Page 1 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) First Published: July 02, 2012 Last Modified: July 02, 2012 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387)
Page 2 Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks . Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.
Page 3 QOS Requirements for Fibre Channel Physical Fibre Channel Interfaces Virtual Fibre Channel Interfaces VF Port VE Ports VNP Ports Interface Modes E Port F Port NP Port TE Port TF Port Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 4: Table Of Contents
Verifying BB_Credit Information Default Fibre Channel Interface Settings Configuring Fibre Channel Domain Parameters C H A P T E R 4 Information About Domain Parameters Fibre Channel Domains Domain Restarts Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 5 Enabling the Persistent FC ID Feature Persistent FC ID Configuration Guidelines Configuring Persistent FC IDs Unique Area FC IDs for HBAs Configuring Unique Area FC IDs for an HBA Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 6 Verifying NPV Verifying NPV Examples Verifying NPV Traffic Management Configuring FCoE NPV C H A P T E R 6 Information About FCoE NPV FCoE NPV Model Mapping Requirements Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 7 C H A P T E R 8 Configuring SAN Port Channels Information About SAN Port Channels Understanding Port Channels and VSAN Trunking Understanding Load Balancing Configuring SAN Port Channels SAN Port Channel Configuration Guidelines Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 8 Information About VSANs VSAN Topologies VSAN Advantages VSANs Versus Zones Guidelines and Limitations for VSANs About VSAN Creation Creating VSANs Statically Port VSAN Membership Assigning Static Port VSAN Membership Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) viii OL-27583-01...
Page 9 Creating FC Aliases Example Creating Zone Sets and Adding Member Zones Zone Enforcement Zone Set Distribution Enabling Full Zone Set Distribution Enabling a One-Time Distribution Recovering from Link Isolation Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 10 Default Settings for Zones Distributing Device Alias Services C H A P T E R 1 1 Distributing Device Alias Services Information About Device Aliases Device Alias Features Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 11 Configuring FSPF on a VSAN Resetting FSPF to the Default Configuration Enabling or Disabling FSPF Clearing FSPF Counters for the VSAN FSPF Interface Configuration FSPF Link Cost Configuring FSPF Link Cost Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 12 C H A P T E R 1 3 Managing FLOGI, Name Server, FDMI, and RSCN Databases Fabric Login Name Server Proxy About Registering Name Server Proxies Registering Name Server Proxies Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 13 Starting SCSI LUN Discovery About Initiating Customized Discovery Initiating Customized Discovery Displaying SCSI LUN Information Advanced Fibre Channel Features C H A P T E R 1 5 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01 xiii...
Page 14 Configuring DHCHAP Authentication DHCHAP Compatibility with Fibre Channel Features About Enabling DHCHAP Enabling DHCHAP DHCHAP Authentication Modes Configuring the DHCHAP Mode DHCHAP Hash Algorithm Configuring the DHCHAP Hash Algorithm Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 15 Port Security Activation Activating Port Security Database Activation Rejection Forcing Port Security Activation Database Reactivation Auto-Learning About Enabling Auto-Learning Enabling Auto-Learning Disabling Auto-Learning Auto-Learning Device Authorization Authorization Scenario Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 16 Configuring Switch WWN List Fabric Binding Activation and Deactivation Activating Fabric Binding Forcing Fabric Binding Activation Copying Fabric Binding Configurations Clearing the Fabric Binding Statistics Deleting the Fabric Binding Database Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 17 Configuring a Stuck Frame Timeout Value How to Configure a No-Credit Timeut Value Configuring a No-Credit Timeout Value Displaying Credit Loss Counters Displaying Credit Loss Events Displaying Timeout Drops Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01 xvii...
Page 18 Displaying the Average Credit Not Available Status How to Configure a Port Monitor Port Monitoring Enabling Port Monitor Configuring a Port Monitor Policy Activating a Port Monitor Policy Displaying Port Monitor Policies Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) xviii OL-27583-01...
Page 19: Document Conventions
Documentation Feedback, page xxi • Obtaining Documentation and Submitting a Service Request, page xxi Audience This publication is for network administrators who configure and maintain Cisco Nexus devices and Cisco Nexus 2000 Series Fabric Extenders. Document Conventions Note As part of our constant endeavor to remodel our documents to meet our customers' requirements, we have modified the manner in which we document configuration tasks.
Page 20 Means reader take note. Notes contain helpful suggestions or references to material not covered in the Note manual. Means reader be careful. In this situation, you might do something that could result in equipment damage Caution or loss of data. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 21: Documentation Feedback
What's New in Cisco Product Documentation. To receive new and revised Cisco technical content directly to your desktop, you can subscribe to the What's New in Cisco Product Documentation RSS feed. RSS feeds are a free service.
Page 22 Preface Obtaining Documentation and Submitting a Service Request Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) xxii OL-27583-01...
Page 23: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
C H A P T E R New and Changed Information for this Release There are no new or changed features in this release. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 24: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
New and Changed Information for this Release Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 25: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
• SAN Switching Overview, page 3 SAN Switching Overview This chapter provides an overview of SAN switching for Cisco NX-OS devices. This chapter includes the following sections: Fibre Channel Interfaces Fibre Channel ports are optional on the Cisco Nexus device.
Page 26: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
PortChannels load balance Fibre Channel traffic using a hash of source FC-ID and destination FC-ID, and optionally the exchange ID. Load balancing using PortChannels is performed over both Fibre Channel and FCIP links. Cisco NX-OS software also can be configured to load balance across multiple same-cost FSPF routes.
Page 27: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
Fibre Channel standards require that you allocate a unique FC ID to an N port that is attached to an F port in any switch. To conserve the number of FC IDs used, Cisco Nexus devices use a special allocation scheme.
Page 28: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
The Fibre Channel Security Protocol (FC-SP) provides switch-to-switch and hosts-to-switch authentication to overcome security challenges for enterprise-wide fabrics. The Diffie-Hellman Challenge Handshake Authentication Protocol (DHCHAP) is an FC-SP protocol that provides authentication between Cisco SAN switches and other devices. DHCHAP consists of the CHAP protocol combined with the Diffie-Hellman exchange.
Page 29: Chapter
Information About Fibre Channel Interfaces Licensing Requirements for Fibre Channel On Cisco Nexus devices, Fibre Channel capability is included in the Storage Protocol Services license. Ensure that you have the correct license installed (N5010SS or N5020SS) before using Fibre Channel interfaces and capabilities.
Page 30: Physical Fibre Channel Interfaces
Physical Fibre Channel Interfaces Cisco Nexus devices support up to sixteen physical Fibre Channel (FC) uplinks through the use of two, optional explansion modules. The first module contains eight FC interfaces. The second module includes four Fibre Channel ports and four Ethernet ports.
Page 31: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
Configuring Fibre Channel Interfaces Information About Fibre Channel Interfaces The VF port support over 10G-FEX interfaces feature is supported only in Cisco Nexus Fabric Extender straight-through topologies where each Fabric Extender is directly connected to a Cisco Nexus device. VE Ports A virtual E port (VE port) is a port that emulates an E port over a non-Fibre Channel link.
Page 32: Interface Modes
(host or disk) operating as a node port (N port). An F port can be attached to only one N port. F ports support class 3 service. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 33: Tnp Port
In trunking E port (TE port) mode, an interface functions as a trunking expansion port. It may be connected to another TE port to create an extended ISL (EISL) between two switches. TE ports connect to another Cisco Nexus device or a Cisco MDS 9000 Family switch. They expand the functionality of E ports to support the following: •...
Page 34: Sd Port
(host or disk), it operates in F port mode. If the interface is attached to a third-party switch, it operates in E port mode. If the interface is attached to another switch in the Cisco Nexus device or Cisco MDS 9000 Family, it may become operational in TE port mode.
Page 35: Reason Codes
Only some of the reason codes are listed in the table. Note Table 4: Reason Codes for Nonoperational States Reason Code (long version) Description Applicable Modes Link failure or not connected The physical layer link is not operational. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 36: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
The port negotiation failed. Only E ports and TE ports Isolation due to ESC failure The port negotiation failed. Isolation due to domain overlap The Fibre Channel domains (fcdomain) overlap. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 37: Buffer-To-Buffer Credits
Fibre Channel interface Buffer-to-Buffer Credits Buffer-to-buffer credits (BB_credits) are a flow-control mechanism to ensure that Fibre Channel interfaces do not drop frames. BB_credits are negotiated on a per-hop basis. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 38: Configuring Fibre Channel Interfaces
Configuring Fibre Channel Interfaces Configuring Fibre Channel Interfaces In Cisco Nexus devices, the BB_credit mechanism is used on Fibre Channel interfaces but not on virtual Fibre Channel interfaces. The receive BB_credit determines the receive buffering capability on the receive side without having to acknowledge the peer.
Page 39: Setting The Interface Administrative State
Gracefully shuts down the interface and administratively disables traffic flow (default). Configuring Interface Modes SUMMARY STEPS 1. configure terminal 2. switch(config) # interface vfc vfc-id} 3. switch(config-if) # switchport mode {E|NP} Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 40: Configuring The Interface Description
Interface descriptions should help you identify the traffic or use for that interface. The interface description can be any alphanumeric string. To configure a description for an interface, perform this task: Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 41: Configuring Unified Ports
Configuring Unified Ports Before You Begin Confirm that you have a supported Cisco Nexus switch. Unified Ports are available on the following Cisco Nexus switches: If you're configuring a unified port as Fibre Channel or FCoE, confirm that you have enabled the feature fcoe command.
Page 42: Configuring Port Speeds
To configure the port speed of the interface, perform this task: SUMMARY STEPS 1. switch# configuration terminal 2. switch(config)# interface fc slot/port 3. switch(config-if)# switchport speed 1000 4. switch(config-if)# no switchport speed Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 43: Autosensing
Channel interfaces). If the default data field size is 2112 bytes, the frame length will be 2148 bytes. To configure the receive data field size, perform this task: SUMMARY STEPS 1. switch# configuration terminal 2. switch(config)# interface fc slot/port 3. switch(config-if)# switchport fcrxbufsize 2000 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 44: Understanding Bit Error Thresholds
The switch generates a syslog message when bit error threshold events are detected, even if the interface Note is configured not to be disabled by bit-error threshold events. To disable the bit error threshold for an interface, perform this task: Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 45: Configuring Global Attributes For Fibre Channel Interfaces
3. switch(config)# system default switchport shutdown san 4. switch(config)# system default switchport trunk mode auto DETAILED STEPS Command or Action Purpose Step 1 switch# configuration terminal Enters configuration mode. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 46: Information About N Port Identifier Virtualization
You can enable or disable NPIV on the switch. Before You Begin You must globally enable NPIV for all VSANs on the switch to allow the NPIV-enabled applications to use multiple N port identifiers. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 47: Example Port Channel Configurations
F port channel, ensure that F port trunking, F port channeling, and NPIV are enabled. This example shows how to create the port channel: switch(config)# interface port-channel 2 switch(config-if)# switchport mode F switch(config-if)# switchport dedicated switch(config-if)# channel mode active switch(config-if)# exit Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 48: Verifying Fibre Channel Interfaces
The small form-factor pluggable (SFP) hardware transmitters are identified by their acronyms when displayed in the show interface brief command. If the related SFP has a Cisco-assigned extended ID, then the show interface and show interface brief commands display the ID instead of the transmitter type. The show interface transceiver command and the show interface fc slot/port transceiver command display both values for Cisco supported SFPs.
Page 49 11 force no shutdown The following example shows the interface display when showing the running configuration for a specific interface: switch# show running configuration fc3/5 interface fc3/5 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 50: Verifying Bb_Credit Information
Interface speed Auto Administrative state Shutdown (unless changed during initial setup) Trunk mode On (unless changed during initial setup) Trunk-allowed VSANs 1 to 4093 Interface VSAN Default VSAN (1) Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 51: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
F mode Interface speed Administrative state Shutdown (unless changed during initial setup) Trunk mode Trunk-allowed VSANs All VSANs Interface VSAN Default VSAN (1) EISL encapsulation Data field size Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 52: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
Configuring Fibre Channel Interfaces Default Fibre Channel Interface Settings Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 53: Chapter 4 Configuring Fibre Channel Domain Parameters
• Fabric reconfiguration—This phase guarantees a resynchronization of all switches in the fabric to ensure they simultaneously restart a new principal switch selection phase. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 54: Domain Restarts
IDs are different, the runtime domain ID changes to take on the static domain ID after the next restart, either disruptive or nondisruptive. If a VSAN is in interop mode, you cannot disruptively restart the fcdomain for that VSAN. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 55: Restarting A Domain
VSAN. When a backup link is not available, the domain manager reverts to the default behavior and starts a Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 56: Enabling Domain Manager Fast Restart
The priority configuration is applied to runtime when the fcdomain is restarted. This configuration is applicable to both disruptive and nondisruptive restarts. Configuring Switch Priority You can configure the priority for the principal switch. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 57: About Fcdomain Initiation
To disable or reenable fcdomains in a single VSAN or a range of VSANs, perform this task: SUMMARY STEPS 1. switch# configure terminal 2. switch(config)# no fcdomain vsan vsan-id - vsan-id 3. switch(config)# fcdomain vsan vsan-id Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 58: Configuring Fabric Names
Changes the fabric name value to the factory default (20:01:00:05:30:00:28:df) in VSAN 3010. The VSAN vsan-id ID ranges from 1 to 4093. Example: switch(config)# no fcdomain fabric-name 20:1:ac:16:5e:0:21:01 vsan 1 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 59: Incoming Rcfs
Autoreconfiguring Merged Fabrics By default, the autoreconfigure option is disabled. When you join two switches belonging to two different stable fabrics that have overlapping domains, the following situations can occur: Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 60: Enabling Autoreconfiguration
Domain IDs uniquely identify a switch in a VSAN. A switch may have different domain IDs in different VSANs. The domain ID is part of the overall FC ID. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 61: Domain Ids
Figure 3: Configuration Process Using the Preferred Option The operation of a subordinate switch changes based on three factors: • The allowed domain ID lists • The configured domain ID Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 62: Configuring Static Or Preferred Domain Ids
2. fcdomain domain domain-id static vsan vsan-id 3. no fcdomain domain domain-id static vsan vsan-id 4. fcdomain domain domain-id preferred vsan vsan-id 5. no fcdomain domain domain-id preferred vsan vsan-id Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 63: Allowed Domain Id Lists
CFS to distribute the configuration. Configuring Allowed Domain ID Lists You can configure the allowed domain ID list. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 64: Cfs Distribution Of Allowed Domain Id Lists
CFS Distribution of Allowed Domain ID Lists You can enable the distribution of the allowed domain ID list configuration information to all Cisco SAN switches in the fabric using the Cisco Fabric Services (CFS) infrastructure. This feature allows you to synchronize the configuration across the fabric from the console of a single switch.
Page 65: Locking The Fabric
The pending configuration changes are distributed and, on a successful commit, the configuration changes are applied to the active configuration in the SAN switches throughout the VSAN and the fabric lock is released. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 66: Discarding Changes
Enters global configuration mode. Example: switch# configure terminal switch(config)# Step 2 fcdomain abort vsan vsan-id Discards the pending domain configuration changes. Example: switch(config)# fcdomain abort vsan 30 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 67: Clearing A Fabric Lock
You can display the status of the distribution session by using the show fcdomain session-status vsan command: switch# show fcdomain session-status vsan 1 Last Action: Distribution Enable Result: Success Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 68: Contiguous Domain Id Assignments
Disables the contiguous allocation option and reverts it to the factory default in the specified VSAN. Example: switch(config)# no fcdomain contiguous-allocation vsan 7 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 69: Fc Ids
Enabling the Persistent FC ID Feature You can enable the persistent FC ID feature. SUMMARY STEPS 1. configure terminal 2. fcdomain fcid persistent vsan vsan-id 3. no fcdomain fcid persistent vsan vsan-id Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 70: Persistent Fc Id Configuration Guidelines
1. configure terminal 2. fcdomain fcid database 3. vsan vsan-id wwn 33:e8:00:05:30:00:16:df fcid fcid 4. vsan vsan-id wwn 11:22:11:22:33:44:33:44 fcid fcid dynamic 5. vsan vsan-id wwn 11:22:11:22:33:44:33:44 fcid fcid area Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 71: Unique Area Fc Ids For Hbas
FC ID. Cisco SAN switches facilitate this requirement with the FC ID persistence feature. You can use this feature to preassign an FC ID with a different area to either the storage port or the HBA port.
Page 72: Configuring Unique Area Fc Ids For An Hba
3 wwn 50:05:08:b2:00:71:c8:c2 fcid 0x6fee00 area Step 6 Enable the HBA interface in the SAN switch. switch# configure terminal switch(config)# interface vfc 20 switch(config-if)# no shutdown switch(config-if)# end Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 73: Persistent Fc Id Selective Purging
Command or Action Purpose Step 1 purge fcdomain fcid vsan vsan-id Purges all dynamic and unused FC IDs in the specified VSAN. Example: switch# purge fcdomain fcid vsan 667 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 74: Verifying The Fcdomain Configuration
The following example shows how to display all existing, persistent FC IDs for a specified VSAN. You can also specify the unused option to view only persistent FC IDs that are still not in use. switch# show fcdomain fcid persistent vsan 1000 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 75: Default Settings For Fibre Channel Domains
Disabled contiguous-allocation option Disabled Priority Allowed list 1 to 239 Fabric name 20:01:00:05:30:00:28:df rcf-reject Disabled Persistent FC ID Enabled Allowed domain ID list configuration distribution Disabled Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 76: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
Configuring Fibre Channel Domain Parameters Default Settings for Fibre Channel Domains Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 77: Configuring N Port Virtualization
Information About NPV NPV Overview By default, Cisco Nexus devices switches operate in fabric mode. In this mode, the switch provides standard Fibre Channel switching capability and features. In fabric mode, each switch that joins a SAN is assigned a domain ID. Each SAN (or VSAN) supports a maximum of 239 domain IDs, so the SAN has a limit of 239 switches.
Page 78: Npv Mode
Server interfaces are automatically distributed among the NP uplinks to the core switch. All of the end devices connected to a server interface are mapped to the same NP uplink. In Cisco Nexus devices, server interfaces can be physical or virtual Fibre Channel interfaces. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1)
Page 79: Np Uplinks
NP uplink are converted to fabric discovery messages (FDISCs). In the switch CLI configuration commands and output displays, NP uplinks are called External Interfaces. Note In Cisco Nexus devices, NP uplink interfaces must be native Fibre Channel interfaces. Related Topics Fabric Login, on page 201...
Page 80: Npv Traffic Management
• Ensures correct operation of the persistent FC ID feature, because a server interface will always connect to the same NP uplink (or one of a specified set of NP uplinks) after an interface reinitialization or switch reboot. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 81: Disruptive Load Balancing
• You can configure zoning for end devices that are connected to edge switches using all available member types on the core switch. For fWWN, sWWN, domain, or port-based zoning, use the fWWN, sWWN, domain, or port of the core switch in the configuration commands. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 82: Configuring Npv
• Servers can be connected to the switch when in NPV mode. • When initiators and targets are assigned to the same border port (NP or NP-PO), then Cisco Nexus 5000 Series switches in NPIV mode do not support hairpinning.
Page 83: Configuring Npv Interfaces
To configure a server interface, perform this task: SUMMARY STEPS 1. switch# configure terminal 2. switch(config)# interface fc slot/port 3. switch(config-if)# switchport mode NP 4. switch(config-if)# no shutdown Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 84: Configuring A Server Interface
Configuring NPV Traffic Maps An NPV traffic map associates one or more NP uplink interfaces with a server interface. The switch associates the server interface with one of these NP uplinks. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 85: Enabling Disruptive Load Balancing
Enables disruptive load balancing on the switch. Step 3 switch (config)# no npv auto-load-balance disruptive Disables disruptive load balancing on the switch. Verifying NPV To display information about NPV, perform the following task: Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 86: Verifying Npv Examples
To view fcns database entries for NPV edge switches, you must enter the show fcns database command on the core switch. To view all the NPV edge switches, enter the show fcns database command on the core switch: core-switch# show fcns database Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 87: Verifying Npv Traffic Management
To display the disruptive load-balancing status, enter the show npv status command: switch# show npv status npiv is enabled disruptive load balancing is enabled External Interfaces: ==================== Interface: fc2/1, VSAN: 2, FCID: 0x1c0000, State: Up Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 88 Configuring N Port Virtualization Verifying NPV Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 89: Configuring Fcoe Npv
Configuration Examples for FCoE NPV, page 81 Information About FCoE NPV FCoE NPV is supported on the Cisco Nexus devices. The FCoE NPV feature is an enhanced form of FIP snooping that provides a secure method to connect FCoE-capable hosts to an FCoE-capable FCoE forwarder (FCF) switch.
Page 90: Configuring Fcoe Npv
Interoperability with FCoE-Capable Switches The Cisco Nexus device interoperates with the following FCoE-capable switches: • Cisco MDS 9000 Series Multilayer switches enabled to perform FCF functions (EthNPV and VE) • Cisco Nexus 7000 Series switches enabled to perform FCF functions (EthNPV and VE) •...
Page 91: Fcoe Npv Model
The following figure shows the FCoE NPV bridge connecting hosts and FCFs. From a control plane perspective, FCoE NPV performs proxy functions towards the FCF and the hosts in order to load balance logins from the Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 92: Mapping Requirements
VSANs from the hosts must be created and for each VSAN, a dedicated VLAN must also be created and mapped. The mapped VLAN is used to carry FIP and FCoE traffic for the corresponding VSAN. The VLAN-VSAN mapping must be configured consistently in the entire fabric. The Cisco Nexus device supports 32 VSANs.
Page 93: Port Requirements
• FCoE frames received over VNP ports are forwarded only if the L2_DA matches one of the FCoE MAC addresses assigned to hosts on the VF ports otherwise they’re discarded. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 94: Vpc Topologies
• FCoE VLANs must not be configured on the inter-switch vPC interfaces. • VF port binding to a vPC member port is not supported for an inter-switch vPC. Figure 6: VNP Ports in an Inter-Switch vPC Topology Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 95: Supported And Unsupported Topologies
FCoE NPV supports the following topologies: Figure 7: Cisco Nexus Device As An FCoE NPV Device Connected to a Cisco Nexus Device Over A Non- vPC Port Channel Figure 8: Cisco Nexus Device As An FCoE NPV Device Connected Over a vPC To Another Cisco Nexus Device...
Page 96: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
Configuring FCoE NPV Supported and Unsupported Topologies Figure 10: Cisco Nexus Device With A 10GB Fabric Extender as an FCoE NPV Device Connected Over a vPC to Another Cisco Nexus Device Figure 11: Cisco Nexus Device As An FCoE NPV Bridge Connecting to a FIP Snooping Bridge Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1)
Page 97: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
Configuring FCoE NPV Supported and Unsupported Topologies Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 98: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
Figure 12: 10GB Fabric Extender Connecting To The Same FCoE NPV Bridge Over Multiple VF Ports Figure 13: Cisco Nexus Device As An FCoE NPV Bridge Connecting To A FIP Snooping Bridge Or Another FCoE NPV Bridge Figure 14: VF Port Trunk To Hosts In FCoE NPV Mode Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1)
Page 99: Guidelines And Limitations
FCoE NPV is enabled and if VNP ports are configured. • A warning is displayed if an ISSD is performed to Cisco NX-OS Release 5.0(3)N1(1) or an earlier release when FCoE NPV is enabled but VNP ports are not configured.
Page 100: Default Settings
FC plugin loaded successfully FCoE manager enabled successfully FC enabled on all modules successfully Warning: Ensure class-fcoe is included in qos policy-maps of all types Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 101: Enabling Fcoe Npv
FCoE NPV license checked out successfully fc_plugin extracted successfully FC plugin loaded successfully FCoE manager enabled successfully FCoE NPV enabled on all modules successfully Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 102: Configuring Npv Ports For Fcoe Npv
Displays the status of the NPV configuration including information about VNP ports. show fcoe-npv issu-impact Displays the impact of FCoE NPV on an ISSU. show running-config fcoe_mgr Displays the running configuration information about FCoE. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 103: Configuration Examples For Fcoe Npv
-- switch# This example shows the running configuration information about FCoE: switch# show running-config fcoe_mgr !Command: show running-config fcoe_mgr !Time: Wed Jan 20 21:59:39 2013 version 6.0(2)N1(1) Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 104: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
This example shows the information about the vFC 1 interface including attributes and status: switch# show interface vfc 1 vfc1 is trunking (Not all VSANs UP on the trunk) Bound interface is Ethernet1/19 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 105: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
200, State: Up VSAN: 400, State: Up VSAN: 100, State: Up VSAN: 300, State: Up VSAN: 500, State: Up, FCID: 0xa10002 Number of External Interfaces: 8 Server Interfaces: Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 106: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
Please increase the FKA duration to 60 seconds on FCF Active VNP ports with no disable-fka set ---------------------------------------- vfc90 vfc100 vfc110 vfc111 vfc120 vfc130 ISSU downgrade not supported as feature fcoe-npv is enabled switch# Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 107: Chapter 7 Configuring Vsan Trunking
VSAN trunking enable interconnected ports to transmit and receive frames in more than one VSAN. Trunking is supported on E ports and F ports. Beginning in Cisco NX-OS Release 5.0(2)N1(1), VSAN trunking is supported on native Fibre Channel interfaces and virtual Fibre Channel interfaces.
Page 108: Vsan Trunking Mismatches
(when the trunking protocol was enabled). Other switches that are directly connected to this switch are similarly affected on the connected interfaces. If you need to merge traffic from different port VSANs across a nontrunking ISL, disable the trunking protocol. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 109: Configuring Vsan Trunking
By default, trunk mode is enabled in all Fibre Channel interfaces. However, trunk mode configuration takes effect only in E-port mode. You can configure trunk mode as on (enabled), off (disabled), or auto (automatic). Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 110: Configuring Trunk Mode
Auto No trunking (ISL) E port The preferred configuration on the Cisco SAN switches is that one side of the trunk is set to auto and the other is set to on. Note When connected to a third-party switch, the trunk mode configuration has no effect. The Inter-Switch Link (ISL) is always in a trunking disabled state.
Page 111: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
0 discards, 0 errors 0 frames output, 0 bytes 0 discards, 0 errors last clearing of "show interface" counters never Interface last changed at Mon Jan 18 10:01:27 2010 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 112: Trunk-Allowed Vsan Lists
• The ISL between switch 2 and switch 3 includes VSAN 1 and VSAN 2. • The ISL between switch 3 and switch 1 includes VSAN 1, 2, and 5. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 113: Configuring An Allowed-Active List Of Vsans
4. no switchport trunk allowed vsan vsan-id - vsan-id 5. no switchport trunk allowed vsan add vsan-id DETAILED STEPS Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: switch# configure terminal switch(config)# Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 114: Displaying Vsan Trunking Information
Vsan 1 is up, FCID is 0xef0000 Vsan 2 is up, FCID is 0xef0000 san-port-channel 6 is trunking Vsan 1 is up, FCID is 0xef0000 Vsan 2 is up, FCID is 0xef0000 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 115: Default Settings For Vsan Trunks
The following table lists the default settings for VSAN trunking parameters. Table 12: Default VSAN Trunk Configuration Parameters Parameters Default Switch port trunk mode Allowed VSAN list 1 to 4093 user-defined VSAN IDs Trunking protocol Enabled Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 116: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
Configuring VSAN Trunking Default Settings for VSAN Trunks Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 117: Chapter 8 Configuring San Port Channels
Port channel can connect to interfaces across switching modules, so a failure of a switching module cannot bring down the port channel link. Cisco Nexus devices support a maximum of four SAN port channels in FC switch mode, which includes E/TE-port port channels.
Page 118: Understanding Port Channels And Vsan Trunking
About NPV and NP Port Channels Cisco Nexus devices support a maximum of four SAN port channels in NPV mode (with eight interfaces per port channel). This means we support a maximum of 4xNP-Port-Channels on Cisco Nexus devices in NPV mode.
Page 119: Understanding Load Balancing
However, subsequent exchanges can use a different link. This method provides finer granularity for load balancing while preserving the order of frames for each exchange. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 120: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
The following figure illustrates how exchange-based load balancing works. When the first frame in an exchange is received for forwarding on an interface, link 1 is chosen by a hash algorithm. All remaining frames in that Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 121: Configuring San Port Channels
Figure 23: SID1, DID1, and Exchange-Based Load Balancing Configuring SAN Port Channels SAN port channels are created with default values. You can change the default configuration just as any other physical interface. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 122: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
The following figure shows examples of invalid configurations. Assuming that the links are brought up in the 1, 2, 3, 4 sequence, links 3 and 4 will be operationally down as the fabric is misconfigured. Figure 25: Misconfigured Configurations Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 123: San Port Channel Configuration Guidelines
• For an NPV switch which is configured for trunking on any interface, or for a regular switch where the f port-channel-trunk command is issued to enable the Trunking F Port Channels feature, follow these configuration guidelines for reserved VSANs and isolated VSAN: Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 124: Creating A San Port Channel
On mode behavior. The Active port channel mode allows automatic recovery without explicitly enabling and disabling the port channel member ports at either end. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 125: Configuring Active Mode San Port Channel
To configure active mode, perform this task: SUMMARY STEPS 1. switch# configure terminal 2. switch(config)# interface san-port-channel channel-number 3. switch(config-if)# channel mode active 4. switch(config-if)# no channel mode active Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 126: About San Port Channel Deletion
Setting the Interface Administrative State, on page 17 Deleting SAN Port Channels To delete a SAN port channel, perform this task: SUMMARY STEPS 1. switch# configure terminal 2. switch(config)# no interface san-port-channel channel-number Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 127: Interfaces In A San Port Channel
If the compatibility check is successful, the interfaces are operational and the corresponding compatibility parameter settings apply to these interfaces. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 128: Suspended And Isolated States
Configuring SAN Port Channels Interfaces in a SAN Port Channel Beginning with Cisco NX-OS Release 5.0(2)N2(1), after you enable forcing a port to be added to a channel group by entering the channel-group force command, the following two conditions occur: •...
Page 129: Forcing An Interface Addition
Enters configuration mode for the specified interface. Step 3 switch(config-if)# channel-group channel-number Forces the addition of the interface into the specified channel force group. The E port is shut down. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 130: About Interface Deletion From A San Port Channel
Cisco SAN switches support a protocol to exchange SAN port channel configurations, which simplifies port channel management with incompatible ISLs. An additional autocreation mode enables ISLs with compatible parameters to automatically form channel groups without manual intervention.
Page 131: About Channel Group Creation
Configuring SAN Port Channels SAN Port Channel Protocol The port channel protocol expands the port channel functional model in Cisco SAN switches. It uses the exchange peer parameters (EPP) services to communicate across peer ports in an ISL. Each switch uses the information received from the peer ports along with its local configuration and operational values to decide if it should be part of a SAN port channel.
Page 132: Autocreation Guidelines
• You cannot change the membership or delete an autocreated SAN port channel. • When you disable autocreation, all member ports are removed from the autocreated SAN port channel. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 133: Enabling And Configuring Autocreation
When enabling autocreation in any Cisco Nexus device, we recommend that you retain at least one interconnected port between the switches without any autocreation configuration. If all ports between two...
Page 134: About Manually Configured Channel Groups
This example shows how to create the port channel in dedicated mode on the NPV switch: switch(config)# interface san-port-channel 2 switch(config-if)# switchport mode NP switch(config-if)# no shut switch(config-if)# exit Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 135: Verifying San Port Channel Configuration
The following example shows how to display a summary of SAN port channel information: switch# show san-port-channel summary ------------------------------------------------------------------------------ Interface Total Ports Oper Ports First Oper Port ------------------------------------------------------------------------------ san-port-channel 7 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 136: Default Settings For San Port Channels
The table below lists the default settings for SAN port channels. Table 15: Default SAN Port Channel Parameters Parameters Default Port channels FSPF is enabled by default. Create port channel Administratively up. Default port channel mode Autocreation Disabled. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 137: Chapter 9 Configuring And Managing Vsans
• Multiple VSANs can share the same physical topology. • The same Fibre Channel IDs (FC IDs) can be assigned to a host in another VSAN, which increases VSAN scalability. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 138: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
The application servers or storage arrays can be connected to the switch using Fibre Channel or virtual Fibre Channel interfaces. A VSAN can include a mixture of Fibre Channel and virtual Fibre Channel interfaces. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 139: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
◦ Different customers in storage provider data centers ◦ Production or test in an enterprise network ◦ Low and high security requirements ◦ Backup traffic on separate VSANs ◦ Replicating data from user traffic Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 140: Vsan Advantages
VSAN (the VSAN associated with the F port). zones. VSANs enforce membership at each E port, source Zones enforce membership only at the source and port, and destination port. destination ports. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 141: Guidelines And Limitations For Vsans
Once VSANs are created, they may exist in various conditions or states. ◦ The active state of a VSAN indicates that the VSAN is configured and enabled. By enabling a VSAN, you activate the services for that VSAN. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 142: About Vsan Creation
A VSAN is in the operational state if the VSAN is active and at least one port is up. This state indicates that traffic can pass through this VSAN. This state cannot be configured. Creating VSANs Statically You cannot configure any application-specific parameters for a VSAN before creating the VSAN. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 143: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
Negates the suspend command issued in the previous step. Example: switch(config-vsan-db)# no vsan 470 suspend Step 7 switch(config-vsan-db)# end Returns you to EXEC mode. Example: switch(config-vsan-db)# end Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 144: Port Vsan Membership
Creates a VSAN with the specified ID if that VSAN does not exist already. Example: switch(config-vsan-db)# vsan 50 Step 4 switch(config-vsan-db)# vsan vsan-id interface {fc Assigns the membership of the specified interface to the VSAN. slot/port | vfc vfc-id} Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 145: Displaying Vsan Static Membership
Default VSANs The factory settings for Cisco SAN switches have only the default VSAN 1 enabled. We recommend that you do not use VSAN 1 as your production environment VSAN. If no VSANs are configured, all devices in the fabric are considered part of the default VSAN.
Page 146: Isolated Vsans
VSAN from the configuration. When a VSAN is deleted, all the ports in that VSAN are made inactive and the ports are moved to the isolated VSAN. If the same VSAN is recreated, Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 147: Deleting Static Vsans
Deleting Static VSANs You can delete a VSAN and its various attributes. SUMMARY STEPS 1. configure terminal 2. vsan database 3. vsan vsan-id 4. switch(config-vsan-db)# no vsanvsan-id 5. switch(config-vsan-db)# end Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 148: About Load Balancing
You can configure load balancing on an existing VSAN. Load-balancing attributes indicate the use of the source-destination ID (src-dst-id) or the originator exchange OX ID (src-dst-ox-id, the default) for load-balancing path selection. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 149: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
Changes the path selection setting to use the source ID, the destination ID, and the OX ID (default). Example: switch(config-vsan-db)# vsan 15 loadbalancing src-dst-ox-id Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 150: Interop Mode
Default Settings for VSANs The following table lists the default settings for all configured VSANs. Table 17: Default VSAN Parameters Parameters Default Default VSAN VSAN 1. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 151: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
Parameters Default State Active state. Name Concatenation of VSAN and a four-digit string representing the VSAN ID. For example, VSAN 3 is VSAN0003. Load-balancing attribute OX ID (src-dst-ox-id). Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 152: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
Configuring and Managing VSANs Default Settings for VSANs Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 153: Chapter 1 0 Configuring And Managing Zones
◦ A physical fabric can have a maximum of 16,000 members. This includes all VSANs in the fabric. • A zone set consists of one or more zones. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 154: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
This membership is also referred to as interface-based zoning. ◦Interface and domain ID—Specifies the interface of a switch identified by the domain ID. ◦Domain ID and port number—Specifies the domain ID of a Cisco switch domain and additionally specifies a port belonging to a non-Cisco switch.
Page 155: Zoning Example
Configuring and Managing Zones Information About Zoning Interface-based zoning only works with Cisco SAN switches. Interface-based zoning does not work for Note VSANs configured in interop mode. Zoning Example The following figure shows a zone set with two zones, zone 1 and zone 2, in a fabric. Zone 1 provides access from all three hosts (H1, H2, H3) to the data residing on storage systems S1 and S2.
Page 156: Zone Implementation
Configuring and Managing Zones Information About Zoning Zone Implementation Cisco SAN switches automatically support the following basic zone features (no additional configuration is required): • Zones are contained in a VSAN. • Hard zoning cannot be disabled. • Name server queries are soft-zoned.
Page 157: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
If one zone set is active and you activate another zone set, the currently active zone set is automatically deactivated. You do not need to explicitly deactivate the currently active zone set before activating a new zone set. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 158: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
Configuring and Managing Zones Information About Zoning The following figure shows a zone being added to an activated zone set. Figure 33: Active and Full Zone Sets Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 159: Configuring A Zone
Use the show wwn switch command to retrieve the sWWN. If you do not provide a sWWN, the software automatically uses the local sWWN. The following examples show how to configure zone members: switch(config)# zone name MyZone vsan 2 pWWN example: switch(config-zone)# member pwwn 10:00:00:23:45:67:89:ab Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 160: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide, Release 5.2(1)N1(1
10:01:10:01:10:ab:cd:ef FC ID example: switch(config-fcalias)# member fcid 0x222222 Domain ID example: switch(config-fcalias)# member domain-id 2 portnumber 23 Device alias example: switch(config-fcalias)# member device-alias devName Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 161: Zone Sets
Changes to a zone set do not take effect in a full zone set until you activate it. SUMMARY STEPS 1. configure terminal 2. zoneset activate name zoneset-name vsan vsan-id 3. no zoneset activate name zoneset-name vsan vsan-id Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 162: Default Zone
The default zone members are explicitly listed when the default policy is configured as permit or when a zone set is active. When the default policy is configured as deny, the members of this zone are not explicitly enumerated when you view the active zone set. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 163: Configuring The Default Zone Access Permission
• FC ID—The N port ID is in 0xhhhhhh format (for example, 0xce00d1). • Domain ID—The domain ID is an integer from 1 to 239. A mandatory port number of a non-Cisco switch is required to complete this membership configuration.
Page 164: Creating Fc Aliases
Table 18: Type and Value Syntax for the member Command Device alias member device-alias device-alias Domain ID member domain-id domain-id portnumber number FC ID member fcid fcid Fabric pWWN member fwwn fwwn-id Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 165: Creating Zone Sets And Adding Member Zones
You can create a zone set to include several zones. SUMMARY STEPS 1. configure terminal 2. zone set name zoneset-name vsan vsan-id 3. member name 4. zone name zone-name 5. member fcid fcid Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 166: Zone Enforcement
Hard zoning is enforced by the hardware on each frame sent by an N port. As frames enter the switch, source-destination IDs are compared with permitted combinations to allow the frame at wire speed. Hard zoning is applied to all forms of zoning. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 167: Zone Set Distribution
Enabling Full Zone Set Distribution All Cisco SAN switches distribute active zone sets when new E port links come up or when a new zone set is activated in a VSAN. The zone set distribution takes effect while sending merge requests to the adjacent switch or while activating a zone set.
Page 168: Enabling A One-Time Distribution
• Import the neighboring switch’s active zone set database and replace the current active zone set (see the figure below). • Export the current database to the neighboring switch. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 169: Importing And Exporting Zone Sets
You can make a copy and then edit it without altering the existing active zone set. You can copy an active zone set from the bootflash: directory, volatile: directory, or slot0 to one of the following areas: Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 170: Copying Zone Sets
Copying Zone Sets On Cisco SAN switches, you cannot edit an active zone set. However, you can copy an active zone set to create a new zone set that you can edit. SUMMARY STEPS 1.
Page 171: Cloning Zones, Zone Sets, Fc Aliases, And Zone Attribute Groups
Example: switch(config)# zoneset activate name myzone vsan 50 Cloning Zones, Zone Sets, FC Aliases, and Zone Attribute Groups You can clone a zone, zone set, fcalias, or zone-attribute-group. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 172: Clearing The Zone Server Database
Example: switch(config)# zoneset activate name myzonetest1 vsan Clearing the Zone Server Database You can clear all configured information in the zone server database for the specified VSAN. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 173: Verifying The Zone Configuration
Smart Zoning can be enabled at VSAN level but can also be disabled at zone level. Note Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 174: Smart Zoning Member Configuration
Enables smart zoning on a VSAN that are created based on the specified default value. enable Setting Default Value for Smart Zoning To set the default value, perform these tasks: Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 175: Configuring Device Types For Zone Members
Note When there is no specific device type configured for a zone member, at the backend, zone entries that are generated are created as device type both. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 176: Converting Zones Automatically To Smart Zoning
Fetches the device type information from the nameserver for all the zones and fcalias members for all the zonesets present in the VSAN. Removing Smart Zoning Configuration To remove the smart zoning configuration, perform these tasks: Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 177: Disabling Smart Zoning At Zone Level
Enters the global configuration mode. Step 2 switch(config)# zone name zone1 vsan 1 Configures as zone name. Step 3 switch(config)# no attribute Smart Zoning is disabled for the selected zone. disable-smart-zoning Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 178: Enhanced Zoning
Broadcast zoning is not supported on the Cisco Nexus 5000 Series switches. Note The following table lists the advantages of the enhanced zoning feature in all switches in the Cisco SAN switches. Table 20: Advantages of Enhanced Zoning...
Page 179: Changing From Basic Zoning To Enhanced Zoning
If one or more switches cannot operate in the enhanced mode, then your request to move to enhanced mode is rejected. Step 3 Set the operation mode to enhanced zoning mode. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 180: Changing From Enhanced Zoning To Basic Zoning
Configuring and Managing Zones Enhanced Zoning Changing from Enhanced Zoning to Basic Zoning Cisco SAN switches allow you to change from enhanced zoning to basic zoning to enable you to downgrade and upgrade to other Cisco NX-OS releases. Step 1 Verify that the active and full zone set do not contain any configuration that is specific to the enhanced zoning mode.
Page 181: Modifying The Zone Database
Forcefully discards the changes to the enhanced zone database and closes the session created by another user. Example: switch(config)# no zone commit vsan 34 force Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 182: Releasing Zone Database Locks
The local database information populates the adjacent database. The merge process operates as follows: • The software compares the protocol versions. If the protocol versions differ, the ISL is isolated. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 183: Configuring Zone Merge Control Policies
VSAN. Example: switch(config)# no zone merge-control restrict vsan Step 4 zone commit vsan vsan-id Commits the changes made to the specified VSAN. Example: switch(config)# zone commit vsan 20 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 184: Default Zone Policies
1. configure terminal 2. system default zone default-zone permit 3. no system default zone default-zone permit 4. system default zone distribute full 5. no system default zone distribute full Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 185: Verifying Enhanced Zone Information
Also, zone set activation can fail if the switch has more than 2000 zones per VSAN and not all switches in the fabric support more than 2000 zones per VSAN. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 186: Analyzing The Zone And Zone Set
Default Settings for Zones The following table lists the default settings for basic zone parameters. Table 22: Default Basic Zone Parameters Parameters Default Default zone policy Denied to all members. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 187 Configuring and Managing Zones Default Settings for Zones Parameters Default Full zone set distribute The full zone set(s) is not distributed. Enhanced zoning Disabled. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 188 Configuring and Managing Zones Default Settings for Zones Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 189: Chapter 1 1 Distributing Device Alias Services
When the port WWN (pWWN) of a device must be specified to configure features (for example, zoning, DPVM, or port security) in a Cisco SAN switch, you must assign the correct device name each time you configure these features. An inaccurate device name may cause unexpected results. You can circumvent this problem if you define a user-friendly name for a pWWN and use this name in all the configuration commands as required.
Page 190: Device Alias Requirements
• Device aliases used to configure zones, IVR zones, or port security features are displayed automatically with their respective pWWNs in the show command output. For additional information, refer to Using Cisco Fabric Services in the System Management Configuration Guide for your device.
Page 191: Device Alias Databases
Step 1 Enters global configuration mode. configure terminal Example: switch# configure terminal switch(config)# Step 2 device-alias database Enters the pending database configuration submode. Example: switch(config)# device-alias database switch(config-device-alias-db)# Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 192: Device Alias Modes
Enhanced mode, or native device alias-based configurations, are not accepted in interop mode VSANs. Note IVR zoneset activation fails in interop mode VSANs if the corresponding zones have native device alias-based members. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 193: Device Alias Mode Guidelines And Limitations For Device Alias Services
Enters global configuration mode. configure terminal Example: switch# configure terminal switch(config)# Step 2 device-alias mode enhanced Assigns the device alias to operate in enhanced mode. Example: switch(config)# device-alias mode enhanced Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 194: Device Alias Distribution
The pending database remains in use until you commit the modifications to the pending database or discard (abort) the changes to the pending database. Committing Changes You can commit changes. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 195: Discarding Changes
• The effective database contents remain unaffected. • The pending database is emptied of its contents. • The fabric lock is released for this feature. SUMMARY STEPS 1. configure terminal 2. device-alias abort Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 196: Overriding The Fabric Lock
========================================================== Operation: Clear Session<--------------------Lock released by administrator Status: Success<-----------------------------Successful status of the operation Disabling and Enabling Device Alias Distribution You can disable or enable the device alias distribution. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 197 This example shows the device alias display when distribution is disabled: switch# show device-alias status Fabric Distribution: Disabled Database:- Device Aliases 24 Status of the last CFS operation issued from this switch: ========================================================== Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 198: Legacy Zone Alias Configuration
Imports the fcalias information for the specified VSAN. Example: switch(config)# device-alias import fcalias vsan Device Alias Database Merge Guidelines When merging two device alias databases, follow these guidelines: Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 199: Verifying The Device Alias Configuration
• Verify that the combined number of device aliases in both databases does not exceed 8K (8191 device aliases) in fabrics running Cisco MDS SAN-OS Release 3.0 (x) and earlier, and 20K in fabrics running Cisco MDS SAN-OS Release 3.1(x) and later.
Page 200 Distributing Device Alias Services Default Settings for Device Alias Services Parameters Default Device alias fabric lock state Locked with the first device alias task. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 201: Chapter 1 2 Configuring Fibre Channel Routing Services And Protocols
Fabric Shortest Path First (FSPF) is the standard path selection protocol used by Fibre Channel fabrics. The FSPF feature is enabled by default on the E mode and TE modeFibre Channel interfaces on Cisco SAN switches. Except in configurations that require special consideration, you do not need to configure any FSPF services.
Page 202: Information About Fspf
In the same way, if any switch goes down, the connectivity of the rest of the fabric is preserved. Figure 36: Fault Tolerant Fabric Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 203: Redundant Link Example
To improve on the topology, each connection between any pair of switches can be replicated; two or more links can be present between a pair of switches. The following figure shows this arrangement. Because Cisco SAN switches support SAN port channels, each pair of physical links can appear to the FSPF protocol as one single logical link.
Page 204: Spf Computational Hold Times
You can configure an FSPF feature for the entire VSAN. SUMMARY STEPS 1. configure terminal 2. fspf config vsan vsan-id 3. spf static 4. spf hold-time value 5. region region-id Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 205: Resetting Fspf To The Default Configuration
1. configure terminal 2. no fspf config vsan vsan-id DETAILED STEPS Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: switch# configure terminal switch(config)# Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 206: Enabling Or Disabling Fspf
567 Clearing FSPF Counters for the VSAN You can clear the FSPF statistics counters for the entire VSAN. SUMMARY STEPS 1. clear fspf counters vsan vsan-id Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 207: Fspf Interface Configuration
Enters global configuration mode. Example: switch# configure terminal switch(config)# Step 2 switch(config)# interface fc slot/port Configures the specified interface, or if already configured, enters configuration mode for the specified interface. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 208: Hello Time Intervals
Specifies the hello message interval to verify the health of the link in the VSAN. The default is 20 seconds. Example: switch(config-if)# fspf hello-interval 25 vsan Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 209: Dead Time Intervals
You can specify the time after which an unacknowledged link state update should be transmitted on the interface. The integer value to specify retransmit intervals can range from 1 to 65,535 seconds. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 210: Configuring Retransmitting Intervals
You can disable the FSPF protocol for selected interfaces. By default, FSPF is enabled on all E ports and TE ports. This default can be disabled by setting the interface as passive. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 211: Clearing Fspf Counters For An Interface
Clearing FSPF Counters for an Interface You can clear the FSPF statistics counters for an interface. SUMMARY STEPS 1. switch# clear fspf counters vsan vsan-id interface fc slot/port Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 212: Fspf Routes
4. fcroute fcid interface fc slot/port domain domain-id metric value vsan vsan-id 5. fcroute fcid interface fc slot/port domain domain-id metric value remote vsan vsan-id 6. fcroute fcid netmask interface fc slot/port domain domain-id vsan vsan-id Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 213: In-Order Delivery
In-order delivery (IOD) of data frames guarantees frame delivery to a destination in the same order that they were sent by the originator. Some Fibre Channel protocols or applications cannot handle out-of-order frame delivery. In these cases, Cisco SAN switches preserve frame ordering in the frame flow. The source ID (SID), destination ID (DID), and optionally, the originator exchange ID (OX ID) identify the flow of the frame.
Page 214: Reordering Network Frames
In the figure above, the port of the old path (red dot) is congested. In this scenario, Frame 3 and Frame 4 can be delivered before Frame 1 and Frame 2. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 215: About Enabling In-Order Delivery
Configuring the Drop Latency Time, on page 195 About Enabling In-Order Delivery You can enable IOD for a specific VSAN or for the entire switch. By default, IOD is disabled on Cisco SAN switches. We recommend that you enable this feature only when devices that cannot handle any out-of-order frames are present in the switch.
Page 216: Enabling In-Order Delivery For A Vsan
Step 3 no in-order-guarantee vsan vsan-id Reverts the switch to the factory defaults and disables the in-order delivery feature in the specified VSAN. Example: switch(config)# no in-order-guarantee vsan 30 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 217: Displaying The In-Order Delivery Status
Step 3 fcdroplatency network value vsan vsan-id Configures network drop latency time for the specified VSAN. Example: switch(config)# fcdroplatency network 1000 vsan 12 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 218: Displaying Latency Information
You can count the aggregated flow statistics for a VSAN. SUMMARY STEPS 1. configure terminal 2. fcflow stats aggregated index value vsan vsan-id 3. no fcflow stats aggregated index value vsan vsan-id Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 219: Counting Individual Flow Statistics
FC ID hex format (for example, Example: 0x123aff). The mask can be one of 0xff0000 switch(config)# fcflow stats index 10 0x123aff or 0xffffff. 0x070128 0xffffff vsan 15 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 220: Clearing Fib Statistics
The following table lists the default settings for FSPF features. Table 26: Default FSPF Settings Parameters Default FSPF Enabled on all E ports and TE ports SPF computation Dynamic Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 221 10 Remote destination switch If the remote destination switch is not specified, the default is direct Multicast routing Uses the principal switch to compute the multicast tree Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 222 Configuring Fibre Channel Routing Services and Protocols Default Settings for FSFP Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 223: Managing Flogi, Name Server, Fdmi, And Rscn Databases
0x870000 20:00:00:1b:21:06:58:bc 10:00:00:1b:21:06:58:bc Total number of flogi = 1. This example shows how to verify the storage devices associated with VSAN 1: switch# show flogi database vsan 1 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 224: Name Server Proxy
Example: switch# configure terminal switch(config)# Step 2 fcns proxy-port wwn-id vsan vsan-id Configures a proxy port for the specified VSAN. Example: switch(config)# fcns proxy-port 11:22:11:22:33:44:33:44 vsan 300 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 225: Rejecting Duplicate Pwwns
FCNS entry. Example: But you can still see the earlier entry in FLOGI database in switch(config)# no fcns reject-duplicate-pwwn the other switch. vsan 256 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 226: Name Server Database Entries
FDMI Cisco SAN switches provide support for the Fabric-Device Management Interface (FDMI) functionality, as described in the FC-GS-4 standard. FDMI enables management of devices such as Fibre Channel host bus adapters (HBAs) through in-band communications. This addition complements the existing Fibre Channel name server and management server functions.
Page 227: Displaying Fdmi
The details of the changed information are not delivered by the switch in the RSCN sent to the nodes. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 228: Configuring The Port-Address Format
RSCN Configuring the Port-Address Format The zone server on Cisco SAN switches allows you to switch between the fabric-address format and port-address format. You can configure this feature on a per VSAN basis. This configuration remains unchanged even after an In-Service Software Upgrade (ISSU) or a switchover. By default, the Registered State Change Notification (RSCN) format is fabric address You can configure the port-address format.
Page 229: Multi-Pid Option
Enters global configuration mode. Example: switch# configure terminal switch(config)# Step 2 rscn multi-pid vsan vsan-id Sends RSCNs in a multi-pid format for the specified VSAN. Example: switch(config)# rscn multi-pid vsan 405 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 230: Suppressing Domain Format Sw-Rscns
GMAL and GIELN commands to the switch that initiated the domain format SW-RSCN to determine what changed. Domain format SW-RSCNs can cause problems with some non-Cisco SAN switches. You can suppress the transmission of these SW-RSCNs over an ISL.
Page 231 1100 vsan 245 Step 5 rscn commit vsan vsan-id Commits the RSCN timer configuration to be distributed to the switches in the specified VSAN. Example: switch(config)# rscn commit vsan 25 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 232: Verifying The Rscn Timer Configuration
SW-RSCNs. RSCN supports two modes, distributed and nondistributed. In distributed mode, RSCN uses Cisco Fabric Services (CFS) to distribute configuration to all switches in the fabric. In nondistributed mode, only the configuration commands on the local switch are affected.
Page 233: Locking The Fabric
On a successful commit, the configuration change is applied throughout the fabric and the lock is released. You can commit RSCN timer configuration changes. SUMMARY STEPS 1. configure terminal 2. rscn commit vsan timeout Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 234: Discarding The Rscn Timer Configuration Changes
If the administrator performs this task, your changes to the pending database are discarded and the fabric lock is released. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 235: Displaying Rscn Configuration Distribution Information
The following table lists the default settings for RSCN. Table 27: Default RSCN Settings Parameters Default RSCN timer value 2000 milliseconds for Fibre Channel VSANs RSCN timer configuration distribution Disabled Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 236 Managing FLOGI, Name Server, FDMI, and RSCN Databases Default Settings for RSCN Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 237: C H A P T E
SCSI LUN discovery is done on demand. Only Nx ports that are present in the name server database and that are registered as FC4 Type = SCSI_FCP are discovered. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 238: Starting Scsi Lun Discovery
Use the custom-list option to initiate this discovery. The domain ID is a number from 0 to 255 in decimal or a number from 0x0 to 0xFF in hex. Initiating Customized Discovery To initiate a customized discovery, perform this task: Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 239: Displaying Scsi Lun Information
The following example displays the port WWN that is assigned to each operating system (Windows, AIX, Solaris, Linux, or HPUX): switch# show scsi-target pwwn Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 240 Discovering SCSI Targets Displaying SCSI LUN Information Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 241: C H A P T E
You can modify Fibre Channel protocol related timer values for the switch. The D_S_TOV, E_D_TOV, and R_A_ TOV values cannot be globally changed unless all VSANs in the Caution switch are suspended. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 242: Timer Configuration Per-Vsan
This configuration must be propagated to all switches in the fabric. Be sure to configure the same value Note in all switches in the fabric. You can configure per-VSAN Fibre Channel timers. SUMMARY STEPS 1. configure terminal 2. fctimer D_S_TOV timeout vsan vsan-id Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 243: Fctimer Distribution
Distribution You can enable per-VSAN fctimer fabric distribution for all Cisco SAN switches in the fabric. When you perform fctimer configurations, and distribution is enabled, that configuration is distributed to all the switches in the fabric.
Page 244: Committing Fctimer Changes
Distributes the fctimer configuration changes to all switches in the fabric and releases the lock. Overwrites the effective database with the changes made to the pending database. Example: switch(config)# fctimer commit Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 245: Discarding Fctimer Changes
◦ The per-VSAN fctimer configuration is distributed in the physical fabric. ◦ The fctimer configuration is only applied to those switches containing the VSAN with a modified fctimer value. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 246: Verifying Configured Fctimer Values
WWN to a single device. The principal switch selection and the allocation of domain IDs rely on the WWN. Cisco SAN switches support three network address authority (NAA) address formats. (see the following table). Table 28: Standardized NAA WWN Formats...
Page 247: Verifying The Wwn Configuration
• If the peer switch ELP uses the VSAN WWN, then the local switch also uses the VSAN WWN. Configuring a Secondary MAC Address You can allocate secondary MAC addresses. SUMMARY STEPS 1. configure terminal 2. wwn secondary-mac wwn-id range value Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 248: Fc Id Allocation For Hbas
Regardless of the type (whole area or single) of FC ID allocated, the FC ID entries remain persistent. Default Company ID List All Cisco SAN switches contain a default list of company IDs that require area allocation. Using the company ID reduces the number of configured persistent FC ID entries. You can configure or modify these entries using the CLI.
Page 249: Verifying The Company Id Configuration
00:E0:8B * <------------- Explicitly deleted entry (from the original default list) Total company ids: 7 + - Additional user configured company ids. * - Explicitly deleted company ids from default list. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 250: Switch Interoperability
• Mode 2—Brocade native mode (Core PID 0). • Mode 3—Brocade native mode (Core PID 1). • Mode 4—McData native mode. For information about configuring interop modes 2, 3, and 4, see the Cisco MDS 9000 Family Switch-to-Switch Interoperability Configuration Guide, available at the following location: http://www.cisco.com/en/US/docs/ storage/san_switches/mds9000/interoperability/guide/intopgd.html...
Page 251 The default zone operation of permit (all nodes can see all other nodes) or deny (all nodes are isolated when not explicitly placed in a zone) may change. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 252 VSAN and not the entire switch. Name server Verify that all vendors have the correct values in their respective name server database. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 253: Configuring Interop Mode 1
Brocade’s msplmgmtdeactivate command must explicitly be run prior to connecting from a Brocade switch to either Cisco SAN switches or to McData switches. This command uses Brocade proprietary frames to exchange platform information, which Cisco SAN switches or McData switches do not recognize.
Page 254: Verifying Interoperating Status
Verifying Interoperating Status This section highlights the commands used to verify if the fabric is up and running in interoperability mode. To verify the resulting status of entering the interoperability command in any Cisco Nexus device, perform this task: SUMMARY STEPS 1.
Page 255 Step 3 Verify if you are running the desired configuration. Example: switch# show running-config Building Configuration... interface fc2/1 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 256 Verify if the interoperability mode is active. Example: switch# show vsan 1 vsan 1 information name:VSAN0001 state:active interoperability mode:yes <-------------------- verify mode loadbalancing:src-id/dst-id/oxid operational state:up Step 5 Verify the domain ID. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 257 Verify the local principal switch status. Example: switch# show fcdomain domain-list vsan 1 Number of domains: 5 Domain ID --------- ----------------------- 0x61(97) 10:00:00:60:69:50:0c:fe 0x62(98) 20:01:00:05:30:00:47:9f 0x63(99) 10:00:00:60:69:c0:0c:1d 0x64(100) 20:01:00:05:30:00:51:1f [Local] Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 258 0x651500 10:00:00:e0:69:f0:43:9f (JNI) Total number of entries = 12 Note The Cisco switch name server shows both local and remote entries, and does not time out the entries. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 259: Default Settings For Advanced Fibre Channel Features
5 frames Remote capture connection protocol Remote capture connection mode Passive Local capture frame limits 10 frames FC ID allocation mode Auto mode Loop monitoring Disabled Interop mode Disabled Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 260 Advanced Fibre Channel Features Default Settings for Advanced Fibre Channel Features Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 261: Chapter 1 6 Configuring Fc-Sp And Dhchap
Diffie-Hellman exchange. Fabric Authentication All Cisco SAN switches enable fabric-wide authentication from one switch to another switch, or from a switch to a host. These switch and host authentications are performed locally or remotely in each fabric. As storage islands are consolidated and migrated to enterprise-wide fabrics, new security challenges arise. The approach of securing storage islands cannot always be guaranteed in enterprise-wide fabrics.
Page 262: Configuring Dhchap Authentication
Configuring FC-SP and DHCHAP Configuring DHCHAP Authentication Cisco SAN switches support authentication features to address physical security (see the following figure). Figure 41: Switch and Host Authentication Fibre Channel host bus adapters (HBAs) with appropriate firmware and drivers are required for host-switch Note authentication.
Page 263: Dhchap Compatibility With Fibre Channel Features
Verify the DHCHAP configuration. DHCHAP Compatibility with Fibre Channel Features When configuring the DHCHAP feature along with existing Cisco NX-OS features, consider these compatibility issues: • SAN port channel interfaces—If DHCHAP is enabled for ports belonging to a SAN port channel, DHCHAP authentication is performed at the physical interface level, not at the port channel level.
Page 264: Dhchap Authentication Modes
Whenever DHCHAP port mode is changed to a mode other than the Off mode, reauthentication is Note performed. The following table identifies switch-to-switch authentication between two Cisco switches in various modes. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 265: Configuring The Dhchap Mode
Zero (0) indicates that the port does not perform reauthentication. Example: switch(config-if)# fcsp auto-active 0 The reauthorization interval configuration is the same as the Note default behavior. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 266: Dhchap Hash Algorithm
(0). DHCHAP Hash Algorithm Cisco SAN switches support a default hash algorithm priority list of MD5 followed by SHA-1 for DHCHAP authentication. If you change the hash algorithm configuration, then change it globally for all switches in the fabric.
Page 267: Dhchap Group Settings
Configuring DHCHAP Authentication DHCHAP Group Settings All Cisco SAN switches support all DHCHAP groups specified in the standard: 0 (null DH group, which does not perform the Diffie-Hellman exchange), 1, 2, 3, or 4. If you change the DH group configuration, change it globally for all switches in the fabric.
Page 268: Configuring Dhchap Passwords For The Local Switch
We recommend using RADIUS or TACACS+ for fabrics with more than five switches. If you need to use a local password database, you can continue to do so using Configuration 3 and using Cisco MDS 9000 Family Fabric Manager to manage the password database.
Page 269: Dhchap Timeout Value
Configuring the DHCHAP Timeout Value You can configure the DHCHAP timeout value. DETAILED STEPS Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: switch# configure terminal switch(config)# Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 270: Configuring Dhchap Aaa Authentication
The following example shows how to display the DHCHAP local password database: switch# show fcsp dhchap database Use the ASCII representation of the device WWN to configure the switch information on RADIUS and TACACS+ servers. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 271: Configuration Examples For Fabric Security
Figure 42: Sample DHCHAP Authentication This example shows how to set up authentication: Step 1 Obtain the device name of the Cisco SAN switch in the fabric. The Cisco SAN switch in the fabric is identified by the switch WWN. Example:...
Page 272: Default Settings For Fabric Security
A priority list of MD5 followed by SHA-1 for DHCHAP authentication DHCHAP authentication mode Auto-passive DHCHAP group default priority exchange order 0, 4, 1, 2, and 3, respectively DHCHAP timeout value 30 seconds Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 273 Configuring FC-SP and DHCHAP Default Settings for Fabric Security Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 274 Configuring FC-SP and DHCHAP Default Settings for Fabric Security Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 275: Chapter 1 7 Configuring Port Security
Configuring Port Security, page 253 Configuring Port Security Cisco SAN switches provide port security features that reject intrusion attempts and report these intrusions to the administrator. Port security is supported on virtual Fibre Channel ports and physical Fibre Channel ports.
Page 276: Port Security Enforcement
By default, the port security feature is not activated. When you activate the port security feature, the following operations occur: • Auto-learning is also automatically enabled, which means the following: Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 277: Configuring Port Security
This action ensures that the configured database is the same on all switches in the fabric. Step 10 Copy the running configuration to the startup configuration, using the fabric option. Related Topics Activating Port Security, on page 257 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 278: Configuring Port Security With Auto-Learning Without Cfs
Disabling Auto-Learning, on page 261 Enabling Port Security, on page 257 Enabling Port Security Distribution, on page 266 Configuring Port Security with Auto-Learning without CFS You can configure port security using auto-learning without Cisco Fabric Services (CFS). Step 1 Enable port security. Step 2 Activate port security on each VSAN, which turns on auto-learning by default.
Page 279: Enabling Port Security
Activating Port Security You can activate port security. SUMMARY STEPS 1. configure terminal 2. port-security activate vsan vsan-id 3. port-security activate vsan vsan-id no-auto-learn 4. no port-security activate vsan vsan-id Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 280: Database Activation Rejection
Forcing Port Security Activation You can forcefully activate the port security database. SUMMARY STEPS 1. configure terminal 2. port-security activate vsan vsan-id force Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 281: Database Reactivation
Example: learned up to this point. switch(config)# no no port-security auto-learn vsan 35 Step 3 exit Exits the configuration mode. Example: switch(config)# exit Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 282: Auto-Learning
• If the port security feature is not activated, auto-learning is disabled by default. • If the port security feature is activated, auto-learning is enabled by default (unless you explicitly disabled this option). Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 283: Disabling Auto-Learning
1. configure terminal 2. no port-security auto-learn vsan vsan-id DETAILED STEPS Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: switch# configure terminal switch(config)# Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 284: Auto-Learning Device Authorization
• A pWWN (P2) is allowed access through interface fc2/2 (F1). • A nWWN (N1) is allowed access through interface fc2/2 (F2). • Any WWN is allowed access through interface vfc3/1 (F3). Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 285 P1, N1, F6 (auto-learning Denied P1 is bound to F1. P5, N5, F1 (auto-learning Denied Only P1 and P2 bound to S3, F4 (auto-learning on) Denied P3 paired with F4. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 286: Port Security Manual Configuration
• E port security is implemented in the port VSAN of the E port. In this case, the sWWN is used to secure authorization checks. • Once activated, you can modify the configuration database without any effect on the active database. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 287: Adding Authorized Port Pairs
2 This example shows how to configure the specified sWWN to only log in through SAN port channel 5: switch(config-port-security)# swwn 20:01:33:11:00:2a:4a:66 interface san-port-channel 5 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 288: Port Security Configuration Distribution
32 Port Security Configuration Distribution The port security feature uses the Cisco Fabric Services (CFS) infrastructure to enable efficient database management, provide a single point of configuration for the entire fabric in the VSAN, and enforce the port security policies throughout the fabric.
Page 289: Locking The Fabric
If you discard (abort) the changes made to the pending database, the configuration remains unaffected and the lock is released. SUMMARY STEPS 1. configure terminal 2. port-security abort vsan vsan-id Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 290: Activation And Auto-Learning Configuration Distribution
If the pending database contains more than one activation and auto-learning configuration when you commit the changes, the activation and auto-learning changes are consolidated and the resulting operation may change (see the following table). Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 291 = {A,B} active database = {A,B} and devices C and D are logged out. This is equal to an activation with auto-learning disabled. pending database = empty Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 292: Merging The Port Security Database
You can overwrite the configuration database with configured database by activating the port security the active database. database. Forcing an activation may violate the entries already configured in the active database. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 293 The following figure shows various scenarios of the active database and the configuration database status based on port security configurations. Figure 43: Port Security Database Scenarios Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 294: Database Scenarios
Database Scenarios the following figure illustrates various scenarios showing the active database and the configuration database status based on port security configurations. Figure 44: Port Security Database Scenarios Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 295: Copying The Port Security Database
The clear port-security database auto-learn and clear port-security statistics commands are only Note relevant to the local switch and do not acquire locks. Also, learned entries are only local to the switch and do not participate in distribution. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 296: Displaying Port Security Configuration
Table 37: Default Security Settings Parameters Default Auto-learn Enabled if port security is enabled. Port security Disabled. Distribution Disabled. Note Enabling distribution enables it on all VSANs in the switch. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 297: Chapter 1 8 Configuring Fabric Binding
Port Security Uses a set of sWWNs and a persistent domain ID. Uses pWWNs/nWWNs or fWWNs/sWWNs. Binds the fabric at the switch level. Binds devices at the interface level. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 298: Fabric Binding Enforcement
For a Fibre Channel VSAN, the fabric binding feature requires all sWWNs connected to a switch to be part of the fabric binding active database. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 299: Configuring Fabric Binding
Purpose Step 1 configure terminal Enters global configuration mode. Example: switch# configure terminal switch(config)# Step 2 feature fabric-binding Enables fabric binding on that switch. Example: switch(config)# feature fabric-binding Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 300: Switch Wwn Lists
Step 5 no swwn swwn-id domain domain-id Deletes the sWWN and domain ID of a switch from the configured database list. Example: switch(config-fabric-binding)# no swwn 21:00:05:30:23:1a:11:03 domain 25 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 301: Fabric Binding Activation And Deactivation
25 Step 3 no fabric-binding activate vsan vsan-id Deactivates the fabric binding database for the specified VSAN. Example: switch(config)# no fabric-binding activate vsan 25 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 302: Forcing Fabric Binding Activation
• Use the fabric-binding database diff active vsan command to view the differences between the active database and the config database. This command can be used when resolving conflicts. switch# fabric-binding database diff active vsan 1 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 303: Clearing The Fabric Binding Statistics
This example shows how to display the active fabric binding information for VSAN 4: switch# show fabric-binding database active vsan 4 This example shows how to display fabric binding violations: switch# show fabric-binding violations ------------------------------------------------------------------------------- Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 304: Default Settings For Fabric Binding
Default Settings for Fabric Binding The following table lists the default settings for the fabric binding feature. Table 39: Default Fabric Binding Settings Parameters Default Fabric binding Disabled Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 305: Chapter 1 9 Configuring Fabric Configuration Servers
Each object has its own set of attributes and values. A null value may also be defined for some attributes. In the Cisco Nexus device environment, a fabric may consist of multiple VSANs. One instance of the FCS is present per VSAN.
Page 306: Fcs Characteristics
When a restart or switchover happens, FCSs retrieve the secondary storage information and rebuild its database. • SNMP manager can query FCSs for all IEs, ports, and platforms in the fabric. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 307: Fcs Name Specification
You can specify if the unique name verification is for the entire fabric (globally) or only for locally (default) registered platforms. Note Set this command globally only if every switch in the fabric belong to the Cisco MDS 9000 Family or Cisco Nexus devices. To enable global checking of the platform name, perform this task:...
Page 308 Configuring Fabric Configuration Servers Default FCS Settings Table 40: Default FCS Settings Parameters Default Global checking of the platform name Disabled Platform node type Unknown Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 309: Chapter 2 0 Configuring Port Tracking
Configuring Port Tracking, page 287 Configuring Port Tracking Cisco SAN switches offer the port tracking feature on physical Fibre Channel interfaces (but not on virtual Fibre Channel interfaces). This feature uses information about the operational state of the link to initiate a failure in the link that connects the edge device.
Page 310: Default Settings For Port Tracking
About RSCN Information, on page 205 Fibre Channel Timeout Values, on page 219 Default Settings for Port Tracking The following table lists the default settings for port tracking parameters. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 311: Configuring Port Tracking
Before configuring port tracking, consider the following guidelines: • Verify that the tracked ports and the linked ports are on the same Cisco switch. • Be aware that the linked port is automatically brought down when the tracked port goes down.
Page 312: Configuring Linked Ports
Step 4 switch(config-if)# no port-track interface fc Removes the port tracking configuration that is currently slot/port | san-port-channel port applied to the interface. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 313: Tracking Multiple Ports
Tracks the linked port with the specified interface. When the fc slot/port | san-port-channel port tracked port goes down, the linked port is also brought down. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 314: Monitoring Ports In A Vsan
1 vsan 2 Removes the VSAN association for the linked port. The SAN port channel link remains in effect. Example: switch(config-if)# port-track interface san-port-channel 1 vsan 2 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 315: Forcefully Shutting Down
Forcefully shuts down the tracked port. Example: switch(config-if)# port-track force-shut Step 4 no port-track force-shut Removes the port shutdown configuration for the tracked port. Example: switch(config-if)# no port-track force-shut Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 316: Displaying Port Tracking Information
Receive data field Size is 2112 Beacon is turned off Port track mode is force_shut <-- this port remains shut even if the tracked port is back up Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 317: Chapter 2 1 Fibre Channel Slow Drain Device Detection And Congestion Avoidance- An Overview
How to Configure a Stuck Frame Timeout Value, page 296 • How to Configure a No-Credit Timeut Value, page 296 • How to Configure a Port Monitor, page 299 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 318: How To Configure A Stuck Frame Timeout Value
The dropped frames are the frames that have just entered the switch or have stayed in the switch for the configured timeout value. These drops are preemptive and clear the congestion completely. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 319: Displaying Credit Loss Counters
Use the following commands to display the credit loss counters per module per interface for the last specified minutes, hours, and days: Command Purpose show process creditmon {credit-loss-event-history Displays Onboard Failure Logging (OBFL) credit | credit-loss-events | force-timeout-events | loss logs. timeout-discards-events} Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 320: Displaying Credit Loss Events
1 second to 1 hour. The default is 10 percent in 1 second and generates a syslog. Use the following command to display the average credit-not-available status: Command Purpose show system internal snmp credit-not-available Displays the port monitor credit-not-available counter logs. {module | module-id} Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 321: How To Configure A Port Monitor
Enters global configuration mode. Step 2 switch(config)# [no] port-monitor enable Enables (default) the port monitoring feature. The no version of this command disables the port monitoring feature. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 322: Configuring A Port Monitor Policy
10 This example show how to specify the poll interval and threshold for credit loss recovery: switch# configure terminal switch(config)# port-monitor cisco Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 323: Activating A Port Monitor Policy
Use the following command to display port monitor policies: Command Purpose switch# show port-monitor policyname Displays details of the specified port monitor policy. This example shows how to display a specific port monitor policy: Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 324 Fibre Channel Slow Drain Device Detection and Congestion Avoidance- An Overview Port Monitoring Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01...
Page 325 Brocade device aliases 167, 168, 169, 170, 176, 177 native interop mode comparison with zones buffer-to-buffer credits creating Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01 IN-1...
Page 326 (procedure) E port mode creating config database (procedure) classes of service default settings description deleting databases deleting from config database (procedure) Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) IN-2 OL-27583-01...
Page 327 13, 31, 34, 35, 37, 38, 39, 42, 52, 53 autoreconfigured merged fabrics description configuring CFS distribution displaying default settings frame encapsulation description configuring disabling FSCN displaying information displaying databases Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01 IN-3...
Page 328 FSPF configuring area FCIDs description Hello time intervals link failures configuring for FSPF recovering description load balancing 95, 97, 119, 126 attributes attributes for VSANs configuring Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) IN-4 OL-27583-01...
Page 329 254, 255, 256, 260, 261, 262, 266 verifying description device authorization disabling distributing configuration enabling Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01 IN-5...
Page 330 SD port mode Registered State Change Notifications description retransmitting intervals 187, 188 interface modes configuring for FSPF SD ports description configuring route costs secondary MAC addresses computing configuring Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) IN-6 OL-27583-01...
Page 331 11, 93, 118, 119 tracked ports allowed list binding operationally description traffic isolation multiplexing traffic VSANs range trunk mode 23, 87, 88, 93 VSAN membership administrative default Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01 IN-7...
Page 332 WWNs 13, 224, 225 renaming description restoring (procedure) displaying information viewing information link initialization zoning 131, 133, 134 secondary MAC addresses description suspended connections example Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) IN-8 OL-27583-01...
Page 333 Index zoning (continued) implementation Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) OL-27583-01 IN-9...
Page 334 Index Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.2(1)N1(1) IN-10 OL-27583-01...

Cisco Nexus 5000 Series Configuration Manual

Chapter 4 Configuring Fibre Channel Domain Parameters

CHAPTER 5 Configuringnportvirtualization

Configuring Fcoe NPV

Chapter 7 Configuring VSAN Trunking

Configuring VSAN Trunking

Chapter 8 Configuring SAN Port Channels

Configuring SAN Port Channels

Chapter 9 Configuring and Managing Vsans

Chapter 1 0 Configuring and Managing Zones

Chapter 1 1 Distributing Device Alias Services

Distributing Device Alias Services

Quick Links

Related Manuals for Cisco Nexus 5000 Series

Summary of Contents for Cisco Nexus 5000 Series