Cisco Nexus 5000 Series Configuration Manual
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. Nexus 5000 Series
  6. Configuration manual

Cisco Nexus 5000 Series Configuration Manual

Nx-os san switching configuration guide
Hide thumbs Also See for Nexus 5000 Series:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Troubleshooting Manual, Configuration Manual
Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-xxxxx-xx

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Nexus 5000 Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Cisco Nexus 5000 Series

Summary of Contents for Cisco Nexus 5000 Series

  • Page 1 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-xxxxx-xx...
  • Page 2 Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks . Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.

  • Page 3: Table Of Contents

    Licensing Requirements for Fibre Channel QOS Requirements for Fibre Channel Physical Fibre Channel Interfaces Virtual Fibre Channel Interfaces Interface Modes E Port F Port NP Port TE Port TF Port TNP Port Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...
  • Page 4 Default Fibre Channel Interface Settings Configuring Domain Parameters C H A P T E R 4 Configuring Domain Parameters Information About Fibre Channel Domains About Domain Restart Restarting a Domain Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...
  • Page 5 Persistent FC ID Configuration Guidelines Configuring Persistent FC IDs About Unique Area FC IDs for HBAs Configuring Unique Area FC IDs for an HBA About Persistent FC ID Selective Purging Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...
  • Page 6 Verifying NPV Examples Verifying NPV Traffic Management Configuring VSAN Trunking C H A P T E R 6 Configuring VSAN Trunking Information About VSAN Trunking VSAN Trunking Mismatches VSAN Trunking Protocol Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...
  • Page 7 About Interface Deletion from a SAN Port Channel Deleting an Interface from a SAN Port Channel SAN Port Channel Protocol About Channel Group Creation Autocreation Guidelines Enabling and Configuring Autocreation Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...
  • Page 8 Displaying Static VSAN Configuration Default VSAN Settings Configuring and Managing Zones C H A P T E R 9 Configuring and Managing Zones Information About Zoning Zoning Features Zoning Example Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide viii OL-xxxxx-xx...
  • Page 9 Changing from Enhanced Zoning to Basic Zoning Enabling Enhanced Zoning Modifying the Zone Database Releasing Zone Database Locks Merging the Database Configuring Zone Merge Control Policies Default Zone Policies Configuring System Default Zoning Settings Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...
  • Page 10 C H A P T E R 1 1 Configuring Fibre Channel Routing Services and Protocols Information About FSPF FSPF Examples Fault Tolerant Fabric Example Redundant Link Example FSPF Global Configuration Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...
  • Page 11 Displaying the In-Order Delivery Status Configuring the Drop Latency Time Displaying Latency Information Flow Statistics Configuration About Flow Statistics Counting Aggregated Flow Statistics Counting Individual Flow Statistics Clearing FIB Statistics Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...
  • Page 12 Discarding the RSCN Timer Configuration Changes Clearing a Locked Session Displaying RSCN Configuration Distribution Information Default RSCN Settings Discovering SCSI Targets C H A P T E R 1 3 Discovering SCSI Targets Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...
  • Page 13 Verifying Interoperating Status Default Settings for Advanced Features Configuring FC-SP and DHCHAP C H A P T E R 1 5 Configuring FC-SP and DHCHAP Information About Fabric Authentication Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx xiii...
  • Page 14 Configuring Port Security with Auto-Learning and CFS Distribution Configuring Port Security with Auto-Learning without CFS Configuring Port Security with Manual Database Configuration Enabling Port Security Port Security Activation Activating Port Security Database Activation Rejection Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...
  • Page 15 C H A P T E R 1 7 Configuring Fabric Binding Information About Fabric Binding Licensing Requirements for Fabric Binding Port Security Versus Fabric Binding Fabric Binding Enforcement Configuring Fabric Binding Configuring Fabric Binding Enabling Fabric Binding Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...
  • Page 16 Tracking Multiple Ports About Monitoring Ports in a VSAN Monitoring Ports in a VSAN About Forceful Shutdown Forcefully Shutting Down a Tracked Port Displaying Port Tracking Information Default Port Tracking Settings Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 17: Preface

    Preface This preface describes the audience, organization, and conventions of the Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide. It also provides information on how to obtain related documentation. • Audience, page xvii • Document Organization, page xvii •...
  • Page 18 Provides details on port security features that can prevent unauthorized Configuring Port Security access to a switch port in the Cisco MDS 9000 Family. Configuring Fabric Binding Describes the fabric binding security feature for VSANs, which ensures that ISLs are only enabled between specific switches.

  • Page 19: Document Conventions

    Default responses to system prompts are in square brackets. !, # An exclamation point (!) or a pound sign (#) at the beginning of a line of code indicates a comment line. This document uses the following conventions: Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 20: Related Documentation For Nexus 5000 Series Nx-Os Software

    Related Documentation for Nexus 5000 Series NX-OS Software Cisco NX-OS documentation is available at the following URL: http://www.cisco.com/en/US/products/ps9670/tsd_products_support_series_home.htmll The documentation set for the Cisco Nexus 5000 Series NX-OS software includes the following documents: Release Notes • Cisco Nexus 5000 Series and Cisco Nexus 2000 Series Release Notes •...

  • Page 21: Obtaining Documentation And Submitting A Service Request

    Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html...
  • Page 22 Preface Obtaining Documentation and Submitting a Service Request Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide xxii OL-xxxxx-xx...

  • Page 23: New And Changed Information

    Notes available at the following Cisco website: http://www.cisco.com/en/US/products/ps9670/prod_release_notes_list.html This table summarizes the new and changed features documented in the Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide, Release 5.0(2)N2(1), and tells you where they are documented. Table 1: New and Changed SAN Switching Features for Cisco NX-OS Release 5.0(2)N2(1)

  • Page 24: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide

    Part 7: SAN Switching of the Cisco Nexus 5000 Series CLI Configuration Guide. For a complete list of Nexus 5000 Series document titles, see the list of Related Documentation in the "Preface." Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide...

  • Page 25: Overview

    Fibre Channel ports are optional on the Cisco Nexus 5000 Series switch. When you use expansion modules up to 8 Fibre Channel ports are available on the Cisco Nexus 5010 switch and up to 16 Fibre Channel ports are available on the Cisco Nexus 5020 switch.

  • Page 26: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide

    Overview SAN Switching Overview to the core switch. This feature is available only for Cisco MDS Blade Switch Series, the Cisco MDS 9124 Multilayer Fabric Switch, and the Cisco MDS 9134 Multilayer Fabric Switch. VSAN Trunking Trunking, also known as VSAN trunking, is a feature specific to switches in the Cisco MDS 9000 Family.

  • Page 27: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide

    Device Alias Services All switches in the Cisco MDS 9000 Family support Device Alias Services (device alias) on a per-VSAN basis and on a fabric-wide basis. Device alias distribution allows you to move host bus adapters (HBAs) between VSANs without manually reentering alias names.

  • Page 28: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide

    Fibre Channel standards require a unique FC ID to be allocated to an N port attached to an F port in any switch. To conserve the number of FC IDs used, Cisco Nexus 5000 Series switches use a special allocation scheme.

  • Page 29: Configuring Fibre Channel Interfaces

    Information About Fibre Channel Interfaces Licensing Requirements for Fibre Channel On Cisco Nexus 5000 Series switches, Fibre Channel capability is included in the Storage Protocol Services license. Ensure that you have the correct license installed (N5010SS or N5020SS) before using Fibre Channel interfaces and capabilities.

  • Page 30: Physical Fibre Channel Interfaces

    Physical Fibre Channel Interfaces Cisco Nexus 5000 Series switches support up to sixteen physical Fibre Channel (FC) uplinks through the use of two, optional explansion modules. The first module contains eight FC interfaces. The second module includes four Fibre Channel ports and four Ethernet ports.

  • Page 31: E Port

    TE port to create an extended ISL (EISL) between two switches. TE ports connect to another Cisco Nexus 5000 Series switch or a Cisco MDS 9000 Family switch. They expand the functionality of E ports to support the following: •...

  • Page 32: Tnp Port

    (host or disk), it operates in F port mode. If the interface is attached to a third-party switch, it operates in E port mode. If the interface is attached to another switch in the or Cisco MDS 9000 Family, it may become operational in TE port mode.

  • Page 33: Operational States

    If the administrative state is up and the operational state is down, the reason code differs based on the nonoperational reason code. The table below describes the reason codes for nonoperational states. Note Only some of the reason codes are listed in the table. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 34: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide

    SAN port channels. Isolation due to ELP failure The port negotiation failed. Only E ports and TE ports Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 35: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide

    The Ethernet interface bound to a Only virtual Fibre Channel mapped VLAN virtual Fibre Channel interface is interfaces not in an STP forwarding state for the VLAN associated with the virtual Fibre Channel interface Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 36: Buffer-To-Buffer Credits

    BB_credits are negotiated on a per-hop basis. In Cisco Nexus 5000 Series switches, the BB_credit mechanism is used on Fibre Channel interfaces but not on virtual Fibre Channel interfaces. Virtual Fibre Channel interfaces provide flow control based on capabilities of the underlying physical Ethernet interface.

  • Page 37: Setting The Interface Administrative State

    Selects a Fibre Channel interface and enters interface configuration mode. vfc-id} Step 3 switch(config-if)# shutdown Gracefully shuts down the interface and administratively disables traffic flow (default). Configuring Interface Modes To configure the interface mode, perform this task: Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 38: Configuring The Interface Description

    To configure a description for an interface, perform this task: SUMMARY STEPS 1. switch# configuration terminal 2. switch(config)# interface {fc slot/port}|{vfc vfc-id} 3. switch(config-if)# switchport description cisco-HBA2 4. switch(config-if)# no switchport description Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 39: Configuring Port Speeds

    The number indicates the speed in megabits per second (Mbps). You can set the speed to 1000 (for 1-Gbps interfaces), 2000 (for 2-Gbps interfaces), 4000 (for 4-Gbps interfaces), or auto (default). Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 40: Autosensing

    DETAILED STEPS Command or Action Purpose Step 1 switch# configuration terminal Enters configuration mode. Step 2 switch(config)# interface fc slot/port Selects a Fibre Channel interface and enters interface configuration mode. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 41: Understanding Bit Error Thresholds

    To disable the bit error threshold for an interface, perform this task: SUMMARY STEPS 1. switch# configuration terminal 2. switch(config)# interface fc slot/port 3. switch(config-if)# switchport ignore bit-errors 4. switch(config-if)# no switchport ignore bit-errors Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 42: Configuring Buffer-To-Buffer Credits

    Step 4 switch(config-if)# switchport fcrxbbcredit Assigns a BB_credit of 5 to the selected interface. The range to assign BB_credits is between 1 and 64. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 43: Configuring Global Attributes For Fibre Channel Interfaces

    Configures the default setting for administrative state of an interface as Down. This is the factory default setting. shutdown san This command is applicable only to interfaces for which no user configuration exists for the administrative state. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 44: About N Port Identifier Virtualization

    N port identifiers. All of the N port identifiers are allocated in the same VSAN. Note SUMMARY STEPS 1. switch# configuration terminal 2. switch(config)# feature npiv 3. switch(config)# no npiv enable Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 45: Example Port Channel Configurations

    This example shows how to configure the port channel member interfaces on the NPV switch: switch(config)# interface fc2/1-2 switch(config-if)# shut switch(config-if)# switchport mode NP switch(config-if)# switchport trunk mode on switch(config-if)# channel-group 2 switch(config-if)# no shut switch(config-if)# exit Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 46: Verifying Fibre Channel Interfaces

    The small form-factor pluggable (SFP) hardware transmitters are identified by their acronyms when displayed in the show interface brief command. If the related SFP has a Cisco-assigned extended ID, then the show interface and show interface brief commands display the ID instead of the transmitter type. The show interface transceiver command and the show interface fc slot/port transceiver command display both values for Cisco supported SFPs.

  • Page 47: Verifying Bb_Credit Information

    Receive B2B Credit performance buffers is 375 12 receive B2B credit remaining 255 transmit B2B credit remaining Default Fibre Channel Interface Settings The following table lists the default settings for native Fibre Channel interface parameters. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 48: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide

    Interface mode F mode Interface speed Administrative state Shutdown (unless changed during initial setup) Trunk mode Trunk-allowed VSANs All VSANs Interface VSAN Default VSAN (1) EISL encapsulation Data field size Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 49: Chapter 4 Configuring Domain Parameters

    • FC ID allocation—This phase guarantees a unique FC ID assignment to each device attached to the corresponding switch in the fabric. • Fabric reconfiguration—This phase guarantees a resynchronization of all switches in the fabric to ensure they simultaneously restart a new principal switch selection phase. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 50: About Domain Restart

    IDs are different, the runtime domain ID changes to take on the static domain ID after the next restart, either disruptive or nondisruptive. If a VSAN is in interop mode, you cannot disruptively restart the fcdomain for that VSAN. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 51: Restarting A Domain

    BF phase, followed by a principal switch selection phase. The fast restart feature can be used in any interoperability mode. Enabling Domain Manager Fast Restart To enable the domain manager fast restart feature, perform this task: Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 52: About Switch Priority

    To configure the priority for the principal switch, perform this task: SUMMARY STEPS 1. switch# configuration terminal 2. switch(config)# fcdomain priority number VSAN vsan-id 3. switch(config)# no fcdomain priority number VSAN vsan-id Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 53: About Fcdomain Initiation

    Step 3 switch(config)# fcdomain vsan vsan-id Enables the fcdomain configuration in the specified VSAN. Configuring Fabric Names To set the fabric name value for a disabled fcdomain, perform this task: Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 54: About Incoming Rcfs

    To reject incoming RCF request frames, perform this task: SUMMARY STEPS 1. switch# configuration terminal 2. switch(config)# interface fc slot/port 3. switch(config-if)# fcdomain rcf-reject vsan vsan-id 4. switch(config-if)# no fcdomain rcf-reject vsan vsan-id Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 55: About Autoreconfiguring Merged Fabrics

    1. switch# configuration terminal 2. switch(config)# fcdomain auto-reconfigure vsan vsan-id 3. switch(config)# no fcdomain auto-reconfigure vsan vsan-id DETAILED STEPS Command or Action Purpose Step 1 switch# configuration terminal Enters configuration mode. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 56: Domain Ids

    When a subordinate switch requests a domain, the following process takes place (see the figure below): • The local switch sends a configured domain ID request to the principal switch. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 57: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide

    ID, which becomes the runtime domain ◦ If the configured type is preferred, the local switch accepts the domain ID assigned by the principal switch and the assigned domain ID becomes the runtime domain ID. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 58: Specifying Static Or Preferred Domain Ids

    4. switch(config)# fcdomain domain domain-id preferred vsan vsan-id 5. switch(config)# no fcdomain domain domain-id preferred vsan vsan-id DETAILED STEPS Command or Action Purpose Step 1 switch# configuration terminal Enters configuration mode. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 59: About Allowed Domain Id Lists

    To configure the allowed domain ID list, perform this task: SUMMARY STEPS 1. switch# configuration terminal 2. switch(config)# fcdomain allowed domain-id range vsan vsan-id 3. switch(config)# no fcdomain allowed domain-id range vsan vsan-id Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 60: About Cfs Distribution Of Allowed Domain Id Lists

    About CFS Distribution of Allowed Domain ID Lists You can enable the distribution of the allowed domain ID list configuration information to all Cisco SAN switches in the fabric using the Cisco Fabric Services (CFS) infrastructure. This feature allows you to synchronize the configuration across the fabric from the console of a single switch.

  • Page 61: Locking The Fabric

    2. switch(config)# fcdomain commit vsan vsan-id DETAILED STEPS Command or Action Purpose Step 1 switch# configuration terminal Enters configuration mode. Step 2 switch(config)# fcdomain commit vsan vsan-id Commits the pending domain configuration changes. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 62: Discarding Changes

    Displaying CFS Distribution Status You can display the status of CFS distribution for allowed domain ID lists using the show fcdomain status command. switch# show fcdomain status CFS distribution is enabled Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 63: Displaying Pending Changes

    To enable contiguous domains in a specific VSAN (or a range of VSANs), perform this task: SUMMARY STEPS 1. switch# configuration terminal 2. switch(config)# fcdomain contiguous-allocation vsan vsan-id - vsan-id 3. switch(config)# no fcdomain contiguous-allocation vsan vsan-id Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 64: Fc Ids

    VSAN. FC IDs When an N port logs into a Cisco Nexus 5000 Series switch, it is assigned an FC ID. By default, the persistent FC ID feature is enabled. If this feature is disabled, the following situations can occur: •...

  • Page 65: Enabling The Persistent Fc Id Feature

    • Verify that the domain part of the FC ID is the same as the runtime domain ID in the required VSAN. If the software detects a domain mismatch, the command is rejected. • Verify that the port field of the FC ID is 0 (zero) when configuring an area. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 66: Configuring Persistent Fc Ids

    For example, if the storage port FC ID is 0x6f7704, the area for this port is 77. In this case, the HBA port’s area can be anything other than 77. The HBA port’s FC ID must be manually configured to be different from the storage port’s FC ID. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 67: Configuring Unique Area Fc Ids For An Hba

    Configuring Domain Parameters FC IDs Cisco Nexus 5000 Series switches facilitate this requirement with the FC ID persistence feature. You can use this feature to preassign an FC ID with a different area to either the storage port or the HBA port.

  • Page 68: About Persistent Fc Id Selective Purging

    Configuring Domain Parameters FC IDs Step 4 Enable the persistent FC ID feature in the Cisco Nexus 5000 Series switch. switch# configuration terminal switch(config)# fcdomain fcid persistent vsan 1 switch(config)# end Step 5 Assign a new FC ID with a different area allocation. In this example, replace 77 with ee.

  • Page 69: Verifying Fcdomain Information

    [Interoperability Mode 1] allowed domain IDs: 97-127. [User] configured allowed domain IDs: 50-110. Ensure that the requested domain ID passes the switch software checks, if interop 1 mode is required in this switch. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 70: Default Fibre Channel Domain Settings

    Configured domain Preferred auto-reconfigure option Disabled contiguous-allocation option Disabled Priority Allowed list 1 to 239 Fabric name 20:01:00:05:30:00:28:df rcf-reject Disabled Persistent FC ID Enabled Allowed domain ID list configuration distribution Disabled Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 71: Configuring N Port Virtualization

    Information About NPV NPV Overview By default, Cisco Nexus 5000 Series switches operate in fabric mode. In this mode, the switch provides standard Fibre Channel switching capability and features. In fabric mode, each switch that joins a SAN is assigned a domain ID. Each SAN (or VSAN) supports a maximum of 239 domain IDs, so the SAN has a limit of 239 switches.

  • Page 72: Npv Mode

    Server interfaces are automatically distributed among the NP uplinks to the core switch. All of the end devices connected to a server interface are mapped to the same NP uplink. In Cisco Nexus 5000 Series switches, server interfaces can be physical or virtual Fibre Channel interfaces. NP Uplinks All interfaces from the edge switch to the core switch are configured as proxy N ports (NP ports).

  • Page 73: Flogi Operation

    Note In the switch CLI configuration commands and output displays, NP uplinks are called External Interfaces. In Cisco Nexus 5000 Series switches, NP uplink interfaces must be native Fibre Channel interfaces. FLOGI Operation When an NP port becomes operational, the switch first logs itself in to the core switch by sending a FLOGI request (using the port WWN of the NP port).

  • Page 74: Npv Traffic Management

    If disruptive load balancing is not enabled, you can manually reinitialize some or all of the server interfaces to distribute server traffic to new NP uplink interfaces. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 75: Npv Traffic Management Guidelines

    NP uplink. • If a server interface goes down and then returns to service, the interface is not guaranteed to be assigned to the same NP uplink. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 76: Configuring Npv

    Disables NPV mode, which results in a reload of the switch. Configuring NPV Interfaces After you enable NPV, you should configure the NP uplink interfaces and the server interfaces. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 77: Configuring An Np Interface

    4. switch(config-if)# no shutdown DETAILED STEPS Command or Action Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# interface {fc slot/port | vfc vfc-id} Selects a server interface. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 78: Configuring Npv Traffic Management

    NP uplink interfaces. Enabling Disruptive Load Balancing If you configure additional NP uplinks, you can enable the disruptive load-balancing feature to distribute the server traffic load evenly among all the NP uplinks. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 79: Verifying Npv

    -------------------------------------------------------------------------------- SERVER EXTERNAL INTERFACE VSAN FCID PORT NAME NODE NAME INTERFACE -------------------------------------------------------------------------------- vfc3/1 0xee0008 10:00:00:00:c9:60:e4:9a 20:00:00:00:c9:60:e4:9a fc2/1 vfc3/1 0xee0009 20:00:00:00:0a:00:00:01 20:00:00:00:c9:60:e4:9a fc2/2 vfc3/1 0xee000a 20:00:00:00:0a:00:00:02 20:00:00:00:c9:60:e4:9a fc2/3 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 80: Verifying Npv Traffic Management

    To display the disruptive load-balancing status, enter the show npv status command: switch# show npv status npiv is enabled disruptive load balancing is enabled External Interfaces: ==================== Interface: fc2/1, VSAN: 2, FCID: 0x1c0000, State: Up Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 81: Configuring Vsan Trunking

    VSAN trunking enables interconnected ports to transmit and receive frames in more than one VSAN. Trunking is supported on E ports and F ports. Beginning in Cisco NX-OS Release 5.0(2)N1(1), VSAN trunking is supported on native Fibre Channel interfaces and virtual Fibre Channel interfaces.

  • Page 82: Vsan Trunking Mismatches

    Figure 7: Third-Party Switch VSAN Mismatch VSAN 2 and VSAN 3 are effectively merged with overlapping entries in the name server and the zone applications. The Cisco MDS 9000 Fabric Manager helps detect such topologies. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide...

  • Page 83: Vsan Trunking Protocol

    VSAN will be moved from initializing state to up state when a server or target logs in through the trunked F or NP ports in the corresponding VSAN. Enabling or Disabling the VSAN Trunking Protocol To enable or disable the VSAN trunking protocol, perform this task: Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 84: About Trunk Mode

    No trunking (ISL) E port The preferred configuration on the Cisco Nexus 5000 Series switches is that one side of the trunk is set to auto and the other is set to on. When connected to a third-party switch, the trunk mode configuration has no effect. The ISL is always Note in a trunking disabled state.

  • Page 85: Configuring Trunk Mode

    Trunk vsans (up) Trunk vsans (isolated) Trunk vsans (initializing) (1-6,10,22) 5 minute input rate 0 bits/sec, 0 bytes/sec, 0 frames/sec 5 minute output rate 0 bits/sec, 0 bytes/sec, 0 frames/sec Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 86: About Trunk-Allowed Vsan Lists

    1, the operational allowed list of VSANs for each ISL would be as follows: • The ISL between switch 1 and switch 2 includes VSAN 1 and VSAN 3. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 87: Configuring An Allowed-Active List Of Vsans

    5. switch(config-if)# no switchport trunk allowed vsan vsan-id - vsan-id 6. switch(config-if)# no switchport trunk allowed vsan add vsan-id DETAILED STEPS Command or Action Purpose Step 1 switch# configuration terminal Enters configuration mode. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 88: Displaying Vsan Trunking Information

    6 is trunking Vsan 1 is up, FCID is 0xef0000 Vsan 2 is up, FCID is 0xef0000 Default Trunk Configuration Settings The following table lists the default settings for trunking parameters. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 89: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide

    Configuring VSAN Trunking Default Trunk Configuration Settings Table 13: Default Trunk Configuration Parameters Parameters Default Switch port trunk mode Allowed VSAN list 1 to 4093 user-defined VSAN IDs Trunking protocol Enabled Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 90: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide

    Configuring VSAN Trunking Default Trunk Configuration Settings Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 91: Chapter 7 Configuring San Port Channel

    On Cisco Nexus 5000 Series switches, SAN port channels can include physical Fibre Channel interfaces, but not virtual Fibre Channel interfaces. A SAN port channel can include up to eight Fibre Channel interfaces.

  • Page 92: Understanding Port Channels And Vsan Trunking

    Configuring SAN Port Channel Information About SAN Port Channels Cisco Nexus 5000 Series switches support a maximum of four SAN port channels (with eight interfaces per port channel). A port channel number refers to the unique (within each switch) identifier associated with each channel group.

  • Page 93: Understanding Load Balancing

    However, subsequent exchanges can use a different link. This method provides finer granularity for load balancing while preserving the order of frames for each exchange. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 94: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide

    The following figure illustrates how exchange-based load balancing works. When the first frame in an exchange is received for forwarding on an interface, link 1 is chosen by a hash algorithm. All remaining frames in that Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 95: Configuring San Port Channels

    Figure 13: SID1, DID1, and Exchange-Based Load Balancing Configuring SAN Port Channels SAN port channels are created with default values. You can change the default configuration just as any other physical interface. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 96: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide

    The following figure shows examples of invalid configurations. Assuming that the links are brought up in the 1, 2, 3, 4 sequence, links 3 and 4 will be operationally down as the fabric is misconfigured. Figure 15: Misconfigured Configurations Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 97: San Port Channel Configuration Guidelines

    • DPVM configuration is not supported. • The port channel port VSAN cannot be configured using Dynamic Port VSAN Membership (DPVM). Creating a SAN Port Channel To create a SAN port channel, perform this task: Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 98: About Port Channel Modes

    The Active port channel mode allows automatic recovery without explicitly enabling and disabling the port channel member ports at either end. A F port channel is supported only in Active Mode. Note The table below compares On and Active modes. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 99: Configuring Active Mode San Port Channel

    2. switch(config)# interface san-port-channel channel-number 3. switch(config-if)# channel mode active 4. switch(config-if)# no channel mode active DETAILED STEPS Command or Action Purpose Step 1 switch# configuration terminal Enters configuration mode. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 100: About San Port Channel Deletion

    To delete a SAN port channel, perform this task: SUMMARY STEPS 1. switch# configuration terminal 2. switch(config)# no interface san-port-channel channel-number DETAILED STEPS Command or Action Purpose Step 1 switch# configuration terminal Enters configuration mode. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 101: Interfaces In A San Port Channel

    Beginning with Cisco NX-OS Release 5.0(2)N2(1), after you enable forcing a port to be added to a channel group by entering the channel-group force command, the following two conditions occur:...

  • Page 102: Suspended And Isolated States

    Adding an Interface to a SAN Port Channel To add an interface to a SAN port channel, perform this task: SUMMARY STEPS 1. switch# configuration terminal 2. switch(config)# interface type slot/port 3. switch(config-if)# channel-group channel-number Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 103: Forcing An Interface Addition

    Enters configuration mode for the specified interface. Step 3 switch(config-if)# channel-group channel-number Forces the addition of the interface into the specified force channel group. The E port is shut down. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 104: About Interface Deletion From A San Port Channel

    The port channel protocol is enabled by default. The port channel protocol expands the port channel functional model in Cisco SAN switches. It uses the exchange peer parameters (EPP) services to communicate across peer ports in an ISL. Each switch uses the...

  • Page 105: About Channel Group Creation

    The channel group number may change across reboots for the same set of port channels depending on the initialization order of the ports. The following table identifies the differences between user-configured and auto-configured channel groups. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 106: Autocreation Guidelines

    If all port channel numbers are used up, aggregation is not allowed. • You cannot change the membership or delete an autocreated SAN port channel. • When you disable autocreation, all member ports are removed from the autocreated SAN port channel. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 107: Enabling And Configuring Autocreation

    When enabling autocreation in any switch in the Cisco Nexus 5000 Series, we recommend that you retain at least one interconnected port between the switches without any autocreation configuration. If all ports...

  • Page 108: About Manually Configured Channel Groups

    This example shows how to create the port channel in dedicated mode on the NPV switch: switch(config)# interface san-port-channel 2 switch(config-if)# switchport mode NP switch(config-if)# no shut switch(config-if)# exit Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 109: Verifying San Port Channel Configuration

    Displays information for the specified SAN port san-port-channel channel-number channel. Step 3 switch# switch# show interface fc slot/port Displays VSAN configuration information for the specified Fibre Channel interface. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 110: Default Settings For San Port Channels

    The table below lists the default settings for SAN port channels. Table 16: Default SAN Port Channel Parameters Parameters Default Port channels FSPF is enabled by default. Create port channel Administratively up. Default port channel mode Autocreation Disabled. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 111: Chapter 8 Configuring And Managing Vsans

    • Every instance of a VSAN runs all required protocols such as FSPF, domain manager, and zoning. • Fabric-related configurations in one VSAN do not affect the associated traffic in another VSAN. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 112: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide

    The application servers or storage arrays can be connected to the switch using Fibre Channel or virtual Fibre Channel interfaces. A VSAN can include a mixture of Fibre Channel and virtual Fibre Channel interfaces. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 113: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide

    ◦ Different customers in storage provider data centers ◦ Production or test in an enterprise network ◦ Low and high security requirements ◦ Backup traffic on separate VSANs ◦ Replicating data from user traffic Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 114: Vsan Advantages

    VSAN (the VSAN associated with the F port). zones. VSANs enforce membership at each E port, source Zones enforce membership only at the source and port, and destination port. destination ports. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 115: Configuring Vsans

    Once VSANs are created, they may exist in various conditions or states. ◦ The active state of a VSAN indicates that the VSAN is configured and enabled. By enabling a VSAN, you activate the services for that VSAN. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 116: About Vsan Creation

    Purpose Step 1 switch# configuration terminal Enters configuration mode. Step 2 switch(config)# vsan database Configures the database for a VSAN. Application specific VSAN parameters cannot be configured from this prompt. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 117: About Port Vsan Membership

    • Dynamically—Assigning VSANs based on the device WWN. This method is referred to as dynamic port VSAN membership (DPVM). Cisco Nexus 5000 Series switches do not support DPVM. VSAN trunking ports have an associated list of VSANs that are part of an allowed list.

  • Page 118: Displaying Vsan Static Membership

    About the Default VSAN The factory settings for switches in the Cisco Nexus 5000 Series have only the default VSAN 1 enabled. We recommend that you do not use VSAN 1 as your production environment VSAN. If no VSANs are configured,...

  • Page 119: About The Isolated Vsan

    VSAN from the configuration. When a VSAN is deleted, all the ports in that VSAN are made inactive and the ports are moved to the isolated VSAN. If the same VSAN is recreated, Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 120: Deleting Static Vsans

    To delete a VSAN and its various attributes, perform this task: SUMMARY STEPS 1. switch# configuration terminal 2. switch(config)# vsan database 3. switch-config-db# vsan 2 4. switch(config-vsan-db)# no vsan 5 5. switch(config-vsan-db)# end Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 121: About Load Balancing

    Command or Action Purpose Step 1 switch# configuration terminal Enters configuration mode. Step 2 switch(config)# vsan database Enters VSAN database configuration submode Step 3 switch(config-vsan-db)# vsan vsan-id Specifies an existing VSAN. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 122: About Interop Mode

    Default VSAN Settings The following table lists the default settings for all configured VSANs. Table 18: Default VSAN Parameters Parameters Default Default VSAN VSAN 1. State Active state. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 123: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide

    Configuring and Managing VSANs Default VSAN Settings Parameters Default Name Concatenation of VSAN and a four-digit string representing the VSAN ID. For example, VSAN 3 is VSAN0003. Load-balancing attribute OX ID (src-dst-ox-id). Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 124: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide

    Configuring and Managing VSANs Default VSAN Settings Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 125: Chapter 9 Configuring And Managing Zones

    ◦ A physical fabric can have a maximum of 16,000 members. This includes all VSANs in the fabric. • A zone set consists of one or more zones. ◦ A zone set can be activated or deactivated as a single entity across all switches in the fabric. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 126: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide

    This membership is also referred to as interface-based zoning. ◦Interface and domain ID—Specifies the interface of a switch identified by the domain ID. ◦Domain ID and port number—Specifies the domain ID of a Cisco switch domain and additionally specifies a port belonging to a non-Cisco switch.

  • Page 127: Zoning Example

    S2 in zone 3, and to H1 and S1 in zone 1. Figure 22: Fabric with Three Zones Zone Implementation Cisco Nexus 5000 Series switches automatically support the following basic zone features (no additional configuration is required): • Zones are contained in a VSAN.

  • Page 128: Active And Full Zone Set Configuration Guidelines

    • An FC ID or Nx port that is not part of the active zone set belongs to the default zone and the default zone information is not distributed to other switches. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 129: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide

    If one zone set is active and you activate another zone set, the currently active zone set is automatically Note deactivated. You do not need to explicitly deactivate the currently active zone set before activating a new zone set. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 130: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide

    Configuring and Managing Zones Information About Zoning The following figure shows a zone being added to an activated zone set. Figure 23: Active and Full Zone Sets Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 131: Configuring Zones

    FC ID, fcalias, domain ID, or interface) and value specified. You must only configure pWWN-type zoning on all SAN switches Caution running Cisco NX-OS if there is a Cisco MDS 9020 switch running FabricWare in the same fabric. Use a relevant display command (for example, show interface or show flogi database) to obtain the required value in hex format.

  • Page 132: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide

    Local sWWN interface example: switch(config-zone)# member interface fc 2/1 Remote sWWN interface example: switch(config-zone)# member interface fc 2/1 swwn 20:00:00:05:30:00:4a:de Domain ID interface example: switch(config-zone)# member interface fc 2/1 domain-id 25 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 133: Zone Sets

    To activate or deactivate an existing zone set, perform this task: SUMMARY STEPS 1. switch# configuration terminal 2. switch(config)# zoneset activate name zoneset-name vsan vsan-id 3. switch(config)# no zoneset activate name zoneset-name vsan vsan-id Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 134: About The Default Zone

    When the default policy is configured as deny, the members of this zone are not explicitly enumerated when you view the active zone set. Configuring the Default Zone Access Permission To permit or deny traffic to members in the default zone, perform this task: Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 135: About Fc Alias Creation

    • FC ID—The N port ID is in 0xhhhhhh format (for example, 0xce00d1). • Domain ID—The domain ID is an integer from 1 to 239. A mandatory port number of a non-Cisco switch is required to complete this membership configuration.

  • Page 136: Creating Fc Aliases Example

    AliasSample vsan 3 pWWN example: switch(config-fcalias)# member pwwn 10:00:00:23:45:67:89:ab fWWN example: switch(config-fcalias)# member fwwn 10:01:10:01:10:ab:cd:ef FC ID example: switch(config-fcalias)# member fcid 0x222222 Domain ID example: switch(config-fcalias)# member domain-id 2 portnumber 23 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 137: Creating Zone Sets And Adding Member Zones

    Adds a new member to the new zone. fcid Execute this step only if you need to add a member to a zone from a zone set prompt. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 138: Zone Enforcement

    Enabling Full Zone Set Distribution All switches in the Cisco Nexus 5000 Series distribute active zone sets when new E port links come up or when a new zone set is activated in a VSAN. The zone set distribution takes effect while sending merge requests to the adjacent switch or while activating a zone set.

  • Page 139: Enabling A One-Time Distribution

    Default zone: qos:none broadcast:disabled ronly:disabled Full Zoning Database : Zonesets:0 Zones:0 Aliases: 0 Active Zoning Database : Name: nozoneset Zonesets:1 Zones:2 Status: Zoneset distribution completed at 04:01:06 Aug 28 2004 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 140: About Recovering From Link Isolation

    1. switch# zoneset import interface fc slot/port vsan vsan-id 2. switch# zoneset import interface fc slot/port vsan vsan-id 3. switch# zoneset export vsan vsan-id 4. switch# zoneset export vsan vsan-id Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 141: Zone Set Duplication

    Copying Zone Sets On Cisco Nexus 5000 Series switches, you cannot edit an active zone set. However, you can copy an active zone set to create a new zone set that you can edit.

  • Page 142: Renaming Zones, Zone Sets, And Aliases

    Renames a zone attribute group in the specified VSAN. newname vsan vsan-id Step 6 switch(config)# zoneset activate name newname vsan Activates the zone set and updates the new zone vsan-id name in the active zone set. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 143: Cloning Zones, Zone Sets, Fc Aliases, And Zone Attribute Groups

    After entering a clear zone database command, you must explicitly enter the copy running-config startup-config to ensure that the running configuration is used when the switch reboots. Note Clearing a zone set only erases the full zone database, not the active zone database. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 144: Verifying Zone Information

    About Enhanced Zoning The following table lists the advantages of the enhanced zoning feature in all switches in the Cisco Nexus 5000 Series. Table 22: Advantages of Enhanced Zoning...

  • Page 145: Changing From Basic Zoning To Enhanced Zoning

    2. If one or more switches are not capable of working in enhanced mode, then your request to move to enhanced mode is rejected. 3. Set the operation mode to enhanced zoning mode. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 146: Changing From Enhanced Zoning To Basic Zoning

    Set the operation mode to enhanced zoning mode. Changing from Enhanced Zoning to Basic Zoning Cisco SAN switches allow you to change from enhanced zoning to basic zoning to enable you to downgrade and upgrade to other Cisco NX-OS releases.

  • Page 147: Modifying The Zone Database

    Forcefully applies the changes to the enhanced zone database and closes the session created by another user. Step 4 switch(config)# no zone commit vsan vsan-id Discards the changes to the enhanced zone database and closes the session. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 148: Releasing Zone Database Locks

    Failed. The adjacent database attribute group object with same name1 but different information populates the members. local database. Empty. Contains data. Successful. The union of the local and adjacent databases. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 149: Configuring Zone Merge Control Policies

    Defaults to using the allow merge control setting for this vsan-id VSAN. Step 4 switch(config)# zone commit vsan vsan-id Commits the changes made to the specified VSAN. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 150: Default Zone Policies

    3. switch(config)# no system default zone default-zone permit 4. switch(config)# system default zone distribute full 5. switch(config)# no system default zone distribute full DETAILED STEPS Command or Action Purpose Step 1 switch# configuration terminal Enters configuration mode. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 151: Verifying Enhanced Zone Information

    1. switch# configuration terminal 2. switch(config)# no zone name zone-name vsan vsan-id 3. switch(config)# zone compact vsan vsan-id DETAILED STEPS Command or Action Purpose Step 1 switch# configuration terminal Enters configuration mode. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 152: Zone And Zone Set Analysis

    The following example shows how to display active zoning analysis: switch# show zone analysis active vsan 1 See the Cisco Nexus 5000 Series Switch Command Reference for the description of the information displayed in the command output. Default Basic Zone Settings The following table lists the default settings for basic zone parameters.

  • Page 153: C H A P T E

    When the port WWN (pWWN) of a device must be specified to configure features (for example, zoning, DPVM, or port security) in a Cisco Nexus 5000 Series switch, you must assign the correct device name each time you configure these features. An inaccurate device name may cause unexpected results. You can circumvent this problem if you define a user-friendly name for a pWWN and use this name in all the configuration commands as required.

  • Page 154: Device Alias Requirements

    Distributing Device Alias Services Information About Device Aliases For additional information, refer to Using Cisco Fabric Services in the Cisco Nexus 5000 Series System Management Configuration Guide. Related Topics Device Alias Modes, on page 134 Device Alias Requirements Device aliases have the following requirements: •...

  • Page 155: Device Alias Databases

    Removes the device name for the device that is identified by device-name its pWWN. Step 5 switch(config-device-alias-db)# device-alias rename Renames an existing device alias with a new name. old-device-name new-device-name Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 156: Device Alias Modes

    For example, if the corresponding device alias is part of the active zoneset and the device is online, then zoning is enforced automatically. You do not have to reactivate the zoneset. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 157: Configuring Device Alias Modes

    Database changes immediately take effect, so there would not be any pending database and commit or abort operations either. If you have not committed the changes and you disable distribution, then a commit task will fail. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 158: Locking The Fabric

    2. switch(config)# device-alias commit DETAILED STEPS Command or Action Purpose Step 1 switch# configuration terminal Enters configuration mode. Step 2 switch(config)# device-alias commit Commits the changes made to the currently active session. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 159: Discarding Changes

    The changes are only available in the volatile directory and may be discarded if the switch is restarted. To use administrative privileges and release a locked device alias session, use the clear device-alias session command in EXEC mode. switch# clear device-alias session Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 160: Disabling And Enabling Device Alias Distribution

    ========================================================== Operation: Enable Fabric Distribution Status: Success The following example shows the device alias display when distribution is disabled: switch# show device-alias status Fabric Distribution: Disabled Database:- Device Aliases 24 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 161: About Legacy Zone Alias Configuration

    Device Alias Database Merge Guidelines When merging two device alias databases, follow these guidelines: • Verify that two device aliases with different names are not mapped to the same pWWN. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 162: Verifying Device Alias Configuration

    • Verify that the combined number of device aliases in both databases does not exceed 8K (8191 device aliases) in fabrics running Cisco MDS SAN-OS Release 3.0 (x) and earlier, and 20K in fabrics running Cisco MDS SAN-OS Release 3.1(x) and later.

  • Page 163: Default Device Alias Settings

    Device alias distribution Enabled. Device alias mode Basic. Database in use Effective database. Database to accept changes Pending database. Device alias fabric lock state Locked with the first device alias task. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 164: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide

    Distributing Device Alias Services Default Device Alias Settings Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 165: Configuring Fibre Channel Routing Services And Protocols

    Fabric Shortest Path First (FSPF) is the standard path selection protocol used by Fibre Channel fabrics. The FSPF feature is enabled by default on the E mode and TE mode Fibre Channel interfaces on Cisco Nexus 5000 Series switches. Except in configurations that require special consideration, you do not need to configure any FSPF services.

  • Page 166: Fspf Examples

    The following figure shows this arrangement. Because switches in the Cisco Nexus 5000 Series support SAN port channels, each pair of physical links can appear to the FSPF protocol as one single logical link.

  • Page 167: Fspf Global Configuration

    FSPF Global Configuration By default, FSPF is enabled on switches in the Cisco Nexus 5000 Series . Some FSPF features can be globally configured in each VSAN. By configuring a feature for the entire VSAN, you do not have to specify the VSAN number for every command. This global configuration feature also reduces the chance of typing errors or other minor configuration errors.

  • Page 168: Configuring Fspf On A Vsan

    Configures the hold time between two route computations in value milliseconds (msec) for the entire VSAN. The default value is 0. Note If the specified time is shorter, the routing is faster. However, the processor consumption increases accordingly. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 169: Resetting Fspf To The Default Configuration

    Enables the FSPF routing protocol in the specified VSAN. Step 3 switch(config)# no fspf enable vsan vsan-id Disables the FSPF routing protocol in the specified VSAN. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 170: Clearing Fspf Counters For The Vsan

    Configuring FSPF Link Cost To configure FSPF link cost, perform this task: SUMMARY STEPS 1. switch# configuration terminal 2. switch(config)# interface fc slot/port 3. switch(config-if)# fspf cost value vsan vsan-id Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 171: About Hello Time Intervals

    Step 3 switch(config-if)# fspf hello-interval value vsan Specifies the hello message interval to verify the health of the vsan-id link in VSAN 175. The default is 20 seconds. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 172: About Dead Time Intervals

    The integer value to specify retransmit intervals can range from 1 to 65,535 seconds. This value must be the same on the switches on both ends of the interface. Note Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 173: Configuring Retransmitting Intervals

    To disable FSPF for a specific interface, perform this task: SUMMARY STEPS 1. switch# configuration terminal 2. switch(config)# interface fc slot/port 3. switch(config-if)# fspf passive vsan vsan-id 4. switch(config-if)# no fspf passive vsan vsan-id Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 174: Clearing Fspf Counters For An Interface

    Clears the FSPF statistics counters for the specified interface slot/port in the specified VSAN. FSPF Routes FSPF routes traffic across the fabric, based on entries in the FSPF database. These routes can be learned dynamically, or configured statically. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 175: About Fibre Channel Routes

    Configures the static route for a specific FC ID and next hop domain slot/port domain domain-id metric value vsan ID and also assigns the cost of the route. vsan-id Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 176: In-Order Delivery

    Some Fibre Channel protocols or applications cannot handle out-of-order frame delivery. In these cases, switches in the Cisco Nexus 5000 Series preserve frame ordering in the frame flow. The source ID (SID), destination ID (DID), and optionally the originator exchange ID (OX ID) identify the flow of the frame.

  • Page 177: About Reordering San Port Channel Frames

    ID are enforced in hardware without any performance degradation. However, if the fabric encounters a failure and the in-order delivery feature is enabled, the recovery will be delayed because of an Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 178: Enabling In-Order Delivery Globally

    To use the lowest domain switch for the multicast tree computation, perform this task: SUMMARY STEPS 1. switch# configuration terminal 2. switch(config)# in-order-guarantee vsan vsan-id 3. switch(config)# no in-order-guarantee vsan vsan-id Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 179: Displaying The In-Order Delivery Status

    Enters configuration mode. Step 2 switch(config)# fcdroplatency network value Configures network drop latency time for the network. The valid range is 0 to 60000 msec. The default is 2000 msec. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 180: Displaying Latency Information

    To count the aggregated flow statistics for a VSAN, perform this task: SUMMARY STEPS 1. switch# configuration terminal 2. switch(config)# fcflow stats aggregated index value vsan vsan-id 3. switch(config)# no fcflow stats aggregated index value vsan vsan-id Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 181: Counting Individual Flow Statistics

    Use the clear fcflow stats command to clear the aggregated flow counter. The following example clears the aggregated flow counters: switch# clear fcflow stats aggregated index 1 The following example clears the flow counters for source and destination FC IDs: switch# clear fcflow stats index 1 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 182: Displaying Flow Statistics

    5 seconds. Refresh time (LSRefreshTime) 30 minutes. Maximum age (MaxAge) 60 minutes. Hello interval 20 seconds. Dead interval 80 seconds. Distribution tree information Derived from the principal switch (root node). Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 183: Ol-Xxxxx-Xx

    If the cost (metric) of the route is not specified, the default is 10. Remote destination switch If the remote destination switch is not specified, the default is direct. Multicast routing Uses the principal switch to compute the multicast tree. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 184: Ol-Xxxxx-Xx

    Configuring Fibre Channel Routing Services and Protocols Default FSPF Settings Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 185: C H A P T E

    0x870000 20:00:00:1b:21:06:58:bc 10:00:00:1b:21:06:58:bc Total number of flogi = 1. The following example shows how to verify the storage devices associated with VSAN 1: switch# show flogi database vsan 1 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 186: Name Server Proxy

    If you disable this option, these pWWNs are allowed to log in to the fabric and replace the first device in the name server database. Rejecting Duplicate pWWNs To reject duplicate pWWNs, perform this task: Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 187: About Name Server Database Entries

    0x010001 10:00:00:05:30:00:24:63 (Cisco) ipfc 0x010002 50:06:04:82:c3:a0:98:52 (Company 1) scsi-fcp 250 0x010100 21:00:00:e0:8b:02:99:36 (Company A) scsi-fcp 0x020000 21:00:00:e0:8b:08:4b:20 (Company A) 0x020100 10:00:00:05:30:00:24:23 (Cisco) ipfc 0x020200 21:01:00:e0:8b:22:99:36 (Company A) scsi-fcp Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 188: Fdmi

    FDMI Cisco Nexus 5000 Series switches provide support for the Fabric-Device Management Interface (FDMI) functionality, as described in the FC-GS-4 standard. FDMI enables management of devices such as Fibre Channel host bus adapters (HBAs) through in-band communications. This addition complements the existing Fibre Channel name server and management server functions.

  • Page 189: About Rscn Information

    IDs (in this case, both D1 and D2). Note Some Nx ports may not support multi-pid RSCN payloads. If so, disable the RSCN multi-pid option. Configuring the multi-pid Option To configure the multi-pid option, perform this task: Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 190: Suppressing Domain Format Sw-Rscns

    GMAL and GIELN commands to the switch that initiated the domain format SW-RSCN to determine what changed. Domain format SW-RSCNs can cause problems with some non-Cisco SAN switches. To suppress the transmission of these SW-RSCNs over an ISL, perform this task: SUMMARY STEPS 1.

  • Page 191: Configuring The Rscn Timer

    VSAN. The range is 0 to 2000 milliseconds. Setting a zero (0) value disables the timer. Step 4 switch(config)# no rscn event-tov timeout vsan Reverts to the default value (2000 milliseconds for Fibre Channel vsan-id VSANs). Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 192: Verifying The Rscn Timer Configuration

    RSCN timer distribution crashes and restarts or a switchover occurs, it resumes normal functionality from the state prior to the crash or switchover. For additional information, refer to Using Cisco Fabric Services in the Cisco Nexus 5000 Series System Management Configuration Guide.

  • Page 193: Locking The Fabric

    If you discard (abort) the changes made to the pending database, the configuration database remains unaffected and the lock is released. To discard RSCN timer configuration changes, perform this task: Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 194: Clearing A Locked Session

    The pending database includes both existing and modified configuration. Note switch# show rscn pending rscn event-tov 2000 ms vsan 1 rscn event-tov 2000 ms vsan 2 rscn event-tov 300 ms vsan 10 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 195: Default Rscn Settings

    The following table lists the default settings for RSCN. Table 29: Default RSCN Settings Parameters Default RSCN timer value 2000 milliseconds for Fibre Channel VSANs RSCN timer configuration distribution Disabled Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 196: Ol-Xxxxx-Xx

    Managing FLOGI, Name Server, FDMI, and RSCN Databases Default RSCN Settings Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 197: Discovering Scsi Targets

    SCSI devices. The SCSI LUN discovery feature is initiated on demand, through CLI or SNMP. This information is also synchronized with neighboring switches, if those switches belong to the Cisco Nexus 5000 Series. About Starting SCSI LUN Discovery SCSI LUN discovery is done on demand.

  • Page 198: Starting Scsi Lun Discovery

    Use the custom-list option to initiate this discovery. The domain ID is a number from 0 to 255 in decimal or a number from 0x0 to 0xFF in hex. Initiating Customized Discovery To initiate a customized discovery, perform this task: Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 199: Displaying Scsi Lun Information

    The following example displays the port WWN that is assigned to each operating system (Windows, AIX, Solaris, Linux, or HPUX): switch# show scsi-target pwwn Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 200: Ol-Xxxxx-Xx

    Discovering SCSI Targets Displaying SCSI LUN Information Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 201: Chapter 1 4 Advanced Fibre Channel Features And Concepts

    You can modify Fibre Channel protocol related timer values for the switch. The D_S_TOV, E_D_TOV, and R_A_ TOV values cannot be globally changed unless all VSANs in the Caution switch are suspended. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 202: Timer Configuration Per-Vsan

    To configure per-VSAN Fibre Channel timers, perform this task: SUMMARY STEPS 1. switch# configuration terminal 2. switch(config#)# fctimer D_S_TOV timeout vsan vsan-id DETAILED STEPS Command or Action Purpose Step 1 switch# configuration terminal Enters configuration mode. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 203: About Fctimer Distribution

    About fctimer Distribution You can enable per-VSAN fctimer fabric distribution for all Cisco SAN switches in the fabric. When you perform fctimer configurations, and distribution is enabled, that configuration is distributed to all the switches in the fabric.

  • Page 204: Committing Fctimer Changes

    In either case, the lock is released. To discard the fctimer configuration changes, perform this task: SUMMARY STEPS 1. switch# configuration terminal 2. switch(config)# fctimer abort Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 205: Fabric Lock Override

    The number of pending fctimer configuration operations cannot be more than 15. After 15 operations, you must commit or abort the pending configurations before performing any more operations. For additional information, refer to CFS Merge Support in the Cisco Nexus 5000 Series System Management Configuration Guide.

  • Page 206: Verifying Configured Fctimer Values

    WWN to a single device. The principal switch selection and the allocation of domain IDs rely on the WWN. Cisco Nexus 5000 Series switches support three network address authority (NAA) address formats. (see the following table).

  • Page 207: Verifying Wwn Information

    Command or Action Purpose Step 1 switch# configuration terminal Enters configuration mode. Step 2 switch(config)# wwn secondary-mac wwn-id range Configures the secondary MAC address. This command value cannot be undone. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 208: Fc Id Allocation For Hbas

    Fibre Channel standards require a unique FC ID to be allocated to an N port attached to an F port in any switch. To conserve the number of FC IDs used, Cisco Nexus 5000 Series switches use a special allocation scheme.

  • Page 209: Verifying The Company Id Configuration

    00:E0:8B * <------------- Explicitly deleted entry (from the original default list) Total company ids: 7 + - Additional user configured company ids. * - Explicitly deleted company ids from default list. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 210: Switch Interoperability

    • Mode 2—Brocade native mode (Core PID 0). • Mode 3—Brocade native mode (Core PID 1). • Mode 4—McData native mode. For information about configuring interop modes 2, 3, and 4, see the Cisco MDS 9000 Family Switch-to-Switch Interoperability Configuration Guide, available at the following location: http://www.cisco.com/en/US/docs/ storage/san_switches/mds9000/interoperability/guide/intopgd.html...

  • Page 211: Ol-Xxxxx-Xx

    Default zone The default zone operation of permit (all nodes can see all other nodes) or deny (all nodes are isolated when not explicitly placed in a zone) may change. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 212: Ol-Xxxxx-Xx

    Cisco switches to non-Cisco SAN switches. Only E ports can be used to connect to non-Cisco SAN switches. TE ports and SAN port channels can still be used to connect a Cisco switch to other Cisco SAN switches even when in interop mode. FSPF The routing of frames within the fabric is not changed by the introduction of interop mode.

  • Page 213: Configuring Interop Mode 1

    In Cisco Nexus 5000 Series switches, the default is to request an ID from the principal switch. If the preferred option is used, Cisco Nexus 5000 Series switches request a specific ID, but still join the fabric if the principal switch assigns a different ID.

  • Page 214: Verifying Interoperating Status

    This section highlights the commands used to verify if the fabric is up and running in interoperability mode. To verify the resulting status of entering the interoperability command in any switch in the Cisco Nexus 5000 Series, perform this task: SUMMARY STEPS 1.

  • Page 215: Ol-Xxxxx-Xx

    Step 3 Verify if you are running the desired configuration. Example: switch# show running-config Building Configuration... Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 216: Ol-Xxxxx-Xx

    5 $1$Li8/fBYX$SNc72.xt4nTXpSnR9OUFB/ role network-admin Step 4 Verify if the interoperability mode is active. Example: switch# show vsan 1 vsan 1 information name:VSAN0001 state:active interoperability mode:yes <-------------------- verify mode loadbalancing:src-id/dst-id/oxid operational state:up Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 217: Ol-Xxxxx-Xx

    Verify the local principal switch status. Example: switch# show fcdomain domain-list vsan 1 Number of domains: 5 Domain ID --------- ----------------------- 0x61(97) 10:00:00:60:69:50:0c:fe 0x62(98) 20:01:00:05:30:00:47:9f 0x63(99) 10:00:00:60:69:c0:0c:1d 0x64(100) 20:01:00:05:30:00:51:1f [Local] Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 218: Ol-Xxxxx-Xx

    21:00:00:20:37:a7:c7:df (Seagate) scsi-fcp 0x651500 10:00:00:e0:69:f0:43:9f (JNI) Total number of entries = 12 Note The Cisco switch name server shows both local and remote entries, and does not time out the entries. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 219: Default Settings For Advanced Features

    Number of frame sent by the fcping feature 5 frames Remote capture connection protocol Remote capture connection mode Passive Local capture frame limits 10 frames FC ID allocation mode Auto mode Loop monitoring Disabled Interop mode Disabled Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 220: Ol-Xxxxx-Xx

    Advanced Fibre Channel Features and Concepts Default Settings for Advanced Features Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 221: Chapter 1 5 Configuring Fc-Sp And Dhchap

    Diffie-Hellman exchange. Information About Fabric Authentication All Cisco Nexus 5000 Series switches enable fabric-wide authentication from one switch to another switch, or from a switch to a host. These switch and host authentications are performed locally or remotely in each fabric.

  • Page 222: Dhchap

    Configuring FC-SP and DHCHAP DHCHAP Cisco Nexus 5000 Series switches support authentication features to address physical security (see the following figure). Figure 31: Switch and Host Authentication Fibre Channel Host Bus Adapters (HBAs) with appropriate firmware and drivers are required for host-switch Note authentication.

  • Page 223: Dhchap Compatibility With Fibre Channel Features

    Verify the DHCHAP configuration. DHCHAP Compatibility with Fibre Channel Features This section identifies the impact of configuring the DHCHAP feature along with existing Cisco NX-OS features: • SAN port channel interfaces—If DHCHAP is enabled for ports belonging to a SAN port channel, DHCHAP authentication is performed at the physical interface level, not at the port channel level.

  • Page 224: Enabling Dhchap

    You must explicitly enable the DHCHAP feature to access the configuration and verification commands for fabric authentication. When you disable this feature, all related configurations are automatically discarded. Enabling DHCHAP To enable DHCHAP for a Cisco Nexus 5000 Series switch, perform this task: SUMMARY STEPS 1. switch# configuration terminal 2.

  • Page 225: Configuring The Dhchap Mode

    Configuring FC-SP and DHCHAP DHCHAP The following table identifies switch-to-switch authentication between two Cisco switches in various modes. Table 33: DHCHAP Authentication Status Between Two MDS Switches Switch N Switch 1 DHCHAP Modes DHCHAP auto-active auto-passive Modes FC-SP authentication FC-SP authentication FC-SP authentication Link is brought down.

  • Page 226: About The Dhchap Hash Algorithm

    (0). About the DHCHAP Hash Algorithm Cisco SAN switches support a default hash algorithm priority list of MD5 followed by SHA-1 for DHCHAP authentication. If you change the hash algorithm configuration, then change it globally for all switches in the fabric.

  • Page 227: About The Dhchap Group Settings

    SHA-1 hash algorithm. About the DHCHAP Group Settings All Cisco Nexus 5000 Series switches support all DHCHAP groups specified in the standard: 0 (null DH group, which does not perform the Diffie-Hellman exchange), 1, 2, 3, or 4.

  • Page 228: Configuring Dhchap Passwords For The Local Switch

    We recommend using RADIUS or TACACS+ for fabrics with more than five switches. If you need to use a local password database, you can continue to do so using Configuration 3 and using the Cisco MDS 9000 Family Fabric Manager to manage the password database.

  • Page 229: Configuring Dhchap Passwords For Remote Devices

    About the DHCHAP Timeout Value During the DHCHAP protocol exchange, if the Cisco Nexus 5000 Series switch does not receive the expected DHCHAP message within a specified time interval, authentication failure is assumed. The time ranges from 20 (no authentication is performed) to 1000 seconds. The default is 30 seconds.

  • Page 230: Configuring Dhchap Aaa Authentication

    The following example shows how to display the DHCHAP local password database: switch# show fcsp dhchap database Use the ASCII representation of the device WWN to configure the switch information on RADIUS and TACACS+ servers. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 231: Sample Configuration

    8. Repeat these steps on the connecting MDS 9509 switch. DETAILED STEPS Step 1 Obtain the device name of the Cisco Nexus 5000 Series switch in the fabric. The Cisco Nexus 5000 Series switch in the fabric is identified by the switch WWN. Example:...

  • Page 232: Default Fabric Security Settings

    You have now enabled and configured DHCHAP authentication for the sample setup in shown in the figure above. Default Fabric Security Settings The following table lists the default settings for all fabric security features in any switch. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 233: Ol-Xxxxx-Xx

    A priority list of MD5 followed by SHA-1 for DHCHAP authentication DHCHAP authentication mode Auto-passive DHCHAP group default priority exchange order 0, 4, 1, 2, and 3, respectively DHCHAP timeout value 30 seconds Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 234: Ol-Xxxxx-Xx

    Configuring FC-SP and DHCHAP Default Fabric Security Settings Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 235: Chapter 1 6 Configuring Port Security

    Configuring Port Security, page 213 Configuring Port Security Cisco Nexus 5000 Series switches provide port security features that reject intrusion attempts and report these intrusions to the administrator. Port security is supported on virtual Fibre Channel ports and physical Fibre Channel ports.

  • Page 236: About Auto-Learning

    You can instruct the switch to automatically learn (auto-learn) the port security configurations over a specified period. This feature allows any Cisco Nexus 5000 Series switch to automatically learn about devices and switches that connect to it. Use this feature when you activate the port security feature for the first time as it saves tedious manual configuration for each port.

  • Page 237: Configuring Port Security

    Wait until all switches and all hosts are automatically learned. Step 6 Disable auto-learn on each VSAN. Step 7 Issue a CFS commit to copy this configuration to all switches in the fabric. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 238: Configuring Port Security With Auto-Learning Without Cfs

    Copy the running configuration to the startup configuration, which saves the port security configuration database to the startup configuration. Step 7 Repeat the above steps for all switches in the fabric. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 239: Configuring Port Security With Manual Database Configuration

    Step 6 Repeat the above steps for all switches in the fabric. Enabling Port Security By default, the port security feature is disabled in Cisco Nexus 5000 Series switches. To enable port security, perform this task: SUMMARY STEPS 1. switch# configuration terminal 2.

  • Page 240: Port Security Activation

    Database Activation Rejection Database activation is rejected in the following cases: • Missing or conflicting entries exist in the configuration database but not in the active database. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 241: Forcing Port Security Activation

    VSAN even if conflicts occur. force Database Reactivation If auto-learning is enabled, you cannot activate the database without the force option until you disable auto-learning. To reactivate the port security database, perform this task: Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 242: Auto-Learning

    • If the port security feature is activated, auto-learning is enabled by default (unless you explicitly disabled this option). If auto-learning is enabled on a VSAN, you can only activate the database for that VSAN by using the force option. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 243: Enabling Auto-Learning

    Enforces the database contents based on the devices learned up to this point. Auto-Learning Device Authorization The following table summarizes the authorized connection conditions for device requests. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 244: Authorization Scenario

    The following table summarizes the port security authorization results for this active database. Table 36: Authorization Results for Scenario Device Connection Authorization Condition Reason Request P1, N2, F1 Permitted No conflict. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 245: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide

    P5, N3, F3 Permitted Wildcard ( * ) match for F3 and N3. P7, N3, F9 Permitted Wildcard ( * ) match for Related Topics Auto-Learning Device Authorization, on page 221 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 246: Port Security Manual Configuration

    Configuring Port Security Port Security Manual Configuration Port Security Manual Configuration To configure port security on a Cisco Nexus 5000 Series switch, perform this task: SUMMARY STEPS 1. Identify the WWN of the ports that need to be secured. 2. Secure the fWWN to an authorized nWWN or pWWN.

  • Page 247: Port Security Configuration Distribution

    3/2 Port Security Configuration Distribution The port security feature uses the Cisco Fabric Services (CFS) infrastructure to enable efficient database management, provide a single point of configuration for the entire fabric in the VSAN, and enforce the port security policies throughout the fabric.

  • Page 248: Enabling Port Security Distribution

    Configuring Port Security Port Security Configuration Distribution For additional information, refer to Using Cisco Fabric Services in the Cisco Nexus 5000 Series System Management Configuration Guide. Enabling Port Security Distribution All the configurations performed in distributed mode are stored in a pending (temporary) database. If you modify the configuration, you need to commit or discard the pending database changes to the configurations.

  • Page 249: Locking The Fabric

    To discard the port security configuration changes for the specified VSAN, perform this task: SUMMARY STEPS 1. switch# configuration terminal 2. switch(config)# port-security abort vsan vsan-id Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 250: Activation And Auto-Learning Configuration Distribution

    If the pending database contains more than one activation and auto-learning configuration when you commit the changes, the activation and auto-learning changes are consolidated and the resulting operation may change (see the following table. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 251: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide

    Not applicable configuration database = {A,B} active database = {A,B} and devices C and D are logged out. This is equal to an activation with auto-learning disabled. pending database = empty Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 252: Port Security Database Merge Guidelines

    If you do not follow these two conditions, the merge will fail. The next distribution will forcefully synchronize the databases and the activation states in the fabric. For additional information, refer to CFS Merge Support in the Cisco Nexus 5000 Series System Management Configuration Guide.

  • Page 253: Cisco Nexus 5000 Series Nx-Os San Switching Configuration Guide

    You can overwrite the configuration database with the active database using the port-security database Note copy vsan command. The port-security database diff active vsan command in EXEC mode lists the differences between the active database and the configuration database. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 254: Database Scenarios

    Database Interaction Database Scenarios the follwowing figure illustrates various scenarios showing the active database and the configuration database status based on port security configurations. Figure 33: Port Security Database Scenarios Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 255: Copying The Port Security Database

    The clear port-security database auto-learn and clear port-security statistics commands are only Note relevant to the local switch and do not acquire locks. Also, learned entries are only local to the switch and do not participate in distribution. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 256: Displaying Port Security Configuration

    Table 39: Default Security Settings Parameters Default Auto-learn Enabled if port security is enabled. Port security Disabled. Distribution Disabled. Note Enabling distribution enables it on all VSANs in the switch. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 257: Chapter 1 7 Configuring Fabric Binding

    Fabric Binding Port Security Uses a set of sWWNs and a persistent domain ID. Uses pWWNs/nWWNs or fWWNs/sWWNs. Binds the fabric at the switch level. Binds devices at the interface level. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 258: Fabric Binding Enforcement

    Configuring Fabric Binding The fabric binding feature ensures ISLs are only enabled between specified switches in the fabric binding configuration. Fabric binding is configured on a per-VSAN basis. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 259: Configuring Fabric Binding

    The fabric binding feature must be enabled in each switch in the fabric that participates in the fabric binding. By default, this feature is disabled in Cisco Nexus 5000 Series switches. The configuration and verification commands for the fabric binding feature are only available when fabric binding is enabled on a switch. When you disable this configuration, all related configurations are automatically discarded.

  • Page 260: About Switch Wwn Lists

    Adds the sWWN of another switch for a specific domain domain-id ID to the configured database list. Step 5 switch(config-fabric-binding)#no swwn swwn-id Deletes the sWWN and domain ID of a switch from the configured database list. domain domain-id Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 261: About Fabric Binding Activation And Deactivation

    If the database activation is rejected due to one or more conflicts listed in the previous section, you may decide to proceed with the activation by using the force option. To forcefully activate the fabric binding database, perform this task: Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 262: Copying Fabric Binding Configurations

    Clearing the Fabric Binding Statistics Use the clear fabric-binding statistics command to clear all existing statistics from the fabric binding database for a specified VSAN. switch# clear fabric-binding statistics vsan 1 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 263: Deleting The Fabric Binding Database

    The following example displays the active fabric binding information for VSAN 4: switch# show fabric-binding database active vsan 4 The following example displays fabric binding violations: switch# show fabric-binding violations ------------------------------------------------------------------------------- VSAN Switch WWN [domain] Last-Time [Repeat count] Reason Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 264: Default Fabric Binding Settings

    4 Default Fabric Binding Settings The following table lists the default settings for the fabric binding feature. Table 41: Default Fabric Binding Settings Parameters Default Fabric binding Disabled Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 265: Chapter 1 8 Configuring Fabric Configuration Servers

    Each object has its own set of attributes and values. A null value may also be defined for some attributes. In the Cisco Nexus 5000 Series switch environment, a fabric may consist of multiple VSANs. One instance of the FCS is present per VSAN.

  • Page 266: Fcs Characteristics

    When a restart or switchover happens, FCSs retrieve the secondary storage information and rebuild its database. • SNMP manager can query FCSs for all IEs, ports, and platforms in the fabric. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 267: Fcs Name Specification

    You can specify if the unique name verification is for the entire fabric (globally) or only for locally (default) registered platforms. Note Set this command globally only if every switch in the fabric belong to the Cisco MDS 9000 Family or Cisco Nexus 5000 Series of switches. To enable global checking of the platform name, perform this task:...

  • Page 268: Default Fcs Settings

    Default FCS Settings Default FCS Settings The following table lists the default FCS settings. Table 42: Default FCS Settings Parameters Default Global checking of the platform name Disabled Platform node type Unknown Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 269: Chapter 1 9 Configuring Port Tracking

    Configuring Port Tracking, page 247 Configuring Port Tracking Cisco Nexus 5000 Series switches offer the port tracking feature on physical Fibre Channel interfaces (but not on virtual Fibre Channel interfaces). This feature uses information about the operational state of the link to initiate a failure in the link that connects the edge device.

  • Page 270: Configuring Port Tracking

    Before configuring port tracking, consider the following guidelines: • Verify that the tracked ports and the linked ports are on the same Cisco switch. • Be aware that the linked port is automatically brought down when the tracked port goes down.

  • Page 271: Enabling Port Tracking

    Configuring Port Tracking Enabling Port Tracking The port tracking feature is disabled by default in Cisco Nexus 5000 Series switches. When you enable this feature, port tracking is globally enabled for the entire switch. To configure port tracking, enable the port tracking feature and configure the linked ports for the tracked port.

  • Page 272: About Tracking Multiple Ports

    2 or 3 are still functioning as desired. Figure 36: Traffic Recovery Using Port Tracking Tracking Multiple Ports To track multiple ports, perform this task: Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 273: About Monitoring Ports In A Vsan

    To monitor a tracked port in a specific VSAN, perform this task : SUMMARY STEPS 1. switch# configuration terminal 2. switch(config)# interface fc slot/port 3. switch(config-if)# port-track interface san-port-channel 1 vsan 2 4. switch(config-if)# no port-track interface san-port-channel 1 vsan 2 Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 274: About Forceful Shutdown

    Step 1 switch# configuration terminal Enters configuration mode. Step 2 switch(config)# interface fc slot/port Configures the specified interface and enters the interface configuration mode. You can now configure tracked ports. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...

  • Page 275: Displaying Port Tracking Information

    Port track mode is force_shut <-- this port remains shut even if the tracked port is back up Default Port Tracking Settings The following table lists the default settings for port tracking parameters. Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...
  • Page 276 Configuring Port Tracking Default Port Tracking Settings Table 43: Default Port Tracking Parameters Parameters Default Port tracking Disabled Operational binding Enabled along with port tracking Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx...
  • Page 277 131, 132, 133, 134, 139, 140, 141 Brocade comparison with zones native interop mode creating buffer-to-buffer credits default settings Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx IN-1...
  • Page 278 E port mode deleting databases classes of service deleting from config database (procedure) description description E ports disabling 11, 15, 62, 118, 143, 235, 243 configuring EFMD Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide IN-2 OL-xxxxx-xx...
  • Page 279 FSCN domain IDs displaying databases domain manager fast restart FSPF 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 154, 160, 188 dsiplaying statistics clearing counters Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx IN-3...
  • Page 280 FCIDs link failures Hello time intervals recovering configuring for FSPF load balancing 69, 71, 93, 99 description attributes attributes for VSANs configuring description 71, 99 guarantees Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide IN-4 OL-xxxxx-xx...
  • Page 281 214, 215, 216, 221, 226 enabling description verifying device authorization disabling distributing configuration enabling guidelines for configuring with CFS operational states 11, 15 guidelines for configuring without CFS configuring on Fibre Channel interfaces Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx IN-5...
  • Page 282 150, 151 configuring for FSPF interface modes description SD ports route costs configuring computing secondary MAC addresses RSCN configuring 166, 167, 168, 173 default settings SFPs description displaying transmitter types Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide IN-6 OL-xxxxx-xx...
  • Page 283 VSANs comparison with zones (table) trunk mode 21, 62, 63, 66 compatibility with DHCHAP administrative default configuring configuring 62, 63 configuring allowed-active lists default settings configuring FSPF Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide OL-xxxxx-xx IN-7...
  • Page 284 MAC addresses merge failures suspended connections renaming restoring (procedure) viewing information zoning 103, 105 description zone aliases example conversion to device aliases implementation Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide IN-8 OL-xxxxx-xx...

Table of Contents