius option, and it is optional. The default value is sharedsecret.
Page 36
aaaConfig “radius” When “radius” is specified, the first RADIUS server is contacted. If the RADIUS server is not reachable, the next RADIUS server is contacted. If the authentication fails, the authentication process does not check for the next server in the sequence. “ldap”...
Page 37
aaaConfig To replace the AAA service with backup option: switch:admin> aaaconfig --authspec “ldap;local” -backup See Also none Fabric OS Command Reference 53-1001186-01...
Page 38
Manages Admin Domain operations. Synopsis ad --activate ad_id ad --add ad_id [-d “dev_list”] [-s “switch_list”] ad --apply ad --clear [-f] ad --create ad_id [-d "dev_list"] [-s "switch_list"] ad --deactivate ad_id ad --delete ad_id ad --exec ad_id "command_list" ad --remove ad_id [-d "dev_list"] [-s "switch_list"] ad --rename ad_id new_ad_id ad --save ad --select ad_id...
Page 39
All switches, switch ports and devices in the fabric that are not specified in any other Admin Domain are treated as implicit members of AD0. Members added to AD0 are called explicit members. When a new Admin Domain is created, the members included in the new Admin Domain are automatically removed from the implicit member list of AD0.
Page 40
--create arguments Creates a new Admin Domain with optionally specified device or switch members. A newly created Admin Domain is in an activated state. It initially contains no zone database. The newly created Admin Domain remains in the transaction buffer until you issue ad --apply or ad --save. AD0 always exists.
Page 41
--select arg Selects an Admin Domain context. This command fails if the corresponding Admin Domain is not activated. This operation succeeds only if you have the specified Admin Domain. This command internally spawns off a new shell within the requested Admin Domain context. Type logout or exit to exit from the selected Admin Domain.
Page 42
number An Admin Domain can be specified by a number. Valid values include 0 through 255. AD0 and AD255 are always active. AD0 cannot be specified with --activate, --deactivate or --delete actions. AD255 can be specified only with --exec, --show and --validate actions. For all command iterations, with the exception of ad --create, the Admin Domain is specified either by a name or a number.
Page 43
-m mode Specifies the mode in which Admin Domain configuration information is displayed. This operand is valid only with --show and --validate. Valid values for mode include: Displays the Admin Domain configuration in the current transaction buffer. Displays the Admin Domain configuration stored in persistent memory (defined configuration).
Page 44
To deactivate Admin Domain 5: switch:admin> ad --deactivate 5 You are about to deactivate an AD. This operation will fail if an effective zone configuration exists in the AD Do you want to deactivate ‘5’ admin domain (yes, y, no, n): [no] y To delete AD13: switch:admin>...
Page 45
To display all ADs: switch:admin> ad --show Current AD: 255 : AD255 Transaction buffer configuration: --------------------------------- no configuration Defined configuration: ---------------------- AD: 1 : Active Device WWN members: 21:00:00:80:e5:12:8b:37; 21:00:00:80:e5:12:8b:55; Switch port members: 1,0; 1,1; 1,2; 1,3; 1,4; 1,5; 1,6; 1,7; 1,8; 1,9; 1,10; 1,11; 1,12;...
Page 46
To display the Admin Domain effective configuration information: switch:admin> ad --show -m 2 Current AD: 255 : AD255 Effective configuration: ------------------------ AD: 1 : Active Device WWN members: 21:00:00:80:e5:12:8b:37; 21:00:00:80:e5:12:8b:55; Switch port members: 1,0; 1,1; 1,2; 1,3; 1,4; 1,5; 1,6; 1,7; 1,8; 1,9; 1,10; 1,11; 1,12;...
Page 47
1,118; 1,120; 1,121; 2,52; 2,53; 2,54; 2,55; 1,221; AD Number: AD Name: roger_auto State: Inactive Device WWN members: 11:22:33:44:55:66:77:88*; AD Number: AD Name: AD5 State: Inactive Device WWN members: 10:00:00:06:2b:12:69:ff*; 10:00:00:06:2b:12:68:3f; Switch port members: 1,343; AD Number: AD Name: AD50 State: Active Device WWN members: 10:00:00:00:00:17:00:00;...
Page 48
To abort the Admin Domain management transaction buffer: switch:admin> ad --transabort You are about to abort the outstanding AD transaction. Do you want to abort the AD transaction (yes, y, no, n): [no] y To display the current Admin Domain transaction: switch:admin>...
Page 49
Enables Access Gateway (AG) and manages AG-specific operations. Synopsis ag --help ag --show ag --modeshow | --modeenable |--modedisable ag [--policyenable | --policydisable] policy ag --policyshow ag --mapshow [N_Port] ag [--mapset | --mapadd |--mapdel] N_Port [F_Port1; F_Port2;...] ag --pgshow [pgid] ag --pgcreate- pgid “N_Port1 [;N_Port2;...]” [-n pgname] ag [--pgadd | --pgdel] pgid “N_Port1 [;...
Page 50
AG configuration changes are saved persistently as config keys. Use the portCfgnPort command to set a port as N_Port. Notes AG is supported only on selected Brocade hardware platforms. Refer to the Access Gateway Administrator’s Guide for Hardware support and AG configuration procedures. In non-AG mode, the only two actions available are --modeenable and --modeshow.
Page 51
auto Enables the automatic port configuration policy. When enabled, this policy applies to all ports on the switch. All F_Port to N_Port mapping and port group configurations are ignored. Enables the advanced device security (ADS) policy. When enabled, this policy applies to all the ports on the switch.
Page 52
--pgcreate- pgid “N_Port1 [; N_Port2;...]” [-n pgname] Creates a port group with the ID pgid and a specified list of N_Ports to be included in the policy. The list must be enclosed in quotation marks. Ports must be separated by semicolons. Maximum numbers of ports allowed in a port group is MAX_PORT.
Page 53
--failbackenable N_Port Enables the failback policy for a specified N_Port. When failback policy is enabled, ports behave as follows: • If only primary F_Port to N_Port mapping is in place, all F_Ports are automatically rerouted back to the N_Ports to which they were originally mapped as those N_Ports come back online.
Page 54
--adsadd "F_Port [;F_Port2;...]" "WWN [;WWN2;...]" Adds the specified WWNs to the list of devices allowed to login to the specified F_Ports. Lists must be enclosed in double quotation marks. List members must be separated by semicolons. Replace the F_Port list with an asterisk (*) to add the specified WWNs to all the F_Ports' allow lists.
Page 55
0x6d0c01 10:00:00:06:2b:0a:a3:92 0x6d0d02 10:00:00:06:2b:0a:a3:91 0x6d0d01 10:00:00:06:2b:0a:a3:90 --------------------------------------------------------- 2. To display the current Access Gateway mode: switch:admin> ag --modeshow Access Gateway mode is enabled. switch:admin> ag --modeshow Access Gateway mode is NOT enabled. AG group policy commands 1. To show current policies: switch:admin>...
Page 56
6. To enable ADS policy: switch:admin> ag--policyenable ads The policy ADS is enabled To disable ADS policy: switch:admin> ag--policydisable ads The policy ADS is disabled AG port mapping commands 1. To display current port mappings and port grouping policies: switch:admin> ag --mapshow N_Port Configured_F_Ports Current_F_Ports Failover Failback PG_ID PG_Name ----------------------------------------------------------------------------- 4;5;6...
Page 57
6. To delete F_Port 5 that was mapped to N_Port 2: switch:admin> ag --mapdel 2 "5" Preferred N_port is set for F_Port[s] Please delete it before removing primary N_Port ERROR:Unable to remove F_Port[s] from mapping, retry the command switch:admin> ag --prefshow F_Ports Preferred N_Port -------------------------------------------------...
Page 58
3. To display failback policy settings for all the N_Ports: switch:admin> ag --failbackshow N_Port failback_bit --------------------------- 4. To set and display failback policy settings on a single port: switch:admin> ag --failbackenable 0 Failback policy cannot be enabled since failover policy is disabled for port 0 switch:admin>...
Page 59
4. To remove port group with pgid 2: switch:admin> ag --pgremove 2 Port Group 2 has been removed successfully switch:admin> ag --pgshow PG_ID N_Ports PG_Name ------------------------------------------- FirstFabric ------------------------------------------- AG Preferred port information commands 1. To display preferred port settings for F_Ports: switch:admin>...
Page 60
4. To display the lists of allowed devices on the switch: switch:admin> ag--adsshow F_Port WWNs Allowed ------------------------------------------------------------------------- ALL ACCESS 20:03:08:00:88:35:a0:12 21:00:00:e0:8b:88:01:8b 20:03:08:00:88:35:a0:12 21:00:00:e0:8b:88:01:8b ALL ACCESS NO ACCESS NO ACCESS ALL ACCESS -------------------------------------------------------------------------- See Also portCfgNPort, portCfgNPIVPort Fabric OS Command Reference 53-1001186-01...
agshow agshow Displays the Access Gateway information registered with the fabric. Synopsis agshow --name [ag_name] | [--local] Description This command displays the details of the F_Ports and the configured N_Ports in the Access Gateway attached to the fabric shows the following information. Name The name of the Access Gateway.
Page 62
agshow To display the locally registered Access Gateways: switch:admin> agshow --local Worldwide Name Ports Enet IP Addr Firmware Local/Remote Name --------------------------------------------------------------------------------- 10:00:00:05:1e:04:06:ae 10.32.173.64 v6.0.0 local L5D2_B14_4024_1 To display all Access Gateways attached to the fabric: switch:admin> agshow Worldwide Name Ports Enet IP Addr Firmware Local/Remote Name...
aliAdd aliAdd Adds a member to a zone alias. Synopsis aliadd “aliName”, “member[; member...]” Description Use this command to add one or more members to an existing zone alias. The alias member list cannot contain another zone alias. This command changes the defined configuration. For the change to become effective, enable the zone configuration with the cfgEnable command.
aliCreate aliCreate Creates a zone alias. Synopsis alicreate “aliName”, “member[; member...]” Description Use this command to create a new zone alias. The zone alias member list must have at least one member (empty lists are not allowed). The alias member list cannot contain another zone alias. Refer to the zoneCreate command for more information on name and member specifications.
aliDelete aliDelete Deletes a zone alias. Synopsis alidelete “aliName” Description Use this command to delete a zone alias. This command changes the defined configuration. For the change to become effective, enable the zone configuration with the cfgEnable command. For the change to be preserved across switch reboots, save the zone configuration to nonvolatile memory with the cfgSave command.
aliRemove aliRemove Removes a member from a zone alias. Synopsis aliremove “aliName”, “member[; member...]” Description Use this command to remove one or more members from an existing zone alias. If all members are removed, the zone alias is deleted. This command changes the defined configuration. For the change to become effective, enable the zone configuration with the cfgEnable command.
aliShow aliShow Displays zone alias information. Synopsis alishow ["pattern"][, mode] Description Use this command to display zone configuration information. Use the pattern operand to display only matching zone alias names in the defined configuration. Notes The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
aptPolicy aptPolicy Changes or displays the Advanced Performance Tuning (APT) policy. Synopsis aptpolicy [policy] aptpolicy -ap [ap_policy] Description Use this command to display and change the advanced performance tuning (APT) policies on a switch. Several internal performance tuning parameters can be modified with this command. The default parameters (AP shared Link Policy) are optimized for most SAN applications;...
Page 69
aptPolicy This policy optimizes the utilization of the available paths by allowing I/O traffic between different SID, DID, or OXID pairs to use different paths. All frames received on an ingress port with the same SID, DID, or OXID parameters take the same path unless there is a fabric event. Refer to dlsSet for the definition of a fabric event.
auditCfg auditCfg Modifies and displays the audit log filter configuration. Synopsis auditcfg --class audit_class auditcfg --enable |--disable auditcfg --severity severity_level auditcfg --show Description Use this command to configure the audit logging and to display the audit log configuration. This command allows you to set filters by configuring certain classes, to add or remove any of the classes in the filter list, to set severity levels for audit messages, and to enable or disable audit filters.
Page 71
auditCfg switch:admin> auditcfg --show Audit filter is disabled. 1-ZONE 2-SECURITY 3-CONFIGURATION 4-FIRMWARE 5-FABRIC Severity level: INFO See Also auditDump Fabric OS Command Reference 53-1001186-01...
auditDump auditDump Displays or clears the audit log. Synopsis auditdump -s | -show auditdump -c | -clear Description Use this command to display or clear the audit log on the switch. The audit log persistently saves the most recent 256 log entries on the switch. On modular platforms, the entries are not shared across CPs.
authUtil authUtil Displays and sets the authentication configuration. Synopsis authutil authutil --show authutil --set option value authutil --policy -sw option | -dev option authutil --authinit [slotnumber]/portnumber[, [slotnumber/]portnumber...] | allE Description Use this command to display and set local switch authentication parameters. Use --set to change authentication parameters such as protocol, Diffie-Hellman group (DH group), or hash type.
Page 74
authUtil and a higher level of security. When DH group is set to a specified value, only that DH group is enabled. Specifying “*” enables all DH groups 0, 1, 2, 3, and 4, in that order. This means that in authentication negotiation, the NULL DH group s given priority over all other groups.
Page 75
authUtil authinit [slotnumber/]portnumber [, [slotnumber]/portnumber...| allE Re-initiates authentication on selected ports after changing the DH-CHAP group, hash type, and shared secret between a pair of switches. This command does not work on Private, Loop, NPIV and FICON devices. The command can re-initiate authentication only if the device was previously authenticated.
Page 76
authUtil To set the Device policy to passive mode: switch:admin> authutil --policy -dev passive Warning: Activating the authentication policy requires DH-CHAP secrets on both switch and device. Otherwise, the F-port will be disabled during next F-port bring-up. (yes, y, no, n): [no] y ARE YOU SURE Device authentication is set to PASSIVE To set the device authentication policy to “on”...
bannerSet bannerSet Sets the banner on the local switch. Synopsis bannerset [banner] Description Use this command to set the banner on the local switch. The banner is a string of alphanumeric characters. It is displayed whenever you log in to a switch. The banner can be created using the banner operand or by entering the bannerSet command without an operand, making the session interactive.
bannerShow bannerShow Displays the banner text. Synopsis bannershow Description Use this command to display the contents of the banner. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place. Refer to chapter 1, "Using Fabric OS commands" and Appendix A, "Command Availability"...
bcastShow bcastShow Displays broadcast routing information. Synopsis bcastshow Description Use this command to display the broadcast routing information for all ports in the switch. The broadcast routing information indicates all ports that are members of the broadcast distribution tree: ports that are able to send and receive broadcast frames. Normally, all F_Ports and FL_Ports are members of the broadcast distribution tree.
bladeDisable bladeDisable Disables all user ports on a blade. Synopsis bladedisable slotnumber Description Use this command to disable all user ports on a blade. All ports on the blade are taken offline. If the switch was connected to a fabric through this blade, the remaining switches reconfigure, and this switch will reconfigure based on the other blade ports.
bladeEnable bladeEnable Enables all user ports on a blade. Synopsis bladeenable slotnumber Description Use this command to enable all user ports on a blade. All ports within the blade that did not fail the power-on self-test (POST) are enabled (except for persistently disabled ports). They may come online if connected to a device, or remain offline if disconnected.
Page 82
bladeEnable switch:admin> slotshow Slot Blade Type Status --------------------------------- SW BLADE ENABLED UNKNOWN VACANT UNKNOWN VACANT SW BLADE ENABLED CP BLADE ENABLED CP BLADE ENABLED SW BLADE ENABLED UNKNOWN VACANT UNKNOWN VACANT UNKNOWN VACANT See Also bladeDisable, chassisDisable, chassisEnable, portEnable, portDisable, switchDisable, switchShow Fabric OS Command Reference 53-1001186-01...
bpPortLoopbackTest bpPortLoopbackTest Performs a functional test of port N->N paths on the BP ports. Synopsis bpportloopbacktest [ -nframes count ] [ -pklen count ] [ -lb_mode mode ] [ -spd_mode mode ] [ -bpports itemlist ] Description Use this command to verify the functional operation of the switch. The test sends frames from a specified blade processor (BP) port transmitter and loops the frames back into the same BP port’s receiver.
Page 84
bpPortLoopbackTest Operands This command has the following operands: -nframes count Specifies the number of frames to send. The test progresses until the specified number of frames has been transmitted on each port. The default value is 8. -pklen count Specifies the size of the packet to be sent. The default is 2112 bytes. The valid range is 100 to 2112 bytes.
Page 85
bpPortLoopbackTest Diagnostics When it detects failures, the test may report one or more of the following error messages. If errors persist, contact Technical Support. DATA Data received does not match the data sent. ERRSTAT Errors were found in the ASIC statistics. INIT Port failed to initialize.
bpTurboRamTest bpTurboRamTest bpTurboRamTest - MBIST test for AP Blade BP ASICs. Synopsis bpturboramtest [ -passcnt count ] [ -bpports itemlist ] Description Use this command to verify the on-chip static random access memory (SRAM) located in the Blade Processor (BP) ASICs of the Application Processor (AP) Blade. The command makes use of the memory built-in self-test (MBIST) circuitry.
burninErrClear burninErrClear Clears errors stored in nonvolatile memory during burn-in. Synopsis burninerrclear slotnumber Description Use this command to clear errors that were stored during burn-in in the nonvolatile memory of a specified slot. It is advisable to run the burninErrClear command prior to running diagSetCycle Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
burninErrShow burninErrShow Displays errors stored in nonvolatile memory on a slot during burn-in. Synopsis burninerrshow slotnumber Description Use this command to display errors generated during burn-in and stored in nonvolatile memory on a specified slot. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
burninLevel burninLevel Sets the diagnostics burn-in level. Synopsis burninlevel [level | -show] Description Use this command to select or display the burn-in level. When you set the burn-in level to a value other than 0, this command behaves as follows: 1.
burninStatus burninStatus Displays the diagnostics burn-in status. Synopsis burninstatus [[--slot] slotnumber] Description Use this command to display the burn-in status of blade in a specified slot. Command output includes the slot number, state, current run number, current command in the run, total commands in a run, and the burn-in script name.
cfgActvShow cfgActvShow Displays effective zone configuration information. Synopsis cfgactvshow Description Use this command to display the effective zone configuration information. The current configuration is a single zone configuration that is currently in effect. The devices that an initiator sees are based on this configuration. The effective configuration is built when a specified zone configuration is enabled.
cfgAdd cfgAdd Adds a member to a zone configuration. Synopsis cfgadd "cfgName", "member[ ;member...]" Description Use this command to add one or more members to an existing zone configuration. This command changes the Defined Configuration. For the change to take effect, enable the configuration with the cfgEnable command.
cfgClear cfgClear Clears all zone configurations. Synopsis cfgclear Description Use this command to clear all zone information in the transaction buffer. All defined zone objects in the transaction buffer are deleted. If an attempt is made to commit the empty transaction buffer while a zone configuration is enabled, you are warned to first disable the enabled zone configuration or to provide a valid configuration with the same name.
cfgCreate cfgCreate Creates a zone configuration. Synopsis cfgcreate "cfgName", "member[ ;member...]" Description Use this command to create a new zone configuration. This command changes the Defined Configuration (see cfgShow). For the change to become effective, enable the configuration with the cfgEnable command. For the change to be preserved across switch reboots, save the configuration to nonvolatile memory with the cfgSave command.
cfgDelete cfgDelete Deletes a zone configuration. Synopsis cfgdelete "cfgName" Description Use this command to delete a zone configuration. This command changes the Defined Configuration (see cfgShow). For the change to become effective, enable the configuration with the cfgEnable command. For the change to be preserved across switch reboots, save the configuration to nonvolatile memory with the cfgSave command.
cfgDisable cfgDisable Disables a zone configuration. Synopsis cfgdisable Description Use this command to disable the current zone configuration. The fabric returns to non-zoning mode, in which all devices see each other. This command ends and commits the current zoning transaction buffer to both volatile and nonvolatile memory.
cfgEnable cfgEnable Enables a zone configuration. Synopsis cfgenable cfgName Description Use this command to enable a zone configuration. The command builds the specified zone configuration . It checks for undefined zone names, zone alias names, or other inconsistencies, by expanding zone aliases, removing duplicate entries, and then installing the effective configuration. If the build fails, the previous state is preserved (zoning remains disabled, or the previous effective configuration remains in effect).
cfgMcdtmode cfgMcdtmode Configures zoning features in McDATA Fabric mode. Synopsis cfgMcdtMode [--enable | --disable | --help] [safezoning | defaultzoning] Description Use this command to enable or disable either the McDATA safe zoning feature or the McDATA default zoning feature. Enabling or disabling safezoning or default zoning on one switch in the fabric enables or disables the specific feature fabric-wide, meaning that the feature is disabled or enabled on all switches in the fabric.
cfgRemove cfgRemove Removes a member from a zone configuration. Synopsis cfgremove “cfgName”, “member[; member...]” Description Use this command to remove one or more members from an existing zone configuration. If all members are removed, the zone configuration is deleted. This command changes the Defined Configuration (see cfgShow). For the change to become effective, enable the configuration with the cfgEnable command.
cfgSave cfgSave Saves zone configuration to nonvolatile memory. Synopsis cfgsave Description Use this command to save the current zone configuration. This command writes the defined configuration and the name of the effective configuration to nonvolatile memory in all switches in the fabric.
cfgSaveActiveToDefined cfgSaveActiveToDefined Saves the active (effective) zoning configuration to the defined configuration in McDATA Fabric mode. Synopsis cfgSaveActiveToDefined Description Use this command in McDATA Fabric mode to move the effective zoning configuration to the defined configuration database. If the Defined Database contains a configuration with the same name, it is replaced.
cfgShow cfgShow Displays zone configuration information. Synopsis cfgshow ["pattern"] [, mode] Description Use this command to display zone configuration information. If no operand is specified, all zone configuration information (both defined and effective) displays. If the local switch has an outstanding transaction, this command displays the most recently edited zone configuration that has not yet been saved.
Page 103
cfgShow Examples To display all zone configurations that start with "Test": switch:admin> cfgshow "Test*" cfg: Test1 Blue_zone cfg: Test_cfg Red_zone; Blue_zone To display all zone configuration information: switch:admin> cfgshow Defined configuration: cfg: USA1 Blue_zone cfg: USA_cfg Red_zone; Blue_zone zone: Blue_zone 1,1;...
cfgSize cfgSize Displays zone and Admin Domain database size details. Synopsis cfgsize [integer] Description Use this command to display the size details of the zone database and the Admin Domain database. When executed in non-AD255 context, the size details include the Zone DB maximum size, the committed size, and the transaction size.
Page 105
cfgSize To display Admin Domain and zone database information in AD255 context: switch:admin> cfgsize Maximum AD and Zone DB size - 1045274 bytes Total Committed AD and Zone DB size - 3390 bytes AD and Zone DB uncommitted space available - 1041884 bytes Total AD and Zone Transaction buffer size 0 bytes AD Database Size:...
cfgTransAbort cfgTransAbort Aborts the current zoning transaction. Synopsis cfgtransabort [token] Description Use this command to abort the current zoning transaction without committing it. All changes made since the transaction was started are removed and the zone configuration database is restored to the state before the transaction was started.
cfgTransShow cfgTransShow Displays information about the current zoning transaction. Synopsis cfgtransshow Description Use this command to display the ID of the current zoning transaction. In addition, the command provides information on whether or not the transaction can be aborted. The transaction cannot be aborted if it is an internal zoning transaction.
chassisBeacon chassisBeacon Sets chassis beaconing mode. Synopsis chassisbeacon [mode] Description Use this command to enable or disable beaconing on a chassis. Chassis beaconing can be used to locate a failing port. When beaconing mode is turned on, the port LEDs flash green at various rates across the chassis. The beaconing continues until you turn it off.
chassisConfig chassisConfig Displays or sets the configuration of the Brocade 48000. Synopsis chassisconfig [-f][option] Description This command is retained for legacy reasons only. It has nothing to do with Virtual Fabrics and chassis configuration related to the Virtual Fabric feature. The chassisConfig command is supported ONLY on the Brocade 48000 and ONLY option 5 is supported.
chassisEnable chassisEnable Enables all user ports in a chassis. Synopsis chassisenable Description Use this command to enable a Virtual Fabric-aware chassis. All Fibre Channel ports that passed the power-on self test (POST) are enabled. They may come online if connected to a device, or remain offline if disconnected.
chassisDisable chassisDisable Disables all user ports in a chassis. Synopsis chassisdisable [-force] Description Use this command to disable a Virtual Fabric-aware chassis. All Fibre Channel ports are taken offline. This command prompts for confirmation unless the -force option is used. If the chassis is partitioned into logical switches that are part of logical fabrics, the remaining switches in these fabrics reconfigure.
chassisName chassisName Displays or sets the chassis name. Synopsis chassisname [name] Description Use this command to display or change the name associated with the chassis. Enter this command without parameters to display the current chassis name. Use this command with the name operand to assign a new chassis name. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
chassisShow chassisShow Displays all field replaceable units (FRUs). Synopsis chassisshow Description Use this command to inventory and display the FRU header content for each object in the chassis and chassis backplane version. Refer to the Table 1 for more information about the lines and their meaning. TABLE 1 Command output descriptions Line...
Page 114
chassisShow Examples To display all FRUs for a switch: switch:user> chassisshow Chassis Backplane Revision: 1C SW BLADE Slot: 3 Header Version: Power Consume Factor: -180 Factory Part Num: 60-0001532-03 Factory Serial Num: 1013456800 Manufacture: Day: 12 Month: Year: 2001 Update: Day: 15 Month: Year: 2001...
cliHistory cliHistory Name Displays switch command history. Synopsis clihistory Description This command saves the following information whenever a command is executed on the switch: • Timestamp • Username • IP address of the Telnet session • Options • Arguments This command displays the local CLI command history. The information is saved as part of supportSave as the CH file.
configDefault configDefault Resets the non-persistent configuration data to factory defaults. Synopsis configdefault [-fid FID | -chassis |-all] Description Use this command to reset the non-persistent configuration settings to their factory defaults. Beginning with Fabric OS v6.2.0, configuration data is grouped into chassis information and switch information.
Page 117
configDefault Note that configDefault does not completely remove all FCIP tunnels and GbE IP address information. This may be an issue when attempting to use the same information to create new tunnels or modify the existing ones. When issuing configDefault on the Brocade 7500, it persistently disables the ports. The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
configDownload configDownload Downloads configuration data to the system. Synopsis configdownload configdownload [- all ] [-p ftp | -ftp ] [”host”,”user”,”path” [,”passwd”]] configdownload [- all ] [-p scp| -scp ] [”host”,”user”,”path”] configdownload [- all ] [-local | -USB | -U [”file”]] configdownload [ -fid -FID [-sfid FID ] | -chassis |- all ] [-p ftp | -ftp ] [”host”,”user”,”path”...
Page 119
configDownload • When downloading the chassis configuration, the number of logical switches defined in the configuration download must match the number of logical switches currently defined on the switch. • When downloading the switch configuration, the target FID must be defined in both the configuration download and the current system.
Page 120
configDownload If the configuration file contains the keyword “enable:” followed by a zone_configuration, that zoning configuration is enabled in the fabric. If there is no “enable:” keyword in the configuration file or no zoning configuration by that name exists, or if enable fails for any reason (such as dangling aliases), then the following conditions apply: •...
Page 121
configDownload “passwd” Specifies the login password when you use the FTP protocol. Quotation marks are optional. -local Downloads a specified configuration file from a predetermined directory on the local chassis. -USB | -U Downloads a specified configuration file from a predetermined directory on an attached USB device.
Page 122
configDownload Diagnostics The configuration download may fail for one or more of the following reasons: • The switch has not been disabled. Disabling the switch is not necessary for configuration files containing only certain SNMP or Fabric Watch parameters. You may wish to attempt configDownload first without disabling the switch, and if there is at least one changed parameter outside of Fabric Watch or SNMP, you are prompted to disable the switch before proceeding.
configList configList Lists uploaded configuration files. Synopsis configlist -local|-USB|-U Description This command displays a list of names, sizes, and creation dates of configuration files saved on the local chassis or on an attached USB device. These files are created when the configUpload command is executed with the -local or the -USB option.
configRemove configRemove Deletes a saved configuration file. Synopsis configremove -local|-USB|-U [file] Description This command deletes a configuration file that was previously saved to the local chassis or to an attached USB device by using the configUpload command. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
configShow configShow Displays system configuration settings. Synopsis configshow -pattern “pattern” configshow [-all | -fid FID| -chassis] [-local|-USB|-U] [file] [-pattern "pattern"] Description Use this command to display system configuration settings. Some but not all of these parameters are set by the configure and configureChassis commands. Beginning with Fabric OS v6.2.0, configuration data is grouped into chassis information and switch information.
Page 126
configShow -USB | -U [file] Displays the content of a configuration file that was previously created by configUpload and stored on an attached USB device. The output can be optionally filtered by -pattern “pattern”. If file is omitted, the command prompts for a file name.
Page 127
configShow fips.selftests:0 ipfilter.0.name:default_ipv4 ipfilter.0.numofrules:12 ipfilter.0.rule.1:0,0x23,0,0,6,22 ipfilter.0.rule.10:0,0x23,0,0,17,123 ipfilter.0.rule.11:0,0x63,0,0,6,600,1023 ipfilter.0.rule.12:0,0x63,0,0,17,600,1023 ipfilter.0.rule.2:0,0x23,0,0,6,23 ipfilter.0.rule.3:0,0x23,0,0,6,897 ipfilter.0.rule.4:0,0x23,0,0,6,898 ipfilter.0.rule.5:0,0x23,0,0,6,111 ipfilter.0.rule.6:0,0x23,0,0,6,80 ipfilter.0.rule.7:0,0x23,0,0,6,443 ipfilter.0.rule.8:0,0x23,0,0,17,161 ipfilter.0.rule.9:0,0x23,0,0,17,111 ipfilter.0.state:3 ipfilter.0.type:0 ipfilter.1.name:default_ipv6 ipfilter.1.numofrules:12 ipfilter.1.rule.1:0,0x23,0,0,6,22 ipfilter.1.rule.10:0,0x23,0,0,17,123 ipfilter.1.rule.11:0,0x63,0,0,6,600,1023 ipfilter.1.rule.12:0,0x63,0,0,17,600,1023 ipfilter.1.rule.2:0,0x23,0,0,6,23 ipfilter.1.rule.3:0,0x23,0,0,6,897 ipfilter.1.rule.4:0,0x23,0,0,6,898 ipfilter.1.rule.5:0,0x23,0,0,6,111 ipfilter.1.rule.6:0,0x23,0,0,6,80 ipfilter.1.rule.7:0,0x23,0,0,6,443 ipfilter.1.rule.8:0,0x23,0,0,17,161 ipfilter.1.rule.9:0,0x23,0,0,17,111 ipfilter.1.state:3 ipfilter.1.type:1 [output truncated] To filter the content to display only the password configuration: switch :admin>...
Page 128
configShow FOS version = v6.2.0.0 Number of LS = 3 [Switch Configuration Begin : 0] SwitchName = Spirit_66 Fabric ID = 20 [Boot Parameters] boot.name:Spirit_66 boot.ipa:10.32.228.66 boot.licid:10:00:00:05:1e:41:5c:c1 boot.mac:10:00:00:05:1e:41:5c:c1 boot.device:eth0 boot.gateway.ipa:10.32.224.1 [Configuration] acl.clear:0 ag.port.nfportfailback:0x0 ag.port.nfportfailover:0x0 ag.port.nfporttopo.0:0x0 ag.port.nfporttopo.1:0x0 ag.port.nfporttopo.10:0x0 ag.port.nfporttopo.11:0x0 ag.port.nfporttopo.12:0x0 ag.port.nfporttopo.13:0x0 ag.port.nfporttopo.14:0x0 ag.port.nfporttopo.15:0x0 ag.port.nfporttopo.16:0x0...
Page 130
configUpload whitespace {“ ” | t”} component {“a” - “z” | “A” - “Z” | “0” - “9” | “_” | “-”} value {<any character not including n”>} Elements enclosed in braces ( {...} ) indicate zero or more occurrences of the enclosed elements. The switch configuration file includes the following sections: [Configuration upload Information] Contains configuration format version, switch firmware version, time stamp,...
Page 131
configUpload Notes The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place. Refer to chapter 1, "Using Fabric OS commands" and Appendix A, "Command Availability" for details. Do not manually edit a configuration file after uploading the file and before downloading the file to a switch.
Page 132
configUpload Examples To upload the switch configuration interactively from a switch that is not enabled for Virtual Fabrics: switch:admin> configupload Protocol (scp, ftp, local) [ftp]: Server Name or IP Address [host]: 192.168.38.245 User Name [user]: jdoe File Name [config.txt]: Password: configUpload complete: All config parameters are uploaded To upload the switch configuration that belongs to a logical switch with FID 100: switch:admin>...
configure configure Changes switch configuration settings. Synopsis configure Description Use this command to change switch configuration settings. Beginning with Fabric OS v6.2.0, configuration data is grouped into chassis information and switch information. Each configuration type is managed separately. For information on file format and specific parameters contained in each section, refer to the configUpload help page.
Page 134
configure The configure command runs in interactive mode and presents you with a series of hierarchical menus. Each top-level menu and its associated submenus consist of a text prompt, a selection of valid values, and a default value (in brackets). The following keys control the execution of the command: Return When entered at a prompt with no preceding input, the command accepts the...
Page 135
configure Allow XISL Use An extended interswitch link (XISL) is an interswitch link (ISL) that connects the logical switch to the base switch and carries traffic for multiple logical fabrics. This feature is supported only on Virtual Fabric-aware platforms under the following conditions: Virtual Fabrics must be enabled on the switch, and the switch cannot be a base switch.
Page 136
configure Note that the R_A_TOV, E_D_TOV, WAN_TOV, and MAX_HOPS configuration parameters are interrelated. Assigning a specific value to one or more of these parameters can change the range of allowed values that can be assigned to the other parameters. As a result, you may not be able to set all the values within the range displayed against each parameter.
Page 137
configure Virtual Channel Settings The switch enables fine-tuning for a specific application by configuring the parameters for eight virtual channels. The first two virtual channels are reserved for switch internal functions and are not available for modification. The default virtual channel settings have already been optimized for switch performance. Changing the default values can improve switch performance but can also degrade performance.
Page 138
configure Zoning Operation Parameters Table 5 lists the configurable zoning operation parameters. TABLE 5 Zoning operation parameters Field Type Default Range Disable NodeName Zone Boolean Checking Disable NodeName Zone Checking Specify 1 to disable using node WWN when specifying nodes in the zone database, or specify 0 to enable using node WWN when specifying nodes in the zone data.
Page 139
configure Enable CLOSE on OPEN received? If this is set, a CLS is returned immediately to an OPN if no buffers are available. This is required for TachLite. Always send RSCN? Following the completion of loop initialization, a remote state change notification (RSCN) is issued when FL_Ports detect the presence of new devices or the absence of pre-existing devices.
Page 140
configure switch:admin>configure Configure... Change fabric parameters? Y Change domain[30]: Allow XISL Use [no]: yes Enable a 256 Area Limit[0]: R_A_TOV: (4000..120000) [10000] E_D_TOV: (1000.. 5000) [2000] WAN_TOV: (0..30000) [0] MAX_HOPS: (7..19) [7] Data field size: (256..2112) [2112] Sequence Level Switching: (0..1) [0] Disable Device Probing: (0..1) [0] Suppress Class F Traffic: (0..1) [0] Per-frame Route Priority: (0..1) [0]...
configureChassis configureChassis Changes chassis-level system configuration settings. Synopsis configurechassis Description Use this command to modify chassis-level system configuration settings. Beginning with Fabric OS v6.2.0, configuration data is grouped into chassis information and switch information. Each configuration type is managed separately. Use the configure command to modify switch configuration parameters.
Page 142
configureChassis System Settings The following system-related parameters are configurable on a Virtual Fabric-aware switch. TABLE 11 System settings Field Type Default Range system.blade.bladeFaultOn Number 0x0 to 0xffff HwErrMsk system.blade.bladeFaultOnHwErrMsk If this field is set to a value other than 0, then any nonfatal HW ASIC data parity error causes the problem blade to be powered off.
cryptoCfg cryptoCfg Name Performs encryption configuration and management functions. Synopsis cryptocfg --help -nodecfg cryptocfg --help -groupcfg cryptocfg --help -hacluster cryptocfg --help -devicecfg cryptocfg --help -transcfg Description Use the cryptoCfg command to configure and manage the Brocade Encryption Switch and the FS8-18 encryption blade.
Page 145
cryptoCfg Operands The cryptoCfg node initialization and configuration function has the following operands: --help -nodecfg Displays the synopsis for the node initialization and configuration function. This command is valid on all nodes. Initializes the node to prepare for the configuration of encryption options. --initnode Initialization must be performed on every node before configuration options may be set and encryption may be enabled.
Page 146
cryptoCfg Sets the encryption routing policy on the local encryption engine to either --setEE shared or partitioned. By default the encryption blade is enabled with a “shared dynamic path selection (DPS)“ configuration. A slotpoweroff followed by a slotpoweron is required on the encryption blade for the configuration change to take effect.
Page 147
cryptoCfg host_file_path Specifies the fully qualified path to the file on the host to which the file is to be exported. This includes the file name. Make sure to name your certificates so you can track the file type and the originator switch, for example, name_cpcert.pem.
Page 148
cryptoCfg dest_filename Specifies the name to be assigned to the imported file. This is a user-generated file name. source_filename Specifies the name of the certificate on the USB storage device from which you are importing. --reg -membernode Registers a member node with the group leader. This command is valid only on the group leader.
Page 149
cryptoCfg Accepts the LKM Diffie-Hellman response from the specified NetApp LKM --dhresponse appliance and generates the link key on the node on which this command is issued. The DH response occurs by an automatic trusted link establishment method. The LKM appliance must be specified by its vault_IP_addr. The DH challenge request must be approved on the Net App LKM appliance for this command to succeed.
Page 150
cryptoCfg cryptocfg --eject -membernode node_WWN cryptocfg --leave_encryption_group cryptocfg --genmasterkey cryptocfg --exportmasterkey [-file] cryptocfg --recovermasterkey currentMK | alternateMK -keyID keyID | -srcfile filename cryptocfg --show -groupcfg cryptocfg --show -groupmember -all | node_WWN Description Use these cryptoCfg commands to create or delete an encryption group, to add or remove group member nodes or key vaults, to manage keys including key recovery from backup, and to configure group-wide policies, such as failover and Heartbeat.
Page 151
cryptoCfg Group leader node name: Node WWN Encryption group state: CONVERGED = Encryption group formed successfully. CONVERGING = Encryption group partially formed, member nodes may still be in discovery process. DEGRADED = Nodes lost connection with the group. • For each node in the encryption group, the following information is displayed: Node name: WWN IP address: Node IP address Role: GroupLeader or MemberNode...
Page 152
cryptoCfg Note All EEs in the encryption group must be interconnected through a dedicated local area network (LAN), preferably on the same subnet and on the same VLAN using the GbE Ports on the encryption switch or blade. The two GbE Ports of each member node (Eth0 and Eth1) should be connected to the same IP Network, the same subnet, and the same VLAN.
Page 153
cryptoCfg certfile Specifies the certificate file. This file must be imported prior to registering the key vault and reside in the predetermined directory where certificates are stored. In the case of the HP SKM, this operand specifies the CA file, which is the certificate of the signing authority on the SKM.
Page 154
cryptoCfg --set -hbmisses Sets the number of heartbeat misses allowed in a node that is part of an encryption group before the node is declared unreachable. This value is set in conjunction with the time-out value. It must be configured at the group leader node and is distributed to all member nodes in the encryption group.
Page 155
cryptoCfg not online (in DISCOVERING State), use --dereg -membernode. You must remove the EEs from the HA cluster and delete any CryptoTarget container and Crypto LUN configurations from this node prior to initiating a leave operation. Generates a master key. A master key is needed when an opaque key vault --genmasterkey such as RKM is used.
Page 156
cryptoCfg -srcfile filename Specifies the file name when restoring the master key from a file in the predetermined directory on the switch. Use this operand when the master key was backed up to a file rather than to a key vault. The -keyID and the -srcfile operands are mutually exclusive.
Page 157
cryptoCfg The command group includes a show option, --show -hacluster. When invoked on a member node, this command displays the committed HA cluster configuration. When invoked on the group leader, both defined and committed configuration data is displayed including the following: •...
Page 158
cryptoCfg node_WWN Specifies the node WWN of the switch or chassis to which the encryption engine belongs. slot_number Specifies the encryption engine slot number on bladed systems. --remove -haclustermember Removes one or both encryption engine members from an already configured HA cluster.
Page 161
cryptoCfg Container name: (user-generated name) Type: disk or tape EE node: node WWN EE slot: slot number EE hosting container Target: target port WWN Target PID: target PID VT: virtual target port WWN VT PID: virtual target PID Number of hosts Number of tape sessions (or re-key sessions) Host: port WWN Host PID: host PID...
Page 162
cryptoCfg Type: tape or disk EE node: node WWN EE slot: slot number Target: target port WWN, node WWN VT: virtual target port WWN, node WWN Number of hosts Configuration status: committed or defined For each host: host port WWN, node WWN For each VI: VI port WWN, node WWN Number of LUNs If a re-key session is in progress while the command is run, the following additional information is...
Page 163
cryptoCfg • Configuration status: committed or defined Use the --show -LUN command for a listing of Crypto LUN status or configuration information for a specific CTC. When used with -stat the display includes the following LUN runtime status information: • Container name: user-defined name •...
Page 164
cryptoCfg • Target: PWWN, NWWN • VT: PWWN, NWWN • Number of hosts • Configuration status: committed or defined • For each host: Host PWWN, NW VI: PWWN, NWWN VI PID • Number of LUNs • For each LUN: LUN number LUN type: tape or disk LUN status Encryption mode: encrypt or cleartext...
Page 165
cryptoCfg Number of uncompressed blocks Number of compressed blocks Number of uncompressed bytes Number of compressed bytes Use the --show -rekey command to display all re-key sessions in progress in the encryption group or for a specified container. The display includes the following information: •...
Page 166
cryptoCfg • Target PWWN • Target NWWN • Target PID • EE node name: node WWN • EE slot number • Number of re-key sessions in progress • For each re-key session the display includes: Re-Key session number Percent completion Re-Key state.
Page 167
cryptoCfg • Host NWWN • Host PID • VI WWN • VT NWWN • VT PID • LUN number • Tape session number • For each Tape session: Number of uncompressed blocks Number of compressed blocks Number of uncompressed bytes Number of compressed bytes Notes Encryption groups and HA clusters must be configured before performing any CryptoTarget...
Page 168
cryptoCfg crypto_target_container_name Specifies the CTC name for the storage device. The CTC name can be up to 31 characters long and include any alphanumeric characters and underscores. White space and other special characters are not permitted. This operand is required. EE_node_WWN [EE_slot_number] Specifies the WWN of the node to which the encryption engine belongs and on which encryption engine this particular CTC is hosted.
Page 169
cryptoCfg new_node_WWN [new_slot_number] Specifies the node WWN of the encryption engine to which failback of all CTCs should occur. On bladed systems, specify the slot number of the new encryption engine. --move -container Moves the specified CTC from its currently configured encryption engine to another encryption engine.
Page 170
cryptoCfg --add -LUN Adds a LUN to a CTC and optionally sets encryption policies for the LUN. LUN policies may be set at this time or after the LUN is added. The maximum number of LUNs you can add in one commit operation is 25. There is a delay of five 5 seconds for each commit operation.
Page 171
cryptoCfg native The LUN uses the Brocade metadata format and algorithm for the encryption and decryption of data. This is the default mode. DF_compatible The LUN uses the NetApp DataFort metadata format and algorithm for the encryption and decryption of data. Use of this format requires a NetApp DataFort-compatible license to be present on the encryption switch or the chassis that houses the encryption blade.
Page 172
cryptoCfg initiator_PWWN initiator_NWWN Specifies the initiator by its port WWN and node WWN. You may optionally modify the following LUN policy configuration parameters. Refer to cryptocfg --add -LUN for descriptions of these parameters. [-encryption_format native | DF_compatible] [-encrypt | cleartext] [-enable_encexistingdata | -disable_encexistingdata] [-enablerekey time_period | -disable_rekey] Make sure you understand the ramifications of modifying LUN parameters (such as changing...
Page 173
cryptoCfg A LUN may become disabled for various reasons, such as a change in policy from encrypted to cleartext, a conflict between LUN policy and LUN, or a missing DEK in the key vault. Force-enabling a LUN while metadata exist on the LUN may result in a loss of data and should be exercised with caution.
Page 174
cryptoCfg -key_lifespan time_in_days | none Specifies the lifespan of the encryption key in days. The key expires after the specified number of days. The default value is none, which means the key does not expire until the value is set. This parameter cannot be modified for tape pools once it is set.
Page 175
cryptoCfg --manual_rekey -all Performs a manual re-keying of all encrypted disk LUNs in the encryption group. This operation may take an extended period of time. Resumes a suspended re-key session for a specified disk LUN at the --resume_rekey termination point. A re-key session may terminate prematurely due to unrecoverable medium or hardware errors.
Page 176
cryptoCfg -cfg | -stat Displays either configuration information or runtime status for the specified tape pools. --show -LUN Displays Crypto LUN configuration or runtime status information for a specified CTC. This command is valid on all nodes. The following operands are supported: crypto_target_container_name Specifies the CTC for which to display the Crypto LUN information.
Page 177
cryptoCfg Description Use these cryptoCfg commands to manage the transaction mechanism for those functions that require configuration changes to be committed before they take effect. These functions include “3. High Availability (HA) cluster configuration” “4. Storage device configuration and management”. Transaction commands must be invoked on the group leader.
Page 178
cryptoCfg To initialize an encryption engine: SecurityAdmin:switch>cryptocfg --initEE This will overwrite previously generated identification and authentication data ARE YOU SURE (yes, y, no, n): y Operation succeeded. To register an encryption engine with the CP or chassis: SecurityAdmin:switch>cryptocfg -regEE Operation succeeded. To enable an encryption engine: SecurityAdmin:switch>...
Page 179
cryptoCfg To zeroize all critical security parameters on an encryption switch: SecurityAdmin:switch> cryptocfg --zeroizeEE This will zeroize all critical security parameters ARE YOU SURE (yes, y, no, n): [no]y Operation succeeded. To delete a file from the local node: SecurityAdmin:switch> cryptocfg --delete -file /etc/fabos/certs/sw0/foo.pem This will permanently delete the selected file.
Page 180
cryptoCfg Leave node status: Operation Succeeded. To generate the master key (RKM) on the group leader: SecurityAdmin:switch>cryptocfg --genmasterkey Master key generated. The master key should be exported before further operations are performed. To export the master key to the RKM key vault: SecurityAdmin:switch>cryptocfg --exportmasterkey Enter the passphrase: passphrase Master key exported.
Page 181
cryptoCfg To display an encryption group configuration with an SKM keyvault deployed in HA fashion: SecurityAdmin:switch>cryptocfg --show -groupcfg Encryption Group Name: brocade Failback mode: Auto Heartbeat misses: Heartbeat timeout: Key Vault Type: Key Vault Information: Primary IP address: 10.32.45.14 Secondary IP address: 10.32.45.15 Certificate ID: mace...
Page 182
cryptoCfg Alternate Master KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 EE Slot: SP state: Unknown State Current Master KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 Alternate Master KeyID: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 No HA cluster membership No HA cluster membership C. Group-wide policy configuration To set the failback mode to manual failback: SecurityAdmin:switch> cryptocfg --set -failbackmode manual Set failback policy status: Operation Succeeded.
Page 183
cryptoCfg To display the changes (Note that "HAC2" is in "defined" state until the transaction is committed): SecurityAdmin:switch> cryptocfg --show -hacluster -all Encryption Group Name: brocade_1 Number of HA Clusters: 2 HA cluster name: HAC1 - 1 EE entry Status: Committed Slot Number Status...
Page 184
cryptoCfg E. Storage device configuration 1. Create a zone that includes initiator and target. a. Determine the device configuration. FabricAdmin:switch>nsshow Type Pid COS PortName NodeName TTL(sec) N 010600; 2,3;10:00:00:00:c9:2b:c9:3a;20:00:00:00:c9:2b:c9:3a; na NodeSymb: [35] "Emulex LP9002 FV3.82A1 DV5-4.81A4 " Fabric Port Name: 20:06:00:05:1e:41:9a:7e Permanent Port Name: 10:00:00:00:c9:2b:c9:3a Port Index: 6 Share Area: No...
Page 185
cryptoCfg 3. Add an initiator to the CryptoTarget container and commit the transaction. FabricAdmin:switch>cryptocfg --add -initiator my_disk_tgt 10:00:00:00:c9:2b:c9:3a 20:00:00:00:c9:2b:c9:3a Operation Succeeded FabricAdmin:switch>cryptocfg --commit Operation Succeeded 4. Display the CTC configuration. FabricAdmin:switch>cryptocfg --show -container my_disk_tgt -cfg Container name: my_disk_tgt Type: disk EE node: 10:00:00:05:1e:41:9a:7e EE slot:...
Page 186
cryptoCfg Number of host(s): Number of rekey session(s):0 Host: 10:00:00:00:c9:2b:c9:3a 20:00:00:00:c9:2b:c9:3a Host PID: 010600 20:02:00:05:1e:41:4e:1d 20:03:00:05:1e:41:4e:1d VI PID: 012002 Number of LUN(s): LUN number: LUN type: disk LUN serial number: 200000062B0F726D0C000000 Encryption mode: encrypt Encryption format: native Encrypt existing data: disabled Rekey: disabled...
Page 187
cryptoCfg 00:00:00:00:00:00:00:01; 00:00:00:00:00:00:00:02; 00:00:00:00:00:00:00:03; 00:00:00:00:00:00:00:04 zone: testzone1 Effective configuration: cfg: itcfg zone: itzone 10:00:00:00:c9:2b:c9:3a 20:0c:00:06:2b:0f:72:6d F. Device configuration display commands To display the tape pool configuration: FabricAdmin:switch> cryptocfg --show -container -all -cfg Encryption group name: brocade Number of Container(s): 2 Container name: pc21_stk10k Type:...
Page 188
cryptoCfg To display CryptoTarget container runtime status information For a disk LUN with re-keying enabled: FabricAdmin:switch> cryptocfg --show -tapepool -LUN my_disk_tgt 0x0 10:00:00:db:69:78:93:0e -stat Container name: my_disk_tgt Type: disk EE node: 10:00:00:05:1e:53:75:01 EE slot: Target: 21:00:00:04:cf:6e:58:2c 20:00:00:04:cf:6e:58:2c Target PID: 0107d5 20:28:00:05:1e:53:74:fd 20:29:00:05:1e:53:74:fd VT PID: 012805...
Page 189
cryptoCfg To display all tape sessions in progress on the local node: FabricAdmin:switch>cryptocfg --show -tape_sessions -all Number of tape session(s): Container name: apps92 EE node: 10:00:00:05:1e:43:ee:00 EE slot: Target: 50:03:08:c0:9c:e5:a0:01 50:03:08:c0:9c:e5:a0:00 Target PID: 8e0100 20:00:00:05:1e:53:77:e8 20:01:00:05:1e:53:77:e8 VT PID: 019001 Host: 10:00:00:00:c9:52:00:ba 20:00:00:00:c9:52:00:ba Host PID: 8e0200...
dataTypeShow dataTypeShow Displays sample data stream types used in some diagnostic commands. Synopsis datatypeshow [-seed value] Description Use this command to display sample data stream types used in diagnostic commands. There are 20 different sample data types. The command displays an example of each data stream. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
date date Displays or sets the switch date and time. Synopsis date [“newdate”] Description Use this command to display or set the date and time. All switches maintain current date and time in flash memory. Date and time are used for logging events. Normal switch operation does not depend on the date and time;...
Page 192
date Examples To display the current date and time and then modify it: switch:admin> date Fri Jan 29 17:01:48 UTC 2007 switch:admin> date "0227123007" Thu Feb 27 12:30:00 UTC 2007 See Also errShow, ficonCupSet, ficonCupShow, portLogShow, tsClockServer, tsTimeZone, upTime Fabric OS Command Reference 53-1001186-01...
dbgShow dbgShow Displays current values of debug and verbosity levels of the specified module. Synopsis dbgshow [module_name] Description Use this command to display the current values of debug and verbosity levels of the specified module. If no module name is specified, displays debug and verbosity levels of all modules. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
defZone defZone Sets or displays the default zone access mode. Synopsis defzone [--noaccess | --allaccess | --show] Description Use this command to display or set the Default Zone access mode. Setting the Default Zone mode initializes a zoning transaction (if one is not already in progress), and create reserved zoning objects.
Page 195
defZone Sets the default zone access mode to All Access, initiates a zoning --allaccess transaction (if one is not already in progress), and deletes the reserved zoning objects by performing the equivalent to the following zoning commands: cfgDelete “d_efault_Cfg” zoneDelete “d_efault_Zone” A cfgSave, cfgEnable, or cfgDisable command must be performed subsequent to the use of this command to commit the changes and distribute them to the fabric.
diagClearError diagClearError Clears the diagnostics failure status. Synopsis diagclearerror [[--slot] slotnumber] -all Description Use this command to clear the diagnostics failure status. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place. Refer to chapter 1, "Using Fabric OS commands" and Appendix A, "Command Availability"...
diagDisablePost diagDisablePost Disables power-on self-test (POST). Synopsis diagdisablepost Description Use this command to disable POST. A reboot is not required for this command to take effect. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
diagEnablePost diagEnablePost Enables power-on self-test (POST) execution at next reboot. Synopsis diagenablepost Description Use this command to enable POST. A reboot is not required for this command to take effect. POST includes two phases: POST Phase I mainly tests hardware and POST Phase II tests system functionality.
diagHelp diagHelp Displays diagnostic command information. Synopsis diaghelp Description Use this command to display a short description of diagnostic commands. Use default operands when running diagnostics commands. Non-default settings require detailed knowledge of the underlying hardware and are intended for support personnel only. Contact support if you want to use these operands.
diagPost diagPost Sets or displays diagnostic POST configuration. Synopsis diagpost [mode | -show] Description Use this command to enable or disable Power-On-Self-Test) POST. The mode is saved in flash memory (and stays in that mode) until the next execution of diagPost. The mode becomes active as soon as this command is executed;...
diagRetry diagRetry Sets or displays diagnostic retry mode. Synopsis diagretry [mode | -show] Description Use this command to enable retry mode if the mode value is nonzero and to disable the retry mode if the mode value is 0. The mode is saved in flash memory (and stays in that mode) until the next execution of diagRetry.
diagSetCycle diagSetCycle Sets diagnostic script parameters. Synopsis diagsetcycle [ script | -current [-show | -default | -keyword value ..]] Description Use this command to update diagnostic command parameters. If only a script is specified, the command displays all configuration variables used by the specified script and enters an interactive session.
diagShow diagShow Displays diagnostics status. Synopsis diagshow [--slot number][-uports itemlist][-bports itemlist][-use_bports value] Description Use this command to display the diagnostics status for the specified list of blade or user ports. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
dbgShow dbgShow Displays current values of debug and verbosity levels of the specified module. Synopsis dbgshow module_name Description Use this command to display the current values of debug and verbosity levels of the specified module. If no module name is specified, displays debug and verbosity levels of all modules. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
distribute distribute Distributes data to switches in a fabric. Synopsis distribute -p policy_list -d switch_list Description Use this command to distribute data to a specified list of switches in the fabric. The distributed data must be from the list of currently supported policy sets: Switch Connection Control Policy Device Connection Control Policy Password Database and Password Configuration Policy...
Page 206
distribute Examples To distribute the Switch Connection Control Policy and Device Connection Control Policy to domains 3 and 5 in the fabric: switch:admin> distribute -p “SCC;DCC” -d “3;5” To distribute the Switch Connection Control Policy, FCS Policy, and Password database to all domains in the fabric that support the distribute feature: switch:admin>...
dlsReset dlsReset Disables the dynamic load sharing (DLS) option. Synopsis dlsreset Description Use this command to turn off DLS when a fabric change occurs. Refer to dlsSet for a full description of load sharing. This command should be used only if devices connected to the fabric cannot handle occasional routing changes correctly.
dlsSet dlsSet Enables the dynamic load sharing (DLS) option. Synopsis dlsset Description Use this command to turn on DLS when a fabric change occurs. Routing is based on the incoming port and the destination domain. This means that all traffic coming in from a port (either from an E_Port or an Fx_Port) and directed to the same remote domain is routed through the same output E_Port.
dlsShow dlsShow Displays the setting of the dynamic load sharing (DLS) option. Synopsis dlsshow Description Use this command to display whether DLS is on or off. One of two messages displays: DLS is set The DLS option is turned on. Load sharing is reconfigured with every change in the fabric, and existing routes can be moved to maintain optimal balance.
dnsConfig dnsConfig Sets, displays, or removes domain name service (DNS) parameters. Synopsis dnsconfig Description Use this command to display, set, or remove the domain name service parameters. The domain name service parameters are the domain name and the name server IP address for primary and secondary name servers.
enclosureShow enclosureShow Displays attributes of the switch enclosure. Synopsis enclosureshow attribute Description Use this command to display attributes of the switch enclosure, including the vendor-specific enclosure identifier and the identifier of the enclosure interface to which the switch is attached. This command applies to products that are embedded in a blade server or storage chassis.
errClear errClear Clears all error log messages for all switch instances on this control processor (CP). Synopsis errclear Description Use this command to clear all internal and external error log messages for all switch instances on the CP where the command is executed. For products that have a single processor, all error log messages are cleared.
errDelimiterSet errDelimiterSet Sets the error log start and end delimiters for messages sent to the console and syslog. Synopsis errdelimiterset [-s "start delimiter string"][-e "end delimiter string"] Description Use this command to set the error log start and end delimiters for log messages sent to the console and syslog.
errDump errDump Displays the error log without pagination. Synopsis errdump [-a |-r ] Description Use this command to dump external error log messages. When executed without operands, this command prints all error messages for the logical switch context in which the command is executed.
Page 215
errDump 2008/08/25-11:35:04, [FABR-1001], 9041, CHASSIS, WARNING, Spir_67, port 0, incompatible Long distance mode. 2008/08/25-11:39:35, [LOG-1000], 9043, CHASSIS, INFO, Spir_67, Previous message repeated 1 time(s) [output truncated] See Also errDelimiterSet, errFilterSet, errShow Fabric OS Command Reference 53-1001186-01...
errFilterSet errFilterSet Sets a filter for an error log destination. Synopsis errfilterset [-d “destination"][-v severity] Description Use this command to set a filter for an error log destination. A filter is set based on the severity level of the messages. If no parameters are specified, this command displays the filters that are currently in use.
errModuleShow errModuleShow Displays all the defined error log modules. Synopsis errmoduleshow Description Use this command to display a list of all defined error log modules. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
errShow errShow Displays the error log messages with pagination. Synopsis errshow [-a |-r ] Description Use this command to display external error log messages one at a time. When executed without operands, this command prints the error messages for the logical switch context in which the command is executed.
Page 219
errShow [Type <CR> to continue, Q<CR> to stop: 2008/08/25-11:35:04, [FABR-1001], 9041, CHASSIS, WARNING, Spir_67, port 0, incompatible Long distance mode. [Type <CR> to continue, Q<CR> to stop: 2008/08/25-11:39:35, [LOG-1000], 9043, CHASSIS, INFO, Spir_67, Previous message repeated 1 time(s) [Type <CR> to continue, Q<CR> to stop: See Also errDelimiterSet, errDump, errFilterSet Fabric OS Command Reference...
exit exit Logs out from a shell session. Synopsis exit Description Use this command to log out from a Telnet, SSH, rlogin or serial port session. Telnet and rlogin connections are closed; the serial port returns to the prompt. login: The exit command is an accepted synonym for logout, as is typing Ctrl-D at the beginning of a line.
fabPortShow fabPortShow Displays fabric port information. Synopsis fabportshow [slotnumber/]portnumber Description Use this command to display the state of a port, relative to the fabric, as well as a list of pending commands. The following information displays: Port The port number. State The state of the port: Port Offline...
Page 222
fabPortShow 0x00000800 Zoning has completed 0x00001000 Segmented by Platform Management 0x00002000 Segmented due to no license 0x00004000 Segmented due to E_Port disabling 0x00008000 DIA already sent for that port 0x00010000 RDI already sent 0x00020000 Port is true T port 0x00040000 Port received an ELP 0x00080000 Port received an ELP RJT...
Page 223
fabPortShow Examples To display fabric port information: switch:admin> fabportshow 4/14 Fabric Port Information: ======================== Port: State: List: 0x10068418 List Count: Flags: 0x280120 nbrWWN: 10:00:00:60:69:80:06:cf nbrPort: lr_tid: 0x1005dbd8, IDLE STATE red_ports: 10 11 62 63 Open commands pending: ====================== No commands pending See Also portShow Fabric OS Command Reference...
fabRetryShow fabRetryShow Displays the retry count of the fabric commands. Synopsis fabretryshow Description Use this command to display the retry count of the fabric commands. The SW_ISL (ISL ports) information displays the retry count for the following fabric commands: Exchange Link Parameters Exchange Fabric Parameters HA_EFP Exchange Fabric Parameters used during warm recovery...
fabricLog fabricLog Displays (all users) or manipulates (admin) the fabric log. Synopsis fabriclog -s | -c | -d | -e | -r size Description Use this command to display, clear, disable, enable, or resize the fabric log. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
Page 226
fabricLog To change the size of the fabric log: switch:admin> fabriclog -r 64 Warning: This command will clear the logs. Are your sure you want to do the resize [y/n]? y To display the cleared fabric log after the size was changed: switch:admin>...
fabricPrincipal fabricPrincipal Sets the principal switch selection mode. Synopsis fabricprincipal --help|-h fabricprincipal [--show|-q] fabricprincipal --enable [-priority|-p priority] [-force|-f] fabricprincipal --disable fabricprincipal [-f] mode Description Use this command to set principal switch selection mode for a switch and to set priorities for principal switch selection.
Page 228
fabricPrincipal [-f ] mode Sets the principal switch mode. Specify 1 to enable principal switch mode. Specify 0 to disable principal switch mode. Optionally use the -f operand to force a fabric rebuild. Mode changes take effect when the fabric rebuilds. This operand is optional.
fabricShow fabricShow Displays fabric membership information. Synopsis fabricshow Description Use this command to display information about switches in the fabric. If the switch is initializing or is disabled, the message “no fabric” is displayed. In a mixed fabric, fabricshow must be executed on a switch that runs Fabric OS v5.3.0 or later; otherwise, IPv6 information is lost, since switches running earlier versions do not recognize an IPv6-configured switch.
Page 230
fabricShow sw5:admin> fabricShow Switch ID Worldwide Name Enet IP Addr FC IP Addr Name --------------------------------------------------------------------------------- 1: fffc41 10:00:00:60:69:00:02:0b 192.168.64.180 192.168.65.180 >"sw180" 1080::8:800:200C:1234/64 2: fffc42 10:00:00:60:69:00:05:91 192.168.64.60 192.168.65.60 "sw60" The Fabric has 2 switches. To show additional details of the FC Router, if present: switch:admin>...
fabStatsShow fabStatsShow Displays the fabric statistics. Synopsis fabstatsshow Description Use this command to display the statistics for the fabric. The following information is displayed: • Number of times a switch domain ID has been forcibly changed • Number of E_Port offline transitions •...
Page 232
fabStatsShow Sec Incompatibility: Sec Violation: ECP Error: Duplicate WWN: Eport Isolated: See Also fabRetryShow Fabric OS Command Reference 53-1001186-01...
fabSwitchShow fabSwitchShow Displays the fabric switch state structure information. Synopsis fabswitchshow Description Use this command to display the fabric switch state structure information. This command is strictly for debugging; it is not intended as a user command. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
fanDisable fanDisable Disables a fan unit. Synopsis fandisable unit Description Use this command to disable a non-faulty fan unit by setting the RPM speed to 0. Notes This command is not available on non-bladed systems except for the Brocade 4100, 4900, and 5300.
fanEnable fanEnable Enables a fan unit. Synopsis fanenable unit Description Use this command to set a previously disabled fan unit back to the default RPM speed. Notes This command is not available on non-bladed systems except for the Brocade 4100, 4900, and 5300.
fanShow fanShow Displays fan status and speed. Synopsis fanshow Description Use this command to display the current status and speed of each fan in the system. Fan status is displayed as: Fan is functioning correctly. absent Fan is not present. below minimum Fan is present but rotating too slowly or stopped.
fastboot fastboot Reboots the Control Processor (CP), bypassing Power-On Self-Tests (POST). Synopsis fastboot Description Use this command to immediately reboot the CP. This command is similar to reboot, but skips POST when the system comes back up, reducing boot time significantly. If POST was previously disabled using the diagDisablePost command, then fastboot is the same as reboot.
fastWriteCfg fastWriteCfg Enables or disables the FC Fastwrite feature. Synopsis fastwritecfg --enable | --disable [slot] fastwritecfg --show Description Use this command to configure FC Fastwrite on a blade in a given slot. Fastwrite minimizes storage latency and improves the number of write transactions per second over long distances. A blade can be configured either to support FC Fastwrite or FCIP (default supported when FC Fastwrite is disabled).
Page 239
fastWriteCfg To disable FC Fastwrite: switch:admin> fastwritecfg disable 7 !!!! WARNING !!!! Disabling this feature requires power-cycling of the affected blade to take effect and may take up to 5 minutes to complete. Non-bladed switches will be rebooted. In all cases, data traffic on all the ports (FC and GbE) of the blade will be disrupted.
fcipChipTest fcipChipTest Tests functionality of components in the FCIP complex. Synopsis fcipchiptest [--slot slotnumber][-testtype type][-unit number] Description Use this command to verify the internal registers and memory of the network processor, FCIP FPGA, compression processor, and GigPHY. Notes The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
Page 241
fcipChipTest Diagnostics When a failure is detected, the test might report one or more of the following error messages: CHIP_TEST_ERR CHIP_TEST_CHIP_INIT_ERR CHIP_TEST_IMAGE_VER_ERR CHIP_TEST_TIMEOUT_ERR CHIP_TEST_HEARBEAT_ERR CHIP_TEST_INVALID_RESULT See Also fcipPathTest Fabric OS Command Reference 53-1001186-01...
fcipHelp fcipHelp Displays FCIP command information. Synopsis fciphelp Description Use this command to display a short description of Fibre Channel over IP (FCIP) commands. FCIP commands require an FCIP license. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
fcipPathTest fcipPathTest Tests the data path of the FCIP complex. Synopsis fcippathtest [--slot slotnumber][-unit number][-path mode][-nframes count][-length data_length] [-compress mode] Description Use this command to verify the data paths in the FCIP complex. All data path modes run tests by comparing Fibre Channel frames or data packets transmitted from and received by the network processor due to the designated loopback.
Page 244
fcipPathTest -compress mode Specifies the compression device for which to select or to bypass data compression for the test. By default, data compression is used. This setting is applicable only to path mode 1 and 2. Examples To run the test on slot 2 with PHY loopback sending 10 frames: switch:admin>...
fcLunQuery fcLunQuery Displays a list of LUN IDs and LUNs for all accessible targets. Synopsis fclunquery [-w wwn | -s] Description Use this command to display a list of LUN IDs and LUNs for all accessible targets. Notes The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
fcPing fcPing Sends a Fibre Channel Extended Link Service (ELS) Echo request to a pair of ports or to a single destination. Synopsis fcping [--number frames][--length size][--interval wait][--pattern pattern] [--bypasszone] [--quiet] [source] destination [--help] Description Use this command to send a Fibre Channel ELS Echo request to a pair of ports (a source and a destination) or to a single device.
Page 247
fcPing --pattern pattern Specifies up to 16 "pad" bytes, which are used to fill out the request frame payload sent. This is useful for diagnosing data-dependent problems in the fabric link. The pattern bytes are specified as hexadecimal characters. For example, --pattern ff fills the request frame with instances of the number 1.
Page 248
fcPing received reply from 0x20800: 12 bytes time:1008 usec received reply from 0x20800: 12 bytes time:1038 usec received reply from 0x20800: 12 bytes time:1010 usec 5 frames sent, 5 frames received, 0 frames rejected, 0 frames timeout Round-trip min/avg/max = 1006/1044/1159 usec Pinging 22:00:00:04:cf:75:63:85 [0x217d9] with 12 bytes of data: Request timed out Request timed out...
Page 249
fcPing switch:admin> fcping 20:00:00:00:c9:3f:7c:b8 Destination: 20:00:00:00:c9:3f:7c:b8 Pinging 20:00:00:00:c9:3f:7c:b8 [0x370501] with 12 bytes of data: received reply from 20:00:00:00:c9:3f:7c:b8: 12 bytes time:825 usec received reply from 20:00:00:00:c9:3f:7c:b8: 12 bytes time:713 usec received reply from 20:00:00:00:c9:3f:7c:b8: 12 bytes time:714 usec received reply from 20:00:00:00:c9:3f:7c:b8: 12 bytes time:741 usec received reply from 20:00:00:00:c9:3f:7c:b8: 12 bytes time:880 usec 5 frames sent, 5 frames received, 0 frames rejected, 0 frames timeout Round-trip min/avg/max = 713/774/880 usec...
fcpLogClear fcpLogClear Clears the FCPD debug information log. Synopsis fcplogclear Description Use this command to clear the debug information logged by the Fibre Channel Protocol daemon (FCPD). Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
fcpLogDisable fcpLogDisable Disables the FCPD debug information log (debug command). Synopsis fcplogdisable Description Use this command to disable the logging of debug information by the Fibre Channel Protocol daemon (FCPD). Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
fcpLogEnable fcpLogEnable Enables the FCPD debug information log (debug command). Synopsis fcplogenable Description Use this command to enable Fibre Channel Protocol daemon (FCPD) logging. Debug information logging is enabled by default. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
fcpLogShow fcpLogShow Displays the FCPD debug information log (debug command). Synopsis fcplogshow Description Use this command to display the debug information logged at various stages during the Fibre Channel Protocol daemon (FCPD) device probing. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
fcpProbeShow fcpProbeShow Displays the Fibre Channel Protocol (FCP) probe information. Synopsis fcpprobeshow [slotnumber/]portnumber Description Use this command to display the Fibre Channel Protocol daemon (FCPD) device probing information for the devices attached to the specified F_Port or FL_Port. This information includes the number of successful logins and SCSI INQUIRY commands sent over this port and a list of the attached devices.
fcpRlsShow fcpRlsShow Displays the Fibre Channel Protocol (FCP) Read Link Status (RLS) information. Synopsis fcprlsshow [slotnumber/]portnumber Description Use this command to display the FCP RLS information for an F_Port or FL_Port. This information describes the number of loss-of-signal, loss-of-sync, CRC errors, and other failure events that have been detected on the specified port.
fcrBcastConfig fcrBcastConfig Displays or sets the broadcast frame forwarding option. Synopsis fcrbcastconfig --show fcrbcastconfig --enable -f fabric id fcrbcastconfig --disable -f fabric id fcrbcastconfig --help Description Use this command to enable or disable the broadcast frame option or to display the current configuration.
Page 257
fcrBcastConfig To display the new configuration: switch:admin> fcrbcastconfig show Broadcast configuration is disabled for: fid 2 fid 128 SEE ALSO bcastshow, portRouteShow Fabric OS Command Reference 53-1001186-01...
fcrChipTest fcrChipTest Tests the functionality of FC Router FPGA. Synopsis fcrchiptest [--slot slotnumber] [-unit number] [-testtype type] Description Use this command to test the FC Router Field-programmable gate array (FPGA). This test verifies that all SRAM and register data bits in each ASIC can be independently written and read successfully.
Page 259
fcrChipTest Examples To run all tests on slot 7 and FC Router FPGA 1: switch:admin> fcrchiptest slot 7 -unit 1 -testtype 0 Running fcrchiptest ....Test Complete: fcrchiptest Pass 1 of 1 Duration 0 hr, 0 min & 4 sec (0:0:4:351). passed.
fcrConfigure fcrConfigure Sets FC Router configuration parameters. Synopsis fcrconfigure Description Use this command to configure the FC Router parameters for this platform. This is an interactive command. This command cannot execute on a system with the FC Router feature enabled. First disable FC routing by using fosConfig or disable the switch with switchDisable.
fcrFabricShow fcrFabricShow Displays the FC Routers on a backbone fabric. Synopsis fcrfabricshow Description Use this command to display information about FC Routers that exist in an FC Router backbone fabric. The existing syntax is maintained for IPv6 support. When IPv6 addresses are not configured, the output of fcrFabricShow displays the IPv4 format.
Page 262
fcrFabricShow FC Router WWN: 10:00:00:05:1e:39:51:67, Dom ID: Info: 10.33.36.96, "Scimitar" EX_Port Neighbor Switch Info (enet IP, WWN, name) ------------------------------------------------------------------------ 10.33.35.80 10:00:00:05:1e:38:01:e7 "B10_3"* FC Router WWN: 10:00:00:05:1e:39:a6:7e, Dom ID: Info: 10.32.66.210, 210::10:32:66:210 "Neptune210" EX_Port Neighbor Switch Info (enet IP, WWN, name) ------------------------------------------------------------------------ 10.20.30.176 10:00:00:05:1e:35:bf:1d...
fcrlSan fcrlSan Configures and displays LSAN policies. Synopsis fcrlsan fcrlsan --add -enforce tag | -speed tag fcrlsan --remove -enforce tag | -speed tag fcrlsan --show -enforce | -speed | all fcrlsan --help Description Use this command to add or remove LSAN tags, or to display existing tags in the configuration. LSAN tagging optimizes an FC router's behavior based on a specified subset of LSANS.
Page 264
fcrlSan Displays the specified tag from the LSAN tag configuration. --show Displays command usage. --help -enforce tag Accepts only the LSANs from the edge fabric that matches the specified tag string into the local FCR database. A valid tag is a string of a maximum of eight characters.
fcrLsanCount fcrLsanCount Displays or sets the maximum LSAN count. Synopsis fcrlsancount [max-lsan-count] Description Use this command to set or display the maximum number of LSAN zones that can be configured on the edge fabric. By default, the maximum LSAN count is set to 3000, which is also the minimum. This command lets you create more LSANs on your edge fabric, up to 5000, if needed to support additional devices.
fcrLsanMatrix fcrLsanMatrix Creates, edits and displays LSAN fabric or FCR matrix information, which binds the LSAN Zone and device database information to specified edge fabric IDs or FCRs. Synopsis fcrlsanmatrix fcrlsanmatrix --add -lsan FID FID | -fcr wwn wwn fcrlsanmatrix --remove -lsan FID FID | -fcr wwn wwn fcrlsanmatrix --apply -lsan | -fcr | -all fcrlsanmatrix --cancel -lsan | -fcr | -all fcrlsanmatrix --display -lsan | -fcr | -all...
Page 267
fcrLsanMatrix • Display the information saved in the cache. • Clear the information from the cache and revert to the saved value. • Display the information that is saved in the persistent memory (CLI command with no option). • Display the static and default/dynamic binding of the backbone to show which edge fabrics or FCRs can access each other.
Page 268
fcrLsanMatrix Examples For the following example, assume that the backbone has the following online edge fabrics (FIDs): 1, 2, 4, 5, 7, 8, 10 (currently, 14, 19 are not available). To add the LSAN Zone Matrix data: switch:admin > fcrlsanmatrix add 4 5 switch:admin >...
Page 270
fcrLsanMatrix To zero out database execute the following commands: fcrlsanmatrix --add -lsan 0 0 fcrlsanmatrix --add -fcr 00:00:00:00:00:00:00:00 00:00:00:00:00:00:00:00 fcrlsanmatrix --apply -all • In a dual backbone configuration, execute fcrlsanmatrix --fabricview on the FCR switches to confirm that the shared edge fabric FIDs have the same access in both backbones. •...
fcrPathTest fcrPathTest Tests the data path connection between the FC Router FPGA and the central ASIC. Synopsis fcrpathtest [--slot slotnumber][-unit number][-path mode][-nframes count] Description Use this command to verify the data path connecting the FC Router field-programmable gate array (FPGA) and the central ASIC by sending frames from the FC Router FPGA port N transmitter, and looping the frames back into the same port’s receiver.
Page 272
fcrPathTest Notes The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place. Refer to chapter 1, "Using Fabric OS commands" and Appendix A, "Command Availability" for details. This command is supported only on Brocade FR4-18i blades and Brocade 7500 platforms. The switch must be offline for this test to run.
Page 273
fcrPathTest DIAG-STATS The ASIC internal error counters detected an error in the received frame. This error is similar to ERRSTATS, but includes verifying the Tx/Rx frame count statistics. The DIAG-STATS error can be caused by a faulty SFP or indicate deeper problems in the main board or ASIC.
fcrPhyDevShow fcrPhyDevShow Displays the FC Router physical device information. Synopsis fcrphydevshow [-a][-f fabricid][-w wwn][-c][-d] Description Use this command to display the physical (real) devices that are configured to be exported to other fabrics. A device is considered to be configured to be exported to another fabric if it is a member of an LSAN zone.
Page 275
fcrPhyDevShow Examples To display the physical devices relevant to this FC Router: fcr:admin> fcrphydevshow Device Physical Exists in Fabric ----------------------------------------- 10:00:00:00:c9:2b:6a:68 c70000 50:05:07:65:05:84:09:0e 0100ef 50:05:07:65:05:84:0b:83 0100e8 Total devices displayed: 3 See Also fcrFabricShow, fcrProxyDevShow, fcrRouteShow, lsanZoneShow, switchShow Fabric OS Command Reference 53-1001186-01...
fcrProxyConfig fcrProxyConfig Displays or configures proxy devices presented by an FC Router. Synopsis fcrproxyconfig [-s importedFID devWWN slot][-r importedFID devWWN] Description Use this command to display or set the persistent configuration of proxy devices presented by the local FC Router. If no optional operand is provided, the command displays the persistent proxy device configuration;...
Page 277
fcrProxyConfig “WWN does not exist in any proxy device slot” is displayed if the WWN does not exist in any slot for the specified edge fabric. “Too many proxy slots configured. Remove some unused proxy device WWNs from their slots using the -r operand and try again.” is displayed if all slots are used for the specified edge fabric.
fcrProxyDevShow fcrProxyDevShow Displays FC Router proxy device information. Synopsis fcrproxydevshow [-a][-f fabricid][-w wwn] Description Use this command to display the proxy devices presented by FC Router EX_Ports and information about the proxy devices. A proxy device is a virtual device presented in to a fabric by an FC Router. A proxy device represents a real device on another fabric.
Page 279
fcrProxyDevShow -f fabricid Display the proxy devices in the specified fabric that are relevant to this FC Router. -w wwn Displays proxy devices with the specified port WWN. Examples To display the physical devices relevant to this FC Router: switch:admin> fcrphydevshow Device Physical Exists...
fcrResourceShow fcrResourceShow Displays FC Router physical resource usage. Synopsis fcrresourceshow Description Use this command to display the FC Router-available resources. The maximum number allowed versus the currently used is displayed for various resources. The command output includes: LSAN Zones The maximum versus the currently used LSAN zones. LSAN Devices The maximum versus the currently used LSAN device database entries.
Page 281
fcrResourceShow Notes Only configured EX/VEX_Ports are displayed The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place. Refer to chapter 1, "Using Fabric OS commands" and Appendix A, "Command Availability" for details. Operands none Examples...
fcrRouterPortCost fcrRouterPortCost Displays or sets an FC Router port cost. Synopsis fcrrouterportcost [[slotnumber/]portnumber] [cost] Description Use this command to set or display the cost of the FC router ports. You can set the cost of the link to one of two fixed values: 1000 or 10000. The option 0 sets the cost of the link to the default value based on link type (EX/VEX).
Page 283
fcrRouterPortCost To display the cost on an EX_port: switch:admin> fcrrouterportcost 7/10 0 switch:admin> fcrrouterportcost 7/10 Port Cost ------------------------ 7/10 1000 To set the cost of an EX_Port and display the result: switch:admin> fcrrouterportcost 7/10 10000 switch:admin> fcrrouterportcost 7/10 Port Cost ------------------------ 7/10 10000...
fcrRouteShow fcrRouteShow Displays FC Router route information. Synopsis fcrrouteshow Description Use this command to display routes through the FC Router backbone fabric to accessible destination fabrics. An FC Router backbone fabric is the fabric that contains the E_Ports of this platform and routes inter-fabric traffic between imported fabrics, creating a meta-SAN.
fcrXlateConfig fcrXlateConfig Configures a translate (xlate) domain's domain ID and state of persistence for both the EX_Port-attached fabric and the backbone fabric. Synopsis fcrxlateconfig fcrxlateconfig importedFID exportedFID preferredDomainID fcrxlateconfig --remove | -r importedFID exportedFID fcrxlateconfig --enable persistxd fcrxlateconfig --disable persistxd fcrxlateconfig --help Description Use this command to display a translate (xlate) domain ID or change the preferred domain ID and...
Page 286
fcrXlateConfig Operands This command has the following operands: fcrxlateconfig Sets the preferred domain ID (1-239) to preferredDomainID for the translate phantom domain and saves the configuration persistently. The translate domain must be inactive to set the preferred domain ID. The following operands are required: importedFID Specifies the fabric ID (1 through 128) of the fabric that contains the...
Page 287
fcrXlateConfig To set the preferred domain ID of the translate domain created in fabric 2, which represents the remote fabric 3, to a value of 8: switch:admin> fcrxlateconfig 2 3 8 xlate domain already configured, overwrite?(n) y To clear the preferred domain ID of the translate domain created in fabric 2, which represents remote fabric 3: switch:admin>...
fddCfg fddCfg Manages the fabric data distribution configuration parameters. Synopsis fddcfg --showall fddcfg --localaccept policy_list fddcfg --localreject policy_list fddcfg --fabwideset policy_list Description Use this command to manage the fabric data distribution configuration parameters. These parameters control the fabric-wide consistency policy. Switches can be locally configured to allow or reject a security policy.
Page 289
fddCfg To set the Fabric-Wide Consistency Policy as tolerant, omit the "S". A valid policy set should be of the form "SCC:S;DCC;FCS". To set the fabric-wide policy to NULL (default) or no fabric-wide consistency, use the policy Set "". Supported policies are Switch Connection Control (SCC), Device Connection Control (DCC), and Fabric Configuration Server (FCS).
fdmiCacheShow fdmiCacheShow Displays abbreviated remote FDMI device information, according to remote domain ID. Synopsis fdmicacheshow Description Use this command to display FDMI cache information for remote domains only. The state of each remote domain, identified by its domain ID, is shown to be unknown, known, unsupported, or error.
fdmiShow fdmiShow Displays detailed FDMI device information. Synopsis fdmishow Description Use this command to display FDMI information for all HBAs and ports. Detailed FDMI information is displayed for local HBAs and ports. This information includes the HBA with its corresponding ports, along with their respective attributes. Only abbreviated FDMI information is shown for HBA and ports on remote switches.
ficonClear ficonClear Clears the records from the specified FICON database. Synopsis ficonclear database Description Use this command to remove records from the local FICON database. The command effect depends on the specified database. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
ficonCupSet ficonCupSet Sets FICON-CUP parameters for a switch. Synopsis ficoncupset fmsmode enable | disable ficoncupset modereg bitname 0 | 1 ficoncupset MIHPTO seconds Description Use this command to set FICON-CUP (Control Unit Port) parameters for a switch. All parameters can be set while the switch is online.
Page 294
ficonCupSet To set the ASM bit in the mode register for the switch: switch:admin> ficoncupset modereg ASM 1 Active=Saved Mode bit is set to 1 To set the MIHPTO value to 60 seconds: switch:admin> ficoncupset MIHPTO 60 MIHPTO has been changed to 60 seconds See Also ficonCupShow Fabric OS Command Reference...
ficonCupShow ficonCupShow Displays FICON-CUP parameters for a switch. Synopsis ficoncupshow fmsmode ficoncupshow modereg [bitname] ficoncupshow MIHPTO Description Use this command to display FICON-CUP (Control Unit Port) parameters for a switch. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
Page 296
ficonCupShow To display the ASM bit in the mode register for the switch: switch:user> ficoncupshow modereg ASM To display the MIHPTO value for the CUP: switch:user> ficoncupshow MIHPTO MIHPTO for the CUP: 60 seconds See Also ficoncupset Fabric OS Command Reference 53-1001186-01...
ficonHelp ficonHelp Displays a list of FICON support commands. Synopsis ficonhelp Description Use this command to display a list of FICON support commands with descriptions. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
ficonShow ficonShow Displays the contents of the specified FICON database. Synopsis ficonshow database [fabric] where database is one of the following: ficonshow RNID [fabric] ficonshow LIRR [fabric] ficonshow SwitchRNID [fabric] ficonshow RLIR [fabric] ficonshow ILIR [fabric] Description Use this command to display the contents of a FICON database. The ficonShow database operand is the name of the database to display.
Page 299
ficonShow Blower [unit number] The Blower. FRU Part Number Displays the FRU part number. FRU Serial Number Displays the FRU serial number. Incident Count Displays the incident count. This number increases by 1 for each incident within the individual switch. Link Incident Description Same as Link Incident Type.
Page 300
ficonShow 0xe0 Vendor-specific. Byte BB 0x00 Unspecified class. 0x01 Direct access storage device, if it is a storage port; otherwise, not channel-to-channel capable. 0x02 Magnetic tape, if it is a storage port; otherwise, a reserved field for a channel port. 0x03 Input unit record, if it is a storage port;...
Page 301
ficonShow Protocol Displays whether the traffic is using FICON or FCP. Registered Node WWN Displays the device's node World Wide Name associated with the device HBA. Registered Port WWN Displays the device's channel or storage CU port World Wide Name associated with the device HBA.
Page 302
ficonShow Sequence Number: 0000000169CA tag: 102b {Fmt Type PID Registered Port WWN Registered Node WWN flag Parm 0x18 N 502e00 50:05:07:64:01:40:0f:ca 50:05:07:64:00:c1:69:ca 0x10 0x200105 Type number: 002064 Model number: Manufacturer: Plant of Manufacture: 02 Sequence Number: 0000000169CA tag: 052e To display the local and remote LIRR database: switch:admin>...
Page 303
ficonShow Plant of Manufacture: 02 Sequence Number: 0000000169CA tag: 2e00 Switch Port WWN Switch Node WWN Flag Node Parameters 20:2e:00:60:69:80:1e:4e 10:00:00:60:69:80:1e:4e 0x00 0x200a2e Switch Part Number: 060-0001501-05 Switch Serial Number: 0FT02X801E4E Domain: 20480 The local RLIR database has 1 entry. To display the local ILIR database: switch:user>...
fipsCfg fipsCfg Configures FIPS (Federal Information Processing Standards) mode. Synopsis fipscfg --enable [fips | selftests | bootprom] fipscfg --disable [fips | selftests | bootprom] fipscfg --zeroize fipscfg --show | --showall fipscfg --force fips fipscfg --verify fips Description Use this command to configure FIPS mode on the switch. In this mode, only FIPS-compliant algorithms are allowed.
Page 305
fipsCfg --force fips This option enables FIPS mode even if prerequisites are not met, except under the following two conditions: 1. In a dual-CP system if HA is not in sync between the two CPs. 2. If selftests is in a disabled state. --verify fips Scans the prerequisites for enabling FIPS and print the failure/success cases.
Page 306
fipsCfg To enable FIPS after prerequisites have been met: switch:admin> fipscfg --enable fips FIPS mode has been set to : Enabled Please reboot the system switch:admin> fipscfg --show FIPS mode is : Enabled See Also none Fabric OS Command Reference 53-1001186-01...
firmwareCommit firmwareCommit Commits switch firmware. Synopsis firmwarecommit Description Use this command to commit a firmware download to a CP. This command copies an updated firmware image to the secondary partition and commits both partitions of the CP to an updated version of the firmware.
firmwareDownload firmwareDownload Downloads firmware from a remote host, a local directory, or a USB device. Synopsis To invoke the command in interactive mode: firmwaredownload To download FOS firmware over a network: firmwaredownload [ -s [ -b | -n ] ] [ -p ftp | scp ] [ -c ] [ -o ] host, user, pfile, passwd To download SAS/SA firmware over a network: firmwaredownload -a sas | dmm | application [ -t slotnumber(s) ] [ -p ftp | scp ] [ -c ] [ -o ] host, user, pfile, passwd...
Page 309
firmwareDownload For each standalone switch in your fabric, complete all firmware download changes before issuing the firmwareDownload command on the next switch to ensure a nondisruptive download. If firmwareDownload is interrupted due to an unexpected reboot as a result of a software error or power failure, the command automatically recovers the corrupted secondary partition.
Page 310
firmwareDownload pfile Specify a fully qualified path for the firmware pfile. Absolute path names may be specified using forward slashes (/). passwd Specify a password. This operand can be omitted, if the firmware is accessible through a local directory or an attached USB device, or if no password is required by the FTP server.
Page 311
firmwareDownload Do you want to continue [Y]: y The firmware is being downloaded to the Standby CP. It may take up to 10 minutes. To download the firmware to both CPs on a dual-CP chassis with an attached USB device (You would execute the same command on a single-CP switch with USB support.
Page 312
firmwareDownload virtualization applications on these blades. WARNING: YOU HAVE ELECTED TO DISABLE THE VERSION COMPATIBILITY CHECKING FEATURE. THIS CAN CAUSE THE VIRTUALIZATION SERVICES TO STOP WORKING. If you want to check the version compatibility, please exit and re-enter this command without the "-c" option. Do you want to continue [Y]: y To download SAS firmware and remove the installed SA image at the same time: switch:admin>...
firmwareDownloadStatus firmwareDownloadStatus Displays the status of a firmware download. Synopsis firmwaredownloadstatus Description Use this command to display an event log that records the progress and status of events during FOS, SAS, and SA firmwaredownload. The event log is created by the current firmwaredownload command and is kept until another firmwaredownload command is issued.
Page 314
firmwareDownloadStatus To display the status of a firmware download on a switch: switch:admin> firmwaredownloadstatus [1]: Fri Feb 15 22:17:03 2007 Firmware is being downloaded to the switch. This step may take up to 30 minutes. [2]: Fri Feb 15 22:20:54 2007 Firmware has been downloaded to the secondary partition of the switch.
Page 315
firmwareDownloadStatus Slot 8 (FR4-18i): Firmware commit has started on the blade. This may take up to 10 minutes. [10]: Mon Dec 19 18:50:51 2007 Slot 8 (FR4-18i): The commit operation has completed successfully. [11]: Mon Dec 19 18:55:39 2007 Slot 5 (CP0, active): Firmware has been downloaded successfully on Standby CP. [12]: Mon Dec 19 18:55:46 2007 Slot 5 (CP0, active): Standby CP reboots.
firmwareKeyShow firmwareKeyShow Displays the public key used for signed firmware validation. Synopsis firmwarekeyshow Description This command displays the contents of the public key used for validating the integrity of firmware images when signed firmware validation is enabled. Notes A firmware key should be installed on every switch as a part of the Fabric OS installation. The presence of a firmware key does not imply that the firmware signature is checked during firmwareDownload.
firmwareKeyUpdate firmwareKeyUpdate Updates the public key used for signed firmware validation. Synopsis firmwarekeyupdate firmwarekeyupdate [-p ftp|scp] host,user,keyfile,passwd firmwarekeyupdate -U keyfile Description Use this command to update the public key used for firmware signature validation. The firmware key can be updated over the network, or, if the switch supports this option, from an attached USB device.
Page 318
firmwareKeyUpdate user Specify a user name for FTP or SSH server access. This operand can be omitted, if the firmware key is accessible on a local directory or by anonymous FTP server access. A user name other than “anonymous” is required for SSH server access.
firmwareRestore firmwareRestore Restores the former active firmware image. Synopsis firmwarerestore Description Use this command to restore the former active Fabric OS firmware image. This command can only be run if auto commit was disabled during the firmwaredownload. This command cannot be used to restore SAS and SA images.
firmwareShow firmwareShow Displays the Fabric OS versions on all firmware partitions in the system. Synopsis firmwareshow Description Use this command to display the FOS, SAS, and SA firmware versions. The command shows the firmware versions on both the primary and secondary partitions of the storage device. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
fosConfig fosConfig Displays or modifies Fabric OS features. Synopsis fosconfig --enable feature fosconfig --disable feature fosconfig --show Description Use this command to enable or disable a feature, or to display the current operating status of features on a switch. This command can be run while the switch is online. The following features are supported (refer to the Notes for limitations): •...
Page 322
fosConfig --disable feature Disables a feature on the switch. Valid values for feature are: Disables the FC Routing service on the switch. All enabled EX_Ports and VEX_Ports on the switch must be offline for this command to succeed. To use this command to disable the FC Routing service only instead of disabling the switch, issue this command, then change the BB fabric ID using fcrConfigure.
Page 323
fosConfig To enable Virtual Fabrics: switch:admin> fosconfig --enable vf WARNING: This is a disruptive operation that requires a reboot to take effect. All EX ports will be disabled upon reboot. Would you like to continue [Y/N]y To disable Virtual Fabrics: switch:admin>...
fruReplace fruReplace Provides an interactive interface to help replace a field replaceable unit (FRU). Synopsis frureplace fru Description Use this command to replace a FRU. The command automatically performs the necessary backup and restore operations to accommodate the replacement. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
fspfShow fspfShow Displays Fabric Shortest Path First (FSPF) protocol information. Synopsis fspfshow Description Use this command to display FSPF protocol information and internal data structures of the FSPF module. The command displays the fields listed in the following table. TABLE 12 fspfShow display fields Field Description...
fwAlarmsFilterSet fwAlarmsFilterSet Enables or disables alarms for Fabric Watch. Synopsis fwalarmsfilterset [mode] Description Use this command to configure alarm filtering for Fabric Watch. By turning off the alarms, all non-environment class alarms are suppressed. By turning on the alarms, all class alarms are generated.
fwAlarmsFilterShow fwAlarmsFilterShow Displays alarm filtering for Fabric Watch. Synopsis fwalarmsfiltershow Description Use this command to display whether alarm filtering is enabled or disabled. Notes This command requires a Fabric Watch license. The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
fwClassInit fwClassInit Initializes all classes under Fabric Watch. Synopsis fwclassinit Description Use this command to initialize all classes under Fabric Watch. The command should only be used after installing a Fabric Watch license to start licensed Fabric Watch classes. Refer to fwConfigure for a list of classes.
fwConfigReload fwConfigReload Reloads the Fabric Watch configuration. Synopsis fwconfigreload Description Use this command to reload the Fabric Watch configuration. This command should only be used after downloading a new Fabric Watch configuration file from a host. Notes This command requires a Fabric Watch license. The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
fwConfigure fwConfigure Displays and modifies the Fabric Watch configuration. Synopsis fwconfigure fwconfigure --enable --port portNumber fwconfigure --disable --port portNumber Description Use this command to display and modify threshold information for the Fabric Watch configuration. Switch elements monitored by Fabric Watch are divided into classes, which are further divided into areas.
Page 332
fwConfigure TABLE 13 fwConfigure Fabric Watch classes and areas Class Area Fabric E_Port downs Fabric reconfigure Domain ID changes Segmentation changes Zone changes Fabric<->QL Fabric logins SFP state changes E_Port Link loss (E_Port) Sync loss (E_Port) Signal loss (E_Port) Protocol error (E_Port) Invalid words (E_Port) Invalid CRCS E_Port) RX Performance (E_Port)
Page 333
fwConfigure In Access Gateway mode, only the following classes are supported. F/FL_Port (Copper) class is supported only on Embedded platforms. TABLE 14 Access Gateway mode Class Area Environmental Temperature Fan* Power Supply* Temperature Current Voltage Port Link failure Sync loss Signal loss Protocol error Invalid words...
Page 334
fwConfigure Operands This command has the following optional operands: --enable --port portNumber Enables all thresholds associated with a certain port. --disable --port portNumber Disables all thresholds associated with a certain port. Examples To configure thresholds in Fabric OS mode: switch:admin> fwconfigure 1 : Environment class 2 : SFP class 3 : Port class...
Page 335
fwConfigure Select a class => : (1..6) [6] 1 1 : Temperature 2 : Fan 3 : Power Supply 4 : return to previous page Select an area => : (1..4) [4] 1 Index ThresholdName Status CurVal LastEvent LasteventTime LastVal LastState ================================================================================ 1 envTemp001 enabled 23 C...
fwFruCfg fwFruCfg Displays or modifies FRU state alert configuration. Synopsis fwfrucfg [--show] Description Use this command to configure field-replaceable unit (FRU) states and actions. Based on these configuration settings, Fabric Watch generates action when a FRU state changes. To configure email alerts, use fwMailCfg.
fwHelp fwHelp Displays Fabric Watch command information. Synopsis fwhelp Description Use this command to display the commands that configure Fabric Watch. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place. Refer to chapter 1, "Using Fabric OS commands" and Appendix A, "Command Availability"...
fwMailCfg fwMailCfg Displays and configures Fabric Watch email alerts. Synopsis fwmailcfg Description Use this command to display or modify the configuration and status of the Fabric Watch email alert in the switch. Switch elements monitored by Fabric Watch are divided into classes, and email alerts are based on the classes.
Page 339
fwMailCfg : Show Mail Configuration Information : Disable Email Alert : Enable Email Alert : Send Test Mail : Set Recipient Mail Address for Email Alert : Relay Host IP Configuration : Quit Select an item => : (1..7) [7]5 Mail Config Menu -------------------------------------- : Environment class...
fwPortDetailShow fwPortDetailShow Displays the port information for specified user ports. Synopsis fwportdetailshow [--p portNumber] | [--s portState] Description Use this command to print the overall status of a specified port. The output of this command is different for IPv4 and IPv6 addresses. The overall status is calculated based on the following contributors: Port Errors: Number of link loss occurrences exceeded limit for time period...
Page 341
fwPortDetailShow --s portState Yields a port detail report for the specified portState. Valid portState entries are: Report based on all healthy ports Report based on all marginal ports Report based on all faulty ports Report based on all offline ports If no option is specified, all ports are displayed.
Page 342
fwPortDetailShow To retrieve a port detailed report: switch:user> fwportdetailshow Port Detail Report Report time: 05/21/2007 11:22:58 PM Switch Name: switch IP address: 192.168.163.237 Port Exception report [by Healthy] --------Port-Errors------------ -----SFP-Errors---- Port# Type State Dur(H:M) LFA LSY LSI PER INW CRC PSC BLP STM SRX STX SCU SVO ----------------------------------------------------------------------------- HEALTHY 409:09...
fwSamShow fwSamShow Generates switch availability monitor (SAM) report. Synopsis fwsamshow Description Use this command to display a switch availability monitor (SAM) report. This report displays uptime and downtime for each port and enables you to check if a particular port is failing more often than the others.
Page 344
fwSamShow See Also portShow, switchShow Fabric OS Command Reference 53-1001186-01...
fwSet fwSet Sets port persistence time. Synopsis fwset --port --persistence seconds Description Use this command to set port persistence time, a parameters controlled by Fabric Watch. Port persistence time specifies the time in seconds during which a port must persistently be in a marginal state before being labeled as such.
fwSetToCustom fwSetToCustom Sets boundary and alarm levels to custom values. Synopsis fwsettocustom Description Use this command to set boundary and alarm levels to custom values for all classes and areas in Fabric Watch. Fabric Watch uses two types of settings: factory default settings and user-defined custom settings. •...
Page 347
fwSetToCustom 1 : Temperature 2 : Fan 3 : Power Supply 4 : return to previous page Select an area => : (1..4) [4] 1 Index ThresholdName Status CurVal LastEvent LasteventTime LastVal LastState ================================================================================ envTemp001 enabled 24 C inBetween Thu Feb 14 01:21:36 2008 24 C In_Range envTemp004...
fwSetToDefault fwSetToDefault Returns boundary and alarm levels to default values. Synopsis fwsettodefault Description Use this command to return boundary and alarm levels to defaults for all classes and areas in Fabric Watch. Fabric Watch uses two types of settings: factory default settings and user-defined custom settings. •...
Page 350
fwSetToDefault 3 : Power Supply 4 : return to previous page Select an area => : (1..4) [4] 1 Index ThresholdName Status CurVal LastEvent LasteventTime LastVal LastState ================================================================================ envTemp001 enabled 24 C inBetween Thu Feb 14 01:21:36 2008 24 C In_Range envTemp004 enabled...
Page 351
fwSetToDefault 10 : cancel threshold boundary changes Select choice => : (1..18) [18] See Also fwSetToCustom, fwConfigure, fwHelp, fwShow Fabric OS Command Reference 53-1001186-01...
fwShow fwShow Displays the class thresholds monitored by Fabric Watch. Synopsis fwshow [--port --persistence] | [--disable --port] Description Use this command to display the thresholds monitored by Fabric Watch. This command also displays the port persistence time and ports with all disabled thresholds. For a description of the class thresholds supported in Fabric OS and the restrictions that apply to some of the classes in terms of support for V/VE/VEX ports and GbE ports, refer to the help page for fwConfigure or consult the Fabric Watch Administrator's Guide.
Page 353
fwShow : E-Port class : F/FL Port (Optical) class : Alpa Performance Monitor class : End-to-End Performance Monitor class : Filter Performance Monitor class 10 : Security class 11 : Resource class 12 : Quit => : (1..12) [12] 1 Select an item 1 : Temperature 2 : Fan...
Page 354
fwShow Event 1 occurred 10 times, last at 16:49:02 on 12/09/2011 * Event 5 occurred 1 time, last at 16:30:23 on 12/09/2011 Callbacks: No callbacks are registered. To show port persistence time: switch:admin> fwshow --port --persistence FW: current port persistence time = 18s To display ports that have all thresholds disabled: switch:user>...
Page 355
Displays shell history. Synopsis history Description Use this command to view the shell history. The shell history mechanism is similar to the UNIX Korn shell history facility. The h command displays the 20 most recent commands typed into the shell; the oldest commands are replaced as new ones are entered.
haDisable haDisable Disables the High Availability feature. Synopsis hadisable Description Use this command to disable the High Availability (HA) feature on a switch. If the HA feature is already disabled, this command does nothing. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
haDump haDump Displays High Availability status information. Synopsis hadump Description Use this command to display information about the status of the High Availability (HA) feature on a switch. This command displays the following information: • Local CP state (slot number and CP ID) •...
Page 358
haDump Examples To view information about the High Availability feature status: switch:admin> hadump Local CP (Slot 6, CP1): Active, Cold Recovered Remote CP (Slot 5, CP0): Standby, Healthy HA enabled, Heartbeat Up, HA State synchronized SWITCH Ethernet IP Address: 10.32.227.64 Ethernet Subnetmask: 255.255.240.0 Fibre Channel IP Address: 220.220.220.64 Fibre Channel Subnetmask: 255.255.240.0...
haEnable haEnable Enables the High Availability feature. Synopsis haenable Description Use this command to enable the High Availability (HA) feature on a switch. If the HA feature is already enabled, this command does nothing. Note The execution of this command is subject to Virtual Fabric or Admin Domain Restrictions that may be in place.
haFailover haFailover Forces the failover mechanism so that the standby control processor (CP) becomes the active CP. Synopsis hafailover Description Use this command to force the failover mechanism to occur so that the standby CP becomes the active CP. In case the active and standby CPs are not synchronized or the system is not in redundant mode, the command aborts.
haShow haShow Displays control processor (CP) status. Synopsis hashow Description Use this command to display control processor status. The display includes: • Local CP state (slot number and CP ID), warm or cold, recovering or recovered. • Remote CP state (slot number and CP ID). •...
Page 362
haShow Examples To display CP status on a Brocade 48000, first on a healthy standby CP and then on a faulty standby CP: switch:admin> hashow Local CP (Slot 6, CP1): Active, Cold Recovered Remote CP (Slot 5, CP0): Non-Redundant switch:admin> hashow Local CP (Slot 6, CP1): Active, Warm Recovered Remote CP (Slot 5, CP0): Standby, Failed Backplane PCI fail, severity: CRITICAL...
haSyncStart haSyncStart Enables High Availability state synchronization. Synopsis hasyncstart Description Use this command to enable the High Availability (HA) state synchronization. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place. Refer to chapter 1, “Using Fabric OS commands” and Appendix A, “Command Availability”...
haSyncStop haSyncStop Disables High Availability state synchronization. Synopsis hasyncstop Description Use this command to temporarily disable High Availability (HA) synchronization. Notes Disabling HA synchronization may cause failover to be disruptive. The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
help help Displays help information for commands. Synopsis help [command] Description Use this command without an operand to display an alphabetical list commands for which help is available. At the end of the list are some additional commands which display more lists of grouped commands for a particular subsystem;...
historyLastShow historyLastShow Displays the latest entry in the field replaceable unit (FRU) history log. Synopsis historylastshow Description Use this command to display the latest entry of the history log, which records insertion and removal events for field-replaceable units (FRUs), such as blades, power supplies, fans, and World Wide Name (WWN) cards.
historyMode historyMode Displays or sets the mode of the field replaceable unit (FRU) history log. Synopsis historymode [ rot | fi ] Description Use this command to display or set the mode of the history buffer, which records the insertion and removal of FRUs on a switch or chassis.
historyShow historyShow Displays the entire field replaceable unit (FRU) history log. Synopsis historyshow Description Use this command to display the entire history log, which records insertion and removal events for field-replaceable units (FRUs), such as blades, power supplies, fans, and World Wide Name (WWN) cards.
Page 369
historyShow Unit 1 Inserted at Tue Aug 14 11:03:45 2001 Factory Part Number: 40-0000031-03 Factory Serial Number: 1013456800 SW BLADE Slot 3 Removed at Tue Aug 14 12:10:09 2001 Factory Part Number: 60-0001532-03 Factory Serial Number: 1013456800 CP BLADE Slot 6 Removed at Tue Aug 14 13:45:07 2001 Factory Part Number: 60-0001604-02...
httpCfgShow httpCfgShow Displays the Java plug-in version used by Web. Synopsis httpcfgshow Description Use this command to display the version of the Java plug-in supported by Web Tools. This command also displays the URL from which the plug-in can be downloaded. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
Page 371
Displays a process summary. Synopsis i [processID] Description Use this command to display information about a specified process or about all processes running on the local switch. One line is displayed per process. Fields displayed with this command include those shown in Table TABLE 16 Command field description...
Page 372
Operands This command has the following operand: processID Specifies the process name or process ID for the process to display. Examples To display information about process ID 433: switch:admin> i 433 PPID C PRI NI ADDR WCHAN TTY TIME 000 S 1283 5c64 ? 00:00:02 fabricd...
iclCfg iclCfg Enables or disables Inter-chassis links (ICL). Synopsis iclcfg --enable slot/icl_group iclcfg --disable slot/icl_group iclcfg --persistentenable slot/icl_group iclcfg --persistentdisable slot/icl_group iclcfg --help Description Use this command to enable or disable an inter-chassis link (ICL) or to enable or disable an ICL persistently.
Page 374
iclCfg To enable the ICL for ports 16-31 persistently: switch:user> iclcfg --persistentdnable 8/1 See also none Fabric OS Command Reference 53-1001186-01...
ifModeSet ifModeSet Sets the link operating mode for a network interface. Synopsis ifmodeset [“interface”] Description Use this command to set the link operating mode for a network interface. An operating mode is confirmed with a y or yes at the prompt. If the operating mode selected differs from the current mode, the change is saved and the command exits.
Page 376
ifModeSet serial console port. Are you sure you really want to do this? (yes, y, no, n): [no] y Proceed with caution. Auto-negotiate (yes, y, no, n): [no] y Advertise 100 Mbps / Full Duplex (yes, y, no, n): [yes] y Advertise 100 Mbps / Half Duplex (yes, y, no, n): [yes] y Advertise 10 Mbps / Full Duplex (yes, y, no, n): [yes] y Advertise 10 Mbps / Half Duplex (yes, y, no, n): [yes] y...
ifModeShow ifModeShow Displays the link operating mode and MAC address for a network interface. Synopsis ifmodeshow interface Description Use this command to display the link operating mode and MAC address for a network interface. On the CP of a Brocade DCX or DCX-S4, this command supports eth0 and eth3 as interface parameters.
Page 378
ifModeShow To display the active interface: ras010:root> ifmodeshow bond0 Currently Active Slave: eth0 See Also ifModeSet Fabric OS Command Reference 53-1001186-01...
interfaceShow interfaceShow Displays FSPF interface information. Synopsis interfaceshow [slotnumber/][portnumber] Description Use this command to display the two data structures associated with FSPF interfaces (E_Ports) on the switch: • The permanently allocated interface descriptor block (IDB). • The neighbor data structure. This data structure is allocated when a switch port becomes an E_Port.
Page 380
interfaceShow nghbId Domain ID of the neighbor (adjacent) switch. idbNo IDB number. Should be equal to port_number remPort Port number on the remote switch connected to this port. nflags Internal FSPF flags. initCount Number of times this neighbor was initialized without the interface going down.
Page 381
interfaceShow attLsuOut Number of attempted transmissions of LSUs to the neighbor switch. nLsuOut Number of LSUs transmitted to the neighbor switch. attLsaOut Number of attempted transmissions of LSAs to the neighbor switch. nLsaOut Number of LSAs transmitted to the neighbor switch. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
interopMode interopMode Enables or disables Brocade switch interoperability with McDATA switches. Synopsis interopmode [mode [-z McDataDefaultZone] [-s McDataSafeZone]] Description Use this command to enable or disable Brocade switch interoperability with McDATA switches within a Brocade fabric. Fabric OS v6.0.0 introduced a McDATA Enterprise OS (M-EOS)-compatible McDATA Open Fabric Mode (interopMode 3) on all platforms that support McDATA Fabric Mode (interopMode 2).
Page 384
interopMode • Default zoning should be off, but there is no check that it is turned off. The configuration is reset. If you have a defined or effective configuration and default zoning is on, when you disable the switch and change to McDATA Open Fabric mode, you are informed that all configurations will be lost and that the system will reboot.
Page 385
interopMode Valid McDataSafeZone: 0 (disabled), 1 (enabled) 3: to turn McDATA Open Fabric mode on To turn Safe Zone on while in interopmode 2: switch:admin> interopMode 2 -s 1 InteropMode: McDATA Fabric Default Zone: Safe Zone: To disable interoperability mode on a disabled switch: switch:admin>...
iodDelayReset iodDelayReset Resets the user-defined IOD delay settings to default values. Synopsis ioddelayreset domain_id Description Use this command to reset the user-defined IOD delay settings to default values (-1). This command resets IOD delay values for a specified domain ID that was previously configured with the iodDelaySet command.
iodDelayShow iodDelayShow Displays the user-defined IOD delay settings for specified domains. Synopsis ioddelayshow [ domain_id ] Description Use this command to display the user-defined IOD delay settings for all domains in the fabric or for a specified domain ID. This command only displays delay values for domain IDs, for which the IOD delay parameter has been previously set with the iodDelaySet command.
iodReset iodReset Disables in-order delivery (IOD) on a switch. Synopsis iodreset Description Use this command to disable in-order delivery enforcement on the local switch. IOD is disabled by default, and can only be disabled after it has been enabled with the iodSet command. This command disables the legacy IOD enforcement only.
iodSet iodSet Enables in-order delivery (IOD) with or without frame drop. Synopsis iodset iodset --enable -losslessDLS iodset --disable -losslessDLS iodset --show iodset --show Description Use this command to enforce in-order delivery of frames during a fabric topology change and to enable dynamic load sharing (DLS) without frame loss.
Page 390
iodSet The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place. Refer to chapter 1, "Using Fabric OS commands" and Appendix A, "Command Availability" for details. Operands This command has the following operands: --enable -lossLessDls Enables the lossless DLS feature.
iodShow iodShow Displays the in-order delivery (IOD) setting. Synopsis iodshow Description Use this command to display the IOD setting on the switch. By default, IOD is disabled. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
Page 393
ipAddrSet • Use the -auto and -noauto options to enable or disable stateless IPv6 auto configuration. • Use the -ls option with appropriate arguments to set or delete the IPv4 Fibre Channel address and prefix for the IPFC interface of a logical switch. In a Virtual Fabric environment, each logical fabric is represented by a separate IPFC network interface.
Page 394
ipAddrSet -slot number On a chassis with a blade processor (BP), specifies the slot number. On standalone platforms with a hidden BP, such as the AP76500, this parameter is not accepted. -ipv6 [-auto | -noauto] Enables or disables stateless IPv6 auto configuration on a switch or chassis. When auto configuration is enabled, the host automatically performs configuration of IPv6 addresses and periodic non-disruptive re-configuration.
Page 395
ipAddrSet To configure a local IPv4 Ethernet address on a Brocade FC4-16E in a chassis (prefix required): switch:admin> ipaddrset -slot 1 -eth0 add 10.12.34.123/24 To configure a local IPv4 Ethernet address on an AP7600 with a hidden BP: switch:admin>ipaddrset -eth0 add 10.12.34.123/24 To configure an IPv4 FC address for the IPFC interface associated with a logical switch with fabric ID 123:...
Page 396
ipAddrSet Interactive command usage examples To set the IPv4 address details for a switch chassis in interactive mode: switch:admin> ipaddrset -chassis Ethernet IP Address [192.168.166.148]: Ethernet Subnetmask [255.255.255.0]: Committing configuration...Done. To enable DHCP on a standalone, non-AP platform: switch:admin> ipaddrset Ethernet IP Address [192.168.74.102]: Ethernet Subnetmask [255.255.255.0]: Gateway IP Address [192.168.74.1]:...
ipAddrShow ipAddrShow Displays IP address information for a switch or control processor (CP). Synopsis ipaddrshow ipaddrshow [-cp cp_number] | -chassis ipaddrshow -slot slot_numb [-eth0 | -eth1 | -gate] Description Use this command to display the IP addresses configured in the system. The -cp option displays the IP address for a specified CP on modular platforms, or use the command without arguments to display the IP address on a standalone switch, or the IP addresses for both CPs on a chassis.
Page 398
ipAddrShow • stateless - Acquired through stateless auto configuration. IP Address state: • tentative • preferred • deprecated Refer to the RFC 2462 specification for more information. On modular platforms with intelligent blades, the addresses configured for each slot can be shown with the -slot option.
ipfilter ipfilter Manages the IP filter policies. Synopsis ipfilter --create policyname -type ipv4 | ipv6 ipfilter --clone policyname -from src_policyname ipfilter --show [policyname] ipfilter --save [policyname] ipfilter --activate policyname ipfilter --delete policyname ipfilter --addrule policyname -rule rule_number -sip source IP -dp dest port -proto protocol -act permit | deny ipfilter --delrule policyname -rule rule number ipfilter --transabort...
Page 401
ipfilter case. The policy type identifies the policy as an IPv4 or IPv6 filter. You can create a maximum of eight IP filter policies. --create policyname -type ipv4 | ipv6 Creates an IP filter policy with the specified name and type. The policy created is stored in a temporary buffer and is lost if the policy is not saved to the persistent configuration.
Page 402
ipfilter -sip Specifies the source IP address. For filters of type IPv4, the address must be a 32-bit address in dot notation, or a CIDR-style IPv4 prefix. For filters of type IPv6, the address must be a 12- bit IPv6 address in any format specified by RFC, or a CIDR-style IPv6 prefix.
Page 403
ipfilter Rule Source IP Protocol Dest Port Action permit permit permit permit permit permit permit permit permit permit 600 - 1023 permit 600 - 1023 permit Name: ex1, Type: ipv6, State: defined (modified) Rule Source IP Protocol Dest Port Action fec0:60:69bc:60:260:69ff:fe80:d4a permit To activate the IP Filter policy “ex1”:...
Page 404
ipfilter To create an IPv4-type IP filter policy: switch:admin> ipfilter --create ex2 -type ipv4 To add a rule to the created policy “ex2”: switch:admin> ipfilter --addrule ex2 -sip 10.32.69.99 -dp 23 -proto tcp -act permit To display the IP filter policies, including the new policy: switch:admin>...
ipsecConfig ipsecConfig Configures Internet Protocol security (IPsec) policies for Ethernet management interfaces. Synopsis ipsecconfig --enable [default] --disable ipsecconfig --add | --modify type [subtype] [arguments] ipsecconfig --delete [type] arguments ipsecconfig --flush manual-sa ipsecconfig --show type [subtype] arguments ipsecconfig --help [command type subtype] Description Use this command to configure the Internet Protocol Security (IPsec) feature for traffic flows on switch Ethernet management interfaces, or to display the current configuration.
Page 406
ipsecConfig • Modify existing IPsec and IKE policies. • Delete existing policies and SAs from the configuration database. • Flush existing SAs from the kernel SA database (SADB). • Display policy parameters. Representation of IP addresses When configuring IPsec policies, IP addresses and ports must be specified in the following format: IP address IPv4 addresses are expressed in dotted decimal notation consisting of numeric characters (0-9) and periods (.), for example,...
Page 407
ipsecConfig type Specifies the policy to be created. Supported policies include: policy ips Creates or modifies an IPsec policy. This policy determines the security services afforded to a packet and the treatment of a packet in the network. An IPsec policy allows classifying IP packets into different traffic flows and specifies the actions or transformations performed on IP packets on each of the traffic flows.
Page 408
ipsecConfig -mode tunnel|transport Specifies the IPsec transform mode. In tunnel mode, the IP datagram is fully encapsulated by a new IP datagram using the IPsec protocol. In transport mode, only the payload of the IP datagram is handled by the IPsec protocol inserting the IPsec header between the IP header and the upper-layer protocol header.
Page 409
ipsecConfig -ltbyte number Specifies the SA proposal’s lifetime in bytes. The SA expiries after the specified number of bytes have been transmitted. This operand is optional. Defines the Security Association. An SA specifies the IPsec protocol (AH or ESP), the algorithms used for encryption and authentication, and the expiration definitions used in security associations of the traffic.
Page 410
ipsecConfig policy ike Creates or modifies an IKE policy configuration. No subtype is required with this command. The command defines the following IKE policy parameters: IKE version, IP address of the remote entity, IP address of the local entity, encryption algorithm, hash algorithm, PRF algorithm, DH group, authentication method, path and filename of the pre-shared key.
Page 411
ipsecConfig The following operands are optional (use secCertUtil import to import the key files to the local and remote systems): -psk file Specifies the pre-shared key filename. -pubkey file Specifies the public key filename (in X.509 PEM format). -privkey file Specifies the private key filename (in X.509 PEM format).
Page 412
ipsecConfig -ipsec ah|esp Specifies the IPsec protocol. Encapsulating Security Payload (ESP) provides confidentiality, data integrity and data source authentication of IP packets, and protection against replay attacks. Authentication Header (AH) provides data integrity, data source authentication, and protection against replay attacks but, unlike ESP, does not provide confidentiality. -action discard|bypass|protect Specifies the IPsec protection type regarding the traffic flows.
Page 413
ipsecConfig Deletes a specified policy or all policies of a certain type from the --delete configuration database. You can delete IPsec policies, IKE policies, and SADB entries. When deleting IPsec policies, you have the option to delete specific components only, such as the transform or the selector, and recreate these components without having to recreate the entire policy.
Page 414
ipsecConfig selector Displays IPsec selector parameters including IPsec policy name, IP address of the local entity, IP address of the remote entity, direction of traffic flow (inbound or outbound), upper layer protocol used, and IPsec transform index. transform Displays IPsec transform parameters including IPsec policy name, key management protocol (version) or manual SA, processing option for selected IP traffic, IPsec mode (tunnel or transport), IP address of the local entity, IP address of the remote entity, and SA proposal.
Page 415
ipsecConfig Example 1 Secure traffic between two systems using AH protection with MD5 and configure IKE with pre-shared keys. The two systems are a switch, BROCADE300 (IPv4 address 10.33.74.13), and an external UNIX server (10.33.69.132 1. On the system console, log into the switch as Admin and enable IPsec. switch:admin>...
Page 416
ipsecConfig 4. Configure the SA proposal lifetime in seconds. switch:admin> ipsecconfig --add policy ips sa-proposal -t IPSEC-ESP -lttime 280000 -sa ESP01 5. Import the public key for the BROCADE300 (Brocade300.pem), the private key for BROCADE300 (Brocade300-key.pem), and the public key of the external host (remote-peer.pem) in X.509 PEM format from the remote certificate server (10.6.103.139).
Page 417
ipsecConfig 3. Create an IPsec SA policy named ESP01, which uses ESP protection with 3DES. switch:admin> ipsecconfig --add policy ips sa -t ESP01 -p esp -enc 3des_cbc 4. Create an IPsec proposal IPSEC-AHESP to use an AH01 and ESP01 bundle. switch:admin>...
Page 418
ipsecConfig IPsec display commands To display the IPSec IKE Policy: switch:admin> ipsecconfig --show policy ike -a IKE-01 version:ikev2 remote:10.33.69.132 local-id:10.33.74.13 remote-id:10.33.69.132 encryption algorithm: 3des_cbc hash algorithm: hmac_md5 prf algorithm: hmac_md5 dh group: 2 1 auth method:rsasig public-key:"/etc/fabos/certs/sw0/thawkcert.pem" private-key:"/etc/fabos/certs/sw0/thawkkey.pem" peer-public-key:"/etc/fabos/certs/sw0/spiritcert.pem To display the outbound and inbound SAs in the kernel SA database: switch:admin>...
Page 419
ipsecConfig To display all IPsec transforms: switch:admin> ipsecconfig --show policy ips transform -a policy-A-B action:auto_ipsec mode:transport local:10.33.69.132 remote:10.33.74.13 sa-proposal:ipsec-esp-a-b ike-policy:remote-B To display all IPsec traffic selectors: switch:admin> ipsecconfig --show policy ips selector -a slt-A-B-any local:10.33.69.132 remote:10.33.74.13 direction:outbound upper-layer-protocol:any transform-used:policy-A-B slt-B-A-any local:10.33.74.13 remote:10.33.69.132 direction:inbound...
Page 420
ipsecConfig References [DISR] "DOD IPv6 Standards Profiles for IPv6 Capable Products", v2.0 (6/15/2007). [NIST] "A Profile for IPv6 in the U.S. Government", v1.0 (1/31/2007). [4301] Kent, S. and K. Seo, "Security Architecture for the Internet Protocol", RFC 4301 (Dec 2005). [4302] Kent, S., "IP Authentication Header", RFC4302 (Dec 2005).
Page 422
iscsiCfg iscsicfg --show transaction [-h] iscsicfg --clear all [-h] iscsicfg --commit all [-f] [-h] Description Use this command to configure all iSCSI entities (such as authentication (CHAP), discovery domains (DD), discovery domain sets (DDSet), iSCSI virtual targets (VT), and LUN maps). Common actions include --add, --delete, --modify, --show, --enable and --disable;...
Page 423
iscsiCfg --modify tgt -t target_name -a auth_method [-h] Associates the authentication method auth_method with the target. Valid values for auth_method are CHAP and none. If CHAP is specified, then either one-way or mutual CHAP is enforced, based on the login frame from the host. --addusername tgt -t target_name -u user_list [-h] Binds user names defined in AUTH database to the specific target.
Page 424
iscsiCfg --show dd [-d dd_name] [-h] Displays the DD database; dd_name is optional. ddset Discovery Domain Set parameters. Actions on ddset are: --create ddset -n ddset_name -d dd_list [-h] Creates a DD set entry with the specified ddset_name and dd_list. The DDs in dd_list must already exist.
Page 425
iscsiCfg --commit all [-f] [-h] Commits the iSCSI configuration database to nonvolatile memory. Any modifications made to the database are not saved until an explicit --commit all is issued. If multiple switches in the fabric have uncommitted changes, this operation is rejected. The -f option needs to be used in this case to force the commit operation, in which case uncommitted changes on other switches are erased.
Page 426
iscsiCfg To bind user CHAP to a target: switch:admin> iscsicfg --addusername tgt-t iqn.2005-10.com.brocade.tgt1 -u user1 The operation completed successfully. To unbind user CHAP from a target: switch:admin> iscsicfg --deleteusername tgt -t iqn.2005-10.com.brocade.tgt1 -u user1 The operation completed successfully. To clear the target database: switch:admin>...
Page 427
iscsiCfg To display the DD database: switch:admin> iscsicfg --show dd Number of records found: 1 Name: mynewdd Status: Defined Num. Members: iqn.2222-23.mytest1 iqn.2343-58.newtest1 iqn.2222-23.mytest3 To create a DD set entry: switch:admin> iscsicfg --create ddset -n myddset -d mynewdd The operation completed successfully. To add a new member to an existing DD set (the new DD, iscsidd3, must exist already) switch:admin>...
Page 428
iscsiCfg To display the iSCSI initiators that attempted to log in: switch:admin> iscsicfg --show initiator Number of records found: 1 Name IP Address iqn.1991-05.com.brocade:initiator1 172.16.14.101 switch:admin> iscsicfg --show initiator -i iqn.1991-05.com.brocade:initiator1 Initiator details are: Name IP Address iqn.1991-05.com.brocade:isi154116.englab.brocade.com 172.16.14.101 No. of targets currently accessible to the specified initiator are: 4 iqn.2222-12.com.brocade:tgt1 iqn.2222-12.com.brocade:tgt2 iqn.2002-12.com.brocade:50:06:0e:80:00:43:80:a2...
iscsiChipTest iscsiChipTest Performs functional test of components in iSCSI complex. Synopsis iscsichiptest --slot slotnumber -testtype type -unit gbEports Description Use this command to verify the memory of the network processor and iFlipper FPGA. Notes This command is supported only on the Brocade FR4-16IP blade. On all other platforms, this command displays the message: “Command not applicable to this platform.
iscsiHelp iscsiHelp Displays a list of iSCSI support commands. Synopsis iscsihelp Description Use this command to display a list of iSCSI support commands with descriptions. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
iscsiPathTest iscsiPathTest Performs functional test of components in iSCSI complex. Synopsis iscsipathtest --slot slotnumber -unit number -path mode -nframes count Description Use this command to verify the functions of the network processor and the iSCSI complex. The CP processor instructs the Network processor BCM1125H in each GigE port to run the tests Multiple frames or data packets are transmitted from the Network processor to designated loopback points and sent back.
iscsiPortCfg iscsiPortCfg Displays or modifies iSCSI port parameters. Synopsis iscsiportcfg --clearstats slot/geport iscsiportcfg --default slot/geport iscsiportcfg --show slot/geport [-v] iscsiportcfg --modify slot/geport options Description Use this command to display or modify the iSCSI port parameters. The default iSCSI port settings are as follows: TABLE 17 Default iSCSI port settings Setting...
Page 433
iscsiPortCfg Displays port-level protocol parameters, statistics, and session information --show on the specified port. Options include: Specifies verbose mode, which displays the initiator IP, TSID, and the number of connections in addition to the other port-level information. slot Specifies the slot number. This parameter only supports FC4-16IP blades in Brocade 48000 directors.
Page 434
iscsiPortCfg iSCSI Abort Task Set: iSCSI Clear ACA: iSCSI Clear Task Set: iSCSI LUN Reset: iSCSI Target Reset: iSCSI Task Reassign: Non FCP in PDU: Non FCP in Octet: 2576 Non FCP out PDU: Non FCP out Octet: 1352 Session details: Session Number: iSCSI Session Type: Normal...
iscsiSessionCfg iscsiSessionCfg Displays iSCSI session/connection details, clears the associated counters, or deletes an iSCSI session/connection. Synopsis iscsisessioncfg clearstats [-i initiator_iqn] [-t target_iqn] iscsisessioncfg delete [-i initiator_iqn] [-t target_iqn] iscsisessioncfg show [-i initiator_iqn] [-t target_iqn] Description Use this command to display iSCSI session/connection details, clear the associated counters, or delete an iSCSI session/connection.
Page 436
iscsiSessionCfg Max. Burst Length 256KB 256KB First Burst Length 512B 64KB Max outstanding R2T Default time to retain Default time to wait Error recovery level Initial R2T iSCSI Operating Login Parameters: Connection Level Connection Index: Parameter Name Self Value Peer Value Max.
iscsiSwCfg iscsiSwCfg Displays or configures the iSCSI switch level configuration. Synopsis iscsiswcfg enableconn -s slot number | all iscsiswcfg disableconn -s slot number | all iscsiswcfg showconn -s slot number | all iscsiswcfg modifygw -t target name iscsiswcfg showgw Description Use this command to display the iSCSI switch level configuration and to configure the iSCSI connection redirection and target name prefix.
islShow islShow Displays interswitch link (ISL) information. Synopsis islshow Description Use this command to display the current connections and status of the interswitch link (ISL) for each port on a switch. The command output includes the following information: • Node world wide name (WWN) •...
isnscCfg isnscCfg Displays or modifies the configuration state of the iSNS client operation. Synopsis isnsccfg --set slot | geport -s server_ip isnsccfg --set -m -s server_ip isnsccfg --reregister isnsccfg --show isnsccfg --clear Description Use this command to display and update the configuration state of the iSNS client daemon. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
Page 440
isnscCfg To register the iSNS objects: switch:admin> isnsccfg --reregister Initiated re-register of iSNS objects with iSNS server To clear the IP address of iSNS server: switch:admin> isnsccfg --clear Cleared iSNS server configuration. See Also none Fabric OS Command Reference 53-1001186-01...
itemList itemList Lists parameter syntax information. Synopsis item_list = element | element white item_list element = item | item - item item = num | slot [white]/ [white] num slot = num num = hex | int int = int digit | digit hex = 0x hex digit | hex hex digit digit = 0|1|2|3|4|5|6|7|8|9 hex digit = digit |A|B|C|D|E|F|a|b|c|d|e|f...
Page 442
itemList The exact type of list varies, depending on the test and the parameter; however, the most common are blade ports and user ports. A list of blade ports is most commonly used by ASIC-level tests such as turboRamTest and represents which ports on the current blade (specified with --slot number) are tested.
killTelnet killTelnet Terminates an open Telnet session. Synopsis killtelnet Description Use this command to terminate an open Telnet session. The command lists all current Telnet and serial port login sessions and information such as session number, login name, idle time, IP address of the connection, and timestamp of when the login session was opened.
ldapCfg ldapCfg Maps LDAP AD server roles to default switch roles. ldapcfg --maprole ldaprole switchrole ldapcfg --unmaprole ldaprole ldapcfg --show ldapcfg --help Description Use this command to map a Lightweight Directory Access Protocol (LDAP) Active Directory (AD) server role to one of the default roles available on a switch. This command also provides an option to remove an existing mapping.
Page 445
ldapCfg Displays a table of existing mappings between LDAP roles and their --show corresponding switch role. Displays command usage. --help Examples To display current LDAP and switch role map: switch:admin> ldapcfg --show LDAP Role Switch Role ------------------------------------------------ ldapadmin admin ldapuser user SANfabadmin fabricadmin...
lfCfg lfCfg Configures and displays logical fabrics. Synopsis lfcfg [--show | --showall] -cfg lfcfg [--show | --showall] -lisl [-v] lfcfg --lislenable lfcfg --help Description Use this command to display logical fabric configuration information, to determine the status of logical interswitch links (LISLs), and to enable LISLs between logical switches. A logical switch is a partition created on a physical switch that shares the physical resources of the base fabric while functioning as an independent entity in a "virtual"...
Page 447
lfCfg remote-domain Domain ID of the base switch in the remote chassis. Name Switch name. State Port state: Online or Offline. Associated physical ports Physical ports associated with the LISL ports. When lfCfg is issued within a logical switch context, only the configuration regarding that switch and the fabrics reachable from that switch is displayed.
Page 448
lfCfg Logical Switch: 1 Fabric Id: 2 State: Online(1) Switch WWN: 10:00:00:60:69:e2:09:fcSwitchName: ------------------------------ Chassis: 53 ------------------------------ Chassis WWN: 10:00:00:60:69:e2:09:00 Base Switch WWN: 10:00:00:60:69:e2:09:00 Base Domain: 53 Number of Partitions: 2 Logical Switch: 1 Fabric Id: 2 State: Online(1) Switch WWN: 10:00:00:60:69:e2:09:feSwitchName: To displays information for all fabrics in all chassis reachable from the base fabric.
Page 449
lfCfg To display information about all LISLs in the chassis: switch:admin> lfcfg --showall -lisl Port# remote-domain Name State PT Online PT Online FID Port# remote-domain Name State 2 384 24 sw0 PT Online 3 385 24 sw0 PT Online See Also none Fabric OS Command Reference 53-1001186-01...
licenseAdd licenseAdd Adds license keys to switch. Synopsis licenseadd “license” Description Use this command to add license keys to the switch. Some features of the switch and the fabric to which it is connected are optional, licensed products. Without a license installed for such products, their services are not available. A license key is a string of approximately 16 upper- and lowercase letters and numbers.
licenseHelp licenseHelp Displays commands used to administer license keys. Synopsis licensehelp Description Use this command to display a list of the commands used to administer license keys. Notes The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
licenseIdShow licenseIdShow Displays the system license ID. Synopsis licenseidshow Description Use this command to display the license ID of the system. Some features of the switch and the fabric are optional, licensed products. Without a license installed for such products, the services provided by these features are not available. This command displays the system license ID used for generating and validating licenses on the system.
licensePort licensePort Manages the Dynamic Ports On Demand (POD) license assignment. Synopsis licensePort --release portnum licensePort --reserve portnum licensePort --show lcensePort --method dynamic | static Description Use this command to manage the Dynamic Ports on Demand license assignments. In the Dynamic POD method, the ports are assigned to a POD license in order to come online until they equal the number of online licensed ports.
Page 454
licensePort To display the POD license assignments: switch:admin> licensePort show 20 ports are available in this switch 1 POD license is installed Dynamic POD method is in use 15 port assignments are provisioned for use in this switch: 10 port assignments are provisioned by the base switch license 5 port assignments are provisioned by the first POD license * 5 more assignments are added if the second POD license is installed...
licenseRemove licenseRemove Removes the license key from the system. Synopsis licenseremove "license" Description Use this command to remove an existing license key from a switch. The existing license key must be entered exactly as shown by licenseShow, including case. When the key has been entered, use the licenseShow command to verify that the key has been removed and the licensed product uninstalled.
licenseShow licenseShow Displays current license keys. Synopsis licenseshow Description Use this command to display current license keys, along with a list of licensed products enabled by these keys. The message "No license installed on this switch" is displayed when no licenses are installed.
linkCost linkCost Sets or displays the Fabric Shortest Path First (FSPF) cost of a link. Synopsis linkcost [[slotnumber/]portnumber [cost]] Description Use this command to set or display the cost of an interswitch link (ISL). The cost of a link is a dimensionless positive number.
Page 458
linkCost cost Specifies the static cost of the link connected to the specified port. Valid values are 0 to 65,535. Assigning a value outside this range will fail and generate an error. A value of 0 removes the static cost and the port reverts to its default link cost.
login login Logs in as new user. Synopsis login Description Use this command to log in to the switch with another user name and password, without first logging out from the original session. If you originally connected through a Telnet or rlogin session, that session is left open.
logout logout Logs out from a shell session. Synopsis logout Description Use this command to log out from a shell session. Remote login connections are closed and the local serial connections return to the login prompt. The exit command is accepted as a synonym for logout, as is Ctrl-D at the beginning of a line. Operands none Examples...
lsanZoneShow lsanZoneShow Displays logical SAN zone information. Synopsis lsanzoneshow [-s] [-f fabricid] [-w wwn] [-z zonename] Description Use this command to display the inter-fabric zones or LSAN zones. These zones are normal WWN zones created in FC Router EX_Port-connected fabrics and backbone fabrics. The LSAN zones are identified by the text string “lsan_”...
Page 462
lsanZoneShow Examples To display the LSAN zones: switch:admin> lsanzoneshow Fabric ID: 4 Zone Name: lsan_fcr10_0 50:05:07:65:05:84:0b:83 50:05:07:65:05:84:09:0e 10:00:00:00:c9:2b:6a:68 21:00:00:20:37:18:22:55 Fabric ID: 5 Zone Name: lsan_fcr11_0 10:00:00:00:c9:2b:6a:68 21:00:00:20:37:18:22:55 50:05:07:65:05:84:0b:83 50:05:07:65:05:84:09:0e switch# See Also fcrFabricShow, fcrPhyDevShow, fcrProxyDevShow, fcrRouteShow, switchShow Fabric OS Command Reference 53-1001186-01...
Page 464
lsCfg Specifies the Fabric ID. Each logical switch in a chassis is assigned a unique fabric identifier. The FID address space is shared between logical switches and EX_Ports. Valid FID values are integers between 1 and 128. The default logical switch is assigned FID 128 by default. This operand is required. -b | -base Creates a base logical switch on the chassis.
Page 465
lsCfg -b | -base Turns an existing logical switch into a base switch. When this command is issued on a switch that is already a base switch, this command removes the base switch properties. This command disables the current logical switch. After making the change, you must re-enable the switch.
Page 466
lsCfg To display the logical switch configuration: switch:admin> lscfg --show Created switches: 128(ds) 1(bs) Port ------------------------------------------------------------------- Port ------------------------------------------------------------------- 128 | 128 | 128 | 128 | 128 | 128 | 128 | 128 | 128 | 128 | Port ------------------------------------------------------------------- 128 | 128 | 128 | 128 | 128 | 128 | 128 | 128 | 128 | 128 | Port -------------------------------------------------------------------...
Page 467
lsCfg To make Logical switch FID 1 the base switch without confirmation: switch:admin> lscfg --change 1 -base -force Disabling the current base switch... Disabling switch fid 1 Disabling the proposed new base switch... Disabling switch fid 1 Please enable your switches when ready. To make Logical switch FID 1 the base switch with confirmation: switch:admin>...
lsDbShow lsDbShow Displays the Fabric Shortest Path First (FSPF) link state database. Synopsis lsdbshow [domain] Description Use this command to display an FSPF link state database record for switches in the fabric or for a specified domain. There are two types of database entries: •...
Page 469
lsDbShow TABLE 20 lsDbShow display fields (Continued) Field Description advertiser Domain ID of the switch that originated this LSR. incarn Incarnation number of this LSR. length Total length, in bytes, of this LSR. Includes header and link state information for all links. chksum Checksum of total LSR, with exception of lsAge field.
Page 470
lsDbShow mOutIfsP[4] = 0x00000000 mOutIfsP[5] = 0x00000000 mOutIfsP[6] = 0x00000000 parent = 0xf0 mPathCost mHopsFromRoot Link State Record: Link State Record pointer = 0x109784b0 lsAge = 321 reserved type options = 0x0 lsId advertiser incarn = 0x80000185 length = 60 chksum = 0x168a linkCnt = 2,...
fosExec fosExec Executes a command in a specified logical fabric context. Synopsis fosexec -fid FID "cmd" Description Use this command to manage logical switches in the chassis. This command executes a specified command on a specified logical switch. The logical switch is identified by its fabric ID (FID). The commands you can execute are defined by the role of the account that executes the command.
memShow memShow Displays the amounts of free and used memory in a switch. Synopsis memshow [-b | -k | -m] Description Use this command to display free and used memory in the switch, as well as the shared memory and buffers used by the kernel. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
msCapabilityShow msCapabilityShow Displays the Management Server (MS) capabilities. Synopsis mscapabilityshow Description Use this command to display the supported capabilities of the Management Server for each switch in the fabric. An asterisk displays next to the name of the local switch. Notes Reliable commit service (RCS) is a fabric-wide capability and is supported only if all the switches in the fabric support the service.
msConfigure msConfigure Configures the Management Server (MS) access control list (ACL). Synopsis msconfigure Description Use this command to configure the MS Access Control List (ACL). The MS allows a Storage Area Network (SAN) management application to retrieve and administer the fabric and Interconnect Elements, such as switches.
Page 476
msConfigure Done Display the access list Add member based on its Port/Node WWN Delete member based on its Port/Node WWN select : (0..3) [1] 0 done ... See Also msCapabilityShow, msPlatShow, msPlClearDB, msPlMgmtActivate, msPlMgmtDeactivate, msTdDisable, msTdEnable, msTdReadConfig, secPolicyShow Fabric OS Command Reference 53-1001186-01...
msPlatShow msPlatShow Displays the Management Server (MS) platform database. Synopsis msplatshow Description Use this command to display information from the MS platform database. This command displays the name of each platform object with the platform type (GATEWAY, HOST_BUS_ADAPTER, and so forth), associated management addresses, and associated node names.
msPlatShowDBCB msPlatShowDBCB Displays the Management Server (MS) platform service database control block. Synopsis msplatshowdbcb Description Use this command to display the control block fields associated with the platform database. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
msPlClearDB msPlClearDB Clears the Management Server (MS) platform database on all switches in the fabric. Synopsis msplcleardb Description Use this command to clear the MS platform database in the entire fabric. Because this operation cannot be undone, it should not be performed unless it is intended to resolve a database conflict between two joining fabrics or to establish an entirely new fabric with an empty database.
msPlMgmtActivate msPlMgmtActivate Activates the Management Server (MS) platform service. Synopsis msplmgmtactivate Description Use this command to activate the MS platform service throughout the fabric. This command attempts to activate the MS platform service for each switch in the fabric. The change takes effect immediately and is committed to the configuration database of each affected switch.
msPlMgmtDeactivate msPlMgmtDeactivate Deactivates the Management Server (MS) platform service. Synopsis msplmgmtdeactivate Description Use this command to deactivate the MS platform service throughout the fabric. This command deactivates the MS platform service for each switch in the fabric and commits the change to nonvolatile storage.
msTdDisable msTdDisable Disables the Management Server (MS) topology discovery service. Synopsis mstddisable ["ALL"] Description Use this command to disable the management server topology discovery service on a local switch or an entire fabric. This change takes effect immediately and commits to the configuration database for all affected switches.
msTdEnable msTdEnable Enables the Management Server (MS) topology discovery service. Synopsis mstdenable ["ALL"] Description Use this command to enable the MS topology discovery service on the local switch or throughout the fabric. The change takes effect immediately and commits to the configuration database for all affected switches.
msTdReadConfig msTdReadConfig Displays the status of The Management Server (MS) topology discovery service. Synopsis mstdreadconfig Description Use this command to check whether or not the management server topology discovery service is enabled. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
myId myId Displays the current login session details. Synopsis myid Description Use this command to display the status of the system and the login session details. This includes IPv4 or IPv6 addresses associated with the login session. The login session gives details of the following: •...
nbrStateShow nbrStateShow Displays the state of FSPF neighbors. Synopsis nbrstateshow [slotnumber/][portnumber] Description Use this command to display information about fabric shortest path first (FSPF) neighbors to the local switch or information about a neighbor to a specified port. FSPF defines a neighbor as a remote E_Port interface that is directly attached to the local switch.
Page 487
nbrStateShow Examples To display information about a neighbor directly connected to the local switch: switch:user> nbrstateshow 2/0 Local Domain ID: 1 Local Port Domain Remote Port State ------------------------------------------------------- NB_ST_FULL See Also interfaceShow Fabric OS Command Reference 53-1001186-01...
nbrStatsClear nbrStatsClear Resets FSPF interface counters. Synopsis nbrstatsclear [slotnumber/][portnumber] Description Use this command to reset the counters of fabric shortest path first (FSPF) frames transmitted and received on all interswitch links (ISLs) or on a specified ISL Use this command without operands to reset counters on all interfaces.
Page 489
nbrStatsClear To reset the counters on a port: switch:admin> nbrstatsclear 1/0 To verify the changes: switch:admin> interfaceshow 1/0 idbP = 0x10050a38 Interface 0 data structure: nghbP = 0x1004ce68 ifNo masterPort = 0 (self) defaultCost = 500 cost = 500 (output truncated) See Also interfaceShow, portShow, switchShow Fabric OS Command Reference...
nodeFind nodeFind Displays all device Name Server (NS) entries matching a given WWN, device PID, or alias. Synopsis nodefind WWN | PID | ALIAS Description Use this command to display the NS information for all devices in the fabric that have either a port World Wide Name (WWN) or a node WWN matching the given WWN;...
Page 491
nodeFind Device Shared in Other AD: No Aliases: a320 0314d4; 3;22:00:00:04:cf:9f:26:7e;20:00:00:04:cf:9f:26:7e; 0 FC4s: FCP [SEAGATE ST336605FC 0003] Fabric Port Name: 20:14:00:60:69:80:04:79 Permanent Port Name: 22:00:00:04:cf:9f:26:7e Device type: Physical Target Port Index: 20 Share Area: No Device Shared in Other AD: No Aliases: a320 To display all the device information matching the WWN "20:00:00:e0:8b:01:ce:d3": switch:user>...
nsAliasShow nsAliasShow Displays local Name Server (NS) information, with aliases. Synopsis nsaliasshow [-r -t] Description Use this command to display local name server information with the added feature of displaying the defined configuration aliases to which the device belongs. The following message is displayed if there is no information in this switch: There is no entry in the Local Name Server The command nsAllShow displays information from all switches.
Page 493
nsAliasShow The second part indicates the role of the device. Currently, four roles are defined: • Unknown (initiator/target) - Device role is not detected. • Initiator- An iSCSI initiator. • Target- An iSCSI target. • Initiator+Target- Both an iSCSI initiator and an iSCSI target. Examples To display local NS information with aliases: switch:admin>...
Page 495
nsAliasShow Fabric Port Name: 20:04:00:60:69:01:44:22 Permanent Port Name: 21:00:00:ad:bc:04:6f:70 Device type: Physical Target Aliases: The Local Name Server has 6 entries } See Also nsAllShow, nsShow, switchShow Fabric OS Command Reference 53-1001186-01...
nsAllShow nsAllShow Displays global name server information. Synopsis nsallshow [type] Description Use this command to display the 24-bit Fibre Channel addresses of all devices in all switches in the fabric. If the type operand is supplied, only devices of specified FC-PH type are displayed. If type is omitted, all devices are displayed.
nsCamShow nsCamShow Displays information about remote devices in the Name Server (NS) cache. Synopsis nscamshow [-t] Description Use this command to display the local NS cache information about the devices discovered in the fabric by the NS cache manager. If the NS cache manager does not discover new switches or new devices in the fabric, the command displays the message “No Entry is found!”...
Page 498
nsCamShow Examples To display all switch and device entries discovered by the NS in the fabric: switch:admin> nscamshow nscam show for remote switches: Switch entry for 2 state owner known v430 0xfffc01 Device list: count 1 Type Pid PortName NodeName 021200;...
nsShow nsShow Displays local Name Server (NS) information. Synopsis nsshow [-r -t] Description Use this command to display local NS information about devices connected to this switch. If no information is available for the switch, the command displays the message: “There is no entry in the Local Name Server.”...
Page 500
nsShow SCR=1 Fabric detected registration. Register to receive all RSCN requests issued by the fabric controller for events detected by the fabric. SCR=2 Nx_Port detected registration. Register to receive all RSCN requests issued for events detected by the affected Nx_Port. SCR=3 Register to receive all RSCN request issued.
Page 501
nsShow To display local name server information with the -r option. switch:admin> nsshow -r Type Pid PortName NodeName 010100; 3;21:00:00:e0:8b:13:08:10;20:00:00:e0:8b:13:08:10; 1 FC4s: FCP NodeSymb: [41] "QLA2340 FW:v3.03.06 DVR:v9.0.0.2 (w32 IP)" Fabric Port Name: 20:01:00:05:1e:34:00:70 Permanent Port Name: 21:00:00:e0:8b:13:08:10 Port Index: 1 Share Area: No Device Shared in Other AD: No Redirect: No...
nsZoneMember nsZoneMember Displays the information on online devices zoned with a specified device. Synopsis nszonemember pid | wwn nszonemember -a | -u Description Use this command to display information on all online devices zoned with the specified device. The device can be specified by WWN or Port ID (PID). Use this command with the -u option to display all unzoned devices in the entire fabric.
Page 503
nsZoneMember Displays all unzoned devices in the entire fabric. The device data includes the device PID and zone alias. Examples To display information about all the online devices zoned with the given device: switch:admin> nszonemember 0x0416e2 3 local zoned members: Type Pid PortName NodeName...
passwd passwd Changes the password for a specified user. Synopsis passwd [“user account”] Description Use this command to change a user account password. Operands When this command is invoked without operand, the password is changed for the current user account. The following operand is optional: "user account"...
Page 506
passwd • If a you are changing another user’s password with greater privileges than your current login level, you are prompted to enter that user level’s old password and, if your entry is valid, you are prompted for a new password. •...
Page 507
passwd The password you entered contains less than the minimum required number of lowercase characters. Insufficient number of upper case letters The password you entered contains less than the minimum required number of uppercase characters. Insufficient number of digits in password The password you entered contains less than the minimum required number of numeric characters.
passwdCfg passwdCfg Manages the password policies. Synopsis passwdcfg --set options value passwdcfg --disableadminlockout passwdcfg --enableadminlockout passwdcfg --setdefault passwdcfg --showall passwdcfg --help Description Use this command to manage password policies. Use --set to configure the following password policies: • Password strength policy •...
Page 509
passwdCfg policy is enforced across all user accounts except the root, factory, and SecurityAdmin role accounts. A separate configuration option, available to the SecurityAdmin and Admin role accounts, may be used to enable and disable applications of the account lockout policy to Admin role accounts.
Page 510
passwdCfg -minpasswordage value Specifies the minimum number of days that must elapse before a password can be changed. -minpasswordage can be set at 0 to 999. The default value is 0. Setting this parameter to a nonzero value discourages a user from rapidly changing a password in order to defeat the password history setting to reuse a recently used password.
Page 511
passwdCfg -sequence value Specifies the length of sequential character sequences that will be disallowed. A sequential character sequence is defined as a character sequence in which the ASCII value of each contiguous character differs by one. The ASCII value for the characters in the sequence must all be increasing or all decreasing.
Page 512
passwdCfg lowercase value out of range The -lowercase value specified must be greater than or equal to 0 and less than or equal to -minlength value. uppercase value out of range The -uppercase value specified must be greater than or equal to 0 and less than or equal to -minlength value.
pathInfo pathInfo Displays routing information and statistics along a path covering multiple switches. Synopsis pathinfo pathinfo -f FID destination_switch [destination_port] [-r] [-t] pathinfo destination_switch [source_port[destination_port]] [-r] [-t] Description Use this command to display routing information from a source port on the local switch to a destination port on another switch.
Page 514
pathInfo In Port The port on which the switch receives frames. For hop 0, this is source_port. For bladed systems and ports above 256, this parameter is the port index; otherwise, it is the port area. Domain ID The domain ID of the switch. Name The name of the switch.
Page 515
pathInfo Words The total number of 4-byte Fibre Channel words. Frames The total number of frames. Errors The total number of errors that may have caused a frame not to be received correctly. This includes cyclic redundancy check (CRC) errors, bad end-of-frame (EOF) errors, frame truncated errors, frame-too-short errors, and encoding errors inside a frame.
Page 516
pathInfo destination_port Specifies the port on the destination switch for the path being traced. This operand returns the state of this port. The embedded port (-1) is used by default, or if you specify a destination port that is not active. For bladed systems and ports above 256, the destination is specified as the port index;...
Page 517
pathInfo To display basic path information in traceroute format with reverse path option: switch:admin> pathinfo 4 -r -t Target port is Embedded Domain ID (Name) Time/hop ---------------------------------------------------- 11 (mps_daz_1) 32882 usec 4 (METEOR) 32882 usec 11 (mps_daz_1) 32882 usec 97 (pulsar055) 32882 usec To display path information when source port and destination port are provided along with the traceroute option:...
Page 518
pathInfo B/s (64s) Txcrdz (1s) Txcrdz (64s) F/s (1s) F/s (64s) 2743 Words 2752748 2822763 Frames 219849 50881 Errors In Port Domain ID (Name) Out Port Cost --------------------------------------------------------- 10 (web229) 1000 Port ----------------------------------------------- B/s (1s) B/s (64s) Txcrdz (1s) Txcrdz (64s) F/s (1s) F/s (64s) Words...
pdShow pdShow Displays data from a panic dump file. Synopsis pdshow [panic_dump_file] Description Use this command to display data from a panic dump file. The panic dump file contains information that might be useful to determine the cause of the system panic. When executed without any arguments, this command displays output from the latest panic dump file available on the switch.
perfAddEEMonitor perfAddEEMonitor Adds an end-to-end monitor to a port. Synopsis perfaddeemonitor [slotnumber/]portnumber SourceID DestID Description Use this command to add an end-to-end performance monitor to a port. The performance monitor counts the number of words received, number of words transmitted, and number of CRC errors detected using either of the following two conditions: 1.
Page 521
perfAddEEMonitor SourceID Specifies the 3-byte SID (Source ID) of the originator device. It should be in "0xDDAAPP" format, where DD is domain ID, AA is area ID and PP is AL_PA ID. For example, 0x050200 has a domain ID of 5, an area ID of 2, and an AL_PA ID of 0.
Page 522
perfAddEEMonitor 2. Get name server information. Name server info shows four devices (two of which are virtual) connected to the Encryption Switch along with their PIDs: EncryptionSwitch:SecurityAdmin>nsshow Type Pid PortName NodeName TTL(sec) 0a0100; 3;2f:ff:00:06:2b:0e:b3:3c;2f:ff:00:06:2b:0e:b3:3c; na FC4s: FCP PortSymb: [18] "SANBlaze V3.0 Port" Fabric Port Name: 20:01:00:05:1e:53:b8:45 Permanent Port Name: 2f:ff:00:06:2b:0e:b3:3c Port Index: 1...
Page 523
perfAddEEMonitor 4. Add another EE monitor on port 1 between the Virtual Target SID and the Target DID: EncryptionSwitch:SecurityAdmin> perfaddeemonitor 1 0x0a2001 0x01a000 End-to-End monitor number 1 added. 5. Display the EE monitors on the Encryption Switch: EncryptionSwitch:SecurityAdmin> perfmonitorshow --class EE 1 There are 2 end-to-end monitor(s) defined on port OWNER_APP TX_COUNT...
perfAddIPMonitor perfAddIPMonitor Adds a filter-based performance monitor for IP frame count. Synopsis perfaddipmonitor [slotnumber/]portnumber [alias] Description Use this command to create a filter-based monitor that will count the number of IP traffic frames. Only frames transmitted are counted. Execution of this command displays a numeric key that uniquely identifies the monitor. Use the perfMonitorShow command for a listing of valid keys and user-defined aliases.
perfAddReadMonitor perfAddReadMonitor Adds a filter-based performance monitor for the SCSI Read command. Synopsis perfaddreadmonitor [slotnumber/]portnumber [alias] Description Use this command to create a filter-based monitor that counts the number of SCSI FCP Read commands in Fibre Channel frames. Only frames transmitted are counted. Execution of this command displays a numeric key that uniquely identifies the monitor.
perfAddRWMonitor perfAddRWMonitor Adds a filter-based performance monitor for the SCSI read and write commands. Synopsis perfaddrwmonitor [slotnumber/]portnumber [alias] Description Use this command to create a filter-based monitor that counts the number of SCSI FCP Read and Write commands in Fibre Channel frames. Only frames transmitted are counted. Execution of this command displays a numeric key that uniquely identifies the monitor.
perfAddSCSIMonitor perfAddSCSIMonitor Adds a filter-based performance monitor for SCSI frame count. Synopsis perfaddscsimonitor [slotnumber/]portnumber [alias] Description Use this command to create a filter-based monitor that counts the number of SCSI traffic frames. Only frames transmitted are counted. Execution of this command displays a numeric key that uniquely identifies the monitor. Use the perfMonitorShow command for a listing of valid keys and user-defined aliases.
perfAddUserMonitor perfAddUserMonitor Adds a user-defined filter-based performance monitor. Synopsis perfaddusermonitor [slotnumber/]portnumber "grouplist" [alias] Description Use this command to define a custom filter for frame offsets and values. For every offset, each group of comparison values is evaluated using the Boolean OR operator to determine a match.
Page 529
perfAddUserMonitor SOFi2 SOFn2 SOFi3 SOFn3 alias Specifies a name for the monitor. Strings exceeding 10 characters are truncated. To accommodate spaces, the string must be surrounded by quotation marks. Spaces count toward the character limit but are removed. This operand is optional. By default, the alias is an empty string. Examples To add a filter-based monitor for all Extended Link Service requests (R_CTL=0x22 and TYPE=0x01) to a port:...
perfAddWriteMonitor perfAddWriteMonitor Adds a filter-based performance monitor for the SCSI write command. Synopsis perfaddwritemonitor [slotnumber/]portnumber [alias] Description Use this command to create a filter-based monitor that counts the number of SCSI FCP write commands in Fibre Channel frames. Only frames transmitted are counted. Execution of this command displays a numeric key that uniquely identifies the monitor.
perfCfgClear perfCfgClear Clears the previously saved performance monitoring configuration settings from nonvolatile memory. Synopsis perfcfgclear Description Use this command to clear the previously saved end-to-end and filter configuration settings of performance monitoring from nonvolatile memory. Notes This command requires an Advanced Performance Monitoring license. This command is not supported on virtual FC ports (VE/VEX_Port), EX_Port, M (Mirror) ports and GbE ports.
perfCfgRestore perfCfgRestore Restores performance monitoring configuration settings from nonvolatile memory. Synopsis perfcfgrestore Description Use this command to restore the performance monitoring configuration information from nonvolatile memory. This does not restore the information cleared by the perfCfgClear command; rather, it restores the configuration from nonvolatile memory. The perfCfgRestore command overwrites any configuration changes that were not saved.
perfCfgSave perfCfgSave Saves performance monitoring configuration settings to nonvolatile memory. Synopsis perfcfgsave Description Use this command to save the current Performance Monitor configuration for end-to-end (EE) and filter configuration settings of performance monitoring into nonvolatile memory. Configurations are saved persistently across power cycles. The number of monitors that can be saved to flash memory is limited as follows: •...
perfClearAlpaCrc perfClearAlpaCrc Clears the CRC error count associated with a port and arbitrated loop physical address (AL_PA). Synopsis perfclearalpacrc [slotnumber/]portnumber [ALPA] Description Use this command to clear a specific cyclic redundancy check (CRC) error counter associated with a specific port and AL_PA, or all such counters on a port. Notes This command requires an Advanced Performance Monitoring license.
perfDelEEMonitor perfDelEEMonitor Deletes one or all end-to-end performance monitors from a port. Synopsis perfdeleemonitor [slotnumber/]portnumber [monitorId] Description Use this command to delete an end-to-end performance monitor from a port, or all such monitors associated with a port. Notes This command requires an Advanced Performance Monitoring license. This command is not supported on virtual FC ports (VE/VEX_Port), EX_Port, M (Mirror) ports and GbE ports.
perfDelFilterMonitor perfDelFilterMonitor Deletes one or all filter-based performance monitors from a port. Synopsis perfdelfiltermonitor [slotnumber/]portnumber [monitorid] Description Use this command to delete a filter-based performance monitor from a port, or all such monitors associated with a port. Notes This command requires an Advanced Performance Monitoring license. This command is not supported on virtual FC ports (VE/VEX_Port), EX_Port, M (Mirror) ports and GbE ports.
perfHelp perfHelp Displays performance monitoring help information. Synopsis perfhelp Description Use this command to display the help commands available for performance monitoring. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place. Refer to chapter 1, "Using Fabric OS commands" and Appendix A, "Command Availability"...
perfMonitorClear perfMonitorClear Clears counters of end-to-end, filter-based, and ISL performance monitors on a port. Synopsis perfmonitorclear --class monitor_class [slotnumber/]portnumber [monitorId] Description Use this command to clear counters for performance monitors on a port, specified by class. Monitor classes include end-to-end monitors (EE), filter-based monitors (FLT), and interswitch link monitors (ISL).
Page 539
perfMonitorClear switch:admin> perfmonitorclear --class FLT 1/2 This will clear ALL filter-based monitors' counters on port 2, continue? (yes, y, no, y): [no] y To clear statistics counters for an ISL monitor: switch:admin> perfmonitorclear --class ISL 1 This will clear ISL monitor on port 1, continue? (yes, y, no, n): [no] y See Also perfAddEEMonitor, perfAddIPMonitor, perfAddReadMonitor, perfAddRWMonitor, perfAddSCSIMonitor, perfAddUserMonitor, perfAddWriteMonitor, perfMonitorShow...
perfMonitorShow perfMonitorShow Displays end-to-end, filter-based, and interswitch Link performance monitors on a port. Synopsis perfmonitorshow class monitor_class [slotnumber/]portnumber [interval] Description Use this command to display performance monitors on a port. Monitor classes include end-to-end monitors (EE), filter-based monitors (FLT), and interswitch link monitors (ISL). ISL monitors are automatically activated on E_Ports (not including trunk slaves).
Page 541
perfMonitorShow Notes This command requires an Advanced Performance Monitoring license. This command is not supported on virtual FC ports (VE/VEX_Port), EX_Port, M (Mirror) ports and GbE ports. The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
Page 542
perfMonitorShow To display end-to-end monitors on a port at an interval of every 5 seconds: switch:admin> perfmonitorshow --class EE 8 5 Showing EE monitors 8, 5: Tx/Rx are # of bytes ----- ----- ----- ----- ----- ----- ----- ----- Tx Rx Tx Rx Tx Rx Tx Rx...
Page 543
perfMonitorShow To display ISL monitor information on a port: switch:admin> perfmonitorshow --class ISL 1/1 Total transmit count for this ISL: 1462326 Number of destination domains monitored: 3 Number of ports in this ISL: 2 Domain 110379 Domain 98: 13965 Domain 1337982 See Also perfMonitorClear, perfAddEEMonitor, perfAddIPMonitor, perfAddRWMonitor,...
perfSetPortEEMask perfSetPortEEMask Sets the overall mask for end-to-end (EE) performance monitors. Synopsis perfsetporteemask [slotnumber/]portnumber "TxSIDMsk " "TxDIDMsk " "RxSIDMsk" "RxDIDMsk" Description Use this command to set the mask for an end-to-end (EE) performance monitor. This command allows selecting the Fibre Channel frames for which to collect performance statistics. When setting the EE mask on a port, all existing EE monitors on that port are deleted.
Page 545
perfSetPortEEMask TxSIDMsk Specify the transmitting source ID mask in dd:aa:pp format, with quotation marks, where dd is the domain ID mask, aa is the Area ID mask, and pp is AL_PA ID mask. For example, "00:ff:00" uses only the Area ID to trigger the EE monitor.
perfShowAlpaCrc perfShowAlpaCrc Displays the CRC error count by port or by arbitrated loop physical address (AL_PA). Synopsis perfshowalpacrc [slotnumber/]portnumber [ALPA] Description Use this command to display the cyclic redundancy check (CRC) error count of one or all devices attached to a port. If the AL_PA operand is specified, only the CRC count for that AL_PA device is displayed.
perfShowPortEEMask perfShowPortEEMask Displays the current address mask for end-to-end performance monitors on a port. Synopsis perfshowporteemask [slotnumber/]portnumber Description Use this command to display the current mask shared across all end-to-end (EE) performance monitors of a port. There are only two commands that can modify the value of the EE mask: perfSetPortEEMask and perfCfgRestore.
Page 548
perfShowPortEEMask RxSID ALPA: RxDID Domain: RxDID Area: RxDID ALPA: See Also perfAddEEMonitor, perfDelEEMonitor, perfSetPortEEMask Fabric OS Command Reference 53-1001186-01...
perfTTmon perfTTmon Installs the Top Talker monitor in the specified mode. Synopsis perfttmon Port Mode (F_Port): perfttmon --add egress | ingress [slotnumber/]portnumber perfttmon --show [slotnumber/]portnumber [number of flows] [wwn| pid] perfttmon --delete [slotnumber/]portnumber Fabric Mode: perfttmon --add fabricmode perfttmon --show dom domain id [number of flows] [wwn| pid] perfttmon --delete fabricmode Description Use this command to install the Top Talker monitor.
Page 550
perfTTmon Operands This command has the following operands: slotnumber For bladed systems only, specifies the slot number of the port on which to install Top Talkers, followed by a slash (/). portnumber Specifies the number of the port on which the Top Talker is to be installed, relative to its slot for bladed systems.
Page 551
perfTTmon To add the Fabric Mode Top Talker: Switch:admin> perfttmon --add fabricmode To delete the Fabric Mode Top Talker: Switch:admin> perfttmon --del fabricmode To display the Fabric Mode Top Talker output: Switch:admin> perfttmon --show dom 1 pid perfttmon --show dom 1 pid ================================================================= Src_PID Dst_PID...
pkiCreate pkiCreate Creates public key infrastructure (PKI) objects. Synopsis pkicreate Description Use this command to create PKI objects such as a pass-phrase switch private key and CSR and to install a root certificate. This command does not create the switch certificate. Switch certificate should be obtained offline from the Certificate Authority.
pkiRemove pkiRemove Removes existing public key infrastructure (PKI) objects. Synopsis pkiremove Description Use this command to remove PKI objects including the switch private key, private key pass-phrase, CSR, root certificate, and switch certificate. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
pkiShow pkiShow Displays existing public key infrastructure (PKI) objects. Synopsis pkishow Description Use this command to display PKI objects, such as switch private key, private key pass-phrase, CSR, root certificate, and switch certificate. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
policy policy Displays or modifies the encryption and authentication algorithms for security policies. Synopsis policy option type number [-enc method] [-auth algorithm] [-pfs value] [-dh group] [-seclife seconds] Description Use this command to display or modify the encryption and authentication algorithms for security policies.
Page 556
policy -dh group Specifies the Diffie-Hellman group used in PFS negotiation. This operand is valid only with IKE policies. The default is 1. Values include: Fastest as it uses 768 bit values, but least secure. 14 Slowest as it uses 2048 bit values, but most secure. -seclife seconds Security association lifetime in seconds.
Page 557
policy To display all IPSec policy settings: switch:admin> policy --show ipsec all IPSec Policy 2 ----------------------------------------- Authentication Algorithm: SHA-1 Encryption: AES-128 SA Life (seconds): 28800 IPSec Policy 29 ----------------------------------------- Authentication Algorithm: SHA-1 Encryption: AES-128 SA Life (seconds): 28800 Operation Succeeded To change (delete and re-create) a policy: switch:admin>...
portAddress portAddress Assigns the lower 16 bits of the Fibre Channel Port ID. Synopsis portaddress --bind [slot_number/]port_number [16-bit_address] [--auto] portaddress --unbind [slot_number/]port_number portaddress --show [[slot_number/]port_number] portaddress --findPID 24-bit_Port_ID portaddress --help Description Use this command to bind the 16-bit address to the lower two bytes of a port 24-bit Fibre Channel address, or to unbind the currently bound address for the specified port.
Page 559
portAddress Displays the currently bound address attributes for the specified port. This --show command shows the lowest two bytes of the Fibre Channel address as well as the current setting for auto mode. If a port is not specified, the display shows all ports on the current partition.
Page 560
portAddress 0x1100 8 bit 0x1200 8 bit 0x1300 8 bit 0x1400 8 bit 0x1500 8 bit 0x1600 8 bit 0x1700 8 bit To display the port address binding for port 28: switch:admin>portaddress --show 5/18 Index Slot Port Area Mode =============================== 0x1400 8 bit To display the port bound to a specified address.
portAlpaShow portAlpaShow Displays the Arbitrated Loop Physical Addresses (AL_PAs) of devices attached to a port. Synopsis portalpashow [slotnumber/]portnumber Description Use this command to display the AL_PAs of devices connected to a port, and whether these devices are public or private. If the specified port is not an active FL_Port or if no AL_PAs are present, this command prints an error.
portBufferShow portBufferShow Displays the buffer usage information for a port group or for all port groups in the switch. Synopsis portbuffershow [[slotnumber/]portnumber] Description Use this command to display the current long distance buffer information for the ports in a port group.
Page 563
portBufferShow Operands When invoked without operands, this command displays the long distance buffer information for all the port groups of the switch. The following operands are optional: slotnumber For bladed systems only, specifies the slot number of the port group to display, followed by a slash (/).
portCamShow portCamShow Displays port-based filter CAM utilization. Synopsis portcamshow [slotnumber/]portnumber Description Use this command to display the current filter Content-Addressable Memory (CAM) utilization of a specified port. The command displays the following information: SID used Total number of CAM entries used by this port. Note that each CAM entry, either source ID (SID) or destination ID (DID) CAM, can be shared among a certain number of ports, depending on the ASIC.
Page 565
portCamShow Examples To display the filter CAM utilization for a single port on a switch: switch:user> portcamshow 3/2 -------------------------------------------------- Area SID used DID used SID entries DID entries 350400 2b2200 2b1200 220400 -------------------------------------------------- SID Free, DID Free: (61, 511) To display port CAM entries on shared ports: In the following example, port 7/31 and 7/39 are shared ports and 7/31 is the primary port.
portCfg portCfg Enables or disables a port's configuration. Synopsis portcfg action [slot/][ge]port [-range] arguments Description Use this command to manage configuration parameters for ports and gigabit Ethernet (GbE) ports. The following operations can be performed with this command: • Optionally add and delete Address resolution protocol (ARP) entries. Flush ARP table. •...
Page 567
portCfg portcfg arp [slot/][ge]port options arguments Valid options and arguments for arp include: add ipaddr macaddr Adds static ARP entry to the ARP table. Specify IP Address and MAC address for each entry. Use portShow arp with the -lmac option to get the MAC address.
Page 568
portCfg both a DSCP and L2CoS value. These default values can be modified on a per-FCIP tunnel basis with the fciptunnel qosmap option. The -M option can be turned on or off any time. Qosmap settings are unaffected by the -M option.
Page 569
portCfg -p Control L2 CoS Specifies the pL2_Class_of_Service/Priority, as defined by IEEE 802.1p, for the FCIP control connection. Range is 0-7. Default is 0. -P L2 CoS Specifies the PL2 Class of Service/Priority, as defined by IEEE 802.1p, for the FCIP data connection. Range is 0-7. Default is 0. -bstr Enables Byte Streaming on the specified tunnel.
Page 570
portCfg -r retransmissions Specifies the maximum retransmissions for the existing tunnel. Values are 1 to 16; default is 8. If Tape Piplelining is enabled, the default value is calculated based on the minimum retransmit time to ensure that the TCP connection does not time out before the host times out.
Page 571
portCfg -P l2cos Specifies the L2 Class Of Service (COS) Tagging value. Use the portShow fciptunnel geport all -qosmap command to display current values. Supported range is 0-7. ipif Defines the IP interface for both ports of a tunnel. Up to eight IP interfaces per GbE port are supported.
Page 572
portCfg dest_IPv6_addr/prefix_len Specifies the destination IPv6 address of the virtual port, if IPv6 is used. The address must be an IPv6 global, unicast address, followed by a prefix. This is used for IPv6 addresses instead of a netmask. The prefix_len operand is required. dest_IPv4_addr netmask Specifies the destination IPv4 address of the virtual port, if IPv4 is used.
Page 573
portCfg mirrorport Configure mirror port on the local port. The port mirroring feature re-routes data frames between two devices to the mirror port. Port mirroring can aid in troubleshooting common FC end-to-end communication problems. The command prompts for confirmation that the specified port be enabled as a mirror port.
Page 574
portCfg --delete ipif_addr vlan_id [dst_ipaddr] Deletes an entry from the VLAN tag table. Valid arguments for mode are: ipif_add Specifies the locally defined interface address in IPv6 or IPv4 format. vlan_id Specifies the VLAN ID used for this tag. Range is 1-4094. L2 CoS Specifies L2 Class of Service/Priority, as defined by IEEE 802.1p.
Page 575
portCfg -i 1|0 Enables or disables FICON tape read block ID. This feature permits FICON write channel programs containing embedded read block ID commands (Cadres) with a byte count of exactly four bytes to be processed as emulated commands during write emulation processes. 1 is enabled, O is disabled.
Page 576
portCfg channel. This limits processing to what the network and device can support. Too small a value limits pipelining performance. Too large a value results in too much data being accepted for one device on a path. The default value is 300 milliseconds (ms). The range is 100-1500. -n |--wrtMaxChains value Defines the maximum amount of data that can be contained in a single CCW chain.
Page 577
portCfg -r value Specifies the number of records. The range is 0 to 1,677,721. The default is 200000. -s value Specifies the trigger mask value. The range is 00000000 to FFFFFFFF. The default is 00000003. -t value Specifies the trace mask value. The range is 00000000 to FFFFFFFF. The default is 80000C7B.
Page 578
portCfg destination Specifies the destination for the route. This is the IP address of the management station. This operand is required when adding or deleting a route. netmask Specifies the subnet mask. This operand is required when adding or deleting a route. gateway Specifies the gateway IP address.
Page 579
portCfg To enable Fastwrite and read/write Tape Pipelining on an existing tunnel: switch:admin> portcfg fciptunnel ge1 modify 0 -f 1 To create a tunnel with Byte Streaming enabled: switch:admin> portcfg fciptunnel ge0 create 0 90000 -f -bstr To enable Byte Streaming on an existing tunnel: switch:admin>...
Page 580
portCfg To configure the internal addresses for the CP and GbE port inband management interfaces: switch:admin> portcfg inbandmgmt ge0 ipaddrset cp 192.168.255.1 255.255.255.0 switch:admin> portcfg inbandmgmt ge0 ipaddrset ge 192.168.255.2 255.255.255.0 To add a route to a management station that is on the same subnet as the management interface IP addresses in the previous example.
portCfgAlpa portCfgAlpa Configures the AL_PA offset on a specified port or range of ports. Synopsis portcfgalpa [slot/]port, mode Description Use this command to set the Arbitrated Loop Physical Address (AL_PA) offset on a port or a range of ports to either 0x0 (default) or 0x13. Changes made by this command are persistent across switch reboots and power cycles.
portCfgAutoDisable portCfgAutoDisable Name Enables or disables the port auto disable flag. Synopsis portcfgautodisable --enable [slot/]port[-port] portcfgautodisable --disable [slot/]port[-port] Description Use this command to enable or disable the auto disable feature for a specified port or a range of ports. If the ports are already in the requested configuration, no action is taken. If a range of ports is specified, some of which are already in the requested configuration, a notification is generated, and no action is taken for those ports only.
Page 583
portCfgAutoDisable To enable the auto disable feature on a range of ports, some of which were previously enabled. The following example enables port 4. switch:admin> portcfgautodisable --enable 2-4 Same configuration for port 2 Same configuration for port 3 To disable the auto disable feature on a port range. switch:admin>...
portCfgCreditRecovery portCfgCreditRecovery Enables or disables credit recovery on a port. Synopsis portcfgcreditrecovery --disable | --enable [slot/]port Description Use this command to enable or disable credit recovery on a port. The credit recovery feature enables credits or frames to be recovered. Only ports configured as long distance ports can utilize the credit recovery feature.
portCfgDefault portCfgDefault Restores the port configuration to factory default values. Synopsis portcfgdefault [slot/][ge]port Description Use this command to reset any special port configuration values to their factory defaults. This command persistently disables ports capable of routing, which is the factory default value. You can view the current port configuration using the portCfgShow command.
portCfgEport portCfgEport Enables or disables E_Port capability on a port. Synopsis portcfgeport [slot/]port,mode Description Use this command to enable or disable E_Port capability on a port. E_Port capability is enabled by default. When an interswitch link (ISL) is connected to a port and the port's E_Port capability is disabled, the ISL is segmented, and all traffic between the switches stops.
portCfgEXPort portCfgEXPort Sets a port to be an EX_Port, and sets and displays EX_Port configuration parameters. Synopsis portcfgexport [slotnumber/]portnumber portcfgexport [-a admin] portcfgexport [-f fabricid] portcfgexport [-r ratov] portcfgexport [-e edtov] portcfgexport [-d domainid] portcfgexport [-p pidformat] portcfgexport [-t fabric_parameter] portcfgexport [-m port mode] portcfgexport [-i mode] Description...
Page 588
portCfgEXPort If the Fabric Parameter value is “Auto Negotiate”, the port ID format, R_A_TOV, and E_D_TOV values display the negotiated values indicated by “(N)” next to them. The negotiated values are what the edge switch specifies in the ELP request. If the state is “Not OK”, the R_A_TOV and E_D_TOV display “Not Applicable”.
Page 589
portCfgEXPort an error message is posted, and the command fails. Valid values are as follows: Brocade Native mode. McDATA Open Fabric mode. McDATA Fabric mode. MCDATA fabric legacy mode. Note that this mapping between mode values and modes is NOT the same as the mapping used when setting interoperability modes with the interopMode, command.
portCfgFportBuffers portCfgFportBuffers Configures F_Port buffer allocation. Synopsis portcfgfportbuffers --enable [slot/]port buffers portcfgfportbuffers --disable [slot/]port Description Use this command to change the default buffer allocation for an F_Port and to allocate a specified number of buffers to the port. When port buffer allocation is enabled, the number of buffers specified override the default F_Port buffer allocation.
portCfgGport portCfgGport Designates a port as a G_Port; removes G_Port designation. Synopsis portcfggport [slot/]port,mode Description Use this command to designate a port as a G_Port. After successful execution of this command, the switch attempts to initialize the specified port as an F_Port only, and does not attempt loop initialization (FL_Port) on the port.
portCfgISLMode portCfgISLMode Enables or disables ISL R_RDY mode on a port. Synopsis portcfgislmode [slot/]port,mode Description Use this command to enable or disable interswitch link read-ready (ISL R_RDY) mode on a port. Use the portCfgShow command to determine whether ISL R_RDY mode is enabled on a port. In ISL R_RDY mode, the port sends a primitive signal that the port is ready to receive frames.
Page 593
portCfgISLMode To disable ISL R_RDY mode on a port: switch:admin> portcfgislmode 1/3, 0 See Also configure, portCfgLongDistance, portCfgShow Fabric OS Command Reference 53-1001186-01...
portCfgLongDistance portCfgLongDistance Configures a port to support long distance links. Synopsis portcfglongdistance [slot/]port [distance_level] [vc_translation_link_init] [desired_distance] Description Use this command to allocate sufficient numbers of full size frame buffers on a particular port or to support a specified long distance link. The port can only be used as an E_Port. Changes made by this command are persistent across switch reboots and power cycles.
Page 595
portCfgLongDistance distance_level Specify the long distance level as one of the following (the numerical value representing each distance_level is shown in parentheses): L0 (0) Specify L0 to configure the port as a regular port. A total of 20 full-size frame buffers are reserved for data traffic, regardless of the port’s operating speed;...
Page 596
portCfgLongDistance Examples To configure a switch port 63 to support a 100 km link and be initialized using the long distance link initialization protocol: switch:admin> portcfglongdistance 4/15 LS 1 100 switch:admin> portshow 4/15 portCFlags: 0x1 portFlags: 0x20001 PRESENT LED portType: portState: 2 Offline portPhys:...
portCfgLport portCfgLport Configures a port as an L_Port. Synopsis portcfglport [[slot/]port] locked_mode [private_mode] [duplex_mode]] Description Use this command to designate a port as an L_Port, and to configure its behavior. When a port is designated as an L_Port, the switch attempts to initialize that port as a fabric L_Port (FL_Port). The switch will never attempt a point-to-point (F_Port) initialization on the port.
portCfgNPIVPort portCfgNPIVPort Enables or disables N_Port ID virtualization (NPIV) functionality on a port. Synopsis [slot/]port,mode Description Use this command to enable or disable NPIV functionality on a port. NPIV is only applicable to F_Ports. N_Port ID Virtualization (NPIV) enables a single Fibre Channel protocol port to appear as multiple, distinct ports, providing separate port identification within the fabric for each operating system image behind the port as if each operating system image had its own unique physical port.
Page 600
portCfgNPIVPort Examples To enable NPIV functionality on a port: switch:admin> portcfgnpivport 1/3 1 To display NPIV functionality on a port: switch:admin> portcfgshow Ports of Slot 1 9 10 11 12 13 14 15 -----------------+--+--+--+--+----+--+--+--+----+--+--+--+----+--+--+-- Speed AN AN AN AN AN AN AN AN AN AN AN AN AN AN AN AN AL_PA Offset 13...
portCfgNPort portCfgNPort Enables or disables N_Port functionality for an Access Gateway port. Synopsis portcfgnport [port_number | port_range] [mode] Description Use this command to enable or disable N_Port functionality for an Access Gateway port. The enabled N_Port automatically comes online if it is connected to an enterprise fabric switch that supports NPIV Notes NPIV capability should be enabled on the ports connected to the Access Gateway.
portCfgPersistentDisable portCfgPersistentDisable Persistently disables a port. Synopsis portcfgpersistentdisable [[slot/]port] Description Use this command to persistently disable a port, or use this command without operands to display the persistently disabled status of all ports on the switch. Persistently disabled ports remain disabled across power cycles, switch reboots, and switch enables.
portCfgPersistentEnable portCfgPersistentEnable Persistently enables a port. Synopsis portcfgpersistentenable [[slot/]port] Description Use this command to persistently enable a port or a range of ports, or use this command without operands to display the persistently disabled status of all ports on the switch. Persistently enabled ports remain enabled across power cycles, switch reboots, and switch enables.
PortCfgQos PortCfgQos Enables or disables QoS, sets the default configuration, and sets and resets the ingress rate limit. Synopsis portcfgqos --default | --disable | --enable [slot/]port portcfgqos --setratelimit [slot /]port ratelimit portcfgqos --resetratelimit [slot/]port portcfgqos --help Description Use this command to enable or disable Adaptive Networking/Quality of Service (AN/QoS) on a port, to set or reset the ingress rate limit for the specified port, and to set the default behavior.
Page 605
PortCfgQos Examples To enable QoS on a port. switch:admin> portcfgqos --enable 3/15 To disable QoS on a port. switch:admin> portcfgqos --disable 3/15 To set the ingress rate limit on a port to 2 Gbps: switch:admin> portcfgqos --setratelimit 3/15 2000 To set the default QoS configuration on a port: switch:admin>...
portCfgShow portCfgShow Displays port configuration settings. Synopsis portcfgshow portcfgshow [[slot/]port] portcfgshow option [slot/][ge]port [arguments] [optional arguments] Description Use this command to display the current configuration of a port. If no operand is specified, this command displays port configuration settings for all ports on a switch, except gigabit Ethernet (GbE) ports.
Page 607
portCfgShow VC Link Init Displays (..) or OFF when the long distance link initialization option is turned off. Displays ON when it is turned on for long distance mode. This value is set by the portCfgLongDistance command. Locked L_Port Displays ON when the port is locked to L_Port only. Displays (..) or OFF when L_Port lock mode is disabled and the port behaves as a U_Port).
Page 608
portCfgShow Port Auto Disable Displays On when the Auto Disable feature is enabled on a port or (..)/OFF when disabled. This feature causes ports to become disabled when they encounter an event that would cause them to reinitialize. This feature is enabled by the portCfgAutoDisable command.
Page 610
portCfgShow To display the configuration settings for a port with Access Gateway enabled: SW4016_5311:admin> portcfgshow Ports of Slot 0 9 10 11 12 13 14 15 -----------------+--+--+--+--+----+--+--+--+----+--+--+--+----+--+--+-- Speed AN AN AN AN AN AN AN AN AN AN AN AN AN AN AN AN AL_PA Offset 13 ..
Page 611
portCfgShow ------------------------------ Iproute Configuration: IP Address Mask Gateway Metric ------------------------------------------------------ IPv6ddress Gateway Metric ------------------------------------------------------ Fciptunnel configuration: IPV4 FCIP TUNNEL(S) ------------------------------------------- Tunnel ID 0 Remote IP Addr 192.168.60.180 Local IP Addr 192.168.60.100 Remote WWN Not Configured Local WWN 10:00:00:05:1e:39:80:65 Compression on Fastwrite off Tape Pipelining off Committed Rate 125000 Kbps (0.125000 Gbps)
Page 612
portCfgShow To display VLAN tagging on a GbE port (refer to the portCfg help page for an explanation of the displayed parameters): switch: admin> portcfgshow vlantag 8/ge0 Port: 8/ge0 IpIfAddress VlanId L2 CoS Dest IP Address Flags ----------------------------------------------------- 192.168.10.1 192.168.10.1 192.168.10.1 0.0.0.0 Perm...
portCfgSpeed portCfgSpeed Configures the speed for a single port. Synopsis portcfgspeed [slotnumber/]portnumber, speed Description Use this command to set the speed on a specified port. This command disables and then re-enables the port, and the port comes online with the new speed setting. The configuration is saved in nonvolatile memory and is persistent across switch reboots or power cycles.
portCfgTrunkPort portCfgTrunkPort Enables or disables trunking on a port. Synopsis portcfgtrunkport [slot/]port[,] mode Description Use this command to enable or disable trunking on a port. Use switchCfgTrunk to enable or disable trunking on all ports of a switch. When the command is executed to update the trunking configuration, the port to which the configuration applies is disabled and subsequently re-enabled with the new trunking configuration.
portCfgVEXPort portCfgVEXPort Configures a port as a VEX_Port connected to an FC-IP and sets and displays VEX_Port configuration parameters. Synopsis portcfgvexport [slotnumber/]portnumber portcfgvexport [-a admin] portcfgvexport [-f fabricid] portcfgvexport [-r ratov] portcfgvexport [-e edtov] portcfgvexport [-d domainid] portcfgvexport [-p pidformat] portcfgvexport [-t fabric_parameter] portcfgvexport [-m portmode] Description...
Page 616
portCfgVEXPort The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place. Refer to chapter 1, "Using Fabric OS commands" and Appendix A, "Command Availability" for details. Operands This command has the following operands: -a admin Enables or disables the specified port as a VEX_Port.
Page 617
portCfgVEXPort Front WWN: 50:06:06:9e:20:9f:ce:10 Principal Switch: principal WWN: 10:00:00:60:69:c0:05:8a Fabric Parameters: Auto Negotiate R_A_TOV: 9000(N) E_D_TOV: 2000(N) Edge fabric's primary wwn: N/A Edge fabric's version stamp: N/A To set the fabric ID of port 2/21 to 5 and the port ID format to core: switch:admin>...
portCmd portCmd Diagnoses intelligent ports. Synopsis portcmd action [slot/]geport arguments Description Use this command to invoke the end-to-end IP path performance (ipperf) characterization feature, or to ping or trace route to a destination IP host from an intelligent GbE port. Notes Virtual LAN (VLAN) tagging is supported on the Brocade FR4-18i and all 7500 platforms that run Fabric OS v6.0.0 or later.
Page 619
portCmd -r committed_rate Specifies a committed rate for the data stream, in Kbps. If specified, the traffic generator is limited by a traffic shaper. This characterizes the end-to-end IP path performance based on the data rate configured for a tunnel between the same end-points. If a rate is not specified, the traffic generator competes for uncommitted bandwidth.
Page 620
portCmd -d dst_ip Specifies the destination IP address to which to target the ping request. IPv6 addresses are supported. -n num_requests Specifies the number of ping requests. Valid values are 1 to 255. The default is 4. This operand is optional. -q service_type Specifies the type of service in the ping request.
Page 621
portCmd -z size Specifies the size, in bytes, of the trace route packet to use. The default is 64 bytes. In an IPv4 environment, the ICMP/IP header occupies 28 bytes. In an IPv6 environment, it occupies 48 bytes. The total size, including ICMP/IP headers (28 or 48 bytes without IP options), cannot be greater than the IP MTU configured on the interface.
portDebug portDebug Sets debug level and verbose level of port modules. Synopsis portdebug dbg_lvl, vbs_lvl Description Use this command to set the debug level and verbose level of port modules. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
portDisable portDisable Disables a port. Synopsis portdisable [slot/]port Description Use this command to disable a port. If a port is connected to another switch when disabled, the fabric may reconfigure. Devices connected to this port can no longer communicate with the fabric. If the port was online before being disabled, a state transition will be indicated in one of the following ways: RSCN, SNMP trap, or Web pop-up window.
portEnable portEnable Enables a port. Synopsis portenable [slot/]port Description Use this command to enable a port. If a port is connected to another switch when enabled, the fabric may reconfigure. Devices connected to the port can now communicate with the fabric. For ports that come online after being enabled, the following indications might be sent to indicate a state transition: RSCN, SNMP trap, Web pop-up window.
portErrShow portErrShow Displays port error summary. Synopsis porterrshow Description Use this command to display an error summary for all ports. The display contains one output line per port. Numeric values exceeding 999 are displayed in units of thousands (k), or millions (m) if indicated.
Page 626
portErrShow 527k 39k 6.6k 2.2k (output truncated) See Also portShow, portStatsShow Fabric OS Command Reference 53-1001186-01...
portFlagsShow portFlagsShow Displays the port status bitmaps for all ports in a switch. Synopsis portflagsshow Description Use this command to display the following status for a port: SNMP Displays whether the port is online or offline. Physical Displays the port physical status. Valid values are In_Sync and No_Light. Flags Displays whether there is an SFP inserted in the port, whether the port is active, and the port type.
portLedTest portLedTest Cycles user port LEDs. Synopsis portledtest [-npass count][-ports itemlist] Description Use this command to exercise the user port LEDs in the current switch on and off by setting the ATTN LEDs to green for the ON condition and unlighted for the OFF condition. The SPEED LEDs are initially set to black before the command execution.
portLogClear portLogClear Clears the port log. Synopsis portlogclear Description Use this command to clear the port log. You might want to clear the port log before triggering an activity so that the log displays only the log events related to that activity. If the port log is disabled, portLogClear enables it.
portLogConfigShow portLogConfigShow Displays the current port log configuration. Synopsis portlogconfigshow Description Use this command to display the current port log configuration. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place. Refer to chapter 1, "Using Fabric OS commands" and Appendix A, "Command Availability"...
portLogDisable portLogDisable Disables the port log facility. Synopsis portlogdisable Description Use this command to disable the port log facility. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place. Refer to chapter 1, "Using Fabric OS commands" and Appendix A, "Command Availability"...
portLogDump portLogDump Displays the port log without page breaks. Synopsis portlogdump [count[, saved[, portid]]] Description Use this command to display the port log, listing all entries in the log without page breaks. This command displays the same information as portLogShow, but portLogShow prompts you to press Enter between each page.
portLogDumpPort portLogDumpPort Displays the port log of a specified port without page breaks. Synopsis portlogdumpport portid Description Use this command to display the port log of a specified port. The command displays all entries in the log without any page breaks. It is identical to portLogShowPort, except that portLogShowPort prompts you to press Enter between each page.
portLogEnable portLogEnable Enables the port log facility. Synopsis portLogEnable Description Use this command to enable the port log facility. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place. Refer to chapter 1, "Using Fabric OS commands" and Appendix A, "Command Availability"...
portLogEventShow portLogEventShow Displays information about port log events. Synopsis portlogeventshow Description Use this command to display information about the ID associated with the various port log events. The Disabled field indicates whether the port log for that event ID is disabled (1) or enabled (0). Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
portLoginShow portLoginShow Displays port login status of devices attached to the specified port. Synopsis portloginshow [slotnumber/]portnumber Description Use this command to display port login status received from devices attached to the specified port. For each login, this command displays the following fields: Type Type of login can display one of the following: FDISC, Discover F_Port Service Parameters or Virtual N_Port login.
portLogPdisc portLogPdisc Sets or clears the debug_pdisc_flag. Synopsis portlogpdisc 0 | 1 Description Use this command to set or clear the debug_pdisc_flag. This command is part of the environmental monitor. A setting of 1 will enable logging of Port Discovery parameters. The PDISC log is disabled by default.
portLogReset portLogReset Enables the port log facility. Synopsis portlogreset Description Use this command to enable the port log facility. Notes Refer to portLogClear for events that might disable the port log facility. The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
portLogResize portLogResize Resizes the port log to a specified number of entries. Synopsis portlogresize num_entries Description Use this command to resize the port log to a specified number of entries. If the specified number of entries is less than the already configured port log size, there is no change. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
portLogShow portLogShow Displays the port log with page breaks. Synopsis portlogshow [count[, saved]] Description Use this command to display the port log, page by page. The portLogShow command displays the same information as portLogDump, but one page at a time. The port log is a circular log file in the switch firmware, which can save up to 32,768 entries.
Page 641
portLogShow fcout Outgoing Fibre Channel information unit. read Information unit header log from read operation. write Information unit header log from write operation. Information unit header log of an FC error frame. frame FC frame payload. nsRemQ Interswitch name server query. rscn RSCN.
Page 642
portLogShow Tx & Rx Header words 0,1,4 (R_CTL,D_ID,S_ID,OX_ID,RX_ID) and the first payload word. reject FC-PH reject reason. busy FC-PH busy reason. ctin Argument 0 is divided into two 16-bit fields: [A] a bit map indicating whether subsequent arguments are valid (0001 means argument 1 is valid, 0003 means arguments 1 and 2 are valid).
Page 643
portLogShow Offline Testing Faulty E_Port F_Port Segmented pstate Active State Link Reset: LR Transmit State Link Reset: LR Receive State Link Reset: LRR Receive State Link Failure: NOS Transmit State Link Failure: NOS Receive State Offline: OLS Transmit State Offline: OLS Receive State Offline: Wait for OLS State LIP reason 8001...
Page 644
portLogShow Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place. Refer to chapter 1, "Using Fabric OS Commands" and Appendix A, "Command Availability" for details. Operands This command has the following operands: count Specify the maximum number of lines to display.
portLogShowPort portLogShowPort Displays the port log of a specified port with page breaks. Synopsis portlogshowport [portid] Description Use this command to display the port log of the specified port, showing all entries in the log with page breaks. It is identical to portLogDumpPort, except that portLogDumpPort does not prompt you to press Enter between each page of output.
portLogTypeDisable portLogTypeDisable Disables the port log of a specified type. Synopsis portlogtypedisable id Description Use this command to disable the port log for a specified port log type. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
portLogTypeEnable portLogTypeEnable Enables the port log of a specified port log type. Synopsis portlogtypeenable id Description Use this command to enable the port log for a specified port log type. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
portLoopbackTest portLoopbackTest Performs a functional test of port N->N path. Synopsis portloopbacktest [--slot number][-nframes count][-lb_mode mode][-spd_mode mode] [-ports itemlist] Description Use this command to verify the functional operation of the switch by sending frames from the port N transmitter and looping them back into the same port’s receiver. The loopback is done at the parallel loopback path.
Page 649
portLoopbackTest Operands This command has the following operands: --slot number Specifies the slot number on which to run the diagnostics. The ports specified will be relative to this slot number. The default is 0 and designed to operate on fixed-port-count products. -nframes count Specifies the number of frames to send.
Page 650
portLoopbackTest TIMEOUT Did not receive a frame in the given timeout period. XMIT Frame transmission failure. See Also itemList Fabric OS Command Reference 53-1001186-01...
portMirror portMirror Adds, deletes, or displays mirror connections. Synopsis portmirror --show portmirror --add [slotnumber/]portnumber sourceID DestID portmirror --delete [sourceID DestID] Description Use this command to add, delete, or show a mirror connection between two ports, a source and a destination port. The SourceID must be local to the switch.
Page 652
portMirror Use the portPerfShow command to display the total number of transmit and receive bytes for each port. In the case of a mirror port, this command shows twice the amount of traffic, because the mirror port transmits the frame and also receives the frame. Notes The port mirroring feature is not supported on all platforms.
Page 653
portMirror To delete a port mirror connection between a local switch port and a remote switch port: switch:admin> portmirror --delete 0x011400 0x240400 To display port mirror connections: switch:admin> portmirror --show Number of mirror connection(s) configured: 2 Mirror_Port State ---------------------------------------- 10/12 0x791800 0x791900 Defined...
portName portName Assigns a name to the specified port, or displays a port name. Synopsis portname [slotnumber/]portnumber [name] Description Use this command to assign or display a port name. This name is included in the portShow output; it should not be confused with the world wide port name. Like all other configurable port attributes, port name persists across reboots and power cycles.
portPerfShow portPerfShow Displays port throughput performance. Synopsis portperfshow [interval] Description Use this command to display throughput information for all ports on the switch. Output includes the number of bytes received plus the number of bytes transmitted per interval. Throughput values are displayed as either bytes, kilobytes (k), megabytes (m), or gigabytes (g).
portRouteShow portRouteShow Displays routing tables for the specified port. Synopsis portrouteshow [slotnumber/]portnumber Description Use this command to display the port address ID for a specified port and the contents of the following port routing tables: External unicast routing table Displays how the specified port forwards unicast frames to remote domains in the following format: domain_number: ports_bitmap domain_number...
Page 657
portRouteShow Examples To display the routing tables for a port: switch:user> portrouteshow 4/15 port address ID: 0x02bf00 external unicast routing table: 1: 0x4 (vc=3) 2: 0x10000 (vc=0) internal unicast routing table: 60: 0x8000 (vc=2) 63: 0x1000 (vc=5) broadcast routing table: 0x10000 See Also bcastShow, fabricShow, switchShow, topologyShow, uRouteShow...
portShow portShow Displays the status of the specified port. Synopsis portshow [slot/]port portshow [options] [slot/]geport arguments optional_arguments Description Use this command to display general port status and specific configuration parameters for the specified port If this command is executed for a specified port with no additional options, it displays general status and configuration for that port.
Page 659
portShow portState The port's SNMP state: Online Up and running. Offline Not online, see portPhys for more detail. Testing Running diagnostics. Faulty Failed diagnostics. Persistently Disabled Persistently disabled. portPhys The port's physical state: No_Card No interface card present. No_Module No module (GBIC or other) present. No_Light Module is not receiving light.
Page 660
portShow Front Phantom Information on the front phantom domain presented by this EX_Port. Includes the preferred (if not active) or actual (if active) domain ID for the front domain and the WWN of the front domain. Pr Switch Info Information on the principal switch of the edge fabric attached to this EX_Port.
Page 661
portShow The second column displays link error status block counters. The third column shows the number of F_RJTs and F_BSYs generated. For L_Ports, the third column also displays the number of loop initialization protocols (LIPs) received, number of LIPs transmitted, and the last LIP received. In Fabric OS v6.2.0 or later, each GbE port is associated with a TCP history, which tracks the state of statistics at the moment of a TCP connection failure.
Page 662
portShow Tunnel Num The tunnel number associated with this TCP connection Connection The type of TCP connection (CONTROL or DATA) LPort Local port RPort Remote port Counter of out-of-order segments OOO H Out-of-order segments high water mark Dup ACK Counter of duplicate ACKs Rtx Dup ACK Counter of retransmit packets due to duplicate ACK Fast Rtx...
Page 663
portShow FCIP Smoothed RTT The WAN RTT perceived in FCIP smoothed over the last 8 samples. FCIP RTT Variance Variance in RTT perceived in FCIP. Notes The output of this command may vary depending on the hardware platform and port type. The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
Page 664
portShow -snapstart Resets TCP statistics. The collection of the statistics re-starts when this command is executed. It ends when the -snapshow option is executed. -snapshow Displays the TCP statistics that were collected since startup or since the statistics were reset with the -snapshow command. ipif Displays the IP interface ID, IP address, netmask, and MTU for IPv4 addresses.
Page 665
portShow inbandmgmt Displays the status of the inband management configuration and IP addresses configured to enable inband management on the Brocade 7500 through GbE port interfaces. This command requires a port to be specified and displays the IP addresses for that port. In addition the output shows whether inband management is enabled or disabled.
Page 666
portShow Front Phantom: State: OK Cur Dom ID: 160 WWN: 50:00:51:e3:60:ee:0e:14 Pr Switch Info: Dom ID: 5 WWN: 10:00:00:05:1e:34:02:04 Fabric params: R_A_TOV: 10000 E_D_TOV: 2000 PID fmt: core Authentication Type: None Hash Algorithm: N/A DH Group: N/A Edge fabric's primary wwn: N/A Edge fabric's version stamp: N/A portDisableReason: None portCFlags: 0x1...
Page 667
portShow Interface IP Address NetMask ---------------------------------------------- 192.168.60.103 255.255.255.0 1700 Interface IP Address NetMask ---------------------------------------------- 192.168.60.104 255.255.255.0 1400 Interface IP Address NetMask ---------------------------------------------- 192.168.60.105 255.255.255.0 2000 Interface IP Address NetMask ---------------------------------------------- 192.168.60.106 255.255.255.0 1300 Interface IP Address NetMask ---------------------------------------------- 192.168.60.107 255.255.255.0 2200 To display IP routes with IPv4 addresses on a GbE port: switch:admin>...
Page 668
portShow Keepalive Timeout 10 Max Retransmissions 8 VC QoS Mapping off DSCP Marking (Control): 0, DSCP Marking (Data): 0 VLAN Tagging Not Configured TCP Byte Streaming on Status : Inactive Connected Count: 0 Port: ge1 ------------------------------------------- Tunnel ID 0 Tunnel Description "This is a test Description of this tunnel" Remote IP Addr 192.168.10.10 Local IP Addr 192.168.10.2 Remote WWN Not Configured...
Page 671
portShow IPSec Policy 1 ----------------------------------------- Authentication Algorithm: SHA-1 Encryption: AES-128 SA Life (seconds): 28800 Pre-Shared Key testingFIPSandIPSec To display the TCIP connection history after the connection was severed: Switch:admin> portshow fciptunnel ge1 0 -hist Port: ge1 ------------------------------------------- Tunnel ID 0 Tunnel Description "This is a test Description of this tunnel"...
Page 672
portShow To display a snapshot of the TCP statistics: Switch:admin> portshow fciptunnel ge1 0 -snapshow Port: ge1 ------------------------------------------- Tunnel ID 0 Tunnel Description "This is a test Description of this tunnel" Remote IP Addr 192.168.114.2 Local IP Addr 192.168.114.1 Remote WWN Not Configured Local WWN 10:00:00:05:1e:38:84:65 Compression off Fastwrite off...
Page 673
portShow Min Retransmit Time 100 Keepalive Timeout 10 Max Retransmissions 8 VC QoS Mapping off DSCP Marking (Control): 0, DSCP Marking (Data): 0 VLAN Tagging Not Configured TCP Byte Streaming on Status : Active Connected Count: 1 Uptime 5 minutes, 26 seconds TCP data and control statistics snapshots have been reset for tunnel 0 To show the ARP entries with local MAC address for a GbE port: switch:admin>...
Page 675
portShow To display Byte Streaming parameters: switch:admin> portshow fciptunnel ge1 0 -bstr Port: ge1 ------------------------------------------- Tunnel ID 0 Remote IP Addr 192.168.32.2 Local IP Addr 192.168.32.1 Remote WWN Not Configured Local WWN 10:00:00:05:1e:41:2f:2e Compression off Fastwrite on Tape Pipelining off Committed Rate 400000 Kbps (0.400000 Gbps) SACK on Min Retransmit Time 100...
Page 676
portShow To displaysthe same information as the previous example but post selected statistical areas: switch:admin> portshow ficon ge0 all -fdcb 10008000 -clear To display the inband management interfaces configured on the 7500: switch:admin> portshow inbandmgmt ge1 Port: ge1 Inband Management: Enabled CP Interface IP Address NetMask ----------------------------------------------...
portStats64Show portStats64Show Displays the 64-bit hardware statistics for a port. Synopsis portstats64show [slotnumber/]portnumber Description Use this command to display the following hardware statistics for a port. Two integers are reported for most values. In such cases, the top word is the most significant. stat64_wtx Number of 4-byte words transmitted.
Page 678
portStats64Show stat64_rateRxPeakByte Rx peak Byte rate (Bps). stat64_PRJTFrames Number of P_RJT frames transmitted. stat64_PBSYFrames Number of P_BSY transmitted. stat64_inputBuffersFull Occasions on which input buffers are full. stat64_rxClass1Frames Class 1 frames received. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
Page 679
portStats64Show er_bad_eof top_int : Frames with bad end-of-frame bottom_int : Frames with bad end-of-frame er64_enc_out top_int : Encoding error outside of frames 9131157 bottom_int : Encoding error outside of frames er64_disc_c3 top_int : Class 3 frames discarded bottom_int : Class 3 frames discarded stat64_rateTxFrame Tx frame rate (fr/sec) stat64_rateRxFrame...
portStatsClear portStatsClear Clears the hardware statistics of a port. Synopsis portstatsclear [slot/]port Description Use this command to clear the hardware statistics for a specified port. This command also clears the hardware statistics for the associated three ports in the target port's quad, including ALPA-based CRC monitor, End-to-End monitor, and Filter-based performance monitor statistics.
portStatsShow portStatsShow Displays port hardware statistics. Synopsis portstatsshow [slotnumber/]portnumber portstatsshow [ge | ip | fcip ] [slotnumber/]geportnumber [ipaddress | tunnelnumber] Description Use this command to display port hardware statistics counters. Some counters are platform- or port-specific and display only on those platforms and ports. All statistics have a maximum 32-bit value of 4,294,967,295.
Page 682
portStatsShow er_toolong The number of frames longer than the maximum frame length. er_bad_eof The number of frames with bad end-of-frame. er_enc_out The number of encoding error outside frames. er_bad_os The number of invalid ordered sets (platform- and port-specific). er_c3_timeout The number of class 3 frames discarded due to timeout (platform- and port-specific).
Page 683
portStatsShow ipaddress Optionally specifies an IP address to display statistics only for the specified IP address. fcip Displays the GbE statistics on all FCIP tunnels. tunnelnumber Optionally specifies a tunnel ID to display statistics only for the specified FCIP tunnel. Examples To display the basic set of statistics for port 13 on a DCX backbone: switch:admin>...
Page 684
portStatsShow ge_stat_tx_bcast_frms GE transmitted broadcast frames ge_stat_tx_vlan_frms GE transmitted vlan frames ge_stat_tx_pause_frms GE transmitted pause frames ge_stat_rx_frms GE received frames ge_stat_rx_octets GE received octets ge_stat_rx_ucast_frms GE received unicast frames ge_stat_rx_mcast_frms GE received multicast frames ge_stat_rx_bcast_frms GE received broadcast frames ge_stat_rx_vlan_frms GE received vlan frames ge_stat_rx_pause_frms GE received pause frames...
portSwap portSwap Swaps area numbers of two ports. Synopsis portswap [slotnumber1/]portnumber1 [slotnumber2/]portnumber2 Description Use this command to swap area numbers for a pair of ports. Both ports must be disabled prior to executing this command and the port-swapping feature must be enabled using portSwapEnable. The result of this operation is persistent across reboots and power cycles.
portSwapDisable portSwapDisable Disables the portswap feature. Synopsis portswapdisable Description Use this command to disable the portswap feature. The portSwap command cannot be used after this feature is disabled. The disabled state of the portswap feature is persistent across reboots and power cycles. Enabling or disabling the portswap feature does not affect previously performed portswap operations.
portSwapEnable portSwapEnable Enables the portswap feature. Synopsis portswapenable Description Use this command to enable the portswap feature. The portSwap command cannot be used unless the feature is first enabled with this command. The enabled state of the portswap feature is persistent across reboots and power cycles. Enabling or disabling the portswap feature does not affect previously performed portswap operations.
portSwapShow portSwapShow Displays the state of the portswap feature. Synopsis portswapshow Description Use this command to display the enabled state of the portswap feature, as well as port and area information for ports whose area number differs from the default area number. The default area number of a port is the same as its switch port number.
portTest portTest Performs a functional test of a switch in a live fabric. Synopsis porttest [-ports itemlist][-iteration count][-userdelay time][-timeout time][-pattern pattern] [-patsize size][-seed seed][-listtype porttype] Description Use this command to isolate problems in a single replaceable element and to trace problems to near-end terminal equipment, far-end terminal equipment, or the transmission line.
Page 690
portTest • From the default switch to a switch that supports Virtual Fabrics but has the VF feature disabled. To ensure coverage of all ports, it is recommended that you run portTest before enabling Virtual Fabrics on the switch. It is recommended that you run portTest before you configure the logical switches or disable the Virtual Fabric feature on the switches connected to the ports you are testing.
portTestShow portTestShow Displays information from portTest. Synopsis porttestshow [-ports itemlist] Description Use this command to display a snapshot of information from portTest. The following information displays: • Pass or fail information on a given port. • Port type tested. • Current state of portTest (NO TEST, TESTING, or TEST DONE).
portTrunkArea portTrunkArea Assigns or removes a trunk area (TA) from a port or port trunk group; displays masterless F_Port trunking configuration. Synopsis porttrunkarea --enable port[-Range] -area area_number porttrunkarea --enable slot/port[-Range] -index port_index porttrunkarea --disable [slot/]port[-Range] porttrunkarea --disable all porttrunkarea --show disabled | enabled | trunk | all porttrunkarea --show slot/port[-Range] Description Use this command to assign a static trunk area (TA) on a port or port trunk group, to remove a TA...
Page 693
portTrunkArea deskew The time difference for traffic to travel over each F_Port trunk as compared to the F_Port trunk with the shortest travel time in the group. The value is expressed in nanoseconds divided by 10. The firmware automatically sets the minimum deskew value of the shortest F_Port trunk travel time to 15.
Page 694
portTrunkArea port Specifies the port number, relative to its slot on bladed systems. -Range Optionally specifies a port range. For example, 9/8-15 on an enterprise-class platform indicates slot 9, ports 8 - 15. Range of ports should fall in the octet trunk range starting from port 0 on a switch or blade.
Page 695
portTrunkArea Examples To enable masterless F_Port trunking on a standalone switch: 1. Disable ports 36 - 39 by executing portdisable port for each port to be included in the TA. 2. Enable Trunk Area for ports 36 - 39 with area number 37: switch:admin>...
Page 696
portTrunkArea No_Light No_Light No_Light No_Light Online F-Port 20:14:00:05:1e:41:4b:4d Online F-Port 20:15:00:05:1e:41:4b:4d Online F-Port 20:16:00:05:1e:41:4b:4d Online F-Port 2 NPIV public 5. Display TA enabled port configuration: switch:admin> porttrunkarea --show enabled Port Type State Master ------------------------------------- To disable masterless F_Port trunking on ports 36-39: switch:admin>...
Page 697
portTrunkArea 4. Enable ports 13 and 14: switch:admin> portenable 10/13 switch:admin> portenable 10/14 5. Show the TA port configuration after enabling the ports: switch:admin> porttrunkarea --show enabled Slot Port Type State Master ------------------------------------------- F-port Master 10/13 125 125 F-port Slave 10/13 125 126 See Also...
portZoneShow portZoneShow Displays the enforced zone type of the F_Ports and FL_Ports of a switch. Synopsis portzoneshow Description Use this command to display the enforced zone type of the F_ports and FL_Ports of a switch. Output shows virtual port number (decimal), physical port number (decimal), online status, and if online, port type.
powerOffListSet powerOffListSet Sets the order in which slots are powered off. Synopsis powerofflistset Description Use this command to Modify the order in which slots are powered off. This command displays the current order, and then prompts you interactively to confirm or modify the power-off position for each slot.
Page 700
powerOffListSet 2nd slot to be powered off: (2..10) [9] 2 3rd slot to be powered off: (3..10) [8] 3 4th slot to be powered off: (4..10) [7] 4 5th slot to be powered off: (7..10) [7] 10 6th slot to be powered off: (7..9) [8] 9 7th slot to be powered off: (7..8) [8] 8 8th slot to be powered off: (7..7) [7] 7 Old POL...
powerOffListShow powerOffListShow Displays the order in which slots are powered off. Synopsis powerofflistshow Description Use this command to display the order in which the physical slots are powered off. Whenever a power supply goes out of service or a field-replaceable unit (FRU) is inserted, the system's available power is compared to the system's required power to determine if there is enough power to operate.
psShow psShow Displays power supply status. Synopsis psshow Description Use this command to display the current status of the switch power supplies. The status of each supply is displayed as: Power supply functioning correctly. absent Power supply not present. unknown Unknown power supply unit installed.
reboot reboot Reboots the control processor (CP) in a switch or a director. Synopsis reboot [-f] Description When this command is issued on a switch connected to a fabric, all traffic to and from that switch stops. All Fibre Channel ports on that switch including E_Ports become inactive until the switch comes online.
routeHelp routeHelp Displays a list of FSPF-related commands. Synopsis routehelp Description Use this command to display a list of fabric-shortest-path-first (FSPF)-related commands. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place. Refer to chapter 1, "Using Fabric OS commands" and Appendix A, "Command Availability"...
secActiveSize secActiveSize Displays the size of the active security database. Synopsis secactivesize Description Use this command to display the size of the active security database. The command also displays the maximum database size. For switches running Fabric OS v6.2.0 and later, the maximum security database size is 1 megabyte per logical switch.
secAuthSecret secAuthSecret Manages the DH-CHAP shared secret key information. Synopsis secauthsecret --show secauthsecret --set secauthsecret --remove value | --all Description Use this command to manage the DH-CHAP shared secret key database used for authentication. This command displays, sets, and removes shared secret key information from the database or deletes the entire database.
Page 707
secAuthSecret 1. WWN for which secret is being set up. 2. Peer secret: The secret of the peer that authenticates to peer. 3. Local secret: The local secret that authenticates peer. Press Enter to start setting up shared secrets > Enter WWN, Domain, or switch name (Leave blank when done): 10:00:00:60:69:80:05:14 Enter peer secret:...
Page 709
secCertUtil Operands This command has the following operands: genkey Generates a public/private key pair. This is the first step in setting up a third-party certificate. When prompted for a key size, enter either 1024 or 2048 bits. The greater the value, the more secure is the connection; however, performance degrades with size.
Page 710
secCertUtil -nowarn Deletes the specified file without confirmation. This operand is optional. export Exports a CSR to a host. This command is typically used to submit a CSR to the Certification Authority (CA) that issues the certificate. The following operands are optional; if omitted, the command prompts interactively for your input.
Page 711
secCertUtil -password password Specifies the password for the user account. When using SCP, for security reasons, do not enter a password on the command line. Use the interactive version instead. show Lists all existing PKI-based certificates on the switch. The following operands are optional and exclusive.
Page 712
secCertUtil To delete a CSR in non-interactive mode: switch:admin> seccertutil delcsr -nowarn To import an LDAP certificate from a remote host to the local switch in interactive mode: switch:admin> seccertutil import -ldapcacert Select protocol [ftp or scp]: ftp Enter IP address: 195.168.38.206 Enter remote directory: /users/home/remote_certs Enter certificate name (must have ".crt", ".cer"...
Page 713
secCertUtil To delete an LDAP CA certificate in interactive mode: switch:admin> seccertutil delete -ldapcacert filename.pem WARNING!!! About to delete certificate: filename.cer ARE YOU SURE (yes, y, no, n): [no] Deleted LDAP certificate successfully To delete an LDAP CA certificate in non-interactive mode: switch:admin>...
secDefineSize secDefineSize Displays the size of the defined security database. Synopsis secdefinesize Description Use this command to display the size of the defined security database. The command also displays the maximum database size. For switches running Fabric OS v6.2.0 and later, the maximum security database size is 1 Megabyte per logical switch.
secGlobalShow secGlobalShow Displays the current internal security state information. Synopsis secglobalshow Description Use this command to display security server (secd) specific information as a snapshot of its current state. The output may include information about the following: • General security parameters •...
Page 716
secGlobalShow Security Defined DataSize 35 bytes Define Sum 215b Zone Size (include enabled configuration) 312 bytes Zone sum e04b215b sec_db: free primaryDLPhase 0 ----wwnDL State----- usec --------- LOG CACHE --------- 14:08:50 813905136 secipadm_ipchange receives notification 14:08:50 850588912 secProcessIPChange starts processing 14:08:50 850588912 secProcessIPChange acks completion [Output truncated] See Also...
secHelp secHelp Displays information about security commands. Synopsis sechelp Description Use this command to display a list of security commands with a brief description of the commands. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
secPolicyAbort secPolicyAbort Aborts all changes to the defined database that have not been saved. Synopsis secpolicyabort Description Use this command to abort all changes to the defined security database that have not been saved to flash memory and to abort changes to policy creation and modification operations from all the switches if a fabric-wide consistency policy is not set for the particular policy.
secPolicyActivate secPolicyActivate Saves and activates the Defined Security Policy Set. Synopsis secpolicyactivate Description Use this command to activate the current defined security policy to all switches in the fabric. This activates the policy set on the local switch or all switches in the fabric depending on the fabric-wide consistency policy.
secPolicyAdd secPolicyAdd Adds members to an existing security policy. Synopsis secpolicyadd “name”, “member[;member...]” Description Use this command to add one or more members to an existing access policy. Each policy corresponds to a management method. The list of members of a policy acts as an access control list for that management method.
Page 721
secPolicyAdd “member” Specify a list of one or more member switches to be included in the security policy. The list must be enclosed in quotation marks; members must be separated by semicolons. Depending on the policy type, members are specified as follows. FCS_POLICY or SCC_POLICY Members This policy type requires member IDs to be specified as WWN strings, Domains, or switch names.
secPolicyCreate secPolicyCreate Creates a new security policy. Synopsis secpolicycreate "name" [, "member[;member...]"] Description Use this command to create a new policy and to edit Switch Connection Control (SCC), Device Connection Control (DCC), and Fabric Configuration Server (FCS) policies on the local switch. All policies can be created only once, except for the DCC_POLICY_nnn.
Page 723
secPolicyCreate The DCC_POLICY_nnn name has the common prefix DCC_POLICY_ followed by a string of user-defined characters. These characters do not have to be capitalized like regular policy names. Valid values for DCC_POLICY_nnn are user-defined alphanumeric or underscore characters. The maximum length is 30 characters, including the prefix DCC_POLICY_.
Page 724
secPolicyCreate While creating the FCS policy, the local switch WWN is automatically included in the list. Switches included in the FCS list are FCS switches and the remaining switches in the fabric are non-FCS switches. Out of the FCS list, the switch that is in the first position becomes the Primary FCS switch and the remaining switches become backup FCS switches.
secPolicyDelete secPolicyDelete Deletes an existing security policy. Synopsis secpolicydelete name Description Use this command to delete an existing security policy from the defined security database. Run secPolicyActivate to delete the policies from the active security policy list. Deleting a security policy does not cause any traffic disruption.
Page 726
secPolicyDelete To delete all stale DCC policies in the fabric: primaryfcs:admin> secpolicydelete ALL_STALE_DCC_POLICY About to clear all STALE DCC policies (yes, y, no, n): [no] y ARE YOU SURE See Also secPolicyAbort, secPolicyActivate, secPolicyAdd, secPolicyCreate, secPolicyDump, secPolicyRemove, secPolicySave, secPolicyShow Fabric OS Command Reference 53-1001186-01...
secPolicyDump secPolicyDump Displays the members of one or all existing security policies. Synopsis secpolicydump [“listtype”][, “name”] Description Use this command to display, without page breaks, the members of an existing policy in the active and defined (saved) databases. When issued without operands, this command displays the members of all security policies.
Page 728
secPolicyDump To display all security policies in the active database: switch:admin> secpolicydump "active" ____________________________________________________ ACTIVE POLICY SET FCS_POLICY Primary WWN DId swName -------------------------------------------------- 10:00:00:05:1e:39:5f:67 3 NeptuneSec 10:00:00:05:1e:90:09:4a - Unknown SCC_POLICY DId swName -------------------------------------------------- 10:00:00:05:1e:39:5f:67 3 NeptuneSec 10:00:00:05:1e:90:09:4a - Unknown DCC_POLICY_h1 Type DId swName --------------------------------------------------...
Page 729
secPolicyDump To display the FCS policies in the defined database: admin:admin> secpolicydump "Defined","FCS_POLICY" ____________________________________________________ DEFINED POLICY SET FCS_POLICY Primary WWN DId swName -------------------------------------------------- 10:00:00:05:1e:39:5f:67 3 NeptuneSec 10:00:00:05:1e:90:09:4a - Unknown To display the SCC policies in the defined database: switch:admin> secpolicydump "Defined","SCC_POLICY" ____________________________________________________ DEFINED POLICY SET SCC_POLICY...
secPolicyFCSMove secPolicyFCSMove Moves a member in the FCS policy. Synopsis secpolicyfcsmove [from, to] Description Use this command to move an FCS member from one position to another position in the FCS list. Only one FCS can be moved at a time. The first FCS switch in the list that is also present in the fabric is the Primary FCS.
Page 731
secPolicyFCSMove switch:admin> secpolicyfcsmove 3,1 ____________________________________________________ DEFINED POLICY SET FCS_POLICY Primary WWN DId swName -------------------------------------------------- 10:00:00:05:1e:35:cd:ef 200 switch3 10:00:00:05:1e:39:5f:67 2 switch1 10:00:00:05:1e:04:ef:0e 4 switch2 switch:admin> secpolicyactivate About to overwrite the current Active Policy Set. ARE YOU SURE (yes, y, no, n): [no] y secpolicyactivate command was completed successfully.
secPolicyRemove secPolicyRemove Removes members from an existing security policy. Synopsis secpolicyremove “name” , “member[;member...]” Description Use this command to remove one or more members from an existing security policy. It is not possible to remove all members from the FCS_POLICY; the local switch WWN cannot be deleted from the FCS policy.
Page 733
secPolicyRemove parameter can be specified by port number separated by commas, and enclosed in either brackets or parentheses: for example, (2, 4, 6). Ports enclosed in brackets include the devices currently attached to those ports. The following examples illustrate several ways to specify the port values: (1-6) Selects ports 1 through 6.
secPolicySave secPolicySave Saves a defined security policy to persistent memory. Synopsis secpolicysave Description Use this command to save a defined security policy to persistent memory. Secpolicysave saves the modified SCC, DCC, and FCS policies to the Defined Security Policy Set on the local switch. Notes This command is always a local switch operation.
secPolicyShow secPolicyShow Displays an existing security policy including the FCS policy. Synopsis secpolicyshow [“policy_set”[“, name”]] Description Use this command to display the members of an existing policy in the Active or Defined security policy set. The command can be issued from all FCS switches. This command displays the policy database one page at a time.
Page 736
secPolicyShow To display all security policies from defined databases: switch:admin> secpolicyshow "defined" ____________________________________________________ DEFINED POLICY SET FCS_POLICY Primary WWN DId swName _____________________________________________________ 10:00:00:60:69:30:15:5c 1 primaryfcs 10:00:00:60:69:30:1e:62 4 switch _________________________________________________________ See Also fddCfg, secPolicyAbort, secPolicyActivate, secPolicyAdd, secPolicyCreate, secPolicyDelete, secPolicyDump, secPolicyRemove, secPolicySave Fabric OS Command Reference 53-1001186-01...
secStatsReset secStatsReset Resets one or all security statistics to 0. Synopsis secstatsreset [name][,” domain[;domain]”] Description Use this command to reset one or all security statistics to 0. This command can be issued on any switch to reset the security statistics on the local switch or chassis. If an FCS policy is enabled and secStatsReset is issued on the primary FCS switch, this command can reset security statistics for any or all switches in the fabric.
Page 738
secStatsReset To access DCC policies, enter DCC_POLICY. Violations are not tracked for individual DCC policies. The statistics for all DCC_POLICY violations are grouped together. domain(s) Specify a list of domain IDs on which to reset the security statistics. Specify an asterisk (*) to represent all switches in the fabric or specify a list of domains, separated by semicolons and enclosed in quotation marks.
secStatsShow secStatsShow Displays one or all security statistics. Synopsis secstatsshow [name[, “domain[;domain]”]] Description Use this command to display one or all security statistics. This command can be issued on any switch to display local security statistics. If an FCS policy is enabled and secStatsShow is issued on the primary FCS switch, this command can retrieve and display the security statistics for any or all switches in the fabric.
Page 740
secStatsShow ILLEGAL_CMD To access DCC policies, enter DCC_POLICY. Violations are not tracked for individual DCC policies. The statistics for all DCC_POLICY violations are grouped together. domain Specify one or more domains for which to display the security statistics. Specify an asterisk (*) in quotation marks to represent all switches in the fabric or specify a list of domains separated by semicolons.
sensorShow sensorShow Displays sensor readings. Synopsis sensorshow Description Use this command to display the current temperature, fan, and power supply status and readings from sensors located on the switch. The actual location of the sensors varies, depending on the switch type. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
setContext setContext Sets the logical switch context to a specified FID. Synopsis setcontext FID Description Use this command to set the logical switch context to a specified fabric ID (FID). The FID uniquely defines a partition as a logical switch. Use lscfg --show -cfg to display currently configured partitions and their FIDs.
setDbg setDbg Sets the debug level of the specified module. Synopsis setdbg [module_name][level] Description Use this command to set the debug level of a specified module. Debug levels filter the display of debug messages to the serial console. By default, no debug messages are displayed. High debug level values can generate a large volume of messages, degrading the system response time.
setModem setModem Enables or disables modem dial-in to a control processor (CP). Synopsis setmodem [-e] | [-d] Description Use this command to enable or disable modem dial-in to a CP on those systems that support modem dial-in. When modem dial-in is enabled, you can log in to a CP through a modem, and a modem attached to the CP accepts the call.
setVerbose setVerbose Specifies module verbose level. Synopsis setverbose [module_name][level] Description Use this command to set the verbose level of the specified module. These levels filter the display of the debug message to the serial console. By default, no debug messages are displayed. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
sfpShow sfpShow Displays Small Form-factor Pluggable SFP information. Synopsis sfpshow [[slotnumber/]geportnumber | -all] Description Use this command to display information about Serial Identification SFPs (also known as module definition "4" SFPs). These SFPs provide extended information that describes the SFP’s capabilities, interfaces, manufacturer, and other information.
Page 747
sfpShow Area 12: -- Area 13: -- Area 14: -- Area 15: -- Area 16: id (sw) Vendor: AGILENT Serial No: 0105091301045274 (output truncated) To display detailed SFP information for a Finisar “smart” SFP: switch:user> sfpshow 1/3 Identifier: Connector: Transceiver: 050c402000000000 100,200_MB/s M5,M6 sw Inter_dist Encoding: 8B10B Baud Rate:...
Page 748
sfpShow To display detailed information for GbE port 0 on an FR4-18i router blade: CS48000:admin> sfpshow 10/ge0 Identifier: Connector: Transceiver: 050c402000000000 100,200_MB/s M5,M6 sw Inter_dist Encoding: 8B10B Baud Rate: (units 100 megabaud) Length 9u: (units km) Length 9u: (units 100 meters) Length 50u: (units 10 meters) Length 62.5u:15...
shellFlowControlDisable shellFlowControlDisable Disables XON/XOFF flow control on the console serial port. Synopsis shellflowcontroldisable Description Use this command to disable XON/XOFF flow control on the console serial port. Flow control is disabled by default. Because this command changes the flow control on the console serial port, it must be executed from a session that is logged in from the console serial port.
shellFlowControlEnable shellFlowControlEnable Enables XON/XOFF flow control on the console serial port. Synopsis shellflowcontrolenable Description Use this command to enable XON/XOFF flow control to the shell task. Flow control is disabled by default. Because this command changes the flow control on the console serial port, it must be executed from a session that is logged in from the console serial port.
slotPowerOff slotPowerOff Removes power from a slot. Synopsis slotpoweroff slotnumber Description Use this command to turn off the power to a blade unit. The slot must have a valid blade unit present and the blade unit must be of a type that can be powered off. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
slotPowerOn slotPowerOn Restores power to a slot. Synopsis slotpoweron slotnumber Description Use this command to turn on the power to a blade unit. The slot must have a valid blade unit present and the blade unit must be currently powered off. The slotShow command reports such slots as being in the state of INSERTED, NOT POWERED ON.
slotShow slotShow Displays the status of all slots in the system. Synopsis slotshow [-m] [-p] Description Use this command to display the current status of each slot in the system. Depending on the option used, the command retrieves information on blade type, blade ID, status, Brocade model name, and power usage for each slot in the switch or chassis.
Page 755
slotShow POWERING UP The blade is present and powering on. LOADING The blade is present, powered on, and loading the initial configuration. DIAG RUNNING POST1 The blade is present, powered on, and running the POST (power-on self-test). DIAG RUNNING POST2 The blade is present, powered on, and running the pre-boot power on self tests.
Page 756
slotShow CORE BLADE ENABLED CP BLADE ENABLED CP BLADE ENABLED CORE BLADE ENABLED UNKNOWN VACANT AP BLADE LOADING SW BLADE DIAG RUNNING POST1 SW BLADE INSERTED, NOT POWERED ON 1 To display power consumption information: switch:user> slotshow -p Slot Blade Type DC Power Status Consumption...
Page 757
slotShow To display Brocade model names for each blade in a Brocade DCX-4S: switch:user> slotshow -m Blade Type Model Name Status -------------------------------------------------- SW BLADE FC8-48 ENABLED SW BLADE FC10-6 ENABLED CORE BLADE CR4S-8 ENABLED CP BLADE ENABLED CP BLADE ENABLED CORE BLADE CR4S-8 ENABLED...
SnmpConfig SnmpConfig Manages the SNMP agent configuration. Synopsis snmpConfig --show | --set | --default [snmpv1 | snmpv3 | accessControl | mibCapability | systemGroup | seclevel] Description Use this command to manage the configuration of the SNMP agent in the switch. The configuration includes SNMPv1 and SNMPv3 configuration, access control list (ACL), MIB capability, system group, and security level settings.
Page 759
SnmpConfig SNMPv1 Configuration Parameters The agent supports six communities and their associated trap recipients and trap recipient severity levels. The first three communities are for read-write (rw) access and the last three are for read-only (ro) access. The default value for the trap recipient of each community is 0.0.0.0. The length of the community string should be in the range of 2 to 16 characters.
Page 760
SnmpConfig The user name must be between 2 and 32 characters long. The default user names are defined with the noAuth and noPriv protocol. The factory default SNMPv3 user names are: User 1: snmpadmin1 User 2: snmpadmin2 User 3: snmpadmin3 User 4: snmpuser1 User 5: snmpuser2 User 6: snmpuser3...
Page 761
SnmpConfig FCIP-MIB Specifying yes means you can access FCIP-MIB variables with an SNMP manager. The default value is yes. SCSI-MIB Specifying yes means you can access FCIP-MIB variables with an SNMP manager. The default value is yes. SW-TRAP Specifying yes means the SNMP management application can receive SW-TRAPS from the switch.
Page 762
SnmpConfig Authentication only. 2 Authentication and Privacy. Examples To display the SNMPv1 configuration: switch:admin> snmpConfig --show snmpv1 SNMPv1 community and trap recipient configuration: Community 1: Secret C0de (rw) Trap recipient: 10.32.147.113 Trap recipient Severity Level: 0 Community 2: OrigEquipMfr (rw) Trap recipient: 1080::8:800:200C:1234 Trap recipient Severity Level: 0 Community 3: private (rw)
Page 764
SnmpConfig See Also none References Refer to the following publications for further information on SNMP: Fabric OS MIB Reference SW_v5_x.mib, “Switch Management Information & Switch Enterprise Specific Trap” RFC1157, “A Simple Network Management Protocol (SNMPv1)” RFC1213, “Management information Base for Network Management of TCP/IP-based internets: MIB-II”...
spinFab spinFab Runs functional test of interswitch link (ISL) cabling and trunk group operation. Synopsis spinfab [-nmegs count][-ports itemlist][-setfail mode] Description Use this command to verify the intended functional operation of the interswitch links (ISLs) between switches at the maximum speed by setting up the routing hardware so that test frames received by each E_Port are retransmitted on the same E_Port.
Page 766
spinFab When trunk groups are present, the entire trunk group must be included in the range of ports to test or false failures can occur. If multiple ISL links are present between two switches that support trunking, then it is likely that trunk groups are present and all ports between the two switches should be tested at the same time.
sshUtil sshUtil Manages public key authentication. Synopsis sshutil allowuser user name sshutil showuser sshutil importpubkey sshutil showpubkeys sshutil delpubkeys sshutil genkey sshutil exportpubkey sshutil delprivkey sshutil help Description Use this command to enable and manage SSH public key authentication on a switch. SSH public key authentication provides a mechanism for authenticating an authorized user without a password.
Page 769
sshUtil Operands This command supports the following operands: allowuser user name Configures the specified user to perform public key authentication and all related management operations. This operation can only be performed by the default admin. The default admin is, by default, a configured user. Only one user can be configured at any given time.
Page 770
sshUtil genkey prompts for user input on the following parameters: passphrase Accepts a string of arbitrary length. This operand is optional, but creating a pass-phrase is strongly recommended. Good pass phrases are 10-30 characters long, are not simple sentences or otherwise easily guessable and contain a mix of upper and lowercase letters, numbers, and non-alphanumeric characters.
Page 771
sshUtil Password: public key is imported successfully. 3. Connect to switch using remote ssh client with the -i private_key option: username@remotehost> ssh username@switch IP address -i id_dsa To display the imported public keys on a switch: switch:username> sshutil showpubkeys user's public keys ssh-dss AAAAB3NzaC1kc3MAAACBANXuRsJoIA0PFJtGuZVLfqvfSrDYPplWuFouOmTcmuNvpTnd+yoZ u3C/lAu930HLTmhfxeke/NWRIdj2MJS8yTf30a0u4bf9MSNB8Pt453P/+7VHHxNBYsh+Z++Dv1hfcTeb 0s53bdf7jyYSUdj1k+w//sNTaz0DCs0+rimo4l2NAAAAFQDCuHKRctSHD8PRYu5Ee1yWCQKT/wAAAIAo...
statsClear statsClear Clears port and diagnostic statistics. Synopsis statsclear [--slot slotnumber][-uports itemlist][-bports itemlist][-use_bports value] Description Use this command to clear the port and diagnostics statistics for the specified list of blade or user ports. You can issue this command on the FR4-18i blade in a Brocade chassis; however, the command is not supported by the Brocade platform and does not effect any other feature operations.
stopPortTest stopPortTest Terminates the running portTest. Synopsis stopporttest [-ports itemlist] Description Use this command to stop the currently running portTest. Refer to the portTest command for more information. If portTest is running in non-singlemode, use stopPortTest to stop the test. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
supportFfdc supportFfdc Modifies or displays the first-fault data capture (FFDC) daemon. Synopsis supportffdc [--disable | --enable | --show] Description Use this command to disable or enable the FFDC events, or to display the current configuration. If disabled, the daemon does not capture any data even when a message with FFDC attributes is logged.
supportFtp supportFtp Sets, clears, or displays support FTP parameters and enables or disables auto file transfer. Synopsis supportftp [-S] supportftp -s [-h host][-u username][-p password][-d remotedirectory] supportftp -t hours supportftp -R supportftp -e supportftp -d Description Use this command to set, clear, or display support FTP parameters. The parameters set by this command are used by the supportSave and traceDump commands.
Page 776
supportFtp Examples To set the FTP parameters: switch:admin> supportftp -s -h 1080::8:800:200C:417A -u njoe -p password -d support supportftp: ftp parameters changed. To display the FTP parameters: switch:admin> supportftp Host IP Addr: 1080::8:800:200C:417A User name: njoe Remote Dir: support FTP Auto check: Off To set FTP parameters interactively: switch:admin>...
supportSave supportSave Saves RASLOG, TRACE, supportShow, core file, FFDC data, and other support information Synopsis supportsave supportsave [-n] [-c] [-k] [-u user_name -p password -h host_ip -d remote_dir -l protocol] supportsave [-R] supportsave [-U -d remote_dir] Description Use this command to collect RASLOG, TRACE, supportShow, core file, FFDC data and other support information to a remote FTP location.
Page 778
supportSave -u user_name Specifies the user name for the FTP or SCP server. This operand is optional; if omitted, anonymous FTP is used. -p password Specifies the password for the FTP or SCP server. This operand is optional with FTP; if omitted, anonymous FTP is used. -h host_ip Specifies the IPv4 or IPv6 address for the remote server.
Page 779
supportSave Saving support information for chassis:HL_5100_66, module:SSHOW_OS... Saving support information for chassis:HL_5100_66, module:SSHOW_EX... Saving support information for chassis:HL_5100_66, module:SSHOW_FABRIC... Saving support information for chassis:HL_5100_66, module:SSHOW_SERVICE... Saving support information for chassis:HL_5100_66, module:SSHOW_SEC... Saving support information for chassis:HL_5100_66, module:SSHOW_NET..(output truncated) To collect support information on a Brocade 5100 and save it to an attached USB device: switch:admin>...
supportShow supportShow Displays switch information for debugging purposes. Synopsis supportshow [[slotnumber/]portnumber1-portnumber2] [lines] Description Use this command to display support information from groups of preselected Fabric OS and Linux commands and other support and debugging information. You can specify the range of ports for which to display this information.
Page 781
supportShow portnumber1-portnumber2 Specifies the range of ports for which to display supportShow information. If a port range is not specified, the command displays information for all ports. lines Specifies the number of lines for the portLogDump output. This parameter is valid only with the slotnumber/portnumber parameters.
Page 782
supportShow 000000 07:32:30.131 FCPH write 00fffffd,00fffffd,00000000,00000000,00 000000 07:32:30.131 FCPH 00300000,00000000,00000834,00020182,00 000000 07:32:30.131 PORT 02fffffd,00fffffd,1af6ffff,14000000 07:32:30.131 PORT c0fffffd,00fffffd,1af61a74,00000001 07:32:41.887 PORT 02fffffd,00fffffd,1a75ffff,14000000 07:32:41.887 PORT c0fffffd,00fffffd,1a751af7,00000001 07:32:41.887 FCPH read 02fffffd,00fffffd,f5000000,00000000,1a 751af7 (output truncated) See Also supportFtp, supportSave, supportShowCfgDisable, supportShowCfgEnable, supportShowCfgShow, traceDump Fabric OS Command Reference 53-1001186-01...
supportShowCfgDisable supportShowCfgDisable Disables a group of commands under the supportShow command. Synopsis supportshowcfgdisable os | exception | port | fabric | services | security | network | portlog | systemextend | filter | perfmon | ficon | iswitch | asic_db |iscsi | ag | crypto Description Use this command to disable a group of commands under the supportShow command.
supportShowCfgEnable supportShowCfgEnable Enables a group of commands to be displayed under the supportShow command. Synopsis supportshowcfgenable os | exception | port | fabric | services | security | network | portlog | system | extend | filter | perfmon | ficon | iswitch | asic_db |ag | crypto Description Use this command to enable a group of commands to be displayed under the supportShow command.
supportShowCfgShow supportShowCfgShow Displays the groups of commands enabled for display by the supportShow command. Synopsis supportshowcfgshow Description Use this command to display the groups of commands enabled for display by the supportShow command. Use the supportShowCfgEnable and the supportShowCfgDisable commands to modify which groups are displayed.
switchBeacon switchBeacon Sets switch beaconing mode on or off. Synopsis switchbeacon [mode] Description Use this command to enable or disable switch beaconing mode. Switch beaconing can be used to locate a failing unit. When beaconing mode is turned on, the port LEDs flash amber, left to right and right to left, from port 0 to the highest port number and back to port 0.
switchCfgPersistentDisable switchCfgPersistentDisable Disables a switch persistently. Synopsis switchcfgpersistentdisable Description Use this command to persistently disable the switch. All Fibre Channel ports are taken offline. If the switch was part of a fabric, the remaining switches reconfigure. The switch remains disabled even after a reboot.
switchCfgPersistentEnable switchCfgPersistentEnable Enables a switch persistently. Synopsis switchcfgpersistentenable Description Use this command to persistently enable a persistently disabled switch. All Fibre Channel ports that passed the power-on self-test (POST) are enabled and come online if connected to a device, or remain offline if disconnected.
switchCfgSpeed switchCfgSpeed Configures the speed for all ports on a switch. Synopsis switchcfgspeed speed Description Use this command to configure the port speed on a switch. This command sets the speed for all user ports. If any port on the switch is not capable of the specified speed setting, an error message is displayed for that port.
switchCfgTrunk switchCfgTrunk Enables or disables trunking on all the ports of a switch. Synopsis switchcfgtrunk mode Description Use this command to enable or disable trunking on all the ports of a switch. Use portCfgTrunkPort to enable or disable trunking on a single port. When the command is executed to update the trunking configuration, the ports to which the configuration applies are disabled and subsequently re-enabled with the new trunking configuration.
switchDisable switchDisable Disables all user ports on a switch. Synopsis switchdisable Description Use this command to disable all user ports on a switch. All Fibre Channel ports are taken offline. If the switch was part of a fabric, the remaining switches reconfigure. As each port is disabled, the front panel LED changes to a slow flashing yellow.
switchEnable switchEnable Enables all user ports on a switch. Synopsis switchenable Description Use this command to enable all user ports on a switch. All Fibre Channel ports that passed the power-on self test (POST) are enabled. They can come online if connected to a device, or remain offline if disconnected.
switchName switchName Displays or sets the switch name. Synopsis switchname [name] Description Use this command to display or set the switch name. All switches have a symbolic name that is primarily used for switch management. This name is shown in the Fabric OS CLI prompt, under each switch icon in WebTools, and in the output of various Fabric OS commands, such as fabricShow.
switchShow switchShow Displays switch and port status. Synopsis switchshow [-portcount] [-iscsi] Description Use this command to display switch and port status information. Output may vary depending on the switch model. Switch summary information includes the following: switchName Switch name. switchType Switch model and revision numbers.
Page 795
switchShow Shortwave laser Longwave laser copper serial ID Speed The speed of the port: 1/8G 125 Mbps 1/4G 250 Mbps 1/2G 500 Mbps 1 Gbps fixed transfer speed 1 Gbps negotiated transfer speed 2 Gbps fixed transfer speed 2 Gbps negotiated transfer speed 4 Gbps fixed transfer speed 4 Gbps negotiated transfer speed 8 Gbps fixed transfer speed...
Page 796
switchShow Proto Protocol support by GbE port. ISCSI The ports supports ISCSI. FCIP The port supports FCIP. comment Optionally displays one of the following: Disabled The port is disabled. Bypassed The port is bypassed (loop only). Loopback The port is in loopback mode. E_Port Fabric port;...
Page 797
switchShow Notes The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place. Refer to chapter 1, "Using Fabric OS commands" and Appendix A, "Command Availability" for details. If a port is configured as a long distance port, the long distance level is displayed in the format of Lx, where x represents the long distance level number.
switchStatusPolicySet switchStatusPolicySet Sets the policy parameters that determine overall switch status. Synopsis switchstatuspolicyset Description Use this command to set policy parameters for calculating the overall status of the switch enclosure. The policy parameter values determine how many failed or faulty units of each contributor are allowed before triggering a status change in the switch from HEALTHY to MARGINAL or DOWN.
Page 801
switchStatusPolicySet PowerSupplies Temperatures Fans Blade CoreBlade Flash MarginalPorts FaultyPorts MissingSFPs Note that the value, 0, for a parameter, means that it is NOT used in the calculation. ** In addition, if the range of settable values in the prompt is (0..0), ** the policy parameter is NOT applicable to the switch.
switchStatusPolicyShow switchStatusPolicyShow Displays the policy parameters that determine overall switch status. Synopsis switchstatuspolicyshow Description Use this command to view the current policy parameters set for the switch. These policy parameters determine the number of failed or non-operational units allowed for each contributor before triggering a status change in the switch.
Page 803
switchStatusPolicyShow Flash MarginalPorts FaultyPorts MissingSFPs See Also switchStatusPolicySet, switchStatusShow Fabric OS Command Reference 53-1001186-01...
switchStatusShow switchStatusShow Displays overall switch status. Synopsis switchstatusshow Description Use this command to display the overall status for a switch that is configured with IPv4 and IPv6 addresses. In addition, users with a Fabric Watch license are able to view the list of unhealthy ports.
Page 805
switchStatusShow Missing SFPs monitor HEALTHY All ports are healthy To retrieve a switch health report for a switch that is configured with an IPv4 address: switch:user> switchstatusshow Switch Health Report Report time: 09/11/2006 05:39:28 PM Switch Name: switch IP address: 10.32.89.26 SwitchState: MARGINAL...
switchUptime switchUptime Displays the amount of time the switch has been operating. Synopsis switchuptime Description Use this command to display the current time and the amount of time that the switch has been operational. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
switchViolation switchViolation Dumps the DCC violations for a switch. Synopsis switchViolation --dump -dcc Description Use this command to display all Device Connection Control (DCC) violations that have occurred on a switch. Internally the command searches "errdumpall" for the DCC violations. For each DCC violation, the command displays the device WWN and the port where the violation occurred.
syslogdFacility syslogdFacility Changes the syslog facility. Synopsis syslogdFacility [-l level] Description Use this command to change the syslog facility to LOG_LOCAL0, LOG_LOCAL1, LOG_LOCAL2, LOG_LOCAL3, LOG_LOCAL4, LOG_LOCAL5, LOG_LOCAL6, or LOG_LOCAL7. Syslog daemon (syslogd) is a process available on most UNIX systems that reads and forwards system messages to the appropriate log files or users, depending on the system configuration.
syslogdIpAdd syslogdIpAdd Configures a switch to forward system messages to specified servers. Synopsis syslogdipadd ip_address | host_name Description Use this command to configure a switch to forward all error log entries to the syslog demon (syslogd) of one or more specified servers. The syslog daemon is a process available on most UNIX systems that reads and forwards system messages to the appropriate log files or users, depending on the system configuration.
Page 810
syslogdIpAdd 2. Add the DNS name server to the switch: switch:admin> dnsconfig Enter option 1 Display Domain Name Service (DNS) configuration 2 Set DNS configuration 3 Remove DNS configuration 4 Quit Select an item: (1..4) [4] 2 Enter Domain Name: [] brocade.com Enter Name Server IP address in dot/colon notation: [] 192.168.126.120 Enter Name Server IP address in dot/colon notation: [] 192.168.126.120 DNS parameters saved successfully...
syslogdIpRemove syslogdIpRemove Removes a server that is running the syslog daemon. Synopsis syslogdipremove ip_address | host_name Description Use this command to remove a server that is running the syslogd process and to which system messages are sent from the syslog server configuration on the switch. IPv6 and IPv4 syslogd addresses are supported.
syslogdIpShow syslogdIpShow Displays all syslog daemon IP addresses. Synopsis syslogdipshow Description Use this command to display all syslog daemon IP addresses in the configuration database. IPv4 and IPv6 addresses are supported. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
sysShutDown sysShutDown Provides a graceful shutdown to protect the switch file systems. Synopsis sysshutdown Description On standalone platforms, use this command to shut down the switch operating system. On enterprise-class platforms, when sysShutDown is called on the active control processor (CP), the command shuts down the active CP, standby CP, and any AP blades.
Page 814
sysShutDown To attempt a system shutdown from the standby CP (not supported): switch:admin> sysshutdown Shut down the whole system is not support from the standby CP For shut down the whole system please run the sysshutdown from the active CP See Also haDisable Fabric OS Command Reference...
systemVerification systemVerification Runs a suite of diagnostic tests on all switches in a fabric. Synopsis systemverification [-parameters | -short][[-fru type] -unit id] Description Use this command to run a comprehensive, system-wide test of all switches in a system. The command initiates a burn-in run on all switches within the current system. The optional -fru and -unit parameters allow you to focus the testing to a single blade in a multi-blade system.
Page 816
systemVerification -fru type Tests a single FRU in the system. Valid values are BLADE, PS, FAN, and WWN; however, only BLADE is supported at this time. Since only one FRU type is supported, this parameter is optional, but -unit is required for single FRU testing.
tempShow tempShow Displays temperature readings. Synopsis tempshow Description Use this command to display the current temperature readings of all temperature sensors in a switch. For each sensor, this command displays the slot number (if applicable), the sensor state, and the temperature. The temperature readings are given in both Centigrade and Fahrenheit. Notes The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place.
timeOut timeOut Sets or displays the idle timeout value for a login session. Synopsis timeout [timeval] Description Use this command without operand to display the current timeout value (in minutes) after which idle logins are automatically terminated. Use this command with the timeval operand to set the login timeout value to the specified interval. A value of 0 disables timeout of login sessions.
topologyShow topologyShow Displays the unicast fabric topology. Synopsis topologyshow [domain] Description Use this command to display the fabric topology as it appears to the local switch. The display varies depending on the hardware configuration. The following rules apply: 1. On all switches, the command displays the number of domains in the fabric and the local Domain IDs.
Page 820
topologyShow Total Bandwidth The maximum bandwidth of the out port. A bandwidth that is less than 0.512 Gbps is adjusted to the nearest power of 2 value. A bandwidth in the range of 0.512 Gbps Included) to 1 Gbps (not included) is adjusted to the 0.512 Gbps value.
traceDump traceDump Initiates, or removes a trace dump or displays the trace dump status. Synopsis tracedump [-S][-s slot] tracedump -n [-s slot] tracedump -r [-s slot] tracedump -R Description Use this command to initiate a background trace dump, to remove the content of a trace dump, or to display the dump status on the switch.
Page 824
traceDump To remove a trace dump: switch:admin> tracedump -r trace dump removed See Also supportFtp, supportSave, supportShow Fabric OS Command Reference 53-1001186-01...
trackChangesHelp trackChangesHelp Displays information on the track-changes commands. Synopsis trackchangeshelp Description Use this command to display information about the track-changes commands. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place. Refer to chapter 1, "Using Fabric OS commands" and Appendix A, "Command Availability"...
trackChangesSet trackChangesSet Enables or disables the track-changes feature. Synopsis trackchangesset [mode][, snmptrapmode] Description This command enables or disables the track-changes feature. An SNMP-TRAP mode can also be enabled. Trackable changes are: • Successful login • Unsuccessful login • Logout • Config file change from task •...
trackChangesShow trackChangesShow Displays status of the track-changes feature. Synopsis trackchangesshow Description Use this command to display status of the track-changes feature. It shows whether the feature is enabled or disabled and if SNMP traps are generated. The output from the track-changes feature is dumped to the error log for the switch. Use the errDump command or errShow command to view the error log.
trunkDebug trunkDebug Debugs a trunk link failure. Synopsis trunkdebug port1 port2 Description Use this command to debug a trunk link failure. This command reports one of the following messages, based on the trunking properties of the two specified ports: • Switch does not support trunking •...
trunkShow trunkShow Displays trunking information. Synopsis trunkshow Description Use this command to display trunking information of both E_Ports and EX_Ports. The following fields display: Trunking Group Number Displays each trunking group on a switch. All the ports that are part of this trunking group are displayed.
Page 830
trunkShow To display trunking information for a switch that is part of an FC Router backbone fabric interlinking several edge fabrics (see the EX_Port with WWN "10:00:00:05:1e:35:b3:03" and the E_Port with WWN "10:00:00:05:1e:37:12:13" in the output below): switch:admin> trunkshow 4: 49-> 0 10:00:00:05:1e:35:b3:03 4 deskew 16 MASTER 54->...
tsClockServer tsClockServer Displays or sets the Network Time Protocol (NTP) Server addresses. Synopsis tsclockserver [ipaddr [; ipaddr ...]] Description Use this command to synchronize the local time of the Principal or Primary FCS switch to one or more external NTP servers. This command accepts a list of NTP server addresses.
Page 832
tsClockServer Examples To display the default clock server: tsclockserver switch:admin> LOCL To set the NTP server to a specified IP address: switch:admin> tsclockserver 123.123.123.123 Updating Clock Server configuration...done. switch:admin> tsclockserver 123.123.123.123 To configure multiple NTP servers: switch:admin> tsclockserver "12.134.125.24; 12.234.87.01" Updating Clock Server configuration...done.
tsTimeZone tsTimeZone Displays or sets the system time zone. Synopsis tstimezone --interactive tstimezone timezonename tstimezone --old hourOffset [, minuteOffset] Description Use this command to display or set the system time zone. All switches maintain the current time zone setup in nonvolatile memory. Changing the time zone on a switch updates the local time zone setup and is reflected in local time calculations.
Page 834
tsTimeZone hourOffset Specifies the number of hours relative to GMT. This operand must be specified as an integer. Valid values are -12 through 12. This operand is required with the --old option. minuteOffset Specifies the number of minutes relative to hour offset. This operand must be specified as an integer and is valid only with the --old option.
Page 835
tsTimeZone 15) Cuba 32) Netherlands Antilles 49) Virgin Islands (US) 16) Dominica 33) Nicaragua 17) Dominican Republic 34) Panama Enter number or control-D to quit ?45 Please select one of the following time zone regions. 1) Eastern Time 2) Eastern Time - Michigan - most locations 3) Eastern Time - Kentucky - Louisville area 4) Eastern Time - Kentucky - Wayne County 5) Eastern Time - Indiana - most locations...
turboRamTest turboRamTest Performs a turbo SRAM test of ASIC chips. Synopsis turboramtest [--slot slotnumber][-passcnt count] Description This command verifies the on chip SRAM located using the turbo-RAM BIST circuitry. The BIST controller is able to perform the SRAM write and read operation at a much faster rate than the PCI operation.
upTime upTime Displays length of time the system has been operational. Synopsis uptime Description This command displays the current time, how long the system has been running, how many users are currently logged on, and the system load averages for the past 1, 5, and 15 minutes. If the uptime is less than 60 seconds, the time is displayed in seconds.
uRouteConfig uRouteConfig Configures a static route. Synopsis urouteconfig in_area domain out_area Description Use this command to configure static routes. A static route is assigned to a specific path (defined by port number out_area) and does not change when a topology change occurs unless the path used by the route becomes unavailable.
uRouteRemove uRouteRemove Removes a static route. Synopsis urouteremove in_area domain Description Use this command to remove a previously configured static route. After this command is issued, the route to domain for in_area might change to use a different output port, but only if dynamic load sharing (DLS) is set. If DLS is not set, the route remains as is, with its route attribute changed from static to dynamic.
uRouteShow uRouteShow Displays unicast routing information. Synopsis urouteshow [slotnumber/][portnumber] [domain] Description Use this command to display the unicast routing information for a port, as it is known by the FSPF path selection and routing task. The routing information describes how a frame that is received from a port on the local switch is to be routed to reach a destination switch.
Page 841
uRouteShow domain Specify a remote domain in the fabric for which routing information is to be displayed. This operand is optional; if omitted, the routing information for all domains in the fabric is displayed. Examples To display the routing information of all the active ports: switch:admin>...
usbStorage usbStorage Manages data files on an attached USB storage device. Synopsis usbstorage [-e | --enable] usbstorage [-d | --disable] usbstorage [-l | --list] usbstorage [-r | --remove application area ] usbstorage [-h | --help] Description Use this command to control a USB device attached to the Active CP. When the USB device is enabled, other applications, such as supportSave, firmwareDownload, firmwareKeyupdate, or configDownload/cfgUpload can conveniently store and retrieve data from the attached storage device.
Page 843
usbStorage firmware\ 380MB 2007 Aug 15 15:13 FW_v6.0.0\ 380MB 2007 Aug 15 15:13 Available space on usbstorage 74% To remove an application area: switch:admin> usbstorage -r firmware FW_v6.0.0 To disable an attached USB device: switch:admin> usbstorage -d USB storage disabled See also supportSave, firmwareDownload, configUpload, configDownload, firmwareKeyupdate Fabric OS Command Reference...
Page 845
userConfig This command supports the following roles. These roles define access permissions for Fabric OS commands. In a Logical Fabric environment, you can additionally define access to chassis-level commands. An account can have one role in the Logical Fabric, and another role regarding chassis commands.
Page 846
userConfig -l LF_ID For each LF in LF_ID_list, displays a list of users that include that LF in their LFF permissions. Specify a range (1-5), or a list of LF_IDs separated by a comma (1,2,3), or a combination of both (1-5,7). Only users with SecurityAdmin or Admin role may execute this command.
Page 847
userConfig -a AD_ID_list Specifies the Administrative Domains the user is authorized to access. The ADs in AD_ID_list and the existing AD permissions for username must be a subset of the AD permissions of the account that executes this command. This operand is optional. If no AD list is specified with the --add option, AD0 is assigned by default.
Page 848
userConfig -h AD_ID Specifies the account’s home AD. This operand is optional. • If home AD is specified with the --addad option, it must be one of the ADs in AD_ID_list. If a home AD is not specified and username did not previously have a home AD, the home AD is set to the lowest numbered AD in the user's AD permissions.
Page 849
userConfig --delete username Deletes the specified account from the switch. This command prompts for confirmation. Once an account is deleted, the CLI sessions associated with the account are terminated. The following restrictions apply when you delete an account: • You cannot delete a default account. •...
Page 850
userConfig To delete AD 128 from bob’s AD member list. New home AD is set to 0: switch:admin> userConfig --deletead bob -a 128 -h 0 B. The following examples illustrate how to create and manage user accounts in an LF-enabled environment.
Page 851
userConfig To remove chassis permissions from the test account for the LFs 1-3. switch:admin> userconfig --deletelf test -l 1-3 -c Broadcast message from root (ttyS0) Sat Jun 14 01:10:02 2008... Security Policy, Password or Account Attribute Change: test will be logged out LFs/chassis role for account test has been successfully deleted.
userRename userRename Renames the user login name. Synopsis userrename old_username new_username Description Use this command to change an existing account login name to a new login name. The following rules apply: 1. new_username must begin with a letter and contain only alphanumeric characters or underscores.
version version Displays firmware version information. Synopsis version Description Use this command to display firmware version information and build dates. The command output includes the following: Kernel The version of switch kernel operating system. Fabric OS The version of switch Fabric OS. Made on The build date of firmware running in switch.
Displays the World Wide Name (WWN) and serial number of the switch. Synopsis wwn [-sn ] Description Use this command to display the WWN associated with a switch and to display the switch serial number. The switch WWN is a 64-bit number that has eight colon-separated fields each consisting of one or two hexadecimal digits between 0 and ff.
zone zone Performs specific zone operations, manages Traffic Isolation (TI) Zones, and Frame Redirect (RD) Zones. Synopsis zone --help To perform specific zone operations: zone --copy [source_AD.] source_zone_object [dest_zone_object][-f] zone --expunge “zone_object” zone --validate [[-f |] [-m mode] [“zone_object”]]] To create and manage traffic Isolation zones: zone --create -t objecttype [-o optlist] name -p portlist zone --add [-o optlist] name -p portlist zone --remove name -p portlist...
Page 856
zone TI zones over FCR is supported only on switches running Fabric OS v6.1.0 or later. Participating devices must be LSAN-zoned to enforce TI. Using TI zones in logical fabrics has several restrictions. For more information, refer to the Fabric OS Administrator’s Guide. 3.
Page 857
zone dest_zone_object Identifies the destination zone object within the current Admin Domain. If dest_zone_object is not specified, source_zone_object is copied over with the same name. If the destination zone object is not already present in the Admin Domain, one is created (with type as source_zone_object). Overwrites existing zone object without confirmation.
Page 858
zone The following operands are supported: -t objecttype Specifies the zone object type. This operand is supported only with the --create option. To create a TI zone, the value is ti. -o optlist Specifies list of options to control activation, deactivation, and failover mode. If this option is not specified the zone is created, by default, with failover enabled, and the zone will be activated.
Page 859
zone 3. Creating and managing RD Zones: Creates a RD Zone for the specified members. The following operands are --rdcreate required: host_wwn Specifies the port world wide name of the host. target_wwn Specifies the port world wide name of the target. vi_wwn Specifies the port world wide name of the virtual initiator (VI).
Page 860
zone To copy the cur_cfg1 zone configuration from the root zone database (AD0) to the current Admin Domain: switch:admin> zone --copy AD0.cur_cfg1 To copy the backup_zn zone from the root zone database (AD0) to the current Admin Domain: switch:admin> zone --copy AD0.backup_zn To copy the backup_zn zone from the root zone database (AD0) to the current Admin Domain, with Admin Domain member list filtering: switch:admin>...
Page 861
zone To validate all zones in the zone database in the effective configuration: switch:admin> zone --validate -m 2 Effective configuration: cfg: ticonfig zone: regzone 1,4* 1,5* ------------------------------------ ~ - Invalid configuration * - Member does not exist # - Invalid usage of broadcast zone To prune all the zone members that are not enforceable: switch:admin>...
Page 862
zone To display all TI zones in the defined configuration: switch:admin> zone --show Defined TI zone configuration: TI Zone Name: ti_bluezone Port List: 2,2; 3,2 Configured Status: Activated / Failover-Disabled Enabled Status: Deactivated TI Zone Name: ti_redzone Port List: 2,1; 3,1 Configured Status: Activated / Failover-Enabled Enabled Status: Activated / Failover-Enabled To display the status of bluezone in the defined configuration:...
Page 863
zone To display the newly created zone objects: switch:admin> cfgshow Defined configuration: cfg: myHTcfg myHostTarget cfg: r_e_d_i_r_c__fg red_______base; red_0917_00_3f_3f_3f_23_24_25_26_3f_3f_3f_30_32_00_00_00 zone: myHostTarget 00:3f:3f:3f:23:24:25:26; 3f:3f:3f:30:32:00:00:00 zone: red_0917_00_3f_3f_3f_23_24_25_26_3f_3f_3f_30_32_00_00_00 00:3f:3f:3f:23:24:25:26; 3f:3f:3f:30:32:00:00:00; 3f:3f:3f:30:30:00:00:00; 3f:3f:3f:30:31:00:00:00 zone: red_______base 00:00:00:00:00:00:00:01; 00:00:00:00:00:00:00:02; 00:00:00:00:00:00:00:03; 00:00:00:00:00:00:00:04 Effective configuration: cfg: myHTcfg zone: myHostTarget 00:3f:3f:3f:23:24:25:26 3f:3f:3f:30:32:00:00:00...
zoneAdd zoneAdd Adds a member to the zone. Synopsis zoneadd "zoneName", "member[; member]" Description Use this command to add one or more members to an existing zone. This command changes the defined configuration. For the change to be preserved across switch reboots, save the configuration to nonvolatile memory with the cfgSave command.
zoneCreate zoneCreate Creates a zone. Synopsis zonecreate "zonename", "member[; member...]" Description Use this command to create a new zone, or to create a “broadcast” zone. A broadcast zone is a special zone that specifies the nodes that can receive broadcast traffic. This zone must be named "broadcast".
Page 866
zoneCreate When creating a zone, you can combine different ways of specifying zone members. For example, a zone defined with the following members: "2,12; 2,14; 10:00:00:60:69:00:00:8a" contains all devices connected to switch 2, ports 12 and 14, and to the device with the World Wide Name "10:00:00:60:69:00:00:8a"...
zoneDelete zoneDelete Deletes a zone. Synopsis zonedelete "zonename" Description Use this command to delete a zone. This command changes the defined configuration. For the change to be preserved across switch reboots, save the configuration to nonvolatile memory using the cfgSave command. For the change to become effective, enable the configuration with the cfgEnable command.
zoneHelp zoneHelp Displays a description of zoning commands. Synopsis zonehelp Description Use this command to display short descriptions of zoning commands. Note The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in place. Refer to chapter 1, "Using Fabric OS commands" and Appendix A, "Command Availability"...
zoneObjectCopy zoneObjectCopy Copies a zone object. Synopsis zoneObjectCopy "objectName", "newName" Description Use this command to make a copy of an existing zone object and give it a new name. The resulting object is of the same type as the original object. You can use this command for all zone object types, including cfg, zone, and alias.
zoneObjectExpung zoneObjectExpung Expunges a zone object. Synopsis zoneObjectExpunge "objectName" Description Use this command to expunge a zone object. In addition to deleting the object, this command also removes the object from the member lists of all other objects. After successful execution of this command, the specified object no longer exists the database.
zoneObjectRename zoneObjectRename Renames a zone object. Synopsis zoneObjectRename "objectName", "newName" Description Use this command to rename a zone object. You can use this command for all zone object types, including cfg, zone, and alias. This command changes the defined configuration. For the change to be preserved across switch reboots, save the configuration to nonvolatile memory with the cfgSave command.
zoneRemove zoneRemove Removes a member from a zone. Synopsis zoneremove "zonename", "zoneMemberList" Description Use this command to remove one or more members from an existing zone. If all members are removed, the zone is deleted. This command changes the defined configuration. For the change to be preserved across switch reboots, save the configuration to nonvolatile memory with the cfgSave command.
zoneShow zoneShow Displays zone information. Synopsis zoneshow ["pattern"][, mode] Description Use this command to display zone configuration information. If no parameters are specified, all zone configuration information (both defined and enabled) is displayed. Refer to cfgShow for a description of this display. If a parameter is specified, it is used as a pattern to match zone configuration names, and those that match in the defined configuration are displayed.
Page 874
zoneShow Fabric OS Command Reference 53-1001186-01...
Chapter Primary FCS commands Primary FCS commands Table 23 summarizes the commands that are available only on the primary Fabric Configuration Server (FCS) when FCS policy is enabled. TABLE 23 Primary FCS commands Command Description aliAdd Must be run from the primary FCS switch. aliCreate Must be run from the primary FCS switch.
Page 876
Primary FCS commands Command Description msTdDisable msTdDisable “ALL” must be run from the primary FCS switch. msTdEnable msTdEnable “ALL” must be run from the primary FCS switch. secPolicyAbort Must be run from the primary FCS switch. secPolicyActivate Must be run from the primary FCS switch. secPolicyAdd Must be run from the primary FCS switch.
Encryption commands and permissions 4. Virtual Fabric availability: If Virtual Fabrics are enabled, commands are checked for context and switch type as follows: • Virtual Fabric context (VF) = Command applies to the current logical switch only, or to a specified logical switch.
Page 879
Encryption commands and permissions TABLE 1 Encryption command RBAC availability and admin domain type Command Name User Admin Oper Zone Fabric Admin Context Switch Admin Admin Admin Admin Admin Domain Type addgroupmember Disallowed addmembernode Disallowed addhaclustermember Disallowed addinitiator Disallowed addLUN Disallowed commit Disallowed...
General Fabric OS commands and permissions TABLE 1 Encryption command RBAC availability and admin domain type (Continued) Command Name User Admin Oper Zone Fabric Admin Context Switch Admin Admin Admin Admin Admin Domain Type manual_rekey Disallowed modify Disallowed move Disallowed recovermasterkey Disallowed regEE...
Page 881
General Fabric OS commands and permissions TABLE 2 Fabric OS command RBAC availability and admin domain type Command Name User Admin Oper Zone Fabric Admin Domain Context Switch Admin Admin Admin Admin Admin Type aliShow Allowed aptPolicy SwitchMember auditCfg SwitchMember auditDump SwitchMember authUtil...
Page 882
General Fabric OS commands and permissions TABLE 2 Fabric OS command RBAC availability and admin domain type Command Name User Admin Oper Zone Fabric Admin Domain Context Switch Admin Admin Admin Admin Admin Type chassisConfig Allowed/ SwitchMember chassisDisable Allowed chassisEnablle Allowed chassisName Allowed/...
Page 883
General Fabric OS commands and permissions TABLE 2 Fabric OS command RBAC availability and admin domain type Command Name User Admin Oper Zone Fabric Admin Domain Context Switch Admin Admin Admin Admin Admin Type enclosureShow Allowed errClear SwitchMember errDelimiterSet Allowed/ SwitchMember errDump Allowed...
Page 884
General Fabric OS commands and permissions TABLE 2 Fabric OS command RBAC availability and admin domain type Command Name User Admin Oper Zone Fabric Admin Domain Context Switch Admin Admin Admin Admin Admin Type fcrlsan SwitchMember fcrlsanCount SwitchMember fcrlsanMatrix SwitchMember fcrPathTest SwitchMember fcrPhydevShow...
Page 885
General Fabric OS commands and permissions TABLE 2 Fabric OS command RBAC availability and admin domain type Command Name User Admin Oper Zone Fabric Admin Domain Context Switch Admin Admin Admin Admin Admin Type fwClassInit SwitchMember fwConfigReload SwitchMember fwConfigure SwitchMember fwFruCfg SwitchMember fwHelp...
Page 886
General Fabric OS commands and permissions TABLE 2 Fabric OS command RBAC availability and admin domain type Command Name User Admin Oper Zone Fabric Admin Domain Context Switch Admin Admin Admin Admin Admin Type iodSet SwitchMember iodShow Allowed ipAddrSet SwitchMember ipAddrShow SwitchMember ipFilter...
Page 887
General Fabric OS commands and permissions TABLE 2 Fabric OS command RBAC availability and admin domain type Command Name User Admin Oper Zone Fabric Admin Domain Context Switch Admin Admin Admin Admin Admin Type msPlClearDB Disallowed msPlMgmtActivate Disallowed msPlMgmtDeactivate Disallowed msTdDisable Disallowed msTdEnable...
Page 888
General Fabric OS commands and permissions TABLE 2 Fabric OS command RBAC availability and admin domain type Command Name User Admin Oper Zone Fabric Admin Domain Context Switch Admin Admin Admin Admin Admin Type perfMonitorShow SwitchMember perfSetPortEEMask SwitchMember perfShowAlpaCrc PortMember perfShowPortEEMask PortMember perfTTmon...
Page 889
General Fabric OS commands and permissions TABLE 2 Fabric OS command RBAC availability and admin domain type Command Name User Admin Oper Zone Fabric Admin Domain Context Switch Admin Admin Admin Admin Admin Type portCfgvExport PortMember portCmd SwitchMember portDebug SwitchMember portDisable SwitchMember portEnable...
Page 890
General Fabric OS commands and permissions TABLE 2 Fabric OS command RBAC availability and admin domain type Command Name User Admin Oper Zone Fabric Admin Domain Context Switch Admin Admin Admin Admin Admin Type portSwapShow Allowed portTest SwitchMember portTestShow SwitchMember portTrunkArea PortMember portZoneShow...
Page 891
General Fabric OS commands and permissions TABLE 2 Fabric OS command RBAC availability and admin domain type Command Name User Admin Oper Zone Fabric Admin Domain Context Switch Admin Admin Admin Admin Admin Type shellFlowControlDisable SwitchMember shellFlowControlEnable SwitchMember slotPowerOff SwitchMember slotPowerOn SwitchMember slotShow...
Page 892
General Fabric OS commands and permissions TABLE 2 Fabric OS command RBAC availability and admin domain type Command Name User Admin Oper Zone Fabric Admin Domain Context Switch Admin Admin Admin Admin Admin Type syslogdIpAdd SwitchMember syslogdIpRemove SwitchMember syslogdIpShow Allowed sysShutdown SwitchMember systemVerification...
Page 893
General Fabric OS commands and permissions TABLE 2 Fabric OS command RBAC availability and admin domain type Command Name User Admin Oper Zone Fabric Admin Domain Context Switch Admin Admin Admin Admin Admin Type zoneObjectExpunge Allowed zoneObjectRename Allowed zoneRemove Allowed zoneShow Allowed Fabric OS Command Reference...
Page 894
General Fabric OS commands and permissions Fabric OS Command Reference 53-1001186-01...