Summary of Contents for Cisco Nexus 5500 Series NX-OS
Page 1
Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x First Published: January 29, 2014 Last Modified: May 22, 2014 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387)
Page 2
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks . Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.
Page 3
Physical Fibre Channel Interfaces Virtual Fibre Channel Interfaces VF Port VE Ports VNP Ports Interface Modes E Port F Port NP Port TE Port TF Port TNP Port Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Verifying BB_Credit Information Default Fibre Channel Interface Settings Configuring Fibre Channel Domain Parameters C H A P T E R 3 Information About Domain Parameters Fibre Channel Domains Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 5
Enabling Contiguous Domain ID Assignments FC IDs Persistent FC IDs Enabling the Persistent FC ID Feature Persistent FC ID Configuration Guidelines Configuring Persistent FC IDs Unique Area FC IDs for HBAs Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 6
Enabling Disruptive Load Balancing Verifying NPV Verifying NPV Examples Verifying NPV Traffic Management Configuring FCoE NPV C H A P T E R 5 Information About FCoE NPV FCoE NPV Model Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 7
C H A P T E R 7 Configuring SAN Port Channels Information About SAN Port Channels Understanding Port Channels and VSAN Trunking Understanding Load Balancing Configuring SAN Port Channels Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 8
Configuring and Managing VSANs Information About VSANs VSAN Topologies VSAN Advantages VSANs Versus Zones Guidelines and Limitations for VSANs About VSAN Creation Creating VSANs Statically Port VSAN Membership Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x viii OL-30895-01...
Page 9
Creating FC Aliases Creating FC Aliases Example Creating Zone Sets and Adding Member Zones Zone Enforcement Zone Set Distribution Enabling Full Zone Set Distribution Enabling a One-Time Distribution Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 10
Zone Aliases Versus Device Aliases Device Alias Databases Creating Device Aliases Device Alias Modes Device Alias Mode Guidelines and Limitations for Device Alias Services Configuring Device Alias Modes Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 11
Configuring FSPF Link Cost Hello Time Intervals Configuring Hello Time Intervals Dead Time Intervals Configuring Dead Time Intervals Retransmitting Intervals Configuring Retransmitting Intervals About Disabling FSPF for Specific Interfaces Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 12
About Registering Name Server Proxies Registering Name Server Proxies Rejecting Duplicate pWWNs Rejecting Duplicate pWWNs Name Server Database Entries Displaying Name Server Database Entries FDMI Displaying FDMI RSCN Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 13
TLV Configuration Identifying iSCSI Traffic Configuring Type QoS Policies Configuring No-Drop Policy Maps Applying System Service Policies iSCSI TLV and FCoE Configuration Identifying iSCSI and FCoE Traffic Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01 xiii...
Page 14
C H A P T E R 1 6 Information About FC-SP and DHCHAP Fabric Authentication Configuring DHCHAP Authentication DHCHAP Compatibility with Fibre Channel Features About Enabling DHCHAP Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 15
Configuring Port Security with Auto-Learning without CFS Configuring Port Security with Manual Database Configuration Enabling Port Security Port Security Activation Activating Port Security Database Activation Rejection Forcing Port Security Activation Database Reactivation Auto-Learning Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 16
Port Security Versus Fabric Binding Fabric Binding Enforcement Configuring Fabric Binding Configuring Fabric Binding Enabling Fabric Binding Switch WWN Lists Configuring Switch WWN List Fabric Binding Activation and Deactivation Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 17
Tracking Multiple Ports Tracking Multiple Ports Monitoring Ports in a VSAN Monitoring Ports in a VSAN Forcefully Shutting down Forcefully Shutting Down a Tracked Port Displaying Port Tracking Information Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01 xvii...
Page 18
Contents Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x xviii OL-30895-01...
Documentation Feedback, page xxii • Obtaining Documentation and Submitting a Service Request, page xxiii Audience This publication is for network administrators who configure and maintain Cisco Nexus devices and Cisco Nexus 2000 Series Fabric Extenders. Document Conventions Note As part of our constant endeavor to remodel our documents to meet our customers' requirements, we have modified the manner in which we document configuration tasks.
Page 20
Means reader take note. Notes contain helpful suggestions or references to material not covered in the Note manual. Means reader be careful. In this situation, you might do something that could result in equipment damage Caution or loss of data. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 21
Preface Related Documentation for Cisco Nexus 5500 Series NX-OS Software Related Documentation for Cisco Nexus 5500 Series NX-OS Software The entire Cisco NX-OS 5500 Series documentation set is available at the following URL: http://www.cisco.com/c/en/us/support/switches/nexus-5000-series-switches/ tsd-products-support-series-home.html Release Notes The release notes are available at the following URL: http://www.cisco.com/en/US/products/ps9670/prod_release_notes_list.html...
The Cisco Nexus 5500 Series NX-OS MIB Reference is available at http://www.cisco.com/en/US/docs/switches/ datacenter/nexus5500/sw/mib/reference/NX5500_MIBRef.html. Error and System Messages The Cisco Nexus 5500 Series NX-OS System Message Guide is available at http://www.cisco.com/en/US/docs/ switches/datacenter/nexus5500/sw/system_messages/reference/sl_nxos_book.html. Troubleshooting Guide The Cisco Nexus 5500 Series NX-OS Troubleshooting Guide is available at http://www.cisco.com/en/US/...
What's New in Cisco Product Documentation. To receive new and revised Cisco technical content directly to your desktop, you can subscribe to the What's New in Cisco Product Documentation RSS feed. RSS feeds are a free service.
Page 24
Preface Obtaining Documentation and Submitting a Service Request Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x xxiv OL-30895-01...
Page 25
• SAN Switching Overview, page 1 SAN Switching Overview This chapter provides an overview of SAN switching for Cisco NX-OS devices. This chapter includes the following sections: Fibre Channel Interfaces Fibre Channel ports are optional on the Cisco Nexus device.
Page 26
PortChannels load balance Fibre Channel traffic using a hash of source FC-ID and destination FC-ID, and optionally the exchange ID. Load balancing using PortChannels is performed over both Fibre Channel and FCIP links. Cisco NX-OS software also can be configured to load balance across multiple same-cost FSPF routes.
Page 27
Fibre Channel standards require that you allocate a unique FC ID to an N port that is attached to an F port in any switch. To conserve the number of FC IDs used, Cisco Nexus devices use a special allocation scheme.
Page 28
The Fibre Channel Security Protocol (FC-SP) provides switch-to-switch and hosts-to-switch authentication to overcome security challenges for enterprise-wide fabrics. The Diffie-Hellman Challenge Handshake Authentication Protocol (DHCHAP) is an FC-SP protocol that provides authentication between Cisco SAN switches and other devices. DHCHAP consists of the CHAP protocol combined with the Diffie-Hellman exchange.
Information About Fibre Channel Interfaces Licensing Requirements for Fibre Channel On Cisco Nexus devices, Fibre Channel capability is included in the Storage Protocol Services license. Ensure that you have the correct license installed (N5010SS or N5020SS) before using Fibre Channel interfaces and capabilities.
Physical Fibre Channel Interfaces Cisco Nexus devices support up to sixteen physical Fibre Channel (FC) uplinks through the use of two, optional explansion modules. The first module contains eight FC interfaces. The second module includes four Fibre Channel ports and four Ethernet ports.
Page 31
Configuring Fibre Channel Interfaces Information About Fibre Channel Interfaces The VF port support over 10G-FEX interfaces feature is supported only in Cisco Nexus Fabric Extender straight-through topologies where each Fabric Extender is directly connected to a Cisco Nexus device. VE Ports A virtual E port (VE port) is a port that emulates an E port over a non-Fibre Channel link.
This status cannot be changed and is read-only. Some values may not be valid when the interface is down (for example, the operational speed). Related Topics Configuring and Managing VSANs, on page 113 Configuring N Port Virtualization, on page 51 Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 33
In trunking E port (TE port) mode, an interface functions as a trunking expansion port. It may be connected to another TE port to create an extended ISL (EISL) between two switches. TE ports connect to another Cisco Nexus device or a Cisco MDS 9000 Family switch. They expand the functionality of E ports to support the following: •...
(host or disk), it operates in F port mode. If the interface is attached to a third-party switch, it operates in E port mode. If the interface is attached to another switch in the Cisco Nexus device or Cisco MDS 9000 Family, it may become operational in TE port mode.
None. Down Down Administratively down. If you administratively configure an interface as down, you disable the interface. No traffic is received or transmitted. Down See the table below. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 36
The interface VSAN is deleted or is in a suspended state. To make the interface operational, assign that port to a configured and active VSAN. Hardware failure A hardware failure is detected. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 37
The VSANs at both ends of an ISL are different. port channel administratively down The interfaces belonging to the Only SAN port channel interfaces SAN port channel are down. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
BB_credits are negotiated on a per-hop basis. In Cisco Nexus devices, the BB_credit mechanism is used on Fibre Channel interfaces but not on virtual Fibre Channel interfaces. The receive BB_credit determines the receive buffering capability on the receive side without having to acknowledge the peer.
If this is a QSFP+ GEM, the slot/port Note syntax is slot/QSFP-module/port. Setting the Interface Administrative State To gracefully shut down an interface, perform this task: To enable traffic flow, perform this task: Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
# switchport mode E switch(config-if) # exit switch# This example shows the running configuration for vFC 20 bound to the Ethernet slot1,port 3 interface. switch# show running-config switch(config) # interface vfc20 Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Configuring Fibre Channel Interfaces Configuring Unified Ports Before You Begin Confirm that you have a supported Cisco Nexus switch. Unified Ports are available on the following Cisco Nexus switches: • Cisco Nexus 5596T • Cisco Nexus 5548UP • Cisco Nexus 5596UP •...
Step 7 switch(config-slot) # no port port Removes the unified port. number type fc This example shows how to configure a unified port on a Cisco N55-M16UP expansion module: switch# configure terminal switch(config)# slot 2 switch(config-slot)# port 1-16 type fc...
The switchport encap eisl command is disabled by default. If you enable encapsulation, all outgoing frames are encapsulated, and you will see a new line (Encapsulation is eisl) in the show interface SD_port_interface command output. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
You can enter the shutdown/no shutdown command sequence to reenable the interface. You can configure the switch to not disable an interface when the threshold is crossed. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Note If you specify E, F, or TE for the mode, the buffer-to-buffer credit value is applicable only when the port is set to that particular mode. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Step 4 switch(config)# system default Configures the default setting for administrative trunk mode state of an interface as Auto. switchport trunk mode auto Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
All of the N port identifiers are allocated in the same VSAN. Procedure Command or Action Purpose Step 1 Enters configuration mode. configure terminal Example: switch# configure terminal switch(config)# Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
This example shows how to configure the port channel member interfaces on the NPV switch: switch(config)# interface fc2/1-2 switch(config-if)# shut switch(config-if)# switchport mode NP switch(config-if)# switchport trunk mode on switch(config-if)# channel-group 2 switch(config-if)# no shut switch(config-if)# exit Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
The small form-factor pluggable (SFP) hardware transmitters are identified by their acronyms when displayed in the show interface brief command. If the related SFP has a Cisco-assigned extended ID, then the show interface and show interface brief commands display the ID instead of the transmitter type. The show interface transceiver command and the show interface fc slot/port transceiver command display both values for Cisco supported SFPs.
• Fabric reconfiguration—This phase guarantees a resynchronization of all switches in the fabric to ensure they simultaneously restart a new principal switch selection phase. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
IDs are different, the runtime domain ID changes to take on the static domain ID after the next restart, either disruptive or nondisruptive. If a VSAN is in interop mode, you cannot disruptively restart the fcdomain for that VSAN. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
BF phase, followed by a principal switch selection phase. The fast restart feature can be used in any interoperability mode. Enabling Domain Manager Fast Restart You can enable the domain manager fast restart feature. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Configuring Switch Priority You can configure the priority for the principal switch. Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: switch# configure terminal switch(config)# Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Step 3 switch(config)# fcdomain vsan vsan-id Enables the fcdomain configuration in the specified VSAN. Configuring Fabric Names You can set the fabric name value for a disabled fcdomain. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Step 2 fcdomain auto-reconfigure vsan vsan-id Enables the automatic reconfiguration option in the specified VSAN. The VSAN ID ranges from 1 to 4093. Example: switch(config)# fcdomain auto-reconfigure vsan 1 Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
When a subordinate switch requests a domain, the following process takes place (see the figure below): • The local switch sends a configured domain ID request to the principal switch. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 61
◦ If the configured type is preferred, the local switch accepts the domain ID assigned by the principal switch and the assigned domain ID becomes the runtime domain ID. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
The domain ID range is 1 to 239. The VSAN ID range is 1 to 4093. Example: switch(config)# fcdomain domain 1 preferred vsan 5 Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Reverts to the factory default of allowing domain vsan-id IDs from 1 through 239 in the specified VSAN. Example: switch(config)# no fcdomain allowed 3 vsan 10 Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
CFS Distribution of Allowed Domain ID Lists You can enable the distribution of the allowed domain ID list configuration information to all Cisco SAN switches in the fabric using the Cisco Fabric Services (CFS) infrastructure. This feature allows you to synchronize the configuration across the fabric from the console of a single switch.
You can display the status of the distribution session by using the show fcdomain session-status vsan command: switch# show fcdomain session-status vsan 1 Last Action: Distribution Enable Result: Success Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
• An N port logs into a SAN switch. The WWN of the requesting N port and the assigned FC ID are retained and stored in a volatile cache. The contents of this volatile cache are not saved across reboots. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
33:e8:00:05:30:00:16:df Configures a device WWN fcid fcid (33:e8:00:05:30:00:16:df) with the FC ID 0x070128 in the specified VSAN. Example: switch(config-fcid-db)# vsan 26 wwn 33:e8:00:05:30:00:16:df fcid 4 Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
FC ID. Cisco SAN switches facilitate this requirement with the FC ID persistence feature. You can use this feature to preassign an FC ID with a different area to either the storage port or the HBA port.
Page 71
------------------------------------------------------------------ INTERFACE VSAN FCID PORT NAME NODE NAME ------------------------------------------------------------------ vfc20 0x6fee00 50:05:08:b2:00:71:c8:c2 50:05:08:b2:00:71:c8:c0 fc2/3 0x6f7704 50:06:0e:80:03:29:61:0f 50:06:0e:80:03:29:61:0f Note Both FC IDs now have different area assignments. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
If the fcdomain feature is disabled, the runtime fabric name in the display is the same as the configured fabric name. This example shows how to display information about fcdomain configurations: switch# show fcdomain vsan 2 Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
FC IDs, and mask refers to a single or entire area of FC IDs. switch# show fcdomain address-allocation cache Default Settings for Fibre Channel Domains The following table lists the default settings for all fcdomain parameters. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 74
Disabled contiguous-allocation option Disabled Priority Allowed list 1 to 239 Fabric name 20:01:00:05:30:00:28:df rcf-reject Disabled Persistent FC ID Enabled Allowed domain ID list configuration distribution Disabled Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Information About NPV NPV Overview By default, Cisco Nexus devices switches operate in fabric mode. In this mode, the switch provides standard Fibre Channel switching capability and features. In fabric mode, each switch that joins a SAN is assigned a domain ID. Each SAN (or VSAN) supports a maximum of 239 domain IDs, so the SAN has a limit of 239 switches.
Server interfaces are automatically distributed among the NP uplinks to the core switch. All of the end devices connected to a server interface are mapped to the same NP uplink. In Cisco Nexus devices, server interfaces can be physical or virtual Fibre Channel interfaces. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x...
NP uplink are converted to fabric discovery messages (FDISCs). In the switch CLI configuration commands and output displays, NP uplinks are called External Interfaces. Note In Cisco Nexus devices, NP uplink interfaces must be native Fibre Channel interfaces. Related Topics Fabric Login, on page 187...
• Ensures correct operation of the persistent FC ID feature, because a server interface will always connect to the same NP uplink (or one of a specified set of NP uplinks) after an interface reinitialization or switch reboot. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
• You can configure zoning for end devices that are connected to edge switches using all available member types on the core switch. For fWWN, sWWN, domain, or port-based zoning, use the fWWN, sWWN, domain, or port of the core switch in the configuration commands. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
• Servers can be connected to the switch when in NPV mode. • When initiators and targets are assigned to the same border port (NP or NP-PO), then Cisco Nexus 5000 Series switches in NPIV mode do not support hairpinning.
After you enable NPV, you should configure the NP uplink interfaces and the server interfaces. To configure an NP uplink interface, perform this task: To configure a server interface, perform this task: Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
NP uplinks. If a server interface is already mapped to an NP uplink, you should include this mapping in the traffic Note map configuration. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Step 3 switch (config)# no npv auto-load-balance Disables disruptive load balancing on the disruptive switch. Verifying NPV To display information about NPV, perform the following task: Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
For additional details (such as IP addresses, switch names, interface names) about the NPV edge switches that you see in the show fcns database output, enter the show fcns database detail command on the core switch: core-switch# show fcns database detail Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
To display the disruptive load-balancing status, enter the show npv status command: switch# show npv status npiv is enabled disruptive load balancing is enabled External Interfaces: ==================== Interface: fc2/1, VSAN: 2, FCID: 0x1c0000, State: Up Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 86
Configuring N Port Virtualization Verifying NPV Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Configuration Examples for FCoE NPV, page 77 Information About FCoE NPV FCoE NPV is supported on the Cisco Nexus devices. The FCoE NPV feature is an enhanced form of FIP snooping that provides a secure method to connect FCoE-capable hosts to an FCoE-capable FCoE forwarder (FCF) switch.
Page 88
Interoperability with FCoE-Capable Switches The Cisco Nexus device interoperates with the following FCoE-capable switches: • Cisco MDS 9000 Series Multilayer switches enabled to perform FCF functions (EthNPV and VE) • Cisco Nexus 7000 Series switches enabled to perform FCF functions (EthNPV and VE) •...
The following figure shows the FCoE NPV bridge connecting hosts and FCFs. From a control plane perspective, FCoE NPV performs proxy functions towards the FCF and the hosts in order to load balance logins from the Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
VSANs from the hosts must be created and for each VSAN, a dedicated VLAN must also be created and mapped. The mapped VLAN is used to carry FIP and FCoE traffic for the corresponding VSAN. The VLAN-VSAN mapping must be configured consistently in the entire fabric. The Cisco Nexus device supports 32 VSANs.
• FCoE frames received over VNP ports are forwarded only if the L2_DA matches one of the FCoE MAC addresses assigned to hosts on the VF ports otherwise they’re discarded. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
• FCoE VLANs must not be configured on the inter-switch vPC interfaces. • VF port binding to a vPC member port is not supported for an inter-switch vPC. Figure 6: VNP Ports in an Inter-Switch vPC Topology Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
FCoE NPV supports the following topologies: Figure 7: Cisco Nexus Device As An FCoE NPV Device Connected to a Cisco Nexus Device Over A Non- vPC Port Channel Figure 8: Cisco Nexus Device As An FCoE NPV Device Connected Over a vPC To Another Cisco Nexus Device...
Page 94
Configuring FCoE NPV Supported and Unsupported Topologies Figure 10: Cisco Nexus Device With A 10GB Fabric Extender as an FCoE NPV Device Connected Over a vPC to Another Cisco Nexus Device Figure 11: Cisco Nexus Device As An FCoE NPV Bridge Connecting to a FIP Snooping Bridge Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x...
Page 95
Configuring FCoE NPV Supported and Unsupported Topologies Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 96
Figure 12: 10GB Fabric Extender Connecting To The Same FCoE NPV Bridge Over Multiple VF Ports Figure 13: Cisco Nexus Device As An FCoE NPV Bridge Connecting To A FIP Snooping Bridge Or Another FCoE NPV Bridge Figure 14: VF Port Trunk To Hosts In FCoE NPV Mode Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x...
FCoE NPV is enabled and if VNP ports are configured. • A warning is displayed if an ISSD is performed to Cisco NX-OS Release 5.0(3)N1(1) or an earlier release when FCoE NPV is enabled but VNP ports are not configured.
FCoE NPV has the following prerequisites: • Ensure that the correct licenses are installed. • For the Cisco Nexus 5500 Platform switches, ensure that the FCF supports multiple FC ports and multiple logins (FLOGI) on a single physical VF port.
Verifying FCoE NPV Configuration To display FCoE NPV configuration information, perform one of the following tasks: Command Purpose show fcoe database Displays information about the FCoE database. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
FCoE NPV enabled on all modules successfully switch(config)# feature lacp switch# config t switch(config)# system qos switch(config-sys-qos)# service-policy type qos input fcoe-default-in-policy switch(config-sys-qos)# service-policy type queuing input fcoe-default-in-policy Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 102
This example shows the FCoE VLAN to VSAN mappings: switch# show vlan fcoe Original VLAN ID Translated VSAN ID Association State ---------------- ------------------ ----------------- Operational Operational Operational Operational Operational Operational Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 103
This example shows the status of the NPV configuration including information about VNP ports: switch# show npv status npiv is enabled disruptive load balancing is disabled External Interfaces: ==================== Interface: fc2/5, State: Trunking VSAN: 1, State: Up Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 104
Please make sure to enable "disable-fka" on all logged in VFCs Please increase the FKA duration to 60 seconds on FCF Active VNP ports with no disable-fka set ---------------------------------------- vfc90 vfc100 vfc110 vfc111 Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 105
Configuring FCoE NPV Configuration Examples for FCoE NPV vfc120 vfc130 ISSU downgrade not supported as feature fcoe-npv is enabled switch# Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 106
Configuring FCoE NPV Configuration Examples for FCoE NPV Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
VSAN trunking enable interconnected ports to transmit and receive frames in more than one VSAN. Trunking is supported on E ports and F ports. Beginning in Cisco NX-OS Release 5.0(2)N1(1), VSAN trunking is supported on native Fibre Channel interfaces and virtual Fibre Channel interfaces.
(when the trunking protocol was enabled). Other switches that are directly connected to this switch are similarly affected on the connected interfaces. If you need to merge traffic from different port VSANs across a nontrunking ISL, disable the trunking protocol. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
The default trunk mode is on. The trunk mode configurations at the two ends of the link determine the trunking state of the link and the port modes at both ends (see the following table). Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Auto No trunking (ISL) E port The preferred configuration on the Cisco SAN switches is that one side of the trunk is set to auto and the other is set to on. Note When connected to a third-party switch, the trunk mode configuration has no effect. The Inter-Switch Link (ISL) is always in a trunking disabled state.
VSAN list for an interface, and they are called allowed-active VSANs. The trunking protocol uses the list of allowed-active VSANs at the two ends of an ISL to determine the list of operational VSANs in which traffic is allowed. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 112
• The ISL between switch 2 and switch 3 includes VSAN 1 and VSAN 2. • The ISL between switch 3 and switch 1 includes VSAN 1, 2, and 5. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Port channel can connect to interfaces across switching modules, so a failure of a switching module cannot bring down the port channel link. Cisco Nexus devices support a maximum of four SAN port channels in FC switch mode, which includes E/TE-port port channels.
About NPV and NP Port Channels Cisco Nexus devices support a maximum of four SAN port channels in NPV mode (with eight interfaces per port channel). This means we support a maximum of 4xNP-Port-Channels on Cisco Nexus devices in NPV mode.
However, subsequent exchanges can use a different link. This method provides finer granularity for load balancing while preserving the order of frames for each exchange. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 120
The following figure illustrates how exchange-based load balancing works. When the first frame in an exchange is received for forwarding on an interface, link 1 is chosen by a hash algorithm. All remaining frames in that Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Figure 23: SID1, DID1, and Exchange-Based Load Balancing Configuring SAN Port Channels SAN port channels are created with default values. You can change the default configuration just as any other physical interface. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 122
The following figure shows examples of invalid configurations. Assuming that the links are brought up in the 1, 2, 3, 4 sequence, links 3 and 4 will be operationally down as the fabric is misconfigured. Figure 25: Misconfigured Configurations Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
• For an NPV switch which is configured for trunking on any interface, or for a regular switch where the f port-channel-trunk command is issued to enable the Trunking F Port Channels feature, follow these configuration guidelines for reserved VSANs and isolated VSAN: Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Note A F port channel is supported only in Active Mode. The table below compares On and Active modes. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
1 to 256. Step 3 switch(config-if)# channel mode active Configures the Active mode. Step 4 switch(config-if)# no channel mode active Reverts to the default On mode. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
SAN port channel increases the channel size and bandwidth of the SAN port channel. Removing an interface from a SAN port channel decreases the channel size and bandwidth of the SAN port channel. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Beginning with Cisco NX-OS Release 5.0(2)N2(1), after you enable forcing a port to be added to a channel group by entering the channel-group force command, the following two conditions occur: •...
You must explicitly enable those ports again. • If you use the Active mode, then the port channel ports automatically recover from the addition. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Enters global configuration mode. Step 2 switch(config)# interface type slot/port Enters configuration mode for the specified interface. Note If this is a QSFP+ GEM, the slot/port syntax is slot/QSFP-module/port. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
The port channel protocol is enabled by default. The port channel protocol expands the port channel functional model in Cisco SAN switches. It uses the exchange peer parameters (EPP) services to communicate across peer ports in an ISL. Each switch uses the information received from the peer ports along with its local configuration and operational values to decide if it should be part of a SAN port channel.
Page 131
You can explicitly convert this channel group, if required. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
When enabling autocreation in any Cisco Nexus device, we recommend that you retain at least one interconnected port between the switches without any autocreation configuration. If all ports between two...
F ports on the NPIV core switches and NP ports on the NPV switches. Before you configure the F port channel, ensure that F port trunking, F port channeling, and NPIV are enabled. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
To display VSAN configuration information, perform one of the following tasks: Procedure Command or Action Purpose Step 1 switch# show san-port-channel summary | Displays SAN port channel information. database | consistency [ details ] | usage | compatibility-parameters Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Default Settings for SAN Port Channels The table below lists the default settings for SAN port channels. Table 16: Default SAN Port Channel Parameters Parameters Default Port channels FSPF is enabled by default. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 136
Configuring SAN Port Channels Default Settings for SAN Port Channels Parameters Default Create port channel Administratively up. Default port channel mode Autocreation Disabled. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
• Multiple VSANs can share the same physical topology. • The same Fibre Channel IDs (FC IDs) can be assigned to a host in another VSAN, which increases VSAN scalability. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 138
The application servers or storage arrays can be connected to the switch using Fibre Channel or virtual Fibre Channel interfaces. A VSAN can include a mixture of Fibre Channel and virtual Fibre Channel interfaces. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 139
◦ Different customers in storage provider data centers ◦ Production or test in an enterprise network ◦ Low and high security requirements ◦ Backup traffic on separate VSANs ◦ Replicating data from user traffic Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
VSAN (the VSAN associated with the F port). zones. VSANs enforce membership at each E port, source Zones enforce membership only at the source and port, and destination port. destination ports. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Once VSANs are created, they may exist in various conditions or states. ◦ The active state of a VSAN indicates that the VSAN is configured and enabled. By enabling a VSAN, you activate the services for that VSAN. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
You cannot configure any application-specific parameters for a VSAN before creating the VSAN. Procedure Command or Action Purpose Step 1 Enters global configuration mode. configure terminal Example: switch# configure terminal switch(config)# Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
VSAN trunking ports have an associated list of VSANs that are part of an allowed list. Related Topics Assigning Static Port VSAN Membership, on page 120 Configuring VSAN Trunking, on page 83 Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
To display the VSAN static membership information, use the show vsan membership command. The following example displays membership information for the specified VSAN: switch # show vsan 1 membership vsan 1 interfaces: fc2/1 fc2/2 fc2/3 fc2/4 san-port-channel 3 vfc1/1 Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Default VSANs The factory settings for Cisco SAN switches have only the default VSAN 1 enabled. We recommend that you do not use VSAN 1 as your production environment VSAN. If no VSANs are configured, all devices in the fabric are considered part of the default VSAN.
Any commands for a nonconfigured VSAN are rejected. For example, if VSAN 10 is not configured in the system, a command request to move a port to VSAN 10 is rejected. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
You can configure load balancing on an existing VSAN. Load-balancing attributes indicate the use of the source-destination ID (src-dst-id) or the originator exchange OX ID (src-dst-ox-id, the default) for load-balancing path selection. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 148
Negates the suspend command entered in the previous step. Example: switch(config-vsan-db)# no vsan 23 suspend Step 9 Returns you to EXEC mode. Example: switch(config-vsan-db)# end Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
VSAN 1. State Active state. Name Concatenation of VSAN and a four-digit string representing the VSAN ID. For example, VSAN 3 is VSAN0003. Load-balancing attribute OX ID (src-dst-ox-id). Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 150
Configuring and Managing VSANs Default Settings for VSANs Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
◦ A physical fabric can have a maximum of 16,000 members. This includes all VSANs in the fabric. • A zone set consists of one or more zones. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 152
This membership is also referred to as interface-based zoning. ◦Interface and domain ID—Specifies the interface of a switch identified by the domain ID. ◦Domain ID and port number—Specifies the domain ID of a Cisco switch domain and additionally specifies a port belonging to a non-Cisco switch.
Configuring and Managing Zones Information About Zoning Interface-based zoning only works with Cisco SAN switches. Interface-based zoning does not work for Note VSANs configured in interop mode. Zoning Example The following figure shows a zone set with two zones, zone 1 and zone 2, in a fabric. Zone 1 provides access from all three hosts (H1, H2, H3) to the data residing on storage systems S1 and S2.
Configuring and Managing Zones Information About Zoning Zone Implementation Cisco SAN switches automatically support the following basic zone features (no additional configuration is required): • Zones are contained in a VSAN. • Hard zoning cannot be disabled. • Name server queries are soft-zoned.
Page 155
If one zone set is active and you activate another zone set, the currently active zone set is automatically deactivated. You do not need to explicitly deactivate the currently active zone set before activating a new zone set. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 156
Configuring and Managing Zones Information About Zoning The following figure shows a zone being added to an activated zone set. Figure 33: Active and Full Zone Sets Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
MyZone vsan 2 pWWN example: switch(config-zone)# member pwwn 10:00:00:23:45:67:89:ab Fabric pWWN example: switch(config-zone)# member fwwn 10:01:10:01:10:ab:cd:ef FC ID example: switch(config-zone)# member fcid 0xce00d1 FC alias example: switch(config-zone)# member fcalias Payroll Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
In the following figure, two separate sets are created, each with its own membership hierarchy and zone members. Figure 34: Hierarchy of Zone Sets, Zones, and Zone Members Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Traffic can either be permitted or denied among members of the default zone. This information is not distributed to all switches; it must be configured in each switch. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
• fWWN—The WWN of the fabric port name is in hex format (for example, 10:00:00:23:45:67:89:ab). • FC ID—The N port ID is in 0xhhhhhh format (for example, 0xce00d1). Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Configuring and Managing Zones Zone Sets • Domain ID—The domain ID is an integer from 1 to 239. A mandatory port number of a non-Cisco switch is required to complete this membership configuration. • Interface—Interface-based zoning is similar to port-based zoning because the switch interface is used to configure the zone.
You can create a zone set to include several zones. Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: switch# configure terminal switch(config)# Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Note Hard zoning enforces zoning restrictions on every frame, and prevents unauthorized access. Cisco SAN switches support both hard and soft zoning. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Enabling Full Zone Set Distribution All Cisco SAN switches distribute active zone sets when new E port links come up or when a new zone set is activated in a VSAN. The zone set distribution takes effect while sending merge requests to the adjacent switch or while activating a zone set.
• Import the neighboring switch’s active zone set database and replace the current active zone set (see the figure below). • Export the current database to the neighboring switch. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
You can make a copy and then edit it without altering the existing active zone set. You can copy an active zone set from the bootflash: directory, volatile: directory, or slot0 to one of the following areas: • To the full zone set Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Caution in the full zone set database. Copying Zone Sets On Cisco SAN switches, you cannot edit an active zone set. However, you can copy an active zone set to create a new zone set that you can edit. Procedure...
Step 2 zoneset clone oldname newname vsan vsan-id Clones a zone set in the specified VSAN. Example: switch(config)# zoneset clone test myzoneset2 vsan 2 Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
You can view any zone information by using the show command. If you request information for a specific object (for example, a specific zone, zone set, VSAN, or alias, or keywords such as brief or active), only information for the specified object is displayed. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Broadcast zoning is not supported on the Cisco Nexus 5000 Series switches. Note The following table lists the advantages of the enhanced zoning feature in all switches in the Cisco SAN switches. Table 21: Advantages of Enhanced Zoning...
Cisco interop mode. mode (interop mode 1). Changing from Basic Zoning to Enhanced Zoning You can change to the enhanced zoning mode from the basic mode. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Set the operation mode to enhanced zoning mode. Changing from Enhanced Zoning to Basic Zoning Cisco SAN switches allow you to change from enhanced zoning to basic zoning to enable you to downgrade and upgrade to other Cisco NX-OS releases.
Step 4 switch(config)# no zone commit vsan vsan-id Discards the changes to the enhanced zone database and closes the session. Example: switch(config)# no zone commit vsan 22 Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
The adjacent database attribute group object with same name1 but different information populates the members. local database. Empty. Contains data. Successful. The merging of the local and adjacent databases. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Example: switch(config)# no zone merge-control restrict vsan 33 Step 4 zone commit vsan vsan-id Commits the changes made to the specified VSAN. Example: switch(config)# zone commit vsan 20 Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Step 2 system default zone default-zone permit Configures permit as the default zoning policy for new VSANs on the switch. Example: switch(config)# system default zone default-zone permit Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Step 2 no zone name zone-name vsan vsan-id Deletes a zone to reduce the number of zones to 2000 or fewer. Example: switch(config)# no zone name myzone vsan Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Table 23: Default Basic Zone Parameters Parameters Default Default zone policy Denied to all members. Full zone set distribute The full zone set(s) is not distributed. Enhanced zoning Disabled. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
When the port WWN (pWWN) of a device must be specified to configure features (for example, zoning, DPVM, or port security) in a Cisco SAN switch, you must assign the correct device name each time you configure these features. An inaccurate device name may cause unexpected results. You can circumvent this problem if you define a user-friendly name for a pWWN and use this name in all the configuration commands as required.
• Device aliases used to configure zones, IVR zones, or port security features are displayed automatically with their respective pWWNs in the show command output. For additional information, refer to Using Cisco Fabric Services in the System Management Configuration Guide for your device.
21:01:00:e0:8b:2e:80:93 Step 4 no device-alias name device-name Removes the device name for the device that is identified by its pWWN. Example: switch(config-device-alias-db)# no device-alias name mydevice Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
• Before changing from enhanced to basic mode, you must first explicitly remove all native device alias-based configurations from both local and remote switches, or replace all device alias-based configuration members with the corresponding pWWN. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
This example shows how to display the current device alias mode setting. switch# show device-alias status Fabric Distribution: Enabled Database:- Device Aliases 0 Mode: Basic Locked By:- User "admin" SWWN 20:00:00:0d:ec:30:90:40 Pending Database:- Device Aliases 0 Mode: Basic Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
• The pending database is distributed to the switches in the fabric and the effective database on those switches is overwritten with the new changes. • The pending database is emptied of its contents. • The fabric lock is released for this feature. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Importing a Zone Alias You can import the zone alias for a specific VSAN. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
• Verify that the combined number of device aliases in both databases does not exceed 8K (8191 device aliases) in fabrics running Cisco MDS SAN-OS Release 3.0 (x) and earlier, and 20K in fabrics running Cisco MDS SAN-OS Release 3.1(x) and later.
Enabled. Device alias mode Basic. Database in use Effective database. Database to accept changes Pending database. Device alias fabric lock state Locked with the first device alias task. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 190
Distributing Device Alias Services Default Settings for Device Alias Services Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Fabric Shortest Path First (FSPF) is the standard path selection protocol used by Fibre Channel fabrics. The FSPF feature is enabled by default on the E mode and TE modeFibre Channel interfaces on Cisco SAN switches. Except in configurations that require special consideration, you do not need to configure any FSPF services.
In the same way, if any switch goes down, the connectivity of the rest of the fabric is preserved. Figure 36: Fault Tolerant Fabric Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
To improve on the topology, each connection between any pair of switches can be replicated; two or more links can be present between a pair of switches. The following figure shows this arrangement. Because Cisco SAN switches support SAN port channels, each pair of physical links can appear to the FSPF protocol as one single logical link.
You can configure an FSPF feature for the entire VSAN. Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: switch# configure terminal switch(config)# Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Deletes the FSPF configuration for the specified VSAN. Example: switch(config)# no fspf config vsan 24 Enabling or Disabling FSPF You can enable or disable FSPF routing protocols. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
FSPF route selection. The integer value to specify cost can range from 1 to 65,535. The default cost for 1 Gbps is 1000 and for 2 Gbps is 500. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Configuring Hello Time Intervals You can configure the FSPF Hello time interval. Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: switch# configure terminal switch(config)# Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Configures the specified interface, or if already configured, enters configuration mode for the specified interface. If this is a QSFP+ GEM, the slot/port syntax is Note slot/QSFP-module/port. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Specifies the retransmit time interval for vsan-id unacknowledged link state updates in the specified VSAN. The default is 5 seconds. Example: switch(config-if)# fspf retransmit-interval 10 vsan 25 Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Reenables FSPF for the specified interface in the specified VSAN. Example: switch(config-if)# no fspf passive vsan 23 Clearing FSPF Counters for an Interface You can clear the FSPF statistics counters for an interface. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
12 is slot/QSFP-module/port. In-Order Delivery In-order delivery (IOD) of data frames guarantees frame delivery to a destination in the same order that they were sent by the originator. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Configuring Fibre Channel Routing Services and Protocols In-Order Delivery Some Fibre Channel protocols or applications cannot handle out-of-order frame delivery. In these cases, Cisco SAN switches preserve frame ordering in the frame flow. The source ID (SID), destination ID (DID), and optionally, the originator exchange ID (OX ID) identify the flow of the frame.
Configuring the Drop Latency Time, on page 182 About Enabling In-Order Delivery You can enable IOD for a specific VSAN or for the entire switch. By default, IOD is disabled on Cisco SAN switches. We recommend that you enable this feature only when devices that cannot handle any out-of-order frames are present in the switch.
Step 3 no in-order-guarantee vsan vsan-id Reverts the switch to the factory defaults and disables the in-order delivery feature in the specified VSAN. Example: switch(config)# no in-order-guarantee vsan Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
1000 vsan 12 Step 4 no fcdroplatency network value Removes the current fcdroplatency network configuration and reverts the switch to the factory defaults. Example: switch(config)# no fcdroplatency network 1000 Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
20 vsan 12 Step 3 no fcflow stats aggregated index value vsan vsan-id Disables the aggregated flow counter. Example: switch(config)# no fcflow stats aggregated index 20 vsan 12 Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
The following example shows how to display flow statistics: switch# show fcflow stats The following example shows how to display flow index usage: switch# show fcflow stats usage 2 flows configured Configured flows : 3,7 Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Based on destination ID and source ID on different, equal cost paths In-order delivery Disabled Drop latency Disabled Static route cost If the cost (metric) of the route is not specified, the default is 10 Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 210
Parameters Default Remote destination switch If the remote destination switch is not specified, the default is direct Multicast routing Uses the principal switch to compute the multicast tree Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
0x870000 20:00:00:1b:21:06:58:bc 10:00:00:1b:21:06:58:bc Total number of flogi = 1. This example shows how to verify the storage devices associated with VSAN 1: switch# show flogi database vsan 1 Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
By default, any future flogi (with duplicate pwwn) on different switch in the same vsan, will be rejected and earlier FLOGI retained, which does not follow FC standards. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
In a multiswitch fabric configuration, the name server instances running on each switch shares information in a distributed database. One instance of the name server process runs on each switch. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
FDMI Cisco SAN switches provide support for the Fabric-Device Management Interface (FDMI) functionality, as described in the FC-GS-4 standard. FDMI enables management of devices such as Fibre Channel host bus adapters (HBAs) through in-band communications. This addition complements the existing Fibre Channel name server and management server functions.
The SCR table is not configurable. It is populated when hosts send SCR frames with RSCN information. If hosts do not receive RSCN information, then the show rscn scr-table command will not return entries. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
GMAL and GIELN commands to the switch that initiated the domain format SW-RSCN to determine what changed. Domain format SW-RSCNs can cause problems with some non-Cisco SAN switches. You can suppress the transmission of these SW-RSCNs over an ISL.
Before performing a downgrade, make sure that you revert the RSCN timer value in your network to the Note default value. Failure to do so will disable the links across your VSANs and other devices. You can configure the RSCN timer. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
SW-RSCNs. RSCN supports two modes, distributed and nondistributed. In distributed mode, RSCN uses Cisco Fabric Services (CFS) to distribute configuration to all switches in the fabric. In nondistributed mode, only the configuration commands on the local switch are affected.
RSCN timer distribution crashes and restarts or a switchover occurs, it resumes normal functionality from the state prior to the crash or switchover. For additional information, refer to Using Cisco Fabric Services in the System Management Configuration Guide for your device.
The following table lists the default settings for RSCN. Table 28: Default RSCN Settings Parameters Default RSCN timer value 2000 milliseconds for Fibre Channel VSANs RSCN timer configuration distribution Disabled Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 222
Managing FLOGI, Name Server, FDMI, and RSCN Databases Default Settings for RSCN Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
SCSI LUN discovery is done on demand. Only Nx ports that are present in the name server database and that are registered as FC4 Type = SCSI_FCP are discovered. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
To initiate a customized discovery, perform this task: Procedure Command or Action Purpose Step 1 switch# discover custom-list add vsan vsan-id Adds the specified entry to the custom list. domain domain-id Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
The following example displays the port WWN that is assigned to each operating system (Windows, AIX, Solaris, Linux, or HPUX): switch# show scsi-target pwwn Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 226
Discovering SCSI Targets Displaying SCSI LUN Information Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Information about iSCSI TLV NICs and converged network adapters connected to a Cisco Nexus 5000 or a Cisco Nexus 6000 Series switch by utilizing iSCSI as a storage protocol can be programmed to accept the configuration values sent by the switch leveraging DCBX or data center bridging exchange protocol.
40 characters. Step 3 switch(config-pmap-qos)# class To add a reference to the system class that matches a traffic class-name class, use this command. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Policy-map names can contain alphabetic, hyphen, or underscore characters, are case sensitive, and can be up to 40 characters. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Specifies the CoS value to match and specifies which protocol has to be mapped to a given CoS value. protocol [fcoe | iscsi | tcp] Important You are enabling the TLV by typing match protocol iscsi. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
40 characters. Step 3 switch(config-pmap-qos)# class Specifies a class map for a policy map. class-name Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Creates a named object that represents a class of traffic. Class-map names can contain alphabetic, hyphen, or underscore characters, {network-qos} class-name are case sensitive, and can be up to 40 characters. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 234
The list of CoS values can potentially include the CoS value that is used for FCoE traffic in class-fcoe. You must determine if this is desired behavior for your topology. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 235
2158 switch(config-pmap-c-nq)# pause no-drop switch(config-pmap-nq)# class type network-qos class-default switch(config-pmap-c-nq)# mtu 9216 Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
You can modify Fibre Channel protocol related timer values for the switch. The D_S_TOV, E_D_TOV, and R_A_ TOV values cannot be globally changed unless all VSANs in the Caution switch are suspended. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Configures the D_S_TOV timeout value (in milliseconds) for the specified VSAN. Suspends the VSAN temporarily. You have the option to end Example: this command, if required. switch(config#)# fctimer D_S_TOV 900 vsan 15 Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Distribution You can enable per-VSAN fctimer fabric distribution for all Cisco SAN switches in the fabric. When you perform fctimer configurations, and distribution is enabled, that configuration is distributed to all the switches in the fabric.
If the administrator performs this task, your changes to the pending database are discarded and the fabric lock is released. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
The following example displays the configured TOV for VSAN 10: switch# show fctimer vsan 10 vsan no. F_S_TOV D_S_TOV E_D_TOV R_A_TOV ------------------------------------------------- 5000 ms 5000 ms 3000 ms 10000 ms Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
WWN to a single device. The principal switch selection and the allocation of domain IDs rely on the WWN. Cisco SAN switches support three network address authority (NAA) address formats. (see the following table). Table 29: Standardized NAA WWN Formats...
Fibre Channel standards require a unique FC ID to be allocated to an N port attached to an F port in any switch. To conserve the number of FC IDs used, Cisco SAN switches use a special allocation scheme. Some HBAs do not discover targets that have FC IDs with the same domain and area. The switch software maintains a list of tested company IDs that do not exhibit this behavior.
FC ID Allocation for HBAs Default Company ID List All Cisco SAN switches contain a default list of company IDs that require area allocation. Using the company ID reduces the number of configured persistent FC ID entries. You can configure or modify these entries using the CLI.
• Mode 2—Brocade native mode (Core PID 0). • Mode 3—Brocade native mode (Core PID 1). • Mode 4—McData native mode. For information about configuring interop modes 2, 3, and 4, see the Cisco MDS 9000 Family Switch-to-Switch Interoperability Configuration Guide, available at the following location: http://www.cisco.com/en/US/docs/ storage/san_switches/mds9000/interoperability/guide/intopgd.html...
Page 246
The default zone operation of permit (all nodes can see all other nodes) or deny (all nodes are isolated when not explicitly placed in a zone) may change. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 247
VSAN and not the entire switch. Name server Verify that all vendors have the correct values in their respective name server database. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Brocade’s msplmgmtdeactivate command must explicitly be run prior to connecting from a Brocade switch to either Cisco SAN switches or to McData switches. This command uses Brocade proprietary frames to exchange platform information, which Cisco SAN switches or McData switches do not recognize.
Verifying Interoperating Status This section highlights the commands used to verify if the fabric is up and running in interoperability mode. To verify the resulting status of entering the interoperability command in any Cisco Nexus device, perform this task: Procedure Step 1 Verify the software version.
Page 250
<snip> interface mgmt0 ip address 6.1.1.96 255.255.255.0 switchport encap default no shutdown vsan database vsan 1 interop boot system bootflash:/nx5000-system-23e.bin Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 251
Local switch WWN: 20:01:00:05:30:00:51:1f Running fabric name: 10:00:00:60:69:22:32:91 Running priority: 128 Current domain ID: 0x64(100) <---------------verify domain id Local switch configuration information: State: Enabled Auto-reconfiguration: Disabled Contiguous-allocation: Disabled Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 252
1 FSPF Unicast Routes --------------------------- VSAN Number Dest Domain Route Cost Next hops ----------------------------------------------- 0x61(97) fc2/2 0x62(98) 1000 fc2/1 fc2/2 0x63(99) fc2/1 0x65(101) 1000 fc2/4 Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
0x651500 10:00:00:e0:69:f0:43:9f (JNI) Total number of entries = 12 The Cisco switch name server shows both local and remote entries, and does not time out the Note entries. Default Settings for Advanced Fibre Channel Features The following table lists the default settings for the features included in this chapter.
Page 254
5 frames Remote capture connection protocol Remote capture connection mode Passive Local capture frame limits 10 frames FC ID allocation mode Auto mode Loop monitoring Disabled Interop mode Disabled Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Diffie-Hellman exchange. Fabric Authentication All Cisco SAN switches enable fabric-wide authentication from one switch to another switch, or from a switch to a host. These switch and host authentications are performed locally or remotely in each fabric. As storage islands are consolidated and migrated to enterprise-wide fabrics, new security challenges arise. The approach of securing storage islands cannot always be guaranteed in enterprise-wide fabrics.
Configuring FC-SP and DHCHAP Configuring DHCHAP Authentication Cisco SAN switches support authentication features to address physical security (see the following figure). Figure 41: Switch and Host Authentication Fibre Channel host bus adapters (HBAs) with appropriate firmware and drivers are required for host-switch Note authentication.
Verify the DHCHAP configuration. DHCHAP Compatibility with Fibre Channel Features When configuring the DHCHAP feature along with existing Cisco NX-OS features, consider these compatibility issues: • SAN port channel interfaces—If DHCHAP is enabled for ports belonging to a SAN port channel, DHCHAP authentication is performed at the physical interface level, not at the port channel level.
Whenever DHCHAP port mode is changed to a mode other than the Off mode, reauthentication is Note performed. The following table identifies switch-to-switch authentication between two Cisco switches in various modes. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Zero (0) indicates that the port does not perform reauthentication. Example: switch(config-if)# fcsp Note The reauthorization interval configuration is the auto-active 0 same as the default behavior. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
(0). DHCHAP Hash Algorithm Cisco SAN switches support a default hash algorithm priority list of MD5 followed by SHA-1 for DHCHAP authentication. If you change the hash algorithm configuration, then change it globally for all switches in the fabric.
DHCHAP Group Settings All Cisco SAN switches support all DHCHAP groups specified in the standard: 0 (null DH group, which does not perform the Diffie-Hellman exchange), 1, 2, 3, or 4. If you change the DH group configuration, change it globally for all switches in the fabric.
We recommend using RADIUS or TACACS+ for fabrics with more than five switches. If you need to use a local password database, you can continue to do so using Configuration 3 and using Cisco MDS 9000 Family Fabric Manager to manage the password database.
• The existing RADIUS and TACACS+ timeout values. • The same value must also be configured on all switches in the fabric. Configuring the DHCHAP Timeout Value You can configure the DHCHAP timeout value. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
The following example shows how to display the DHCHAP local password database: switch# show fcsp dhchap database Use the ASCII representation of the device WWN to configure the switch information on RADIUS and TACACS+ servers. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
This example shows how to set up authentication: Procedure Step 1 Obtain the device name of the Cisco SAN switch in the fabric. The Cisco SAN switch in the fabric is identified by the switch WWN. Example: switch# show wwn switch...
A priority list of MD5 followed by SHA-1 for DHCHAP authentication DHCHAP authentication mode Auto-passive DHCHAP group default priority exchange order 0, 4, 1, 2, and 3, respectively DHCHAP timeout value 30 seconds Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 267
Configuring FC-SP and DHCHAP Default Settings for Fabric Security Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 268
Configuring FC-SP and DHCHAP Default Settings for Fabric Security Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Configuring Port Security, page 245 Configuring Port Security Cisco SAN switches provide port security features that reject intrusion attempts and report these intrusions to the administrator. Port security is supported on virtual Fibre Channel ports and physical Fibre Channel ports.
By default, the port security feature is not activated. When you activate the port security feature, the following operations occur: • Auto-learning is also automatically enabled, which means the following: Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
This action ensures that the configured database is the same on all switches in the fabric. Step 10 Copy the running configuration to the startup configuration, using the fabric option. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Disabling Auto-Learning, on page 253 Enabling Port Security, on page 249 Enabling Port Security Distribution, on page 257 Configuring Port Security with Auto-Learning without CFS You can configure port security using auto-learning without Cisco Fabric Services (CFS). Procedure Step 1 Enable port security.
Port Security Activation Activating Port Security You can activate port security. Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: switch# configure terminal switch(config)# Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Forcing Port Security Activation You can forcefully activate the port security database. Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: switch# configure terminal switch(config)# Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Enables auto-learning so the switch can learn about any device that is allowed to access VSAN 1. These devices are logged in the port security Example: active database. switch(config)# port-security auto-learn vsan 1 Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Permitted configured any device Configured to log in to Any port on the switch Permitted any switch port Not configured A port configured with Denied some other device Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
The WWN Identification has the following configuration guidelines and limitations: • Identify switch ports by the interface or by the fWWN. • Identify devices by the pWWN or by the nWWN. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Step 4 switch(config-port-security)# swwn swwn-id Configures the specified sWWN to only log interface san-port-channel 5 in through SAN port channel 5. Example: switch(config-port-security)# swwn 21:00:05:30:23:1a:11:03 interface san-port-channel 5 Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
32 Port Security Configuration Distribution The port security feature uses the Cisco Fabric Services (CFS) infrastructure to enable efficient database management, provide a single point of configuration for the entire fabric in the VSAN, and enforce the port security policies throughout the fabric.
Commits the port security changes in the specified VSAN. Example: switch(config)# port-security commit vsan Discarding the Changes You can discard the port security configuration changes for the specified VSAN. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
If the pending database contains more than one activation and auto-learning configuration when you commit the changes, the activation and auto-learning changes are consolidated and the resulting operation may change (see the following table). Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 284
= {A,B} active database = {A,B} and devices C and D are logged out. This is equal to an activation with auto-learning disabled. pending database = empty Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
You can overwrite the configuration database with configured database by activating the port security the active database. database. Forcing an activation may violate the entries already configured in the active database. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 286
The following figure shows various scenarios of the active database and the configuration database status based on port security configurations. Figure 43: Port Security Database Scenarios Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Database Scenarios the following figure illustrates various scenarios showing the active database and the configuration database status based on port security configurations. Figure 44: Port Security Database Scenarios Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
The clear port-security database auto-learn and clear port-security statistics commands are only Note relevant to the local switch and do not acquire locks. Also, learned entries are only local to the switch and do not participate in distribution. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Table 38: Default Security Settings Parameters Default Auto-learn Enabled if port security is enabled. Port security Disabled. Distribution Disabled. Note Enabling distribution enables it on all VSANs in the switch. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 290
Configuring Port Security Default Settings for Port Security Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Port Security Uses a set of sWWNs and a persistent domain ID. Uses pWWNs/nWWNs or fWWNs/sWWNs. Binds the fabric at the switch level. Binds devices at the interface level. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
For a Fibre Channel VSAN, the fabric binding feature requires all sWWNs connected to a switch to be part of the fabric binding active database. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
A user-specified fabric binding list contains a list of switch WWNs (sWWNs) within a fabric. If an sWWN attempts to join the fabric, and that sWWN is not on the list or the sWWN is using a domain ID that differs Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
For example, one of the already logged in switches might be denied login by the config database. You can choose to forcefully override these situations. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Deleting the Fabric Binding Database Use the no fabric-binding command in configuration mode to delete the configured database for a specified VSAN: switch(config)# no fabric-binding database vsan 10 Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
This example shows how to display EFMD Statistics for VSAN 4: switch# show fabric-binding efmd statistics vsan 4 Default Settings for Fabric Binding The following table lists the default settings for the fabric binding feature. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Each object has its own set of attributes and values. A null value may also be defined for some attributes. In the Cisco Nexus device environment, a fabric may consist of multiple VSANs. One instance of the FCS is present per VSAN.
When a restart or switchover happens, FCSs retrieve the secondary storage information and rebuild its database. • SNMP manager can query FCSs for all IEs, ports, and platforms in the fabric. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
You can specify if the unique name verification is for the entire fabric (globally) or only for locally (default) registered platforms. Note Set this command globally only if every switch in the fabric belong to the Cisco MDS 9000 Family or Cisco Nexus devices. To enable global checking of the platform name, perform this task:...
Page 302
Configuring Fabric Configuration Servers Default FCS Settings Table 41: Default FCS Settings Parameters Default Global checking of the platform name Disabled Platform node type Unknown Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Configuring Port Tracking, page 279 Configuring Port Tracking Cisco SAN switches offer the port tracking feature on physical Fibre Channel interfaces (but not on virtual Fibre Channel interfaces). This feature uses information about the operational state of the link to initiate a failure in the link that connects the edge device.
About RSCN Information, on page 191 Fibre Channel Timeout Values, on page 213 Default Settings for Port Tracking The following table lists the default settings for port tracking parameters. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Before configuring port tracking, consider the following guidelines: • Verify that the tracked ports and the linked ports are on the same Cisco switch. • Be aware that the linked port is automatically brought down when the tracked port goes down.
Even if one tracked port is up, the linked port will stay up. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
VSANs on the tracked port. If you configure this feature, the linked port is up only when the VSAN is up on the tracked port. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
You must explicitly remove the forced shut state (by administratively bringing up this interface) of the linked port once the tracked port is up and stable. Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Beacon is turned off Port tracked with interface vc22 (down) Port tracked with interface san-port-channel 1 vsan 2 (down) 5 minutes input rate 0 bits/sec, 0 bytes/sec, 0 frames/sec Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 310
Receive data field Size is 2112 Beacon is turned off Port track mode is force_shut <-- this port remains shut even if the tracked port is back up Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01...
Page 311
135, 221 reason codes description bit error thresholds interoperability configuring policies description destination IDs 95, 123, 178 bit errors exchange based reasons flow based in-order delivery Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01 IN-1...
Page 312
182, 183 fabric binding 233, 267, 268, 269, 271, 272, 273 configuring checking for E ports configuring for FSPF in-order delivery Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x IN-2 OL-30895-01...
Page 313
231, 233, 240 authentication operational states enabling reason codes enabling on ISLs states fcaliases Fibre Channel Security Protocol 137, 143, 144 cloning FLOGI configuring for zones description Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01 IN-3...
Page 314
1 fWWNs description configuring fcalias members verifying status Fx ports VSANs 9, 116 VSAN membership ISLs SAN port channel links isolated VSANs 121, 122 description displaying membership Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x IN-4 OL-30895-01...
Page 315
Node Proxy port mode displaying settings (procedure) NP links displaying statistics (procedure) NP port mode displaying violations (procedure) NP-ports enabling Cisco Nexus 5500 Series NX-OS SAN Switching Configuration Guide, Release 7.x OL-30895-01 IN-5...
Need help?
Do you have a question about the Nexus 5500 Series NX-OS and is the answer not in the manual?
Questions and answers