Download Print this page

Cisco DS-X9530-SF1-K9 - Supervisor-1 Module - Control Processor Configuration Manual

Mds 9000 family

Table Of Contents

Table of Contents

Advertisement

Quick Links

Download this manual

S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .

Cisco MDS 9000 Family

Configuration Guide, Release 2.x

Cisco MDS SAN-OS for Release 2.0(1b) through Release 2.1(2e)

November 2006

Corporate Headquarters

Cisco Systems, Inc.

170 West Tasman Drive

San Jose, CA 95134-1706

USA

http://www.cisco.com

Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 526-4100

Text Part Number: OL-6973-03

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the DS-X9530-SF1-K9 - Supervisor-1 Module - Control Processor and is the answer not in the manual?

Questions and answers

Summary of Contents for Cisco DS-X9530-SF1-K9 - Supervisor-1 Module - Control Processor

Page 1 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Cisco MDS 9000 Family Configuration Guide, Release 2.x Cisco MDS SAN-OS for Release 2.0(1b) through Release 2.1(2e) November 2006 Corporate Headquarters Cisco Systems, Inc.
Page 2 OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CCVP, the Cisco Logo, and the Cisco Square Bridge logo are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.;...
Page 3 Getting Started P A R T Product Overview C H A P T E R Hardware Overview Cisco MDS 9100 Series Fixed Configuration Fabric Switches Cisco MDS 9200 Series Fabric Switches Cisco MDS 9500 Series Multilayer Directors Software Features Licensing...
Page 4: Table Of Contents
About the CLI Command Modes CLI Command Hierarchy EXEC Mode Options Configuration Mode Configuration Mode Commands and Submodes CLI Command Navigation Getting Help Command Completion File System Completion Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 5 2-25 Deleting Files 2-25 Displaying File Contents 2-25 Saving Command Output to a File 2-26 Compressing and Uncompressing Files 2-26 Displaying the Last Lines in a File 2-27 Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 6 License Transfers Between Switches 3-12 Displaying License Information 3-12 Initial Configuration C H A P T E R Starting a Switch in the Cisco MDS 9000 Family Initial Setup Routine Preparing to Configure the Switch Default Login Setup Options Assigning Setup Information...
Page 7 Clearing CDP Counters and Tables 4-33 Displaying CDP Information 4-34 Using the CFS Infrastructure C H A P T E R About CFS Cisco SAN-OS Features Using CFS CFS Features CFS Protocol Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 8 Upgrading a Loader 6-21 Upgrading the BIOS 6-23 Quick Upgrade 6-25 Downgrading from a Higher Release 6-25 Maintaining Supervisor Modules 6-27 Standby Supervisor Boot Variable Version 6-27 Cisco MDS 9000 Family Configuration Guide viii OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 9 Accessing Remote File Systems Deleting Files Configuring High Availability C H A P T E R About High Availability Switchover Mechanisms HA Switchover Characteristics Initiating a Switchover Switchover Guidelines Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 10 Reloading the Switch 10-7 Power Cycling Modules 10-7 Reloading Switching Modules 10-7 Preserving Module Configuration 10-9 Purging Module Configuration 10-10 Powering Off Switching Modules 10-10 Identifying Module LEDs 10-11 Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 11 Managing ASMs, SSMs, and Supervisor Modules 10-34 Considerations for Replacing ASMs, SSMs, and Supervisor Modules 10-34 Recovering an SSM After Replacing Corrupted CompactFlash Memory 10-35 Considerations for Upgrading and Downgrading Cisco MDS SAN-OS Releases 10-36 Default Settings 10-38 Switch Configuration P A R T...
Page 12 12-2 Configuring the Trunk Mode 12-3 Trunk-Allowed VSAN Configuration 12-3 Configuring an Allowed-Active List of VSANs 12-5 Trunking Configuration Guidelines 12-6 Displaying Trunking Information 12-7 Default Settings 12-8 Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 13 Domain Restart 14-3 Domain Configuration 14-4 Switch Priority 14-6 Allowed Domain ID Lists 14-6 Merged Stable Fabrics 14-7 Contiguous Domain Assignments 14-7 fcdomain Initiation 14-8 Fabric Name 14-8 Cisco MDS 9000 Family Configuration Guide xiii OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 14 C H A P T E R VSAN Advantages 16-1 How VSANs Work 16-2 VSANs Versus Zones 16-4 Default and Isolated VSANs 16-5 Default VSAN 16-5 Isolated VSAN 16-5 Displaying Isolated VSAN Membership 16-5 Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 15 Sample DPVM Configuration 17-10 Default Settings 17-12 Configuring Inter-VSAN Routing 18-1 C H A P T E R About IVR 18-2 IVR Features 18-3 IVR Terminology 18-3 IVR Guidelines 18-4 Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 16 Verifying the Persistent FC ID Configuration 18-19 About IVZs and IVZSs 18-20 IVZs Versus Zones 18-20 Automatic IVZ Creation 18-21 Configuring IVZs and IVZSs 18-22 Creating and Activating IVZs and IVZSs 18-22 Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 17 Zone Set Distribution 19-11 Enabling Full Zone Set Distribution 19-12 One-Time Distribution 19-12 Recovering from Link Isolation 19-13 Importing and Exporting Zone Sets 19-14 Zone Set Duplication 19-14 Cisco MDS 9000 Family Configuration Guide xvii OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 18 20-2 Zone Aliases Versus Device Aliases 20-2 Modifying the Device Alias Database 20-3 Locking The Fabric 20-3 Committing Changes 20-4 Discarding Changes 20-4 Fabric Lock Override 20-4 Cisco MDS 9000 Family Configuration Guide xviii OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 19 Enabling IOD for a VSAN 21-13 Displaying the IOD Status 21-13 Configuring the Drop Latency Time 21-13 Displaying Latency Information 21-14 Flow Statistics Configuration 21-15 Configuring Flow Statistics 21-15 Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 20 24-3 Fabric Optimization with VSANs 24-3 FCIP Support 24-4 PortChannel Support 24-4 VSANs for FICON and FCP Intermixing 24-4 Cisco MDS-Supported FICON Features 24-5 FICON Port Numbering 24-7 Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 21 Port Swapping Guidelines 24-26 Moving a FICON VSAN to an Offline State 24-27 Clearing FICON Device Allegiance 24-27 CUP In-Band Management 24-27 Placing CUPs in a Zone 24-28 Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 22 25-4 Database Merge Guidelines 25-4 Displaying Configured FC Timer Values 25-5 Configuring World Wide Names 25-5 Link Initialization WWN Usage 25-6 Configuring a Secondary MAC Address 25-6 Cisco MDS 9000 Family Configuration Guide xxii OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 23 Logging out Users 26-12 Displaying User Account Information 26-13 Configuring SSH Services 26-13 Enabling SSH Service 26-13 Specifying the SSH Key 26-14 Generating the SSH Server Key Pair 26-14 Cisco MDS 9000 Family Configuration Guide xxiii OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 24 Configuring RADIUS and TACACS+ 28-1 C H A P T E R Switch Management Security 28-2 CLI Security Options 28-2 SNMP Security Options 28-2 Switch AAA Functionalities 28-2 Authentication 28-2 Cisco MDS 9000 Family Configuration Guide xxiv OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 25 Clearing Sessions 28-18 Merge Guidelines for RADIUS and TACACS+ Configurations 28-18 Local AAA Services 28-19 Disabling AAA Authentication 28-19 Displaying AAA Authentication 28-20 Authentication and Authorization Process 28-20 Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 26 Initializing IKE 30-7 Configuring the IKE Domain 30-7 About IKE Tunnels 30-7 IKE Policy Negotiation 30-7 Optional Configurations 30-9 Clearing IKE Tunnels or Domains 30-11 Refreshing SAs 30-11 Cisco MDS 9000 Family Configuration Guide xxvi OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 27 30-36 Configuring FC-SP and DHCHAP 31-1 C H A P T E R About Fabric Authentication 31-2 About DHCHAP 31-3 DHCHAP Compatibility with Existing Cisco MDS Features 31-3 Configuring DHCHAP Authentication 31-3 DHCHAP Configuration 31-4 DHCHAP Authentication Modes 31-4 DHCHAP Hash Algorithm Configuration...
Page 28 Port Security Database Copy 32-13 Port Security Database Deletion 32-14 Port Security Database Cleanup 32-14 Displaying Port Security Configurations 32-15 Default Settings 32-18 IP Services P A R T Cisco MDS 9000 Family Configuration Guide xxviii OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 29 Quality of Service 33-18 Configuring E Ports 33-18 Advanced FCIP Features 33-19 FCIP Write Acceleration 33-19 FCIP Tape Acceleration 33-21 FCIP Compression 33-23 Displaying FCIP Information 33-24 Cisco MDS 9000 Family Configuration Guide xxix OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 30 VSAN Membership for iSCSI 35-17 Example of VSAN membership for iSCSI devices 35-18 Advanced VSAN membership for iSCSI hosts 35-19 iSCSI Access Control 35-19 Fibre Channel Zoning Based Access Control 35-19 Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 31 Transparent Mode Initiator 35-47 Target Storage Device Requiring LUN Mapping 35-53 About iSCSI Storage Name Services 35-58 About iSNS Client Functionality 35-59 Creating an iSNS Client Profile 35-59 Cisco MDS 9000 Family Configuration Guide xxxi OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 32 Priority for the Virtual Router 36-19 Time Interval for Advertisement Packets 36-19 Priority Preemption 36-20 Virtual Router Authentication 36-20 Priority Based on Interface State 36-21 Displaying VRRP Information 36-21 Cisco MDS 9000 Family Configuration Guide xxxii OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 33 37-15 VRRP for iSCSI and FCIP Services 37-16 Configuring VRRP for Gigabit Ethernet Interfaces 37-16 About Ethernet PortChannel Aggregation 37-17 Configuring Ethernet PortChannels 37-18 Configuring CDP 37-19 Cisco MDS 9000 Family Configuration Guide xxxiii OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 34 Default Settings 40-8 Configuring NASB 41-1 C H A P T E R About NASB 41-1 Enabling NASB 41-3 NASB Target Rediscovery 41-4 Displaying NASB Information 41-4 Cisco MDS 9000 Family Configuration Guide xxxiv OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 35 Configuring Analyzers Using SPAN 43-12 Single SD Port to Monitor Traffic 43-13 Displaying SPAN Information 43-14 Remote SPAN 43-16 Advantages to Using RSPAN 43-16 FC and RSPAN Tunnels 43-17 Cisco MDS 9000 Family Configuration Guide xxxv OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 36 44-9 Default Settings 44-14 Configuring Call Home 45-1 C H A P T E R Call Home Features 45-2 Cisco AutoNotify 45-2 Call Home Configuration Process 45-3 Cisco MDS 9000 Family Configuration Guide xxxvi OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 37 Default Settings 46-6 Traffic Management P A R T Configuring Fabric Congestion Control and QoS 47-1 C H A P T E R 47-2 FCC Process 47-2 Cisco MDS 9000 Family Configuration Guide xxxvii OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 38 Displaying Port Tracking Information 48-6 Default Settings 48-8 Troubleshooting P A R T Troubleshooting Your Fabric 49-1 C H A P T E R The fctrace Feature 49-1 Cisco MDS 9000 Family Configuration Guide xxxviii OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 39 Test Run Requirements 50-12 Tests for a Specified Module 50-12 Clearing Previous Error Reports 50-13 Performing Internal Loopbacks 50-14 Performing External Loopbacks 50-14 Interpreting the Current Status 50-15 Cisco MDS 9000 Family Configuration Guide xxxix OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 40 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Displaying System Health 50-15 Default Settings 50-18 N D E X Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 41 SAN-OS Release 2.x software. The Cisco MDS 9000 Family Configuration Guide is updated to address each new and changed feature in the Cisco MDS SAN-OS Release 2.x software. The latest version of this document is available at the following Cisco Systems website: http://www.cisco.com/en/US/products/hw/ps4159/ps4358/prod_configuration_guides_list.html...
Page 42 Storage Backup (NSAB) NASB” Distributed configuration Instructs the other switches in the fabric to save 2.1(1a) Chapter 4, “Initial copy their configurations to their local NVRAM. Configuration” Cisco MDS 9000 Family Configuration Guide xlii OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 43 FICON enhancements Provides support for FICON on MPS-14/2 2.0(2b) Chapter 1, “Product Overview” modules. ELP enhancement Provides FELP compliance with FC-SW-3. 2.0(2b) Chapter 25, “Advanced Features and Concepts” Cisco MDS 9000 Family Configuration Guide xliii OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 44 Chapter 37, “Configuring IP module iSCSI features. Storage” Cisco MDS 9216i Switch Provides one fixed integrated supervisor module Chapter 30, “Configuring IPsec with 14 Fibre Channel ports, 2 IP ports, and an Network Security” expansion slot that supports up to 32 additional ports.
Page 45 RMON” Multicast compliance Allows interoperability with other vendor 2.0(1b) Chapter 21, “Configuring Fibre switches. The Cisco SAN-OS software uses the Channel Routing Services and lowest domain switch as the root to compute the Protocols” multicast tree in interop mode. IP-ACL changes Allows you to apply IP-ACLs to Gigabit Ethernet 2.0(1b)
Page 46 Chapter 34, “Configuring the tuner generating SCSI I/O commands and directing SAN Extension Tuner” such traffic to a specific virtual target. This feature is unique to the Cisco MDS 9000 Family. Command Scheduler Helps you schedule configuration and 2.0(1b) Chapter 15, “Scheduling maintenance jobs in any switch in the Cisco MDS Maintenance Jobs”...
Page 47 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Preface This preface describes the audience, organization, and conventions of the Cisco MDS 9000 Family Configuration Guide. It also provides information on how to obtain related documentation.
Page 48 Chapter 11 Configuring Interfaces Explains port and operational state concepts in Cisco MDS 9000 Family switches and provides details on configuring ports and interfaces. Chapter 12 Configuring Trunking Explains TE ports and trunking concepts.
Page 49 Chapter 28 Configuring RADIUS and TACACS+ Discusses the AAA parameters, user profiles, and RADIUS authentication security options provided in all switches in the Cisco MDS 9000 Family and provides configuration information for these options. Chapter 29 Configuring IP Access Control Lists Describes the IP static routing feature and its use to route traffic between VSANs.
Page 50 Chapter 38 Configuring SCSI Flow Services and Describes the SCSI flow services and SCSI Statistics flow statistics, the Intelligent Storage Services, supported in Cisco MDS SAN-OS Release 2.0(2b). Chapter 39 Configuring Fibre Channel Write Describes the configuration process of Fibre...
Page 51: Document Conventions
Means reader take note. Notes contain helpful suggestions or references to material not covered in the Note manual. Means reader be careful. In this situation, you might do something that could result in equipment Caution damage or loss of data. Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 52: Related Documentation
Cisco MDS 9000 Family Port Analyzer Adapter 2 Installation and Configuration Note • • Cisco MDS 9000 Family Port Analyzer Adapter Installation and Configuration Note For information on VERITAS Storage Foundation™ for Networks for the Cisco MDS 9000 Family, refer to the VERITAS website: http://support.veritas.com/ Cisco MDS 9000 Family Configuration Guide...
Page 53: Obtaining Documentation
Cisco products and to view technical documentation in HTML. With the DVD, you have access to the same documentation that is found on the Cisco website without being connected to the Internet. Certain products also have .pdf versions of the documentation available.
Page 54 • Register to receive security information from Cisco. A current list of security advisories and notices for Cisco products is available at this URL: http://www.cisco.com/go/psirt If you prefer to see advisories and notices as they are updated in real time, you can access a Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed from this URL: http://www.cisco.com/en/US/products/products_psirt_rss_feed.html...
Page 55: Obtaining Technical Assistance
Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting a web or phone request for service. You can access the CPI tool from the Cisco Technical Support & Documentation website by clicking the Tools & Resources link under Documentation & Tools. Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts &...
Page 56 Cisco engineer. The TAC Service Request Tool is located at this URL: http://www.cisco.com/techsupport/servicerequest For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.
Page 57 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Cisco Press publishes a wide range of general networking, training and certification titles. Both new •...
Page 58 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Cisco MDS 9000 Family Configuration Guide lviii OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 59: Getting Started
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . A R T Getting Started...
Page 60 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .
Page 61: Product Overview
SANs (VSANs), advanced security, sophisticated debug analysis tools, and unified SAN management. This chapter lists the hardware features for the Cisco MDS 9000 Family and describes its software features. It includes the following sections: Hardware Overview, page 1-1 •...
Page 62 • wavelength SFPs for connectivity up to 500 m and 10 km, respectively. Switches in the Cisco MDS 9100 Series do not have a COM1 port (RS-232 serial port). Note Refer to the Cisco MDS 9100 Series Hardware Installation Guide.
Page 63 The SSM enables pooling of heterogeneous storage for increased storage utilization, simplified storage management, and reduced total cost of storage ownership. Refer to the Cisco MDS 9216 Switch Hardware Installation Guide and the Cisco MDS 9200 Series Hardware Installation Guide.
Page 64 Refer to the Cisco MDS 9500 Series Hardware Installation Guide. Software Features This section provides an overview of the major software features of the Cisco MDS 9000 Family of multilayer directors and fabric switches. Licensing The licensing functionality is available in all switches in the Cisco MDS 9000 Family.
Page 65: Graceful Shut Down
A graceful shut down ensures that no frames are lost when the interface is shutting down. When a shut down is triggered either by you or the Cisco SAN-OS software, the switches connected to the shut down link coordinate with each other to ensure that all frames in the ports are safely sent through the link before shutting down.
Page 66: Dynamic Vsans
VSAN to maintain fabric topology when a host or storage device connection is moved between two Cisco MDS switches. It retains the configured VSAN regardless of where a device is connected or moved.
Page 67: Intelligent Zoning
“About Enhanced Zoning” section on page 19-27. Device Alias Distribution All switches in the Cisco MDS 9000 Family offer a new alias distribution feature called Distributed Device Alias Services (device alias). You now have the option to distribute device alias names on a fabric-wide basis.
Page 68: Trunking
• A protocol to exchange PortChannel configurations is available in all Cisco MDS switches. This feature simplifies PortChannel management with incompatible ISLs. Autocreation mode enables ISLs with compatible parameters to automatically form channel groups without manual intervention.
Page 69: Ficon
Cisco MDS 9216i Switch integrate seamlessly into the Cisco MDS 9000 Family of multilayer directors and fabric switches. Traffic can be routed between any IP storage port and any other port on a Cisco MDS 9000 Family switch. These products support the full range of services available on other Cisco MDS 9000 Family switching modules including VSANs, security, and traffic management.
Page 70: Call Home
Chapter 45, “Configuring Call Home.” QoS and Congestion Control Switches in the Cisco MDS 9000 Family provide priority queuing and flow control services. The Quality of Service (QoS) feature has the following advantages: • Guarantees relative bandwidth to application traffic.
Page 71: Span And Rspan
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . SPAN and RSPAN The Switched Port Analyzer (SPAN) feature is specific to switches in the Cisco MDS 9000 Family. It monitors network traffic though a Fibre Channel interface. Traffic through any Fibre Channel interface can be replicated to a special port called the SPAN destination port (SD port).
Page 72: Fabric Management
Cisco MDS 9000 Family switches offer fabric management and control through the command-line interface (CLI) by using Telnet, SSH, or a serial console and through the Cisco MDS 9000 Fabric Manager tool by using the Simple Network Management Protocol (SNMP) services: SNMP versions 1, 2c, and 3 are supported.
Page 73 Chapter 29, “Configuring IP Access Control Lists.” Port Security The following port security features prevent unauthorized access to a switch port in the Cisco MDS 9000 Family: • Login requests from unauthorized Fibre Channel devices (Nx ports) and switches (xE ports) are rejected.
Page 74: Port Tracking
Command Scheduler The Cisco MDS command scheduler feature helps you schedule configuration and maintenance jobs in any switch in the Cisco MDS 9000 Family. You can use this feature to schedule jobs on a one-time basis or periodically. Chapter 15, “Scheduling Maintenance Jobs.”...
Page 75: Cli
Enter key. The CLI parser provides command help, command completion, and keyboard sequences that allow you to access previously executed commands from the buffer history. Continue reading this guide for more information on configuring the Cisco MDS switch using the CLI. Cisco MDS 9000 Fabric Manager The Cisco Fabric Manager is a set of network management tools that supports Secure Simple Network Management Protocol version 3 (SNMPv3) and legacy versions.
Page 76 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Refer to the Cisco MDS 9000 Fabric Manager Configuration Guide.
Page 77: Before You Begin
CLI Command Navigation, page 2-8 • • About Flash Devices, page 2-20 Formatting Flash Devices and File Systems, page 2-21 • Using the File System, page 2-22 • Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 78: About The Switch Prompt
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . About the Switch Prompt Refer to the Cisco MDS 9200 Series Hardware Installation Guide or the Cisco MDS 9500 Series Note Hardware Installation Guide for installation and connection instructions.
Page 79: Default Switch Roles
Do not enter percent ( % ), pound ( # ), ellipsis ( ... ), vertical bar ( | ), less than or great than ( < > ), Note brackets ( [ ] ), or braces ( { } ) in command lines. These characters have special meaning in Cisco SAN-OS text strings.
Page 80: Cli Command Hierarchy
Configure fcdomain parameters fspf Configure FSPF parameters Negate a command or set its defaults rspan-tunnel Configure remote span tunnel interface shutdown Enable/disable an interface switchport Configure switchport parameters Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 81: Exec Mode Options
Trace route to destination undebug Disable Debugging functions (See also debug) update Update license write Write current configuration zone Execute Zone Server commands zoneset Execute zoneset commands Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 82: Configuration Mode
Config commands for FDMI ficon Configure ficon information fspf Configure fspf in-order-guarantee Set in-order delivery guarantee interface Select an interface to configure Configure IP features iscsi Enable/Disable iSCSI Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 83 0 switch(config)# In this example, terminal session-timeout is an EXEC mode command—you are issuing an EXEC mode command using the configuration mode do command. Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 84: Getting Help
This form of help is called command syntax help, because it reminds you which keywords or arguments are applicable based on the commands, keywords, and arguments you have already entered. switch# config ? Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 85: Command Completion
If you issue the zone member command, you can undo the results: switch(config)# zone name test vsan 1 switch(config-zone)# member pwwn 12:12:12:12:12:12:12:12 switch(config-zone)# no member pwwn 12:12:12:12:12:12:12:12 WARNING: Zone is empty. Deleting zone test. Exit the submode. switch(config-zone)# Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 86: Cli Command Configuration Options
0 frames output, 0 bytes, 0 discards Received 0 OLS, 0 LRR, 0 NOS, 0 loop inits Transmitted 0 OLS, 0 LRR, 0 NOS, 0 loop inits Cisco MDS 9000 Family Configuration Guide 2-10 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 87 Copyright (c) 2002-2003, Cisco Systems, Inc. All rights reserved. The copyrights to certain works contained herein are owned by Cisco Systems, Inc. and/or other third parties and are used and distributed under license. Some parts of this software are covered under the GNU Public License.
Page 88 Building Configuration ... zone name m vsan 1 member pwwn 21:00:00:20:37:60:42:5c member pwwn 21:00:00:20:37:4b:00:a2 zoneset name m vsan 1 member m zoneset activate name m vsan 1 Cisco MDS 9000 Family Configuration Guide 2-12 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 89: Saving A Configuration
Shutting down the system in 2 minutes. Please log off. Broadcast Message from admin@excal-112 (/dev/pts/3) at 16:50 ... Shutting down the system in 2 minutes. Please log off. Cisco MDS 9000 Family Configuration Guide 2-13 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 90: Using The Ping Command
Source address or interface The numeric IP address or the name of the source interface. Not applicable Type of service The Quality of Service (QoS) in Internet Control Message Protocol (ICMP) datagrams (see the “QoS” section on page 47-3). Cisco MDS 9000 Family Configuration Guide 2-14 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 91 --- 198.133.219.25 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 7996ms rtt min/avg/max/mdev = 0.558/0.642/0.872/0.120 ms To abnormally terminate a ping session, type the Ctrl-C escape sequence. Cisco MDS 9000 Family Configuration Guide 2-15 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 92: Using Traceroute
Use the traceroute command to prints the routes taken by a specified host or IP address. The syntax for this command is traceroute <host or ip address>. switch# traceroute www.cisco.com Tracing route to www.cisco.com [198.133.219.25] 30 hops max, 38 byte packets bras3-l0.pltnca.sbcglobal.net [151.164.184.79] 30 ms 30 ms 20 ms dist2-vlan50.pltn13.pbi.net [64.164.97.67] 20 ms...
Page 93: Displaying Vty Sessions
This change is not saved in the configuration file. switch# terminal session-timeout 600 Specifies the terminal timeout to be 600 minutes for the current session. Cisco MDS 9000 Family Configuration Guide 2-17 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 94: Setting The Terminal Type
Use the show terminal command to display the terminal settings for the current session: switch# show terminal TTY: Type: “vt100” Length: 24 lines, Width: 80 columns Session Timeout: 525600 minutes Cisco MDS 9000 Family Configuration Guide 2-18 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 95 Testing the MOTD Feature The configured MOTD banner is displayed before the login prompt on the terminal whenever a user logs in to a Cisco MDS 9000 Family switch. Testing the MOTD Feature switch login: Follow these guidelines when choosing your delimiting character: Do not use the delimiting-character in the message string.
Page 96: Internal Bootflash:
CompactFlash 1 Internal bootflash: All switches in the Cisco MDS 9000 Family have one internal bootflash: that resides in the supervisor or switching module.You have access to two locations within the internal bootflash: file system. The volatile: file system provides temporary storage, and it is also the default location for file system •...
Page 97: Initializing Internal Bootflash:
If the external CompactFlash device is unformatted (corrupted), you will see the following message: • Device unavailable In this case, you need to format the CompactFlash device using the format slot0: command. Cisco MDS 9000 Family Configuration Guide 2-21 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 98: Using The File System
The Cisco SAN-OS software only supports CompactFlash devices that are certified by Cisco Systems Caution and formatted using Cisco MDS switches. Using uncertified CompactFlash devices may result in unpredictable consequences;...
Page 99: Displaying The Current Directory
If you issue this command from the active supervisor module in a Cisco MDS 9500 Series (for example, Note ), then you cannot change the current working directory to the bootflash: of . See the...
Page 100: Creating A Directory
This example moves a file from the current directory level. switch# move samplefile mystorage/samplefile If the current directory is slot0:mydir, this command moves slot0:mydir/samplefile to slot0:mydir/mystorage/samplefile. Cisco MDS 9000 Family Configuration Guide 2-24 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 101: Copying Files
Int fc1/1 no shut show int This example displays the contents of a file residing in the current directory. switch# show file myfile Cisco MDS 9000 Family Configuration Guide 2-25 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 102: Saving Command Output To A File
This example unzips the file that was compressed in the previous example: switch# gunzip samplefile switch# dir 1525859 Jul 04 00:51:03 2003 Samplefile Usage for volatile:// 1527808 bytes used 19443712 bytes free 20971520 bytes total Cisco MDS 9000 Family Configuration Guide 2-26 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 103: Displaying The Last Lines In A File
0 frames output, 0 bytes, 0 discards Received 0 OLS, 0 LRR, 0 NOS, 0 loop inits Transmitted 0 OLS, 0 LRR, 0 NOS, 0 loop inits Counter Values (5 minute averages): Cisco MDS 9000 Family Configuration Guide 2-27 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 104: Setting The Delay Time
When you execute the slot0:test-script, the switch software executes the discover scsi-target remote command, and then waits for 10 seconds before executing the show scsi-target disk command. Cisco MDS 9000 Family Configuration Guide 2-28 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 105 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . A R T Cisco MDS SAN-OS Installation and Switch Management...
Page 106 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .
Page 107 C H A P T E R Obtaining and Installing Licenses Licenses are available in all switches in the Cisco MDS 9000 Family. Licensing allows you to access specified premium features on the switch after you install the appropriate license for that feature.
Page 108: Licensing Terminology
Host IDs—A unique chassis serial number that is specific to each Cisco MDS switch. • Proof of purchase—A document entitling its rightful owner to use licensed feature(s) on one Cisco • MDS switch as described in that document. Also known as the claim certificate.
Page 109: Licensing Model
(such as replacing a Storage Services Module (SSM) with another SSM), the existing license will support the new module. Any feature not included in a license package is bundled with the Cisco MDS 9000 Family switches and Note is provided at no charge to the user.
Page 110 IVR NAT over FCIP • SAN extension over IP package for The following features apply to the MPS-14/2 module MPS-14/2 modules and the fixed Cisco MDS 9216i IP ports: (SAN_EXTN_OVER_IPS2) FCIP • The FCIP, IVR, and SAN extension Hardware-based FCIP compression Note •...
Page 111: Licensing High Availability
– Licensing High Availability As with other Cisco MDS SAN-OS features, the licensing feature also maintains the following high availability standards for all switches in the Cisco MDS 9000 Family: Installing any license in any switch is a nondisruptive process.
Page 112: Options To Install A License
Options to Install a License If you have purchased a new switch through either your reseller or through Cisco Systems, you can: Obtain a factory-installed license (only applies to new switch orders).
Page 113: Obtaining The License Key File
The license key file is sent to you by e-mail. The license key file is digitally signed to only authorize use on the requested switch. The requested features are also enabled once the Cisco SAN-OS software on the specified switch accesses the license key file.
Page 114: Installing The License Key File
3-9). Installing the License Key File If you need to install multiple licenses in any switch in the Cisco MDS 9000 Family, be sure to provide unique file names for each license key file. To install a license key file in any switch, follow these steps: Log into the switch through the console port of the active supervisor.
Page 115: Backing Up License Files
Removing an evaluation license immediately triggers a grace period without service disruption. Caution Uninstalling a license requires the related features to first be disabled. Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 116: Updating Licenses
If your license is time bound, you must obtain and install an updated license. Contact technical support to request an updated license. If you purchased Cisco support through a Cisco reseller, contact the reseller directly. If you purchased Note support directly from Cisco Systems, contact Cisco Technical Support at this URL: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml...
Page 117: Grace Period Alerts
Ficon ----------- The Cisco SAN-OS license counter keeps track of all licenses on a switch. If you are evaluating a f feature and the grace period has started, you will receive console messages, SNMP traps, system messages, and Call Home messages on a daily basis.
Page 118: License Transfers Between Switches
A license is specific to the switch for which it is issued and is not valid on any other switch. If you need to transfer a license from one switch to another, contact your customer service representative. If you purchased Cisco support through a Cisco reseller, contact the reseller directly. If you purchased Note support directly from Cisco Systems, contact Cisco Technical Support at this URL: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml...
Page 119 Note Example 3-4 Displays All Installed License Key Files and their Contents switch# show license Permanent.lic: SERVER this_host ANY VENDOR cisco INCREMENT MAINFRAME_PKG cisco 1.0 permanent uncounted \ HOSTID=VDH=FOX0646S017 \ NOTICE=”<LicFileID></LicFileID><LicLineID>0</LicLineID> \ <PAK>dummyPak</PAK>” SIGN=EE9F91EA4B64 Evaluation.lic: SERVER this_host ANY VENDOR cisco INCREMENT MAINFRAME_PKG cisco 1.0 30-Dec-2003 uncounted \...
Page 120 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Cisco MDS 9000 Family Configuration Guide 3-14 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 121 Initial Configuration This chapter describes how to initially configure switches so they can be accessed by other devices. This chapter includes the following sections: Starting a Switch in the Cisco MDS 9000 Family, page 4-2 • Initial Setup Routine, page 4-2 •...
Page 122: Initial Setup Routine
Initial Setup Routine The first time that you access a switch in the Cisco MDS 9000 Family, it runs a setup program that prompts you for the IP address and other configuration information necessary for the switch to communicate over the supervisor module Ethernet interface. This information is required to configure and manage the switch.
Page 123 The IP address can only be configured from the CLI. When you power up the switch for the first time Note assign the IP address. After you perform this step, the Cisco MDS 9000 Family Fabric Manager can reach the switch through the console port.
Page 124: Preparing To Configure The Switch
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Preparing to Configure the Switch Before you configure a switch in the Cisco MDS 9000 Family for the first time, you need the following information: Administrator password, including: •...
Page 125: Setup Options
Setup Options The setup scenario differs based on the subnet to which you are adding the new switch. You must configure a Cisco MDS 9000 Family switch with an IP address to enable management connections from outside of the switch.
Page 126: Assigning Setup Information
Step 11d. in the following procedure. To configure the switch for first time out-of-band access, follow these steps: Power on the switch. Switches in the Cisco MDS 9000 Family boot automatically. Step 1 Enter the new password for the administrator.
Page 127 Step 9 Enter yes (yes is the default) to configure out-of-band management. Continue with Out-of-band (mgmt0) management configuration? [yes/no]: yes Enter the mgmt0 IP address. Mgmt0 IP address: ip_address Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 128 Step 11c Note Default network IP address [dest_prefix]: dest_prefix Enter yes (yes is the default) to configure the DNS IP address. Configure the DNS IP address? (yes/no) [y]: yes Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 129 Enter yes (no is the default) to enable a full zone set distribution (see the “Zone Set Distribution” section on page 19-11). Enable full zoneset distribution (yes/no) [n]: yes Overrides the switch-wide default for the full zone set distribution feature. Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 130: Configuring In-Band Management
Chapter 16, “Configuring and Managing VSANs”). You can configure both in-band and out-of-band configuration together by entering Yes in both Step 9c. Note Step 9d. in the following procedure. Cisco MDS 9000 Family Configuration Guide 4-10 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 131 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . To configure a switch for first time in-band access, follow these steps: Step 1 Power on the switch. Switches in the Cisco MDS 9000 Family boot automatically. Step 2 Enter the new password for the administrator.
Page 132 Enter the number of key bits? (768 to 1024): 1024 Step 14 Enter no (no is the default) to configure the NTP server. Configure NTP server? (yes/no) [n]: no Cisco MDS 9000 Family Configuration Guide 4-12 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 133 Type yes in order to save the new configuration. This ensures that the kickstart and system images are also automatically configured (see Chapter 6, “Software Images”). Cisco MDS 9000 Family Configuration Guide 4-13 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 134: Using The Setup Command
Serial console access—You can use a serial port connection to access the CLI. • In-band IP (IPFC) access—You can use Telnet or SSH to access a switch in the Cisco MDS 9000 • Family or use SNMP to connect to a Cisco MDS 9000 Fabric Manager application.
Page 135: Assigning A Switch Name
SAN association, or the organization to which it is deployed. The assigned name is displayed in the command-line prompt. The switch name is limited to 20 alphanumeric characters. This guide refers to a switch in the Cisco MDS 9000 Family as switch, and it uses the prompt.
Page 136: Verifying The Module Status
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . To use the Cisco MDS 9000 Fabric Manager, refer to the Cisco MDS 9000 Family Fabric Manager Configuration Guide.
Page 137: Configuring The Time Zone
This example sets the U.S. Pacific standard offset Example: time as negative 8 hours and 0 minutes. switch(config)# clock timezone PST -8 0 Disables the time zone adjustment feature. switch(config)# no clock timezone Cisco MDS 9000 Family Configuration Guide 4-17 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 138: Ntp Configuration
Time synchronization happens when several frames are exchanged between clients and servers. The switches in client mode know the address of one or more NTP servers. The servers act as the time source and receive client synchronization requests. Cisco MDS 9000 Family Configuration Guide 4-18 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 139: Ntp Configuration Guidelines
Not even a server down time will affect well-configured switches in the network. Figure 4-3 displays a network with two NTP stratum 2 servers and two switches. Cisco MDS 9000 Family Configuration Guide 4-19 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 140: Ntp Configuration Distribution
– NTP Configuration Distribution You can enable NTP fabric distribution for all Cisco MDS switches in the fabric. When you perform NTP configurations, and distribution is enabled, the entire server/peer configuration is distributed to all the switches in the fabric.
Page 141: Committing Ntp Configuration Changes
Step 1 Enters configuration mode. switch# config t Step 2 Discards the NTP configuration changes in the switch(config)# ntp abort pending database and releases the fabric lock. Cisco MDS 9000 Family Configuration Guide 4-21 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 142: Releasing Fabric Session Lock
IP parameters (IP address, subnet mask) so that the switch is reachable. You can manually configure the management interface from the CLI. Cisco MDS 9000 Family Configuration Guide 4-22 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 143: Obtaining Remote Management Access
Note You need to explicitly configure a default gateway to connect to the switch and send IP packets or add a route for each subnet. Cisco MDS 9000 Family Configuration Guide 4-23 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 144: Default Gateway Configuration
To configure the IP address of the default gateway, follow these steps: Command Purpose Step 1 Enters configuration mode. switch# config t Step 2 Configures the 172.16.1.1 IP address. switch(config)# ip default-gateway 172.16.1.1 Cisco MDS 9000 Family Configuration Guide 4-24 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 145: Telnet Server Connection
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Telnet Server Connection The Telnet server is enabled by default on all switches in the Cisco MDS 9000 Family. If you require a secure SSH connection, you need to disable the default Telnet connection and then enable the SSH connection (see the “Enabling SSH Service”...
Page 146: Configuring Console Port Settings
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Configuring Console Port Settings The console port is an asynchronous serial port that enables switches in the Cisco MDS 9000 Family to be set up for initial configuration through a standard RS-232 port with an RJ-45 connector. Any device connected to this port must be capable of asynchronous transmission.
Page 147: Configuring Com1 Port Settings
Disables hardware flow control. By default, hardware flow switch(config-com1)# no flowcontrol hardware control is enabled on all switches in the Cisco 9000 Family. When enabled, this option is useful in protecting data loss at higher baud rates. This option is only available through the COM1 port.
Page 148: Configuring Modem Connections
Modems can only be configured if you are connected to the console or COM1 ports. A modem connection to a switch in the Cisco MDS 9000 Family does not affect switch functionality. If you plan on connecting a modem to the console port or the COM1 port of a switch in the Cisco MDS Note 9000 Family, refer to the Cisco MDS 9200 Series Hardware Installation Guide or the Cisco MDS 9500 Series Hardware Installation Guide.
Page 149: Configuring The Initialization String
You may retain the default string or change it to another string (80 character limit) using the user-input option. This option is provided if you prefer to use a modem that is not supported or tested by Cisco systems. If you change the string, the changes you make are permanent and remain in effect unless you change them again.
Page 150: Configuring The Default Initialization String
To configure a user-specified initialization string through the console port, follow these steps: Command Command Step 1 Enters configuration mode. switch# config terminal switch(config)# Step 2 Enters the console port configuration mode. switch(config)# line com1 switch(config-console)# Cisco MDS 9000 Family Configuration Guide 4-30 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 151: Initializing A Modem In A Powered-On Switch
Wait until the system has completed the boot sequence and the system image is running. Step 1 Connect the modem to the switch as specified in the Cisco MDS 9200 Series Hardware Guide or the Step 2 Cisco MDS 9500 Series Hardware Installation Guide.
Page 152: Configuring Cdp
The Cisco Discovery Protocol (CDP) is an advertisement protocol used by Cisco devices to advertise itself to other Cisco devices in the same network. CDP runs on the data link layer and is independent of Layer 3 protocols. Cisco devices that receive the CDP packets cache the information to make it is accessible through the CLI and SNMP.
Page 153: Clearing Cdp Counters And Tables
Use the clear cdp table command to clear neighboring CDP entries for all interfaces. You can issue this command for a specified interface or for all interfaces (management and Gigabit Ethernet interfaces). switch# clear cdp table interface gigabitethernet 4/1 switch# Cisco MDS 9000 Family Configuration Guide 4-33 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 154: Displaying Cdp Information
Interface: mgmt0, Port ID (outgoing port): 5/22 Holdtime: 136 sec Version: WS-C5500 Software, Version McpSW: 2.4(3) NmpSW: 2.4(3) Copyright (c) 1995-1997 by Cisco Systems Advertisement Version: 1 Example 4-3 Displays the Specified CDP Neighbor switch# show cdp entry name 0...
Page 155 S - Switch, H - Host, I - IGMP, r - Repeater Device ID Local Intrfce Hldtme Capability Platform Port ID Gig4/1 DS-X9530-SF1- Gig4/1 069038732(Kiowa2 mgmt0 WS-C5500 8/11 069038747(Kiowa3 mgmt0 WS-C5500 6/20 069038747(Kiowa3 mgmt0 WS-C5500 5/22 Cisco MDS 9000 Family Configuration Guide 4-35 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 156 Interface: mgmt0, Port ID (outgoing port): 8/11 Holdtime: 132 sec Version: WS-C5500 Software, Version McpSW: 2.4(3) NmpSW: 2.4(3) Copyright (c) 1995-1997 by Cisco Systems Advertisement Version: 1 Example 4-9 Displays the Specified CDP Neighbor (in detail) switch# show CDP neighbors interface gigabitethernet 4/1 detail...
Page 157 Invalid CDP Packets: 0 Unsupported Version: 0 Checksum Errors: 0 Malformed Packets: 0 Output Statistics: Total Packets: 674 CDP v1 Packets: 0 CDP v2 Packets: 674 Send Errors: 0 Cisco MDS 9000 Family Configuration Guide 4-37 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 158 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Cisco MDS 9000 Family Configuration Guide 4-38 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 159 C H A P T E R Using the CFS Infrastructure The Cisco SAN-OS software uses the Cisco Fabric Services (CFS) infrastructure to enable efficient database distribution and to foster device flexibility. It simplifies SAN provisioning by automatically distributing configuration information to all switches in a fabric.
Page 160: About Cfs
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . About CFS Many features in the Cisco MDS switches require configuration synchronization in all switches in the fabric. Maintaining configuration synchronization across a fabric is important to maintain fabric consistency.
Page 161: Cfs Features
(when two independent fabrics merge). CFS Protocol The CFS functionality is independent of the lower layer transport. Currently, in Cisco MDS switches, the CFS protocol layer resides on top of the FC2 layer. CFS uses the FC2 transport services to send information to other switches.
Page 162: Cfs Distribution Scopes
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . CFS Distribution Scopes Different applications on the Cisco MDS 9000 Family switches need to distribute the configuration at various levels: VSAN level •...
Page 163: Disabling Cfs Distribution On A Switch
CFS Application Requirements All switches in the fabric must be CFS capable. A Cisco MDS 9000 Family switch is CFS capable if it is running Cisco SAN-OS Release 2.0(1b) or later. Switches that are not CFS capable do not receive distributions and result in part of the fabric not receiving the intended distribution.
Page 164: Locking The Fabric
Cisco SAN-OS software does not allow any configuration changes from a switch, other than the switch holding the lock, to this Cisco SAN-OS feature and issues a message to inform the user about the locked status. The configuration changes are held in a pending database by that application.
Page 165: Saving The Configuration
Caution The CISCO-CFS-MIB contains SNMP configuration information for any CFS-related functions. Refer to the Cisco MDS 9000 Family MIB Quick Reference for more information on this MIB. Clearing a Locked Session You can clear locks held by an application from any switch in the fabric. This option is provided to rescue you from situations where locks are acquired and not released.
Page 166: Displaying Cfs Configuration Information
Prior to Cisco MDS SAN-OS Release 2.1(1a), in the Application field represents the fctimer Note vsan application. In Cisco Cisco MDS SAN-OS Release 2.1(1a) and later, the fctimer application appears as in the Application field. fctimer Example 5-2 Displays the Currently Registered Applications Using CFS...
Page 167 The application server in each fabric which is mainly responsible for the merge is indicated by the term Merge Master Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 168 Merge Status: Failed Local Fabric --------------------------------------------------------- Switch WWN IP Address --------------------------------------------------------- 20:00:00:05:30:00:6b:9e 10.76.100.167 [Merge Master] Remote Fabric --------------------------------------------------------- Switch WWN IP Address --------------------------------------------------------- 20:00:00:0e:d7:00:3c:9e 10.76.100.169 [Merge Master] Cisco MDS 9000 Family Configuration Guide 5-10 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 169 Total number of entries = 2 Scope : Logical [VSAN 3] ----------------------------------------------------------- Domain Switch WWN IP Address ----------------------------------------------------------- 20:00:00:44:22:00:4a:9e 172.22.92.27 [Local] 20:00:00:05:30:01:1b:c2 172.22.92.215 Total number of entries = 2 Cisco MDS 9000 Family Configuration Guide 5-11 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 170: Default Settings
Table 5-1 Default CFS Parameters Parameters Default Database changes Implicitly enabled with the first configuration change. Application distribution Differs based on application. Commit Explicit configuration is required. Cisco MDS 9000 Family Configuration Guide 5-12 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 171: About Software Images
The images and variables are important factors in any install procedure. You must specify the variable and the image to upgrade your switch. Both images are not always required for each install. Unless explicitly stated, the software install procedures in this section apply to any switch in the Cisco Note MDS 9000 Family.
Page 172: Dependent Factors For Software Installation
If you purchased Cisco support through a Cisco reseller, contact the reseller directly. If you Note purchased support directly from Cisco Systems, contact Cisco Technical Support at this URL: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml...
Page 173 Ensure that the required space is available for the image files to be copied using the dir command. – We recommend the one-step install all command to upgrade your software. This command upgrades all modules in any Cisco MDS 9000 Family switch (see the “Benefits of Using the install all Command” section on page 6-5).
Page 174: Software Upgrade Methods
Cisco MDS 9500 Directors, we highly recommend that you install dual supervisor modules. You can upgrade any switch in the Cisco MDS 9000 Family using one of the following methods: Automated, one-step upgrade using the install all command. This upgrade is nondisruptive for •...
Page 175: Automated Upgrades
Description : fc-tunnel is enabled Capability requirement : STRICT Automated Upgrades The install all command upgrades all modules in any Cisco MDS 9000 Family switch. Figure 6-1 provides an overview of the switch status before and after issuing the install all command.
Page 176: Recognizing Failure Cases
This is also identified by the show install all impact command in the compatibility check section of the output (under the Bootable column). Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 177: Using The Install All Command
Verify that you have enough free space available on the active and standby supervisor module bootflash:. The download site on Cisco.com shows the size of the system image file in bytes. If there is not adequate space, delete unused files using the delete filename EXEC command.
Page 178 Hitless upgrade is not supported disruptive rolling Hitless upgrade is not supported non-disruptive rolling non-disruptive reset non-disruptive reset Images will be upgraded according to following table: Module Image Running-Version New-Version Upg-Required Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 179: [####################] 100% -- Success
If the configuration meets all guidelines when the install all command is issued, all modules (supervisor and switching) are upgraded. This is true for any switch in the Cisco MDS 9000 Family. Cisco MDS 9000 Family Configuration Guide...
Page 180: Upgrading Services Modules
“Recognizing Failure Cases” section on page 6-6, contact your reseller or Cisco representative for further assistance. If you purchased Cisco support through a Cisco reseller, contact the reseller directly. If you purchased support directly from Cisco Systems, contact Cisco Technical Support at this URL: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml Upgrading Services Modules Any Fibre Channel switching module supports nondisruptive upgrades.
Page 181: Verifying Image Bootflash:/Isan-2.1.2
Hitless upgrade is not supported disruptive rolling Hitless upgrade is not supported non-disruptive rolling non-disruptive reset non-disruptive reset Images will be upgraded according to following table: Cisco MDS 9000 Family Configuration Guide 6-11 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 182: [####################] 100% -- Success
Successful install all Command Output Continued from the Standby Console Hacienda(standby)# Auto booting bootflash:/boot-2.1.2 bootflash:/isan-2.1.2... Booting kickstart image: bootflash:/boot-2.1.2.........Image verification OK Starting kernel... INIT: version 2.78 booting Checking all filesystems..r.r.. done. Cisco MDS 9000 Family Configuration Guide 6-12 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 183: [####################] 100% -- Success
“Using the reload module Command” section on page 10-25. Example 6-4 Successful install all Command Including an SSI Image Cisco-MDS# install all system bootflash:m9500-sf1ek9-mz.2.1.2.bin kickstart bootflash:m9500-sf1ek9-kickstart-mz.2.1.2.bin ssi bootflash:m9000-ek9-ssi-mz.2.1.1b.bin Cisco MDS 9000 Family Configuration Guide 6-13 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 184 Install is in progress, please wait. Module 6:Force downloading. -- SUCCESS Syncing image bootflash:/m9000-ek9-ssi-mz.2.1.1b.bin to standby. [####################] 100% -- SUCCESS Syncing image bootflash:/m9500-sf1ek9-kickstart-mz.2.1.2.bin to standby. [####################] 100% -- SUCCESS Cisco MDS 9000 Family Configuration Guide 6-14 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 185 "Switching over onto standby". ----------------------------- If you perform the install all command to downgrade to a Cisco MDS SAN-OS release that does not Note support the SSM module, you must power down the SSM module when prompted by the CLI console.
Page 186: Impact Install-Type
1.2(2) 1.2(2) 1.3(1) 2.1(2) bios v1.1.0(10/24/03) v1.0.8(08/07/03) 1.3(1) 2.1(2) bios v1.1.0(10/24/03) v1.0.8(08/07/03) 1.3(1) 2.1(2) bios v1.1.0(10/24/03) v1.0.8(08/07/03) Do you want to continue with the installation (y/n)? Cisco MDS 9000 Family Configuration Guide 6-16 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 187 1.3(1) 2.1(2) kickstart 1.3(1) 2.1(2) bios v1.1.0(10/24/03) v1.0.8(08/07/03) loader 1.2(2) 1.2(2) system 1.3(1) 2.1(2) kickstart 1.3(1) 2.1(2) bios v1.1.0(10/24/03) v1.0.8(08/07/03) loader 1.2(2) 1.2(2) Cisco MDS 9000 Family Configuration Guide 6-17 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 188: Upgrade Status Verification
There is an on-going installation... <---------------------- in progress installation Enter Ctrl-C to go back to the prompt. Verifying image bootflash:/b-1.3.0.104 -- SUCCESS Verifying image bootflash:/i-1.3.0.104 -- SUCCESS Cisco MDS 9000 Family Configuration Guide 6-18 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 189: Manual Upgrade On A Dual Supervisor Switch
You can manually upgrade the BIOS and the loader in any Cisco MDS switch using the procedures provided in this section. This upgrade process requires you to implement some or all procedures depending on your switch or network configuration.
Page 190 You can also copy the image onto a new Flash disk from a PC and insert it in slot0: in the Cisco MDS 9500 Series switch. After you copy the image and insert it into the slot0: file system, the process is the same as the CompactFlash device after the copy command is issued.
Page 191: Upgrading A Loader
A verification failed message is generated when you use a Cisco MDS 9500 Series image on a Note Cisco MDS 9200 Series switch or a Cisco MDS 9200 Series image on a Cisco MDS 9500 Series switch. Be sure to verify the right image.
Page 192 Cisco Storage Area Networking Operating System (SAN-OS) Software TAC support: http://www.cisco.com/tac Copyright (c) 2002-2005, Cisco Systems, Inc. All rights reserved. The copyrights to certain works contained herein are owned by other third parties and are used and distributed under license.
Page 193: Upgrading The Bios
System. Only use the provided image to upgrade the BIOS. This command does not affect traffic and can be issued at any time on any switch in the Cisco MDS 9200 Series or Cisco MDS 9500 Series. If the BIOS is upgraded, reboot to make the new BIOS take effect. You can schedule the reboot at a Note convenient time so traffic is not impacted.
Page 194 Cisco Storage Area Networking Operating System (SAN-OS) Software TAC support: http://www.cisco.com/tac Copyright (c) 2002-2005, Cisco Systems, Inc. All rights reserved. The copyrights to certain works contained herein are owned by other third parties and are used and distributed under license.
Page 195: Quick Upgrade
2.1(2.1) 1.1.0 [last 1.0.6] Quick Upgrade To perform a quick upgrade on a Cisco MDS 9000 Family switch, follow these steps: Copy the kickstart and system image files to the required location (see the “Copying Files” section on Step 1 page 7-6).
Page 196 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . For example, to revert to Cisco MDS SAN-OS Release 1.3(4b) or 1.3(5) from Release 2.x, follow these...
Page 197: Maintaining Supervisor Modules
Note When a spare standby supervisor module is inserted, it uses the same image as the active supervisor module. The Cisco SAN-OS software image is not automatically copied to the standby flash device. Cisco MDS 9000 Family Configuration Guide 6-27...
Page 198: Corrupted Bootflash Recovery
The loader and the BIOS are upgraded to the same version available on the active supervisor module. • To replace a module in any switch in the Cisco MDS 9200 Series or 9500 Series, follow these steps: Create a backup of your existing configuration file, if required, using the copy running-config Step 1 startup-config command.
Page 199 3. Depending on your Telnet client, these keys may be reserved and you need to remap the keystroke. Refer to the documentation provided by your Telnet client. Cisco MDS 9000 Family Configuration Guide 6-29 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 200: Recovery Using Bios Setup
Step 2 Press Ctrl-C to interrupt the BIOS setup during the BIOS memory test. Step 3 You see the netboot BIOS Setup Utility screen (see Figure 6-4). Cisco MDS 9000 Family Configuration Guide 6-30 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 201 Tab = Jump to next field Ctrl-E = Down arrow Ctrl-X = Up arrow Ctrl-H = Erase (Backspace might not work if your terminal is not configured properly.) Cisco MDS 9000 Family Configuration Guide 6-31 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 202 The file name must be entered exactly as it is displayed on your TFTP server. For example, if you have Caution a file name MDS9500-kiskstart_mzg.10, then enter this name using the exact uppercase characters and file extensions as shown on your TFTP server. Cisco MDS 9000 Family Configuration Guide 6-32 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 203 The init system command also installs a new loader from the existing (running) kickstart image. Note Cisco MDS 9000 Family Configuration Guide 6-33 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 204 Netmask: 255.255.255.0 Server: 0.0.0.0 Gateway: 0.0.0.0 Specify the IP address of the default gateway. Step 3 loader> ip default-gateway 172.16.1.1 Address: 172.16.1.2 Netmask: 255.255.255.0 Server: 0.0.0.0 Gateway: 172.16.1.1 Cisco MDS 9000 Family Configuration Guide 6-34 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 205: Recovery From The Switch(Boot)# Prompt
Issue the ip default-gateway command to configure the IP address of the default gateway. switch(boot)(config-mgmt0)# ip default-gateway 172.16.1.1 Issue the no shutdown command to enable the mgmt0 interface on the switch. Step 3 switch(boot)(config-mgmt0)# no shutdown Cisco MDS 9000 Family Configuration Guide 6-35 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 206: Recovery For Switches With Dual Supervisor Modules
Exit to EXEC mode. Step 4 switch(boot)(config-mgmt0)# end Issue the init system check-filesystem command. As of Cisco MDS SAN-OS Release 2.1(1a), this Step 5 command checks all the internal file systems and fixes any errors that are encountered. switch(boot)# init system check-filesytem Copy the system image from the required TFTP server.
Page 207 172.16.1.2 255.255.255.0 Found Intel EtherExpressPro100 82559ER at 0xe800, ROM address 0xc000 Probing...[Intel EtherExpressPro100 82559ER]Ethernet addr: 00:05:30:00:52:27 Address: 172.16.1.2 Netmask: 255.255.255.0 Server: 0.0.0.0 Gateway: 0.0.0.0 Cisco MDS 9000 Family Configuration Guide 6-37 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 208 If you do not issue the reload module command when a boot failure has occurred, the active supervisor module automatically reloads the standby supervisor module within 3 to 6 minutes after the failure (see “Standby Supervisor Boot Alert” section on page 6-27). Cisco MDS 9000 Family Configuration Guide 6-38 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 209 “Recovery Using BIOS Setup” section on page 6-30. Figure 6-7 Error State if Powered On and Ctrl-C Is Entered Figure 6-8 Error State if Powered On and Esc Is Pressed Cisco MDS 9000 Family Configuration Guide 6-39 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 210: Default Settings
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Default Settings Table 6-4 lists the default image settings for all Cisco MDS 9000 Family switches. Table 6-4 Default Image Settings...
Page 211: Working With Configuration Files
• Saving the Configuration, page 7-4 Copying Files, page 7-6 • Backing Up the Current Configuration, page 7-7 • Rolling Back to a Previous Configuration, page 7-7 • Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 212: Displaying Configuration Files
Downloading Configuration Files to the Switch You can configure a switch in the Cisco MDS 9000 Family by using configuration files you create or download from another switch. In addition, you can store configuration files on a bootflash device on the supervisor module and you can configure the switch using a configuration stored on an external CompactFlash disk.
Page 213: From A Remote Server
The physical media must be inserted into slot0: after you log into the switch. Note To configure a switch in the Cisco MDS 9000 Family using a configuration file stored on an external CompactFlash disk, follow these steps: Log into the switch through the console port or through a Telnet or SSH session.
Page 214: To A Remote Server
Use the following copy command to save the configuration to NVRAM: switch# copy system:running-config nvram:startup-config The copy running-config startup-config command is an alias to the previous command and is used frequently throughout this guide. Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 215: Saving Startup Configurations In The Fabric
Saving Startup Configurations in the Fabric As of Cisco MDS SAN-OS Release 2.1(1a), you can use Cisco Fabric Services (CFS) to instruct the other switches in the fabric to save their configurations to their local NVRAM using the following copy...
Page 216: Copying Files
This example shows how to copy a script file from the SFTP server to the volatile: file system. switch# copy sftp://172.16.10.100/myscript.txt volatile:myscript.txt Use the show version image command to verify if the downloaded images are valid. Note Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 217: Backing Up The Current Configuration
ASCII file is updated. A valid binary configuration file reduces the overall boot time significantly. A binary file cannot be uploaded, but its contents can be used to overwrite the existing startup configuration. The write erase command clears the binary file. Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 218: Restoring The Configured Redundancy Mode
Restoring the Configured Redundancy Mode If you configure the combined mode as the redundancy mode for power supplies on a Cisco MDS 9509 switch, exert care when using the write erase and reload command sequence before rolling back to a saved configuration.
Page 219: Accessing Remote File Systems
This example shows how to delete the file named test from the Flash card inserted in slot 0. • switch# delete slot0:test Delete slot0:test? [y/n]: y • This example shows how to delete the entire directory and all its contents. my-dir switch# delete bootflash:my-dir Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 220 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Cisco MDS 9000 Family Configuration Guide 7-10 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 221: About High Availability
Protects against link failure using the PortChannel (port aggregation) feature. This feature is also • available in switches in the Cisco MDS 9200 Series and in the Cisco MDS 9100 Series. See Chapter 13, “Configuring PortChannels.” Cisco MDS 9000 Family Configuration Guide...
Page 222: Switchover Mechanisms
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Provides management redundancy using the Virtual Router Redundancy Protocol (VRRP). This • feature is also available in switches in the Cisco MDS 9100 Series and in the Cisco MDS 9200 Series. See the “The Virtual Router Redundancy Protocol”...
Page 223: Switchover Guidelines
Status status for supervisor modules. If the status is either or active, you can continue with HA-standby your configuration. Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 224: Process Restartability
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Process Restartability Process restartability provides the high availability functionality in Cisco MDS 9000 Family switches. It ensures that process-level failures do not cause system-level failures. It also restarts the failed processes automatically.
Page 225: Displaying Ha Information
, the switch is operationally HA and can do automatic synchronization. HA-standby If the internal state of one of the supervisor modules is , the switch cannot do automatic • none synchronization. Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 226 HA synchronization in The standby supervisor module is in the process of synchronizing its state progress with the active supervisor modules. Standby (failed) The standby supervisor module is not functioning. Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 227 The active supervisor module and the second supervisor module is present standby but is not functioning. Other The switch is in a transient state. If it persists, call TAC. Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 228 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Cisco MDS 9000 Family Configuration Guide...
Page 229 About Module Temperature, page 9-9 About Fan Modules, page 9-10 • • About Clock Modules, page 9-11 Displaying Environment Information, page 9-11 • • Default Settings, page 9-12 Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 230: Displaying Switch Hardware Inventory
Cisco Storage Area Networking Operating System (SAN-OS) Software TAC support: http://www.cisco.com/tac Copyright (c) 2003-2004 by Cisco Systems, Inc. All rights reserved. The copyright for certain works contained herein are owned by Cisco Systems, Inc. and/or other third parties and are used and distributed under license. Software BIOS: version 1.0.8...
Page 231 Model number is WS-CAC-2500W H/W version is 1.0 Part Number is 34-1535-01 Part Revision is A0 Manufacture Date is Year 6 Week 16 Serial number is ART061600US CLEI code is Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 232: Displaying The Switch Serial Number
Displaying the Switch Serial Number The serial number of your Cisco MDS 9000 Family switch can be obtained by looking at the serial number label on the back of the switch (next to the power supply), or by executing the operating system show sprom backplane 1 command.
Page 233: Displaying Power Usage Information
In response to this command, power supply capacity and consumption information is displayed for each module. See Example 9-3. In a Cisco MDS 9500 Series switch, power usage is reserved for both supervisors regardless of whether Note one or both supervisor modules are present. Example 9-3...
Page 234: Power Supply Configuration Modes
This mode is seldom used, except in cases where the switch has two low power supply capacities but a higher power usage. The chassis in the Cisco MDS 9000 Family uses 1200 W when powered at 110 V, and 2500 W when Note powered at 220 V.
Page 235 If both power supplies have a lower capacity than the current system usage, the configuration is not allowed. Several configuration scenarios are summarized in Table 9-3. Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 236 The new capacity is changed. 2500 combined 3000 1800 3600 This is the existing configuration. 2500 3000 1800 redundant Rejected, so the mode reverts to combined mode. 1. W = Watts Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 237 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . About Module Temperature Built-in, automatic sensors are provided in all switches in the Cisco MDS 9000 Family to monitor your switch at all times.
Page 238: Displaying Module Temperature
If one or more fans fail within a fan module, the Fan Status LED turns red. A fan failure could lead to temperature alarms if not corrected immediately. The fan status is continuously monitored by the Cisco MDS SAN-OS software. In case of a fan failure, the following action is taken: System messages are displayed.
Page 239: About Clock Modules
PS-2 About Clock Modules All switches in the Cisco MDS 9000 Family have two clock modules—Module A (primary) and Module B (redundant). The clock modules are designed, tested, and qualified for mission-critical availability with a mean time between failures (MTBF) of 3,660,316 hours. This translates to a potential failure every 365 years.
Page 240: Default Settings
------- Total Power Available 699.30 ------- Default Settings Table 9-4 lists the default hardware settings. Table 9-4 Default Hardware Parameters Parameters Default Power supply mode Redundant mode. Cisco MDS 9000 Family Configuration Guide 9-12 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 241: About Modules
Managing ASMs, SSMs, and Supervisor Modules, page 10-34 • Default Settings, page 10-38 • About Modules Table 10-1 describes the supervisor module options for switches in the Cisco MDS 9000 Family. Cisco MDS 9000 Family Configuration Guide 10-1 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 242: Supervisor Modules
Cisco MDS 9216i Switches have one supervisor module that includes an integrated switching module with 14 Fibre Channel ports and two Gigabit Ethernet ports. Cisco MDS 9500 Series switches have two supervisor modules—one in slot 5 (sup-1) and one in slot •...
Page 243: Switching Modules
Services Modules Cisco MDS 9000 Family switches support any services module in any non-supervisor slot. Refer to the Cisco MDS 9000 Family SAN Volume Controller Configuration Guide for more information on CSMs. Cisco MDS 9000 Family Configuration Guide 10-3 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 244: Verifying The Status Of A Module
The switching module goes through a testing and an initializing stage before displaying an status. Table 10-3 describes the possible states in which a module can exist. Cisco MDS 9000 Family Configuration Guide 10-4 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 245: Connecting To A Module
At any time, you can connect to any module using the attach module command. Once you are at the module prompt, you can obtain further details about the module using module-specific commands in EXEC mode. Cisco MDS 9000 Family Configuration Guide 10-5 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 246 To display the standby supervisor module information, although you cannot configure the standby • supervisor module using this command. To display the switching module portion of the Cisco MDS 9200 Series supervisor module which • resides in slot 1. Cisco MDS 9000 Family Configuration Guide 10-6 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 247: Reloading Modules
Switching modules automatically download their images from the supervisor module and do not need a forced download. This procedure is provided for reference should a need arise. Cisco MDS 9000 Family Configuration Guide 10-7 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 248 9. switch# reload module 9 force-dnld... 1 00:00:46 switch %LC-2-MSG:SLOT9 LOG_LC-2-IMG_DNLD_COMPLETE: COMPLETED downloading of linecard image. Download successful... Reloading a module disrupts traffic through the module. Caution Cisco MDS 9000 Family Configuration Guide 10-8 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 249: Preserving Module Configuration
16-port switching module applied. referred to in Step 1. You reload the switch. The configuration saved in nonvolatile storage referred to in Step 1 is applied. Cisco MDS 9000 Family Configuration Guide 10-9 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 250: Purging Module Configuration
Powers off the specified module (switching module 1) in switch(config)# poweroff module 1 switch(config)# the switch. Powers up the specified module (switching module 1) in switch(config)# no poweroff module 1 switch(config)# the switch. Cisco MDS 9000 Family Configuration Guide 10-10 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 251: Identifying Module Leds
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Identifying Module LEDs Table 10-5 describes the LEDs for the Cisco MDS 9200 Series integrated supervisor modules. Table 10-5 LEDs for the Cisco MDS 9200 Series Supervisor Modules...
Page 252 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Table 10-6 describes the LEDs for the Cisco MDS 9200 Series interface module. Table 10-6...
Page 253 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Table 10-7 describes the LEDs for the Fibre Channel switch modules: Table 10-7 LEDs for the Cisco MDS 9000 Family Fibre Channel Switching Modules Status Description Status Green All diagnostics pass.
Page 254 The LEDs on the supervisor module indicate the status of the supervisor module, power supplies, and the fan module. Table 10-8 provides more information about these LEDs. Table 10-8 LEDs for the Cisco MDS 9500 Series Supervisor Modules Status Description Status Green All diagnostics pass.
Page 255: Epld Configuration
(EPLDs) that provide hardware functionalities in all modules. EPLD image upgrades are periodically provided to include enhanced hardware functionality or to resolve known issues. Refer to the Cisco MDS SAN-OS Release Notes to verify if the EPLD has changed for the Cisco SAN-OS image version being used.
Page 256 Verify that you have enough free space available on the active and standby supervisor memory devices that you plan to use, either bootflash: or slot0:. The download site on Cisco.com shows the size of the EPLD image file in bytes.
Page 257 Copy the EPLD image file from the FTP server to the bootflash: or slot0: device in the active supervisor module. The following example shows how to copy to bootflash: switch# copy ftp://10.1.7.2/m9000-epld-2.1.2.img bootflash:m9000-epld-2.1.2.img Cisco MDS 9000 Family Configuration Guide 10-17 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 258 2 epld bootflash:m9000-epld-2.1.2.img <------------------------------------------------------------progress twirl Module 2 EPLD upgrade is successful When you upgrade the EPLD module on Cisco MDS 9100 Series switches, you receive the Note following message: Data traffic on the switch will stop now!!
Page 259: Displaying Epld Versions
IPS DB I/F 0x1a IP Storage Services Module (4 Port) Power Manager 0x07 XBUS IO 0x03 UD Flow Control 0x05 PCI ASIC I/F 0x05 Service Module I/F 0x1a Cisco MDS 9000 Family Configuration Guide 10-19 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 260: Asm And Ssm Feature Support
Nondisruptive upgrade for Fibre Channel switching traffic 1. Support for the ASM and VSFN (on both the ASM and SSM) ends in Cisco MDS SAN-OS Release 2.1(2). 2. Requires EPLD version 2.1(2). See “EPLD Configuration” section on page 10-15. Installing the SSI Boot Image on the SSM As of Cisco SAN-OS Release 2.0(2b), you can specify the SSI boot image for a Storage Services Module...
Page 261 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Cisco MDS SAN-OS Release 2.0(2b) through Release 2.1(1a). Once you set the SSI image boot variable, you do not need to reset it for upgrades or downgrades to any Cisco MDS SAN-OS release that supports the SSI image.
Page 262 Configuration” section on page 10-15. Verifying the SSI Boot Image To verify that you have the correct Cisco MDS SAN-OS release and SSI boot image file on your switch, perform the following steps: Step 1 Log into the switch through the console port, an SSH session, or a Telnet session.
Page 263 Issue the dir bootflash: or dir slot0: command to verify that the SSI software image file corresponding Step 4 to your Cisco MDS SAN-OS release is present on the active supervisor module. For example, if your switch is running Cisco MDS SAN-OS Release 2.1(2), you must have m9000-ek9-ssi-mz.2.1.2.bin in bootflash: or slot0: on the active supervisor module.
Page 264 48036239 Apr 06 16:45:41 2005 m9500-sf1ek9-mz.2.1.1a.bin Usage for slot0: 141066240 bytes used 43493376 bytes free 184559616 bytes total switch(standby)# exit switch# Delete the unneeded files, if there is not enough space. Cisco MDS 9000 Family Configuration Guide 10-24 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 265: Using The Reload Module Command
DS-X9530-SF1-K9 ha-standby Note the slot number for later reference. Verify the Cisco MDS SAN-OS release running on the switch and the location and name of the SSI boot Step 3 image on the switch following the procedure described in the “Verifying the SSI Boot Image”...
Page 266 If you do not save this configuration, it is lost on a switch reboot. In addition the ASM or SSM Note stays in the power-down state if your switch is running Cisco MDS SAN-OS Release 2.1(1a) or earlier. You must perform this procedure again to recover the SSI image boot variable configuration.
Page 267: Using The Install Ssi Command
Using the install ssi Command As of Cisco MDS SAN-OS Release 2.1(2), you can use the install ssi command to update the boot image on an SSM. If the SSM is performing Fibre Channel switching and no Intelligent Storage Services are provisioned on the module, this operation does not disrupt traffic through the module.
Page 268 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Note the slot number for later reference. Verify the Cisco MDS SAN-OS release running on the switch and the location and name of the SSI boot Step 3 image on the switch following the procedure described in the “Verifying the SSI Boot Image”...
Page 269: Installing The Asm-Sfn Boot Image For Vsfn
Advanced Services Module (ASM) or, as of Cisco MDS SAN-OS Release 2.1(1a), the Storage Services Module (SSM) using the ASM-SFN image boot variable. Once you set the ASM-SFN image boot variable, you do not need to reset it for upgrades or downgrades to any Cisco MDS SAN-OS release that supports the ASM-SFN image.
Page 270: Verifying The Asm-Sfn Boot Image
10-33). Verifying the ASM-SFN Boot Image To verify that you have the correct Cisco MDS SAN-OS release and ASM-SFN boot image file on your switch, perform the following steps: Log into the switch through the console port, an SSH session, or a Telnet session.
Page 271 43493376 bytes free 184559616 bytes total switch# show module Ports Module-Type Model Status ----- -------------------------------- ------------------ ------------ Advanced Services Module DS-X9032-SMV Supervisor/Fabric-1 DS-X9530-SF1-K9 active * Supervisor/Fabric-1 DS-X9530-SF1-K9 ha-standby Cisco MDS 9000 Family Configuration Guide 10-31 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 272 The system will automatically synchronize the ASM-SFN image to the standby supervisor if Note automatic copying is enabled. switch# config t switch(config)# boot auto-copy Cisco MDS 9000 Family Configuration Guide 10-32 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 273 DS-X9530-SF1-K9 ha-standby Note the slot number for later reference. Verify the Cisco MDS SAN-OS release running on the switch and the location and name of the Step 3 ASM-SFN boot image on the switch following the procedure described in the “Verifying the ASM-SFN...
Page 274 Managing ASMs, SSMs, and Supervisor Modules This section describes the considerations for replacing ASMs, SSMs, and supervisor modules and for upgrading and downgrading Cisco MDS SAN-OS releases. Considerations for Replacing ASMs, SSMs, and Supervisor Modules If you replace an ASM, SSM, or supervisor module, you should consider the following: If you replace an ASM or SSM with another ASM or SSM and the boot image is on bootflash:, •...
Page 275 Recovering an SSM After Replacing Corrupted CompactFlash Memory In Cisco MDS SAN-OS Release 2.1(2) and later, you use the CompactFlash memory (modflash:) on the SSM to store the SSI image. If the modflash: on the SSM is replaced, the SSM might not initialize. To recover the SSM, follow these steps: Log into the switch through the console port, an SSH session, or a Telnet session.
Page 276 “Installing the SSI Boot Image on the SSM” section on page 10-20. If you downgrade to a Cisco MDS SAN-OS release that does not support the ASM or SSM, you must • power down the module. The boot variables for the module are lost.
Page 277 [####################] 100% -- SUCCESS Performing configuration copy. [####################] 100% -- SUCCESS Module 3:Upgrading Bios/loader/bootrom. [####################] 100% -- SUCCESS Module 6:Waiting for module online. -- SUCCESS "Switching over onto standby". ----------------------------- Cisco MDS 9000 Family Configuration Guide 10-37 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 278: Default Settings
Initial state when installed Power-down state on switches with Cisco MDS SAN-OS • Release 2.1(1a) and earlier installed. Fibre Channel switching mode on switches with Cisco MDS • SAN-OS Release 2.1(2) and later installed and SSMs with EPLD version 2.0(2) and later installed.
Page 279 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . A R T Switch Configuration...
Page 280 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .
Page 281 To verify the status of a module at any time, issue the show module command in EXEC mode (see the “Verifying the Module Status” section on page 4-16). Cisco MDS 9000 Family Configuration Guide 11-1 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 282: Fibre Channel Interfaces
Identifying the Beacon LEDs, page 11-18 • Bit Error Thresholds, page 11-18 • Switch Port Attribute Default Values, page 11-19 • SFP Transmitter Types, page 11-20 • Cisco MDS 9000 Family Configuration Guide 11-2 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 283: About Interface Modes
11-1). Besides these modes, each interface may be configured in auto or Fx port modes. These two modes determine the port type during interface initialization. Figure 11-1 Cisco MDS 9000 Family Switch Port Modes NL port NL port N port...
Page 284 In translative loop port (TL port) mode, an interface functions as a translative loop port. It may be connected to one or more private loop devices (NL ports). TL ports are specific to Cisco MDS 9000 Family switches and have similar properties as FL ports. TL ports enable communication between a private loop device and one of the following devices: •...
Page 285 In SPAN destination port (SD port) mode, an interface functions as a switched port analyzer (SPAN). The SPAN feature is specific to switches in the Cisco MDS 9000 Family. It monitors network traffic that passes though a Fibre Channel interface. This monitoring is done using a standard Fibre Channel analyzer (or a similar switch probe) that is attached to an SD port.
Page 286: Auto Mode
If the interface is attached to a third-party switch, it operates in E port mode. If the interface is attached to another switch in the Cisco MDS 9000 Family, it may become operational in TE port mode (see Chapter 12, “Configuring...
Page 287: Reason Codes
The physical layer link is operational and the protocol initialization is in progress. Reconfigure fabric in progress The fabric is currently being reconfigured. Offline The Cisco SAN-OS software waits for the specified R_A_TOV time before retrying initialization. Inactive The interface VSAN is deleted or is in a suspended state.
Page 288 32-Port Configuration Guidelines The 32-port guidelines applies to the following hardware: The 32-port 2 Gbps or 1 Gbps switching module • The Cisco MDS 9140 Switch • Cisco MDS 9000 Family Configuration Guide 11-8 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 289: Configuring Fibre Channel Interface
Note In the Cisco MDS 9100 Series, the left most groups of ports outlined in white (4 ports in the 9120 switch and 8 ports in the 9140 switch) are full line rate like the 16-port switching module. The other ports (16 ports in the 9120 switch and 32 ports in the 9140 switch) are host-optimized like the 32-port switching module.
Page 290: Interface Modes
A graceful shut down ensures that no frames are lost when the interface is shutting down. When a shut down is triggered either by you or the Cisco SAN-OS software, the switches connected to the shut down link coordinate with each other to ensure that all frames in the ports are safely sent through the link before shutting down.
Page 291: Tl Port Alpa Caches
A cache contains entries for recently allocated ALPA values. These caches are maintained on various TL ports. If a device already has an ALPA, the Cisco SAN-OS software attempts to allocate the same ALPA to the device each time. The ALPA cache is maintained in persistent storage and saves information across switch reboots.
Page 292: Clearing The Alpa Cache
BB_credits are negotiated on a per-hop basis. The receive BB_credit ( ) value may be configured for each FC interface. In most cases, fcrxbbcredit you do not need to modify the default configuration. Cisco MDS 9000 Family Configuration Guide 11-12 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 293 Note In the Cisco MDS 9100 Series, the left most groups of ports outlined in white (4 ports in the 9120 switch and 8 ports in the 9140 switch) are full line rate like the 16-port switching module. The other ports (16 ports in the 9120 switch and 32 ports in the 9140 switch) are host-optimized like the 32-port switching module.
Page 294: Performance Buffers
(for example, forwarding frames over FCIP interfaces). For each physical Fibre Channel interface in any switch in the Cisco MDS 9000 Family, you can specify the amount of performance buffers allocated in addition to the configured receive BB_credit value.
Page 295 To use this feature, you must meet the following requirements: Obtain the ENTERPRISE_PKG license (see Chapter 3, “Obtaining and Installing Licenses”). • Configure this feature in any port of the full-rate 4-port group in either the Cisco MDS 9216i Switch • or in the MPS-14/2 module (see Figure 11-1).
Page 296: Frame Encapsulation
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . To configure extended BB_credits for a MDS-14/2 interface or for an interface in a Cisco MDS 9216i...
Page 297: Beacon Mode
The flashing green light overrides the beacon mode configuration. The state of the LED is restored to reflect the beacon mode configuration after the external loopback is removed. Cisco MDS 9000 Family Configuration Guide 11-17 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 298: Identifying The Beacon Leds
3. See the “32-Port Configuration Guidelines” section on page 11-8. 4. Refer to the Cisco MDS 9000 Family Hardware Installation Guide. About Speed LEDs Each port has one link LED on the left and one speed LED on the right.
Page 299: Switch Port Attribute Default Values
You can issue shutdown/no shutdown command sequence to reenable the interface. As of Cisco MDS SAN-OS Release 2.1(1a), you can configure the switch to not disable an interface when the threshold is crossed. By default, the threshold disables the interface.
Page 300: Sfp Transmitter Types
The small form-factor pluggable (SFP) hardware transmitters are identified by their acronyms when displayed in the show interface brief command. If the related SFP has a Cisco-assigned extended ID, then the show interface and show interface brief commands display the ID instead of the transmitter type.
Page 301 Note You need to explicitly configure a default gateway to connect to the switch and send IP packets or add a route for each subnet. Cisco MDS 9000 Family Configuration Guide 11-21 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 302: Configuring Vsan Interfaces
Management Task Force (DMTF) website at the following URL: http://www.dmtf.org/ For further information about Cisco MDS 9000 Family support for CIM servers, refer to the Cisco MDS 9000 Family CIM Programming Reference Guide. A CIM client is required to access the CIM server. The client can be any client that supports CIM.
Page 303: Displaying Interface Information
5 minutes input rate 0 bits/sec, 0 bytes/sec, 0 frames/sec 5 minutes output rate 0 bits/sec, 0 bytes/sec, 0 frames/sec 134 frames input, 8468 bytes 0 discards, 0 errors 0 CRC, 0 unknown class Cisco MDS 9000 Family Configuration Guide 11-23 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 304 0 input OLS, 0 LRR, 0 NOS, 0 loop inits 1 output OLS, 1 LRR, 0 NOS, 1 loop inits 16 receive B2B credit remaining 3 transmit B2B credit remaining..Cisco MDS 9000 Family Configuration Guide 11-24 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 305 - 5 , fc2/5 - 7 Note The spaces are required before and after the dash ( - ) and before and after the comma ( , ). Cisco MDS 9000 Family Configuration Guide 11-25 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 306 Port WWN is 20:42:00:05:30:00:97:9e Peer port WWN is 20:cc:00:05:30:00:50:9e Admin port mode is E, trunk mode is on Port mode is TE Port vsan is 1 Speed is 2 Gbps Cisco MDS 9000 Family Configuration Guide 11-26 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 307 Example 11-7 Displays the CIM Server HTTPS Status switch# show cimserver httpsstatus cimserver Https is enabled Example 11-8 Displays the CIM Server HTTP Status switch# show cimserver httpstatus cimserver Http is not enabled Cisco MDS 9000 Family Configuration Guide 11-27 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 308 1500 GigabitEthernet4/6 down 10.1.1.2/8 auto 3000 GigabitEthernet4/7 down 10.1.1.27/24 auto 1500 GigabitEthernet4/8 down auto 1500 ------------------------------------------------------------------------------- Interface Status Oper Mode Oper Speed (Gbps) ------------------------------------------------------------------------------- iscsi4/1 down ------------------------------------------------------------------------------- Cisco MDS 9000 Family Configuration Guide 11-28 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 309 0 output OLS, 0 LRR, 0 NOS, 0 loop inits 0 link failures, 0 sync losses, 0 signal losses 16 receive B2B credit remaining 3 transmit B2B credit remaining..Cisco MDS 9000 Family Configuration Guide 11-29 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 310 Frames Mbits/s Frames ------------------------------------------------------------------------------- fc3/1 3871 3874 fc3/2 3902 4232 fc3/3 3901 4138 fc3/4 3895 3894 fc3/5 3890 3897 fc9/8 fc9/9 fc9/10 4186 4182 fc9/11 4331 4315 Cisco MDS 9000 Family Configuration Guide 11-30 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 311 Receive B2B Credit performance buffers is 48 12 receive B2B credit remaining 0 transmit B2B credit remaining The show interface transceiver command can only be issued on a switch in the Cisco MDS 9100 Series Note if the SFP is present (see Example 11-15).
Page 312: Displaying Tl Port Information
H11A6ER fc-transmitter type is long wave laser cost reduced cisco extended id is unknown (0x0) Example 11-16 displays the running configuration for a specified interface. Example 11-16 Displays the Running Configuration for a Specified Interface...
Page 313: Tl Port Translation Guidelines
------------------------------------------------------------------------ 0x01 20:10:00:05:30:00:4a:de 20:00:00:05:30:00:4a:de Initiator 0xfffc42 0x02 21:00:00:e0:8b:01:95:e7 20:00:00:e0:8b:01:95:e7 Initiator 0x420100 TL Port Translation Guidelines Table 11-6 lists the TL port translations supported in Cisco MDS 9000 Family switches. Table 11-6 Supported TL Port Translations Translation from Translation to Example...
Page 314: Default Settings
Default Interface Parameters Parameters Default Interface mode Auto Interface speed Auto Management port 100 Mbps in full duplex mode Administrative state Shutdown (unless changed during initial setup) Cisco MDS 9000 Family Configuration Guide 11-34 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 315 1 to 4093 Interface VSAN Default VSAN (1) Beacon mode Off (disabled) EISL encapsulation Disabled Data field size 2112 bytes CIM server Disabled CIM server security protocol HTTP Cisco MDS 9000 Family Configuration Guide 11-35 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 316 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Cisco MDS 9000 Family Configuration Guide 11-36 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 317: About Trunking
Default Settings, page 12-8 About Trunking Trunking, also known as VSAN trunking, is a feature specific to switches in the Cisco MDS 9000 Family. Trunking enables interconnect ports to transmit and receive frames in more than one VSAN, over the same physical link, using Enhanced ISL (EISL) frame format (see Figure 12-1).
Page 318 Trunking State Port Mode Auto or on Trunking (EISL) TE port Auto, on, or off No trunking (ISL) E port Auto Auto No trunking (ISL) E port Cisco MDS 9000 Family Configuration Guide 12-2 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 319: Configuring The Trunk Mode
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . The preferred configuration on the Cisco MDS 9000 Family switches is one side of the trunk set to auto and the other set to on.
Page 320 The ISL between switch 3 and switch 1 shall include VSAN 1, 2, and 5. • Consequently, VSAN 2 can only be routed from switch 1 through switch 3 to switch 2. Cisco MDS 9000 Family Configuration Guide 12-4 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 321 Deletes VSANs 2, 3, and 4. switch(config-if)# no switchport trunk allowed vsan 2-4 Deletes the expanded allowed list. switch(config-if)# no switchport trunk allowed vsan add 5 Cisco MDS 9000 Family Configuration Guide 12-5 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 322: Trunking Configuration Guidelines
Switch 3 VSANs 2 and 3 get effectively merged with overlapping entries in the name server and the zone applications. The Cisco MDS 9000 Fabric Manager helps detect such topologies. Refer to the Cisco MDS 9000 Family Fabric Manager Configuration Guide.
Page 323: Displaying Trunking Information
Vsan 1 is up, FCID is 0xef0000 Vsan 2 is up, FCID is 0xef0000 port-channel 6 is trunking Vsan 1 is up, FCID is 0xef0000 Vsan 2 is up, FCID is 0xef0000 Cisco MDS 9000 Family Configuration Guide 12-7 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 324: Default Settings
Table 12-3 Default Trunk Configuration Parameters Parameters Default Switch port trunk mode Allowed VSAN list 1 to 4093 user-defined VSAN IDs. Trunking protocol Enabled. Cisco MDS 9000 Family Configuration Guide 12-8 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 325 Deleting Interfaces from a PortChannel, page 13-11 • • PortChannel Configuration Guidelines, page 13-11 PortChannel Protocol, page 13-13 • PortChannel Configuration Verification, page 13-17 • Default Settings, page 13-20 • Cisco MDS 9000 Family Configuration Guide 13-1 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 326: Portchannel Functionality
Note fail-over scenarios. Cisco MDS 9000 Family of switches support 128 PortChannels with 16 interfaces per PortChannel. A PortChannel number refers to the unique (to each switch) identifier associated with each channel group. This number ranges from of 1 to 128.
Page 327 PortChannel. The other three ports continue to remain in a no shutdown state. In the Cisco MDS 9100 Series, the left most groups of ports outlined in white (4 ports in the Cisco MDS Note 9120 Switch and 8 ports in the Cisco MDS 9140 Switch) are full line rate like the 16-port switching module.
Page 328: About Portchanneling And Trunking
When trunking is operational on an E port, that E port becomes a TE port. A TE port is specific to switches in the Cisco MDS 9000 Family. An industry standard E port can link to other vendor switches and is referred to as a nontrunking interface (see...
Page 329 Frame 2 Link 2 Frame 3 SID1, DID1, Exchange 2 Frame n Frame 1 Link 1 Frame 2 Link 2 Frame 3 SID2, DID2 Exchange 1 Frame n Cisco MDS 9000 Family Configuration Guide 13-5 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 330: Portchannel Creation
Command Purpose Step 1 Enters configuration mode. switch# config t Step 2 Configures the specified PortChannel (1) using the switch(config)# interface port-channel 1 switch(config-if)# default ON mode. Cisco MDS 9000 Family Configuration Guide 13-6 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 331: Portchannel Modes
PortChannels in releases prior to Release 2.0(1b), where the channel group mode is implicitly assumed to be ON. In Cisco MDS SAN-OS Releases1.3 and earlier, the only available PortChannel mode was the ON mode. PortChannels configured in the ON mode require you to explicitly enable and disable the Portchannel member ports at either end if you add or remove ports from the PortChannel configuration.
Page 332: Deleting Portchannels
After the members are added, regardless of the mode (ACTIVE and ON) used, the ports at either end are gracefully brought down, indicating that no frames are lost when the interface is going down (see the “Graceful Shut Down” section on page 11-9). Cisco MDS 9000 Family Configuration Guide 13-8 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 333: Forcing An Interface Addition
(see the “Graceful Shut Down” section on page 11-9). Cisco MDS 9000 Family Configuration Guide 13-9 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 334: Compatibility Check
An interface enters the suspended state if the interface is configured in the ON mode. • An interface enters the isolated state if the interface is configured in the ACTIVE mode. • See the “Reason Codes” section on page 11-7. Cisco MDS 9000 Family Configuration Guide 13-10 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 335: Deleting Interfaces From A Portchannel
PortChannel is configured, be sure to reconnect the links to interfaces within the PortChannel and re-enable the links. If all three conditions are not met, the faulty link is disabled. Cisco MDS 9000 Family Configuration Guide 13-11 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 336: Valid Configurations
Channel Group 10 Channel Group 20 Cisco MDS Cisco MDS Cisco MDS Cisco MDS Switch A Switch B Switch A Switch B Channel Group 1 Channel Group 2 Cisco MDS 9000 Family Configuration Guide 13-12 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 337: Invalid Configuration Examples
PortChannel interface is propagated to all members of the channel group. A protocol to exchange PortChannel configurations is available in all Cisco MDS switches. This addition simplifies PortChannel management with incompatible ISLs. An additional autocreation mode enables ISLs with compatible parameters to automatically form channel groups without manual intervention.
Page 338: About Portchannel Protocols
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . About PortChannel Protocols The PortChannel protocol expands the PortChannel functional model in Cisco MDS switches. It uses the exchange peer parameters (EPP) services to communicate across peer ports in an ISL. Each switch uses the information received from the peer ports along with its local configuration and operational values to decide if it should be part of a PortChannel.
Page 339: Autocreation Functionality
An autocreated PortChannel is not persistent through a reboot. An autocreated PortChannel can be • manually configured to appear the same as a persistent PortChannel. Once the PortChannel is made persistent, the autocreation feature is disabled in all member ports. Cisco MDS 9000 Family Configuration Guide 13-15 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 340: Enabling And Configuring Autocreation
When enabling autocreation in any switch in the Cisco MDS 9000 Family, we recommend that you retain at least one interconnected port between the switches without any autocreation configuration. If all ports...
Page 341: Portchannel Configuration Verification
77 Administrative channel mode is active Operational channel mode is active Last membership update succeeded 2 ports in total, 0 ports up Ports: fcip1 [down] Cisco MDS 9000 Family Configuration Guide 13-17 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 342 [down] fc2/5 [down] port-channel 79: 2 ports, first operational port is fcip200 fcip101 [up] fcip200 [up] ================================================ database 2: from module 4 ================================================ totally 3 port-channels Cisco MDS 9000 Family Configuration Guide 13-18 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 343 Hardware is Fibre Channel, FCOT is short wave laser Port WWN is 20:0a:00:0b:5f:3b:fe:80 Receive data field Size is 2112 Beacon is turned off Port-channel auto creation is enabled Belongs to port-channel 123 Cisco MDS 9000 Family Configuration Guide 13-19 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 344: Default Settings
PortChannels. Table 13-3 Default PortChannel Parameters Parameters Default PortChannels FSPF is enabled by default. Create PortChannel Administratively up. Default PortChannel mode Autocreation Disabled. Cisco MDS 9000 Family Configuration Guide 13-20 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 345 • Persistent FC IDs Manual Configuration, page 14-10 Persistent FC ID Selective Purging, page 14-13 • Displaying fcdomain Information, page 14-13 • Default Settings, page 14-16 • Cisco MDS 9000 Family Configuration Guide 14-1 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 346: About Fcdomain Phases
Domain IDs and VSAN values used in all procedures are only provided as examples. Be sure to use IDs Note and values that apply to your configuration. Cisco MDS 9000 Family Configuration Guide 14-2 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 347: Domain Restart
Forces the VSAN to reconfigure without traffic switch(config)# fcdomain restart vsan 1 disruption. Forces the VSAN to reconfigure with data switch(config)# fcdomain restart disruptive vsan 1 traffic disruption. Cisco MDS 9000 Family Configuration Guide 14-3 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 348: Domain Configuration
If the configured type is preferred, the local switch accepts the domain ID assigned by the principal switch and the assigned domain ID becomes the runtime domain ID. Cisco MDS 9000 Family Configuration Guide 14-4 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 349 ID is not granted. Resets the configured domain ID to factory switch(config)# no fcdomain domain 18 static vsan 237 defaults in VSAN 237. The configured domain ID becomes 0 preferred. Cisco MDS 9000 Family Configuration Guide 14-5 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 350: Switch Priority
ID 50 through 110 in VSAN 4. Reverts to the factory default of allowing switch(config)# no fcdomain allowed 50-110 vsan 5 domain IDs from 1 through 239 in VSAN 5. Cisco MDS 9000 Family Configuration Guide 14-6 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 351: Merged Stable Fabrics
Disables the contiguous allocation option and switch(config)# no fcdomain contiguous-allocation vsan 1030 reverts it to the factory default in VSAN 1030. Cisco MDS 9000 Family Configuration Guide 14-7 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 352: Fcdomain Initiation
To stop incoming RCF request frames, follow these steps: Command Purpose Step 1 switch# config t Enters configuration mode. switch(config)# Step 2 Configures the specified interface. switch(config)# interface fc1/1 switch(config-if)# Cisco MDS 9000 Family Configuration Guide 14-8 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 353: Persistent Fc Ids
Persistent FC IDs When an N or NL port logs into a Cisco MDS 9000 Family switch, it is assigned a FC ID. By default, the persistent FC ID feature is enabled. If this feature is disabled, the following consequences apply: An N or NL port logs into a Cisco MDS 9000 Family switch.
Page 354: Enabling Persistent Fc Ids
FICON uses a different scheme for allocating FC IDs based in the front panel port number. This scheme takes precedence over FC ID persistence in FICON VSANs. Cisco MDS 9000 Family Configuration Guide 14-10 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 355: Unique Area Fc Ids For Some Hbas
FC ID. Switches in the Cisco MDS 9000 Family facilitate this requirement with the FC ID persistence feature. You can use this feature to preassign an FC ID with a different area to either the storage port or the HBA port.
Page 356 If this feature is disabled, continue with this procedure to enable the FC ID persistence. If this feature is already enabled, skip to Step Step 4 Enable the FC ID persistence feature in the Cisco MDS switch. switch# conf t switch(config)# fcdomain fcid persistent vsan 1 switch(config)# end switch# Assign a new FC ID with a different area allocation.
Page 357: Persistent Fc Id Selective Purging
14-1, the fcdomain feature is disabled. Consequently, the runtime fabric name is the same Note as the configured fabric name. Example 14-1 Displays the Global fcdomain Information switch# show fcdomain vsan 2 The local switch is the Principal Switch. Cisco MDS 9000 Family Configuration Guide 14-13 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 358 [Interoperability Mode 1] allowed domain IDs: 97-127. [User] configured allowed domain IDs: 50-110. Ensure that the requested domain ID passes the Cisco SAN-OS software checks, if interop 1 mode is required in this switch. Cisco MDS 9000 Family Configuration Guide 14-14 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 359 Total Frames: 96 ----------- -------- Use the show fcdomain address-allocation command to display FC ID allocation statistics including a list of assigned and free FC IDs. See Example 14-8. Cisco MDS 9000 Family Configuration Guide 14-15 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 360: Default Settings
Enabled. Configured domain ID 0 (zero). Configured domain Preferred. auto-reconfigure option Disabled. contiguous-allocation option Disabled. Priority 128. Allowed list 1 to 239. Fabric name 20:01:00:05:30:00:28:df. Cisco MDS 9000 Family Configuration Guide 14-16 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 361 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Table 14-2 Default fcdomain Parameters (continued) Parameters Default rcf-reject Disabled. Persistent FC ID Enabled (as of Release 2.0(1b) this is only configurable on a per-VSAN basis). Cisco MDS 9000 Family Configuration Guide 14-17 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 362 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Cisco MDS 9000 Family Configuration Guide 14-18 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 363: About The Command Scheduler
Scheduling Maintenance Jobs The Cisco MDS command scheduler feature helps you schedule configuration and maintenance jobs in any switch in the Cisco MDS 9000 Family.You can use this feature to schedule jobs on a one-time basis or periodically. This chapter includes the following sections: About the Command Scheduler, page 15-1 •...
Page 364: Scheduling Guidelines
One-time mode—The job is executed once at a user-specified time. • Scheduling Guidelines Before scheduling jobs on a Cisco MDS switch, be aware of the following guidelines: A user who is authenticated and authorized by a remote service (for example, RADIUS) cannot •...
Page 365: Command Scheduler Initialization
To use the scheduling feature, you must explicitly enable this feature on the required switches in the fabric. By default, this feature is disabled in all switches in the Cisco MDS 9000 family. The configuration and verification commands for the command scheduler feature are only available when this feature is enabled on a switch.
Page 366: Job Deletion
Enters the configuration mode. switch# conf t switch(config)# Step 2 Deletes a defined job and all commands switch(config)# no scheduler job name addMemVsan99 defined within that job. Cisco MDS 9000 Family Configuration Guide 15-4 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 367: Schedule Definition
If today is September 24th, 2004 (Friday), this switch(config-schedule)# time start 14:00 repeat 14:00:00 command specifies the job to be executed every alternate Friday at 2 p.m. (every 14 days). Cisco MDS 9000 Family Configuration Guide 15-5 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 368: One-Time Schedule Definition
To delete a schedule, follow these steps: Command Purpose Step 1 Enters the configuration mode. switch# conf t switch(config)# Step 2 Deletes the defined schedule. switch(config)# no scheduler schedule name weekendbackup Cisco MDS 9000 Family Configuration Guide 15-6 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 369: Job Disassociation
Clearing the Log File Contents To clear the contents of the scheduler log file, issue the clear scheduler logfile command in EXEC mode. switch# clear scheduler logfile Cisco MDS 9000 Family Configuration Guide 15-7 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 370: Scheduler Configuration Verification
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Scheduler Configuration Verification The show commands display the current command scheduler settings for the Cisco MDS switch (see Examples 15-1 to 15-4).
Page 371: Default Settings
Default Settings Table 15-1 lists the default settings for command scheduling parameters. Table 15-1 Default Command Scheduler Parameters Parameters Default Command scheduler Disabled. Log file size 16 KB Cisco MDS 9000 Family Configuration Guide 15-9 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 372 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Cisco MDS 9000 Family Configuration Guide 15-10 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 373 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . A R T Fabric Configuration...
Page 374 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .
Page 375: Vsan Advantages
Ease of configuration—Users can be added, moved, or changed between VSANs without changing the physical structure of a SAN. Moving a device from one VSAN to another only requires configuration at the port level, not at a physical level. Cisco MDS 9000 Family Configuration Guide 16-1 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 376: How Vsans Work
Figure 16-1 Figure 16-2, the switch icons indicate that these features apply to any switch in the Cisco MDS 9000 Family. Figure 16-1 shows a fabric with three switches, one on each floor. The geographic location of the switches and the attached devices is independent of their segmentation into logical VSANs. Between VSANs no communication is possible.
Page 377 Low and high security requirements Backup traffic on separate VSANs – Replicating data from user traffic – VSANs can meet the needs of a particular department or application. • Cisco MDS 9000 Family Configuration Guide 16-3 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 378: Vsans Versus Zones
A defined in VSAN 7. Figure 16-3 VSANS with Zoning Physical Topology Zone A VSAN 2 Zone C Zone B Zone D VSAN 7 Zone A Cisco MDS 9000 Family Configuration Guide 16-4 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 379: Default And Isolated Vsans
Default VSAN The factory settings for switches in the Cisco MDS 9000 Family have only the default VSAN 1 enabled. If you do not need more than one VSAN for a switch, use this default VSAN as the implicit parameter during configuration.
Page 380: Vsan Attributes
Statically” section on page 16-7. • Dynamically—by assigning VSANs based on the device WWN. This method is referred to as the Dynamic Port VSAN Membership (DPVM) feature. Cisco MDS 9000 Family Configuration Guide 16-6 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 381: Creating And Configuring Vsans Statically
Configures the database for a VSAN. switch(config)# vsan database switch(config-vsan-db)# Step 3 Creates a VSAN with the specified ID (2) if switch(config-vsan-db)# vsan 2 switch(config-vsan-db)# that VSAN does not exist already. Cisco MDS 9000 Family Configuration Guide 16-7 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 382: Deleting Static Vsans
Any commands for a nonconfigured VSAN are rejected. For example, if VSAN 10 is not configured in the system, then a command request to move a port to VSAN 10 is rejected. Cisco MDS 9000 Family Configuration Guide 16-8 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 383: Displaying Static Vsan Configurations
7 information name:VSAN0007 state:active in-order guarantee:no interoperability mode:no loadbalancing:src-id/dst-id/oxid vsan 100 information name:VSAN0100 state:active in-order guarantee:no interoperability mode:no loadbalancing:src-id/dst-id/oxid vsan 4094:isolated vsan Cisco MDS 9000 Family Configuration Guide 16-9 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 384: Default Settings
VSAN 1. State Active state. Name Concatenation of VSAN and a four-digit string representing the VSAN ID. For example, VSAN 3 is VSAN0003. Load-balancing attribute OX ID (src-dst-ox-id). Cisco MDS 9000 Family Configuration Guide 16-10 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 385 VSAN membership to maintain fabric topology when a host or storage device connection is moved between two Cisco MDS switches or two ports within a switch. It retains the configured VSAN regardless of where a device is connected or moved.
Page 386: About Dpvm
To begin configuring the DPVM feature, you must explicitly enable DPVM on the required switches in the fabric. By default, this feature is disabled in all switches in the Cisco MDS 9000 Family. The configuration and verification commands for the DPVM feature are only available when DPVM is enabled on a switch.
Page 387: About Dpvm Databases
Maps the specified device nWWN to VSAN 101. switch(config-dpvm-db)# nwwn 14:21:30:12:63:39:72:81 vsan 101 Removes the specified device nWWN mapping from switch(config-dpvm-db)# no nwwn 14:21:30:12:63:39:72:80 vsan 101 the config database. Cisco MDS 9000 Family Configuration Guide 17-3 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 388: Activating Config Databases
Learning currently logged-in devices—occurs from the time learning is enabled. – Learning new device logins— occurs as and when new devices log in to the switch. – Cisco MDS 9000 Family Configuration Guide 17-4 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 389: Enabling Autolearning
To enable database distribution to the neighboring switches, the database should be consistently administered and distributed across all switches in the fabric. The Cisco SAN-OS software uses the Cisco Fabric Services (CFS) infrastructure to achieve this requirement (see Chapter 5, “Using the CFS...
Page 390: Disabling Dpvm Database Distribution
Command Purpose Step 1 Enters configuration mode. switch# config t switch(config)# Step 2 Commits the database entries that are currently in the pending switch(config)# dpvm commit database. Cisco MDS 9000 Family Configuration Guide 17-6 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 391: Discarding Changes
The following circumstances may require the active database to be copied to the config database: If the learned entries are only added to the active database. • If the config database or entries in the config database are accidently deleted. • Cisco MDS 9000 Family Configuration Guide 17-7 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 392: Comparing Database Differences
Accesses the DPVM config database. switch(config)# dpvm database Step 4 Adds two entries to the DPVM config switch(config-dpvm-db)# pwwn 44:22:33:44:55:66:77:88 vsan 55 database. switch(config-dpvm-db)# pwwn 55:22:33:44:55:66:77:88 vsan 55 Cisco MDS 9000 Family Configuration Guide 17-8 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 393: Displaying Dpvm Configurations
Legend: “+” New Entry, “-” Missing Entry, “*” Possible Conflict Entry --------------------------------------------------------------------- pwwn 55:22:33:44:55:66:77:88 vsan 55 pwwn 11:22:33:44:55:66:77:88 vsan 11 pwwn 44:22:33:44:55:66:77:88 vsan 44 Cisco MDS 9000 Family Configuration Guide 17-9 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 394: Sample Dpvm Configuration
At this stage, the currently logged in devices (and their current VSAN assignment) populate the active database. However the entries are not yet permanent in the active database. Cisco MDS 9000 Family Configuration Guide 17-10 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 395 * is auto-learnt entry switch1# show dpvm status DB is activated successfully, auto-learn is off At this stage, the autolearned entries are made permanent in the active database. Cisco MDS 9000 Family Configuration Guide 17-11 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 396: Default Settings
DB is activated successfully, auto-learn is off These basic steps help you ascertain that the information is identical in all the switches in the fabric. Note You have now configured a basic DPVM scenario in a Cisco MDS 9000 Family switch. Default Settings Table 17-1 lists the default settings for DPVM parameters.
Page 397 IVR Interoperability, page 18-28 • Configuring IVR Using Read-Only Zoning, page 18-28 • • Configuring IVR Logging Levels, page 18-30 Example Configurations, page 18-31 • • Default Settings, page 18-36 Cisco MDS 9000 Family Configuration Guide 18-1 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 398: About Ivr
1 switching modules. OX ID based load balancing of IVR traffic from a non-IVR MDS switch should work. Generation 2 switching modules support OX ID based load balancing of IVR traffic from IVR-enabled switches. Cisco MDS 9000 Family Configuration Guide 18-2 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 399: Ivr Features
Inter-VSAN zone sets (IVZS)—One or more IVZs make up an IVZS. You can configure up to 32 IVZSs on any switch in the Cisco MDS 9000 Family. Only one IVZS can be active at any time. IVR path—An IVR path is a set of switches and Inter-Switch Links through which a frame from an •...
Page 400: Ivr Guidelines
Note As of Cisco MDS SAN-OS Release 2.1(1a), unique domain IDs are no longer required. As of Cisco MDS SAN-OS Release 2.1(1a), in a configuration involving IVR without NAT, if one VSAN Note in the IVR topology is configured with static domain IDs, then the other VSANs (edge or transit) in the topology must be configured with static domain IDs.
Page 401: Transit Vsan Guidelines
Determine whether to use IVR NAT (Network Address Translation). Step 1 If you do not plan to use IVR NAT (supported as of Cisco MDS SAN-OS Release 2.1(1a)), verify that Step 2 unique domain IDs are configured in all switches and VSANs participating in IVR.
Page 402: Unique Domain Id Configuration Options
The IVR feature must be enabled in all border switches in the fabric that participate in the IVR. By default, this feature is disabled in all switches in the Cisco MDS 9000 Family. You can manually enable IVR on all required switches in the fabric or configure fabric-wide distribution of the IVR configuration (“IVR Configuration Distribution”...
Page 403: Database Implementation
To commit IVR configuration changes, follow these steps: Command Purpose Step 1 Enters configuration mode. switch# config t switch(config)# Step 2 Commits the IVR changes. switch(config)# ivr commit Cisco MDS 9000 Family Configuration Guide 18-7 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 404: Discarding The Changes
About IVR NAT Prior to Cisco MDS SAN-OS Release 2.1(1a), IVR required unique domain IDs for all switches in the fabric. As of Cisco MDS SAN-OS Release 2.1(1a), you can enable IVR Network Address Translation (NAT) to allow non-unique domain IDs. This feature simplifies the deployment of IVR in an existing fabric where non-unique domain IDs might be present.
Page 405 If you have a message that is not recognized by IVR NAT and contains the destination ID in the payload, you cannot use IVR with NAT in your topology. You can still use IVR with unique domain IDs. Cisco MDS 9000 Family Configuration Guide 18-9...
Page 406: Enabling Ivr Nat
Automatic mode • As of Cisco MDS SAN-OS Release 2.1(1a), you can configure IVR topology automatic mode. Automatic mode uses CFS configuration distribution to dynamically learn and maintain up-to-date information about the topology of the IVR-enabled switches in the network.
Page 407: Manually Configuring The Ivr Topology
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Manually Configuring the IVR Topology You can have up to 64 VSANs (or 128 VSANs as of Cisco MDS SAN-OS Release 2.1(1a)) in an IVR topology. Specify the IVR topology using the following information: The switch WWNs of the IVR-enabled switches.
Page 408: Activating A Manually Configured Ivr Topology
After manually configuring the IVR topology database, you must activate it. Active IVR topologies cannot be deactivated. You can only switch to IVR topology automatic mode. Caution Cisco MDS 9000 Family Configuration Guide 18-12 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 409: Configuring Ivr Topology Automatic Mode
Last activation time: Mon Mar 24 07:19:53 1980 Configuring IVR Topology Automatic Mode As of Cisco MDS SAN-OS Release 2.1(1a), you can configure IVR topology automatic mode. IVR configuration distribution must be enabled before configuring IVR topology automatic mode (see Note “IVR Configuration Distribution”...
Page 410: Verifying The Ivr Topology
5 entries in active and configured IVR VSAN-Topology Current Status: Inter-VSAN topology is ACTIVE Last activation time: Sat Mar 22 21:46:15 1980 The asterisk (*) indicates the local switch. Cisco MDS 9000 Family Configuration Guide 18-14 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 411: Non-Unique Vsan Ids Using Afids
Non-Unique VSAN IDs Using AFIDs As of Cisco MDS SAN-OS Release 2.1(1a), you can configure more than one AFID. This feature allows more than one VSAN in the network with the same VSAN ID. Using this feature you can avoid downtime when enabling IVR between fabrics that contain VSANs with the same ID.
Page 412: Verifying The Afid Database
VSAN. Be sure to add IVR virtual domains if Cisco SN5428 or Cisco MDS 9020 switches exist in the VSAN. Only add IVR domains in the edge VSANs and not in transit VSANs.
Page 413: Verifying The Ivr Virtual Domain Configuration
(As well as to VSANs in interoperability mode 2 or 3) Persistent FC IDs for IVR As of Cisco MDS SAN-OS Release 2.1(2), you can configure persistent FC IDs for IVR. Persistent FC IDs across reboot improves IVR management by providing the following features: •...
Page 414: Configuring Persistent Fc Ids For Ivr
IVR domains that can be exported to that VSAN must also be assigned static domains. Configuring Persistent FC IDs for IVR To configure persistent FC IDs for IVR in Cisco MDS SAN-OS Release 2.1(2) and later, follow these steps:...
Page 415: Clearing The Ivr Fcdomain Database
Native-Vsan Virtual-domain ---------------------------------------------------- 0xc(12) 0xc(12) Number of Virtual-domain entries: 2 ---------------------------------------------------- AFID Vsan Pwwn Virtual-fcid ---------------------------------------------------- 11:22:33:44:55:66:77:88 0x114466 21:22:33:44:55:66:77:88 0x0c4466 21:22:33:44:55:66:78:88 0x0c4466 Number of Virtual-fcid entries: 3 Cisco MDS 9000 Family Configuration Guide 18-19 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 416: About Ivzs And Ivzss
The same IVZS must be activated on all of the IVR-enabled switches. Caution You can only configure a total number of 2000 zone members on all switches in a network. As of Cisco MDS SAN-OS Release 2.1(1a), the limit is increased to a total number of 10,000 zone members on all switches in a network.
Page 417: Automatic Ivz Creation
IVZS does not cause any traffic disruption between them. IVZ and IVZS names are restricted to 64 alphanumeric characters. You can only configure a total of 200 zones and 32 zone sets on the switches in the network. As of Cisco Caution MDS SAN Release 2.1(1a), you can configure up to 2000 zones on the switches in the network.
Page 418: Configuring Ivzs And Ivzss
VSAN 5 as an IVZ member. Step 10 Reverts to configuration mode. switch(config-ivr-zone)# exit switch(config)# Step 11 Creates an IVZS named switch(config)# ivr zoneset name Ivr_zoneset1 switch(config-ivr-zoneset)# Ivr_zoneset1. Cisco MDS 9000 Family Configuration Guide 18-22 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 419: Configuring Luns In Ivr Zoning
2.1(1a), IVR directly supports LUN zoning. For more details on the advantages of LUN zoning, see the “About LUN Zoning” section on page 19-17. To configure LUNs in IVR zoning in Cisco MDS SAN-OS Release 2.1(1a) or later, follow these steps: Command Purpose Step 1 Enters configuration mode.
Page 420: Configuring The Qos Attribute
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Configuring the QoS Attribute As of Cisco MDS SAN-OS Release 2.1(1a), you can configure a QoS attribute for an IVZ. To configure QoS for an IVZ, follow these steps:...
Page 421: Clearing The Ivz Database
50:06:04:82:bc:01:c3:84 vsan 5 Example 18-7 Displays Information for a Specified IVZ switch# show ivr zone name sample_vsan2-3 zone name sample_vsan2-3 pwwn 21:00:00:e0:8b:02:ca:4a vsan 3 pwwn 21:00:00:20:37:c8:5c:6b vsan 2 Cisco MDS 9000 Family Configuration Guide 18-25 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 422 IVR_ZoneSet1 zone name sample_vsan2-3 Example 18-13 Displays Brief Information for the Active IVZS switch# show ivr zoneset brief Active zoneset name IVR_ZoneSet1 zone name sample_vsan2-3 Cisco MDS 9000 Family Configuration Guide 18-26 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 423: About Ivr Service Groups
Repeat this configuration in all border switches participating in the IVR configuration. Note Using the Cisco MDS Fabric Manager, you can distribute IVZ configurations to all IVR-capable switches in the interconnected VSAN network. Refer to the Cisco MDS 9000 Family Fabric Manager Configuration Guide. About IVR Service Groups In a complex network topology, you might only have a few IVR-enabled VSANs.
Page 424: Verifying Ivr Service Group Configuration
2 entries in service group table IVR Interoperability When using the IVR feature, all border switches in a given fabric must be Cisco MDS switches. However, other switches in the fabric may be non-MDS switches. For example, end devices that are members of the active IVZS may be connected to non-MDS switches.
Page 425: Database Merge Guidelines
The merge will fail if the merged database contains more topology entries than the allowed – maximum. The total number of VSANs across the two fabrics cannot exceed 64. As of Cisco MDS – SAN-OS Release 2.1(1a), the total number of VSANs across the two fabrics cannot exceed 128.
Page 426: Configuring Ivr Logging Levels
The total number of IVR-enabled switches across the two fabrics cannot exceed 128. – The total number of zone members across the two fabrics cannot exceed 2000. As of Cisco MDS – SAN-OS Release 2.1(1a), the total number of zone members across the two fabrics cannot exceed 10,000.
Page 427: Verifying Logging Level Configuration
No IVR-enabled VSAN is active. Check VSAN-Topology configuration. Inter-VSAN topology status -------------------------- Current Status: Inter-VSAN topology is INACTIVE Inter-VSAN zoneset status ------------------------- name state : idle last activate time : Cisco MDS 9000 Family Configuration Guide 18-31 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 428 20:00:00:05:40:01:1b:c2 * 20:00:00:44:22:00:4a:08 20:00:00:44:22:02:8a:04 20:00:00:44:22:40:aa:16 Total: 4 entries in active and configured IVR VSAN-Topology Current Status: Inter-VSAN topology is ACTIVE Last activation time: Tue May 20 23:14:59 1980 Cisco MDS 9000 Family Configuration Guide 18-32 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 429 10:02:50:45:32:20:7a:52 vsan 1 pwwn 10:02:66:45:00:20:89:04 vsan 2 zone name tape_server2 pwwn 10:02:50:45:32:20:7a:52 vsan 1 pwwn 10:00:ad:51:78:33:f9:86 vsan 3 Cisco MDS 9000 Family Configuration Guide 18-33 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 430: Auto-Topology Configuration
____ ______ active Auto-Topology Configuration This section provides example configuration steps for configuring IVR auto-topology supported in Cisco SAN-OS Release 2.1(1a) and later. Enable IVR on every border switch in the fabric. Step 1 switch# config t Enter configuration commands, one per line.
Page 431 Last Action Failure Reason : None Verify the active IVR topology. Step 7 switch# show ivr vsan-topology active AFID SWITCH WWN Active Cfg. VSANS -------------------------------------------------------------- 20:00:00:0d:ec:08:6e:40 * 1,336-338 20:00:00:0d:ec:0c:99:40 336,339 Cisco MDS 9000 Family Configuration Guide 18-35 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 432: Default Settings
IVR parameters. Table 18-5 Default IVR Parameters Parameters Default IVR feature Disabled. IVR VSANs Not added to virtual domains. IVR NAT Disabled. QoS for IVZs Configuration Distribution Disabled. Cisco MDS 9000 Family Configuration Guide 18-36 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 433 Cloning Zones, Zone Sets, fcaliases, and Zone Attribute Groups, page 19-20 • Displaying Zone Information, page 19-21 • • About Enhanced Zoning, page 19-27 Displaying Enhanced Zone Information, page 19-34 • • Default Settings, page 19-36 Cisco MDS 9000 Family Configuration Guide 19-1 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 434: Zoning Features
Interface and domain ID—Specifies the interface of a switch identified by the domain ID. – Domain ID and port number—Specifies the domain ID of an MDS domain and additionally specifies a port belonging to a non-Cisco switch. – IP address—Specifies the IP address (and optionally the subnet mask) of an attached device.
Page 435: Zoning Example
H2 and S2 in zone 3, and to H1 and S1 in zone 1. Figure 19-2 Fabric with Three Zones Zone 1 Fabric Zone 3 Zone 2 Cisco MDS 9000 Family Configuration Guide 19-3 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 436: Zone Implementation
FC alias—The alias name is in alphabetic characters (for example, Payroll) and denotes a port ID or • WWN. The alias can also include multiple members. Domain ID—The domain ID is an integer from 1 to 239. A mandatory port number of a non-Cisco • switch is required to complete this membership configuration.
Page 437: Configuring A Zone
Use the show wwn switch command to retrieve the sWWN. If you do not provide a sWWN, the software automatically uses the local sWWN. Cisco MDS 9000 Family Configuration Guide 19-5 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 438: Alias Configuration
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Interface-based zoning only works with Cisco MDS 9000 Family switches. Interface-based zoning does Note not work if interop mode is configured in that VSAN.
Page 439: Zone Set Creation
Adds Zone1 as a member of the specified zone set swtich(config-zoneset)# member Zone1 (Zoneset1). If the specified zone name was not previously configured, this command will return the error Zone not present message. Cisco MDS 9000 Family Configuration Guide 19-7 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 440: Active And Full Zone Set Considerations
You do not need to explicitly deactivate the currently active zone set before activating a new zone set. Figure 19-4 shows a zone being added to an activated zone set. Cisco MDS 9000 Family Configuration Guide 19-8 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 441 Zone C Zone E Zone D Zone D Active Zone set Z1 zone set Zone A Zone B Zone C Zone D After activating Zone set Z1 again Cisco MDS 9000 Family Configuration Guide 19-9 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 442: Activating A Zone Set
Note Hard zoning enforces zoning restrictions on every frame, and prevents unauthorized access. Switches in the Cisco MDS 9000 Family support both hard and soft zoning. Cisco MDS 9000 Family Configuration Guide 19-10...
Page 443: The Default Zone
You can distribute full zone sets using one of two methods: at the EXEC mode level or at the configuration mode level. Table 19-1 lists the differences. Cisco MDS 9000 Family Configuration Guide 19-11 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 444: Enabling Full Zone Set Distribution
Enabling Full Zone Set Distribution All switches in the Cisco MDS 9000 Family distribute active zone sets when new E port links come up or when a new zone set is activated in a VSAN. The zone set distribution takes effect while sending merge requests to the adjacent switch or while activating a zone set.
Page 445: Recovering From Link Isolation
Isolated port due to active zone set mismatch Switch 1 Switch 2 From Switch 1, Export database forces Switch 2 to use the database configured in Switch 1 Cisco MDS 9000 Family Configuration Guide 19-13 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 446: Importing And Exporting Zone Sets
Copying Zone Sets On the Cisco MDS Family switches, you cannot edit an active zone set. However, you can copy an active zone set to create a new zone set that you can edit.
Page 447: Zone Database Information
QoS traffic to each frame matching this zone. Reverts to using the default low priority for switch(config-zone)# no attribute qos priority high this zone. Cisco MDS 9000 Family Configuration Guide 19-15 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 448: Configuring Default Zone Qos Priority Attributes
If any NL port attached to an FL port shares a broadcast zone with the source of the broadcast frame, then the frames are broadcast to all devices in the loop. Cisco MDS 9000 Family Configuration Guide 19-16 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 449: About Lun Zoning
21:00:00:e0:8b:0b:66:56 pwwn 21:00:00:20:37:f0:2e:4d About LUN Zoning Logical unit number (LUN) zoning is a feature specific to switches in the Cisco MDS 9000 Family. LUN zoning can only be implemented in Cisco MDS 9000 Family switches. If LUN zoning is Caution implemented in a switch, you cannot configure the interop mode in that switch.
Page 450: Configuring A Lun-Based Zone
LUN masking and mapping restricts server access to specific LUNs. If LUN masking is enabled on a storage subsystem and if you want to perform additional LUN zoning in a Cisco MDS 9000 Family switch, obtain the LUN number for each host bus adapter (HBA) from the storage subsystem and then configure the LUN-based zone procedure provided in the “Configuring a LUN-Based Zone”...
Page 451: About Read-Only Zones
If two members belong to a read-only zone and to a read-write zone, read-only zone has priority and • write access is denied. LUN zoning can only be implemented in Cisco MDS 9000 Family switches. If LUN zoning is • implemented in a switch, you cannot configure interop mode in that switch.
Page 452 Cloning Zones, Zone Sets, fcaliases, and Zone Attribute Groups As of Cisco MDS SAN-OS Release 2.1(1a), you can clone a zone, zone set, fcalias, or zone-attribute-group. To clone a zone, zone set, fcalias, or zone-attribute-group, follow these steps:...
Page 453: Displaying Zone Information
Zone2 vsan 11 interface fc1/5 pwwn 20:4f:00:05:30:00:2a:1e zone name Zone22 vsan 6 fcalias name Alias1 vsan 1 pwwn 21:00:00:20:37:a6:be:35 zone name Zone23 vsan 61 pwwn 21:00:00:04:cf:fb:3e:7b lun 0000 Cisco MDS 9000 Family Configuration Guide 19-21 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 454 Zone1 vsan 1 pwwn 21:00:00:20:37:6f:db:dd pwwn 21:00:00:20:37:a6:be:2f pwwn 21:00:00:20:37:9c:48:e5 fcalias Alias1 zoneset name ZoneSet1 vsan 1 zone name Zone1 vsan 1 pwwn 21:00:00:20:37:6f:db:dd pwwn 21:00:00:20:37:a6:be:2f pwwn 21:00:00:20:37:9c:48:e5 fcalias Alias1 Cisco MDS 9000 Family Configuration Guide 19-22 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 455 21:00:00:20:37:9c:48:e5 VSAN: 1 zone Zone3 zone Zone1 fcalias Alias1 Use the show zone statistics command to display the number of control frames exchanged with other switches. Cisco MDS 9000 Family Configuration Guide 19-23 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 456 Number of Inquiry commands received: Number of Inquiry data No LU sent: Number of Request Sense commands received: Number of Other commands received: Number of Illegal Request Check Condition sent: Cisco MDS 9000 Family Configuration Guide 19-24 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 457 IVRZ_IvrZone4 vsan 1 * fcid 0xce0000 [pwwn 10:00:00:00:c9:2d:5a:dd] * fcid 0x6c01ef [pwwn 21:00:00:20:37:9c:48:e5] zone name Zone1 vsan 1667 fcid 0x123456 zone name $default_zone$ vsan 1667 Cisco MDS 9000 Family Configuration Guide 19-25 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 458 Name: zoneset-3 Zonesets:1 Zones:10 Aliases:0 Status: Activation completed at Thu Feb 13 10:23:50 2003 Use the show zone command to display the zone attributes for all configured zones. Cisco MDS 9000 Family Configuration Guide 19-26 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 459: About Enhanced Zoning
The zoning feature complies with the FC-GS-4 and FC-SW-3 standards. Both standards support the basic zoning functionalities explained in the previous section and the enhanced zoning functionalities described in this section. Cisco MDS 9000 Family Configuration Guide 19-27 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 460: Advantages Of Enhanced Zoning
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Advantages of Enhanced Zoning Table 19-2 lists the advantages of the enhanced zoning feature in all switches in the Cisco MDS 9000 Family. Table 19-2...
Page 461: Changing From Enhanced Zoning To Basic Zoning
Changing from Enhanced Zoning to Basic Zoning The standards do not allow you to move back to basic zoning. However, Cisco MDS switches allow this move to enable you to downgrade and upgrade to other Cisco SAN-OS releases. To change to the basic zoning mode from the enhanced mode, follow these steps:...
Page 462: Modifying The Zone Database
SampleAttributeGroup vsan 2 switch(config-attribute-group)# Add the attribute to an attribute-group object. Step 2 switch(config-attribute-group)# readonly switch(config-attribute-group)# broadcast switch(config-attribute-group)# qos priority medium Cisco MDS 9000 Family Configuration Guide 19-30 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 463: Merging The Database
Caution Remove all non-pWWN-type zone entries on all MDS switches running Cisco SAN-OS prior to merging fabrics if there is a Cisco MDS 9020 switch running FabricWare in the adjacent fabric to avoid ISL isolation. Cisco MDS 9000 Family Configuration Guide 19-31 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 464: The Merge Process
You can specify an enhanced zone to restrict broadcast frames generated by a member in this zone to members within that zone. Use this feature when the host or storage devices support broadcasting. Table 19-4 identifies the rules for the delivery of broadcast frames. Cisco MDS 9000 Family Configuration Guide 19-32 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 465 Step 7 Displays the broadcast configuration switch# show zone vsan 1 zone name BroadcastAttr vsan 1 zone-attribute-group name BroadcastAttr vsan 1 broadcast pwwn 21:00:00:e0:8b:0b:66:56 pwwn 21:01:00:e0:8b:2e:80:93 Cisco MDS 9000 Family Configuration Guide 19-33 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 466: Displaying Enhanced Zone Information
Example 19-22 Displays the Zone Attribute Group Information for a Specified VSAN switch# show zone-attribute-group vsan 2 zone-attribute-group name $default_zone_attr_group$ vsan 2 read-only qos priority high broadcast zone-attribute-group name testattgp vsan 2 read-only broadcast qos priority high Cisco MDS 9000 Family Configuration Guide 19-34 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 467 No pending info found Example 19-29 Displays the Pending Active Zone Set Information for the VSAN to be Committed switch# show zoneset pending active vsan 2 No pending info found Cisco MDS 9000 Family Configuration Guide 19-35 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 468: Default Settings
The full zone set(s) is not distributed. Zone based traffic priority Low. Read-only zones Read-write attributes for all zones. Broadcast frames Sent to all Nx ports. Broadcast zoning Disabled. Enhanced zoning Disabled. Cisco MDS 9000 Family Configuration Guide 19-36 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 469: About Device Aliases
When the port WWN of a device must be specified to configure different features (zoning, QoS, port security) in a Cisco MDS 9000 Family switch, you must assign the right device name each time you configure these features. An inaccurate device name may cause unexpected results. You can circumvent this problem if you define a user-friendly name for a port WWN and use this name in all the configuration commands as required.
Page 470: Device Alias Features
You can import legacy zone alias configurations without loosing data. • • The device alias application uses the Cisco Fabric Services (CFS) infrastructure to enable efficient database management and distribution. Device aliases use the coordinated distribution mode and the fabric-wide distribution scope (see Chapter 5, “Using the CFS...
Page 471: Modifying The Device Alias Database
Removes the device name (SampleName) for switch(config-device-alias-db)# no device-alias name Doc the device that is identified by its pWWN. Cisco MDS 9000 Family Configuration Guide 20-3 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 472: Committing Changes
The changes are only available in the volatile directory and are subject to being discarded if the switch is restarted. To use administrative privileges and release a locked device alias session, use the clear device-name session command in EXEC mode. switch# clear device-alias session Cisco MDS 9000 Family Configuration Guide 20-4 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 473: Device Alias Distribution
Imports the fcalias information for the specified switch(config)# device-alias import fcalias vsan 3 VSAN. Database Merge Guidelines Refer to the “CFS Merge Support” section on page 5-7 for detailed concepts. Cisco MDS 9000 Family Configuration Guide 20-5 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 474: Device Alias Statistics Cleanup
Total number of entries = 4 Example 20-5 Displays the Specified Device Name in the Pending Database switch# show device-alias name x pending device-alias name x pwwn 21:01:00:e0:8b:2e:80:93 Cisco MDS 9000 Family Configuration Guide 20-6 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 475 Database:- Device Aliases 24 Status of the last CFS operation issued from this switch: ========================================================== <--------------------Lock released by administrator Operation: Clear Session <---------------------------------Successful status of the operation Status: Success Cisco MDS 9000 Family Configuration Guide 20-7 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 476 Where available, device aliases are displayed regardless of a member being configured using a device-alias command or a zone-specific member pwwn command (see Example 20-18 Example 20-19). Cisco MDS 9000 Family Configuration Guide 20-8 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 477 Merge responses received: 2 Merge response rejects sent: 0 Activation requests received: 0 Activation request rejects sent: 0 Activation requests sent: 2 Activation request rejects received: 0 Cisco MDS 9000 Family Configuration Guide 20-9 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 478 Default Device Alias Parameters Parameters Default Database in use Effective database. Database to accept changes Pending database. Device alias fabric lock state Locked with the first device alias task. Cisco MDS 9000 Family Configuration Guide 20-10 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 479 Broadcast and Multicast Routing, page 21-10 • • In-Order Delivery, page 21-10 Flow Statistics Configuration, page 21-15 • Displaying Routing and Forwarding Information, page 21-17 • Default Settings, page 21-21 • Cisco MDS 9000 Family Configuration Guide 21-1 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 480: Fspf Features
Fault Tolerant Fabric For example, if all links are of equal speed, the FSPF calculates two equal paths from A to C: A-D-C (green) and A-E-C (blue). Cisco MDS 9000 Family Configuration Guide 21-2 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 481: Redundant Links
Figure 21-2 shows this arrangement. Because switches in the Cisco MDS 9000 Family support PortChanneling, each pair of physical links can appear to the FSPF protocol as one single logical link. By bundling pairs of physical links, FSPF efficiency is considerably improved by the reduced database size and the frequency of link updates.
Page 482: Global Fspf Configuration
Signal loss on switch 1 FSPF Global Configuration By default, FSPF is enabled on switches in the Cisco MDS 9000 Family. Some FSPF features can be globally configured in each VSAN. By configuring a feature for the entire VSAN, you do not have to specify the VSAN number for every command. This global configuration feature also reduces the chance of typing errors or other minor configuration errors.
Page 483: Fspf Configuration Deletion
30 minutes The time a switch waits before sending an LSR refresh (LSRefreshTime) transmission. Maximum age (MaxAge) 60 minutes The time a switch waits before dropping the LSR from the database. Cisco MDS 9000 Family Configuration Guide 21-5 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 484: Fspf Interface Configuration
You can set the FSPF dead time interval to specify the maximum interval for which a hello message must be received before the neighbor is considered lost and removed from the database. The integer value can range from 1 to 65,535 seconds. Cisco MDS 9000 Family Configuration Guide 21-6 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 485: Retransmitting Intervals
The integer value to specify retransmit intervals can range from 1 to 65,535 seconds. This value must be the same on the switches on both ends of the interface. Note Cisco MDS 9000 Family Configuration Guide 21-7 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 486: Configuring Fibre Channel Routes
Domain ID 7 fc1/1 Domain ID 1 Domain ID 3 FC ID 111211 Other than in VSANs, run-time checks are not performed on configured and suspended static routes. Note Cisco MDS 9000 Family Configuration Guide 21-8 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 487: Clearing Fspf Counters
Clears the FSPF statistics counters for switch# clear fspf counters vsan 200 interface fc1/1 switch# the specified interface in VSAN 200. Cisco MDS 9000 Family Configuration Guide 21-9 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 488: Broadcast And Multicast Routing
FSPF provides the topology information to compute the distribution tree. Fibre Channel defines 256 multicast groups and one broadcast address for each VSAN. Switches in the Cisco MDS 9000 Family only use broadcast routing. By default, they use the principal switch as the root node to derive a loop-free distribution tree for multicast and broadcast routing in a VSAN.
Page 489: Reordering Network Frames
Some Fibre Channel protocols or applications cannot handle out-of-order frame delivery. In these cases, switches in the Cisco MDS 9000 Family preserve frame ordering in the frame flow. The source ID (SID), destination ID (DID), and optionally the originator exchange ID (OX ID) identify the flow of the frame.
Page 490: Enabling In-Order Delivery
We recommend that you only enable this feature when devices that cannot handle any out-of-order frames are present in the switch. Load-balancing algorithms within the Cisco MDS 9000 Family ensure that frames are delivered in order during normal fabric operation. The load-balancing algorithms based on source FC ID, destination FC ID, and exchange ID are enforced in hardware without any performance degradation.
Page 491: Enabling Iod For A Vsan
You can change the default latency time for either a network, a specified VSAN in a network, or for the entire switch. To configure the network and the switch drop latency time, follow these steps. Command Purpose Step 1 Enters configuration mode. switch# config t switch(config)# Cisco MDS 9000 Family Configuration Guide 21-13 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 492: Displaying Latency Information
VSAN specific network latency settings vsan 1 network latency:5000 milliseconds vsan 2 network latency:2000 milliseconds vsan 103 network latency:2000 milliseconds vsan 460 network latency:500 milliseconds Cisco MDS 9000 Family Configuration Guide 21-14 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 493: Flow Statistics Configuration
The mask can be one of ff0000 or ffffff. Step 3 Disables the flow counter. switch(config)# no fcflow stats aggregated module 2 index 1001 vsan 2 switch(config)# Cisco MDS 9000 Family Configuration Guide 21-15 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 494: Clearing Fib Statistics
004.002.001 019.002.004 ff.00.00 34,402 2,896,628 Example 21-6 Displays fcflow Index Usage for the Specified Module switch# show fcflow stats usage module 2 2 flows configured configured flow : 3,7 Cisco MDS 9000 Family Configuration Guide 21-16 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 495: Displaying Routing And Forwarding Information
Example 21-10 Displays FCID and interface Information for a Specified VSAN switch# show fcroute multicast 0xffffff vsan 2 VSAN FC ID # Interfaces ---- -------- ------------ 0xffffff 1 fc1/1 Cisco MDS 9000 Family Configuration Guide 21-17 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 496 Thu Feb 13 10:21:16 2003 Thu Feb 13 10:21:17 2003 Thu Feb 13 10:21:18 2003 Thu Feb 13 10:21:18 2003 Thu Feb 13 10:21:19 2003 ----- -------- -------- -------- ------------------------ Total Cisco MDS 9000 Family Configuration Guide 21-18 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 497: Displaying Global Fspf Information
Number of Transmitted packets : LSU 65 LSA 55 Hello 474 Retranmsitted LSU 0 Number of received packets : LSU 55 LSA 60 Hello 464 Error packets 10 Cisco MDS 9000 Family Configuration Guide 21-19 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 498: Displaying The Fspf Database
Number of links NbrDomainId IfIndex NbrIfIndex Link Type Cost ----------------------------------------------------------------------------- 0xc3(195) 0x00001085 0x00001095 0xc3(195) 0x00001086 0x00001096 0xc3(195) 0x00001087 0x00001097 0xc3(195) 0x00001084 0x00001094 0x0c(12) 0x00001081 0x0000100e 0x0c(12) 0x00001080 0x0000100f Cisco MDS 9000 Family Configuration Guide 21-20 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 499: Displaying Fspf Interfaces
FSPF features. Table 21-4 Default FSPF Settings Parameters Default FSPF Enabled on all E ports and TE ports. SPF computation Dynamic. SPF hold time Cisco MDS 9000 Family Configuration Guide 21-21 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 500 10. Remote destination switch If the remote destination switch is not specified, the default is direct. Multicast routing Uses the principal switch to compute the multicast tree. Cisco MDS 9000 Family Configuration Guide 21-22 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 501: Displaying Flogi Details
This chapter describes the fabric login database, the name server features, the Fabric-Device Management Interface, and Registered State Change Notification (RSCN) information provided in the Cisco MDS 9000 Family. It includes the following sections: • Displaying FLOGI Details, page 22-1 About the Name Server Proxy Feature, page 22-2 •...
Page 502: About The Name Server Proxy Feature
The proxy feature is useful when you wish to modify (update or delete) the contents of a database entry that was previously registered by a different device. Cisco MDS 9000 Family Configuration Guide 22-2 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 503: Registering Name Server Proxies
Use the show fcns command to display the name server database and statistical information for a specified VSAN or for all VSANs (see Examples 22-5 to 22-8). Cisco MDS 9000 Family Configuration Guide 22-3 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 504 :0.0.0.0 :ff ff ff ff ff ff ff ff fc4-types:fc4_features: symbolic-port-name symbolic-node-name port-type port-ip-addr :0.0.0.0 fabric-port-wwn :22:0a:00:05:30:00:26:1e hard-addr :0x000000 Total number of entries = 2 Cisco MDS 9000 Family Configuration Guide 22-4 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 505: Displaying Fdmi
RSCNs sent = 0 Displaying FDMI Cisco MDS 9000 Family switches provide support for the Fabric-Device Management Interface (FDMI) functionally, as described in the FC-GS-4 standard. FDMI enables management of devices such as Fibre Channel Host Bus Adapters (HBAs) through in-band communications. This addition complements the existing Fibre Channel name server and management server functions.
Page 506 Hardware Ver :FC5010409-10 Driver Ver :8.2.3.10 Beta 2 Test 1 DBG (W2K VI) ROM Ver :1.24 Firmware Ver :03.02.13. OS Name/Ver :500 CT Payload Len :2040 Port-id: 21:01:00:e0:8b:2a:f6:54 Cisco MDS 9000 Family Configuration Guide 22-6 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 507: About Rscn Information
Example 22-12 Displays Register Device Information switch# show rscn scr-table vsan 1 SCR table for VSAN: 1 --------------------------------------------- FC-ID REGISTERED FOR --------------------------------------------- 0x1b0300 fabric detected rscns Total number of entries = 1 Cisco MDS 9000 Family Configuration Guide 22-7 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 508: About The Multi-Pid Option
Command Purpose Step 1 Enters configuration mode. switch# config t switch(config)# Step 2 Sends RSCNs in a multi-pid format for VSAN 105. switch(config)# rscn multi-pid vsan 105 Cisco MDS 9000 Family Configuration Guide 22-8 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 509: Suppressing Domain Format Sw-Rscns
GMAL and GIELN commands to the switch that initiated the domain format SW-RSCN to determine what changed. Domain format SW-RSCNs can cause problems with some non-Cisco MDS switches (refer to the Cisco MDS 9000 Family Switch-to-Switch Interoperability Configuration Guide).
Page 510 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Cisco MDS 9000 Family Configuration Guide 22-10 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 511: About Scsi Lun Discovery
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . C H A P T E R Discovering SCSI Targets This chapter describes the SCSI LUN discovery feature provided in switches in the Cisco MDS 9000 Family. It includes the following sections: About SCSI LUN Discovery, page 23-1 •...
Page 512: Starting Scsi Lun Discovery
Use the custom-list option to initiate this discovery. The domain ID is a number from 0 to 255 in decimal or a number from 0x0 to 0xFF in hex. To initiate a customized discovery, follow this step: Cisco MDS 9000 Family Configuration Guide 23-2 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 513 1 domain 0X123456 custom list. Deletes the specified domain ID switch# discover custom-list delete vsan 1 domain 0X123456 from the custom list. Cisco MDS 9000 Family Configuration Guide 23-3 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 514 3844 0x9c03e2 21:00:00:20:37:18:d2:45 Company 4 ST318203 CLAR18 3844 0x9c03e4 21:00:00:20:37:6b:d7:18 Company 4 ST318203 CLAR18 3844 0x9c03e8 21:00:00:20:37:38:a7:c1 Company 4 ST318203FC 0004 0x9c03ef 21:00:00:20:37:18:17:d2 Company 4 ST318203FC 0004 Cisco MDS 9000 Family Configuration Guide 23-4 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 515 The internal uuid number indicates that a CSM or an IPS module is in the chassis. Example 23-10 Displays Customized Discovered Targets switch# show scsi-target auto-poll auto-polling is enabled, poll_start:0 poll_count:1 poll_type:0 USERS OF AUTO POLLING --------------------- uuid:54 Cisco MDS 9000 Family Configuration Guide 23-5 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 516 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Cisco MDS 9000 Family Configuration Guide 23-6 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 517 C H A P T E R Configuring FICON Fibre Connection (FICON) interface capabilities enhance the Cisco MDS 9000 Family by supporting both open systems and mainframe storage network environments. Inclusion of Control Unit Port (CUP) support further enhances the MDS offering by allowing in-band management of the switch from FICON processors.
Page 518: About Ficon
– – Any switch in the Cisco MDS 9200 Series. The FICON feature is not supported on Cisco MDS 9120 and 9140 switches or the 32-port Note Fibre Channel switching module. You need the MAINFRAME_PKG license to configure FICON parameters (see Chapter 3, •...
Page 519: Mds-Specific Ficon Advantages
Further, the ports in each island may be over-provisioned depending on the fabric configuration. By using the Cisco MDS-specific VSAN technology, you can introduce greater efficiency between these physical fabrics by lowering the cost of over-provisioning and reducing the number of switches to be managed.
Page 520: Fcip Support
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . While you can configure up to 256 VSANs in any Cisco MDS switch, you can enable FICON in eight Note of these VSANs.
Page 521: Cisco Mds-Supported Ficon Features
• service modules across the Cisco MDS 9500 Series and the 9200 Series. Refer to the Cisco MDS 9500 Series Hardware Installation Guide and the Cisco MDS 9200 Series Hardware Installation Guide). High-availability FICON-enabled director—The Cisco MDS 9500 Series combines nondisruptive •...
Page 522 Chapter 14, • “Configuring Domain Parameters.” Sophisticated SPAN diagnostics—The Cisco MDS 9000 Family provides industry-first intelligent • diagnostics, protocol, decoding, and network analysis tools as well as integrated call-home capability for added reliability, faster problem resolution, and reduced service costs. See Chapter 43, “Monitoring Network Traffic Using SPAN.”...
Page 523: Ficon Port Numbering
FICON Port Numbering With reference to the FICON feature, ports in Cisco MDS switches are identified by a statically defined 8-bit value known as the port number. Port numbers are assigned based on the module and the slot in the chassis.
Page 524: Port Addresses
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Table 24-1 FICON Port Numbering in the Cisco MDS 9000 Family Implemented Port Allocation...
Page 525: Installed And Uninstalled Ports
An installed port refers to a port for which all required hardware is present. A specified port number in a VSAN can be implemented, and yet not installed, if any of the following conditions apply: The module is not present—for example, if module 1 is not physically present in slot 1 in a Cisco •...
Page 526: Fc Id Allocation
You cannot configure persistent FC IDs in FICON-enabled VSANs. Cisco MDS switches have a dynamic FC ID allocation scheme. When FICON is enabled or disabled on a VSAN, all the ports are flapped to switch from the dynamic to static FC IDs and vice versa (see Figure 24-4).
Page 527: Ficon Vsan Prerequisites
• See the “Manually Enabling FICON” section on page 24-15. By using the Device Manager (refer to the Cisco MDS 9000 Family Fabric Manager Configuration • Guide). Effects of Enabling FICON When you enable the FICON feature in Cisco MDS switches, the following apply: You cannot disable in-order delivery for the FICON-enabled VSAN.
Page 528: Setting Up A Basic Ficon Configuration
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Setting Up a Basic FICON Configuration This section steps you through the procedure to set up FICON on a specified VSAN in a Cisco MDS 9000 Family switch.
Page 529 3 static vsan 2 fcdomain restart disruptive vsan 2 fabric-binding activate vsan 2 force zone default-zone permit vsan 2 ficon vsan 2 no host port control no active equals saved Cisco MDS 9000 Family Configuration Guide 24-13 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 530 `fcdomain restart disruptive vsan 3` `fabric-binding activate vsan 3 force` `zone default-zone permit vsan 3` `ficon vsan 3` `no snmp port control` Performing fast copy config...done. switch# Cisco MDS 9000 Family Configuration Guide 24-14 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 531: Manually Enabling Ficon
Prohibits mainframe users from moving switch(config-ficon)# no host port control the switch to an offline state. See the “Host Moves the Switch Offline” section in this chapter. Cisco MDS 9000 Family Configuration Guide 24-15 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 532: The Code-Page Option
FC ID Last Byte Caution If the FICON feature is configured in cascaded mode, the Cisco MDS Switches use ISLs to connect to other switches. FICON requires the last byte of the fabric address to be the same for all allocated FC IDs. By default, this value is set to 0.
Page 533: Ficon Host Control
Host Controls the Time Stamp By default, the clock in each VSAN is the same as the switch hardware clock. Each VSAN in a Cisco MDS 9000 Family switch represents a virtual director. The clock and time present in each virtual director can be different.To maintain separate clocks for each VSAN, the Cisco SAN-OS software maintains the...
Page 534: Time Stamp Cleanup
FICON SNMP Control By default, SNMP users can configure FICON parameters through the Cisco MDS 9000 Family Fabric Manager. If you disable SNMP use in the Cisco MDS switch, you cannot configure FICON parameters using the Note Fabric Manager. To configure SNMP control, follow these steps:...
Page 535: Running Configuration Automatic Save
Not applicable 1. When the Cisco SAN-OS software implicitly issues a copy running start command in the Cisco MDS switch, only a binary configuration is generated—an ASCII configuration is not generated (see Example 24-16).
Page 536: Binding Port Numbers To Portchannels
Step 2 Creates a FCIP interface (51). switch1(config)# interface fcip 51 switch1(config-if)# Step 3 Assigns the FICON port number to the selected FCIP switch(config-if)# ficon portnumber 208 interface. Cisco MDS 9000 Family Configuration Guide 24-20 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 537: Configuring Ficon Ports
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Configuring FICON Ports You can perform FICON configurations on a per-port address basis in the Cisco MDS 9000 Family of switches.
Page 538: Port Address Name Assignment
Assigns a name to the port address. switch(config-ficon-portaddr)# name SampleName The port address name is restricted Note to 24 alphanumeric characters. Deletes a previously configured port switch(config-ficon-portaddr)# no name SampleName address name. Cisco MDS 9000 Family Configuration Guide 24-22 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 539: Ficon Configuration Files
FICON configuration files can be accessed by any host, SNMP, or CLI user who is permitted to access the switch. The locking mechanism in the Cisco SAN-OS software restricts access to one user at a time per file. This lock applies to newly created files and previously saved files. Before accessing any file, you must lock the file and obtain the file key.
Page 540: Applying The Ficon Configuration Files
P3 IplFile1 by assigning the name P3 to port address 3. If the name did not exist, it is created. If it existed, it is overwritten. Cisco MDS 9000 Family Configuration Guide 24-24 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 541: Copying Ficon Configuration Files
The FICON port swapping feature causes all configuration associated with old-port-number and new port-number to be swapped, including VSAN configurations. Cisco MDS switches allow port swapping for non-existent ports as follows: Only FICON-specific configurations (prohibit, block, and port address mapping) are swapped.
Page 542: Port Swapping Guidelines
• old-port-number nor the new-port-number can be a physical port that is part of a PortChannel. Before performing a port swap, the Cisco SAN-OS software performs a compatibility check. If the • two ports have incompatible configurations, the port swap is rejected with an appropriate reason code.
Page 543: Moving A Ficon Vsan To An Offline State
The CUP specification is proprietary to IBM. Note CUP is supported by switches and directors in the Cisco MDS 9000 Family. The CUP function allows the mainframe to manage the Cisco MDS switches. Host communication includes control functions such as blocking and unblocking ports, as well as monitoring and error reporting functions.
Page 544: Placing Cups In A Zone
24-15). Receiving FICON Alerts Example 24-1 output confirms that you will receive an alert to user alert mode is enabled indicate any changes in the FICON configuration. Cisco MDS 9000 Family Configuration Guide 24-28 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 545: Displaying Ficon Port Address Information
If the port number is uninstalled, this space remains blank and indicates an unbound port number. For example, 56 is an unbound port number in Example 24-4. Cisco MDS 9000 Family Configuration Guide 24-29 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 546: Displaying Ipl File Information
Port name is Port is not blocked Prohibited port addresses are 0,81-253,255 Port address 2 Port name is Port is not blocked Prohibited port addresses are 0,81-253,255 Cisco MDS 9000 Family Configuration Guide 24-30 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 547 Key Counter is 9 FCID last byte is 0 Date/Time is same as system time(Sun Dec 14 01:26:30.273402 1980) Device Allegiance not locked Codepage is us-canada Saved configuration files IPLFILE1 Cisco MDS 9000 Family Configuration Guide 24-31 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 548: Displaying The Configured Ficon State
Port number is 55, Interface is fc2/23 Port name is Port is not admin blocked Prohibited port addresses are 0,241-253,255 Admin port mode is FL Port mode is FL, FCID is 0xea0000 Cisco MDS 9000 Family Configuration Guide 24-32 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 549: Displaying A Ports Administrative State
00 00 00 00 00 00 00 00 IUI:0x0 DHF:0x0 CCW:0x0 TOKEN:0x0 PCCW:0x0 FCCW:0x0 PTOKEN:0x0 FTOKEN:0x0 CMD:0x0 CCW_FLAGS:0x0 CCW_COUNT:0 CMD_FLAGS:0x0 PRIO:0x0 DATA_COUNT:0 STATUS:0x0 FLAGS:0x0 PARAM:0x0 QTP:0x0 DTP:0x0 CQ LEN:0 MAX:0 DESTATUS:0x0 Cisco MDS 9000 Family Configuration Guide 24-33 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 550: Displaying Buffer Information
Displaying Buffer Information Example 24-13, the column displays the 32-bit value maintained by Cisco MDS Key Counter switches. This value is incremented when any port changes state in that VSAN. The key counter (a 32-bit value) is incremented when a FICON-related configuration is changed. Host programs can increment this value at the start of the channel program and then perform operations on multiple ports.
Page 551 172.18.2.247 traps version 2c public udp-port 2162 vsan database vsan 75 interface fc1/1 interface mgmt0 ip address 172.18.47.39 255.255.255.128 switchport speed 100 switchport duplex full no system health ficon vsan 75 file IPL Cisco MDS 9000 Family Configuration Guide 24-35 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 552 2004 Feb 25 23:22:36 vegas6 %PORT-5-IF_UP: %$VSAN 75: 2004 Wed Feb 25 21:05:42. 99916%$ Interface fc3/6 is up in mode F 2004 Feb 25 23:22:37 vegas6 %PORT-5-IF_UP: %$VSAN 75: 2004 Wed Feb 25 21:05:43. Cisco MDS 9000 Family Configuration Guide 24-36 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 553: Fabric Binding Configuration
Does not learn logging in switches. Learns about switches or devices if in learning mode. Cisco MDS 9000 Family Configuration Guide 24-37 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 554: Fabric Binding Enforcement
The fabric binding feature must be enabled in each switch in the fabric that participates in the fabric binding. By default, this feature is disabled in all switches in the Cisco MDS 9000 Family. The configuration and verification commands for the fabric binding feature are only available when fabric binding is enabled on a switch.
Page 555: Switch Wwn List Configuration
For example, one of the already logged in switches may be denied login by the config database. You can choose to forcefully override these situations. Cisco MDS 9000 Family Configuration Guide 24-39 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 556: Forcing Fabric Binding Activation
When you save the fabric binding configuration, the config database and the active database are both saved to the startup configuration and are available after a reboot. Cisco MDS 9000 Family Configuration Guide 24-40 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 557: Clearing The Fabric Binding Statistics
Deleting the Fabric Binding Database Use the no fabric-binding command in configuration mode to delete the configured database for a specified VSAN. switch(config)# no fabric-binding database vsan 1 Cisco MDS 9000 Family Configuration Guide 24-41 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 558: Verifying Fabric Binding Configurations
Example 24-22 Displays Configured VSAN-Specific Fabric Binding Information switch# show fabric-binding database vsan 4 -------------------------------------------------- Vsan Logging-in Switch WWN Domain-id -------------------------------------------------- 21:00:05:30:23:11:11:11 0x66(102) 21:00:05:30:23:1a:11:03 0x19(25) [Total 2 entries] Cisco MDS 9000 Family Configuration Guide 24-42 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 559 Number of sWWN deny Total Logins permitted Total Logins denied Statistics For VSAN: 789 ------------------------ Number of sWWN permit: 0 Number of sWWN deny Total Logins permitted Total Logins denied Cisco MDS 9000 Family Configuration Guide 24-43 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 560 In VSAN3, the sWWN itself was not found in the list. In VSAN 2, the sWWN was found in the list, but Note has a domain ID mismatch. Cisco MDS 9000 Family Configuration Guide 24-44 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 561: Displaying Rlir Information
Link Incident Record (LIR) to a registered Nx-port. It is a highly-available application. When a LIR is detected in FICON-enabled switches in the Cisco MDS 9000 Family from a RLIR Extended Link Service (ELS). It sends that record to the members in it’s Established Registration List (ERL).
Page 562 Number of DRLIR ACC sent Number of DRLIR RJT sent Number of DRLIR sent Number of DRLIR ACC received = 0 Number of DRLIR RJT received = 0 Cisco MDS 9000 Family Configuration Guide 24-46 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 563 In Examples 24-32, 24-33, and 24-34, if the host time stamp (marked by the *) is available, it is printed Note along with the switch time stamp. If the host time stamp is not available, only the switch time stamp is printed. Cisco MDS 9000 Family Configuration Guide 24-47 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 564 ---------------------------------------------------------------------------- *Thu Dec 4 05:02:29 2003 Wed Dec 3 21:02:56 2003 fc1/2 Implicit Incident *Thu Dec 4 05:02:54 2003 Wed Dec 3 21:03:21 2003 fc1/4 Implicit Incident Cisco MDS 9000 Family Configuration Guide 24-48 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 565: Clearing Rlir Information
EBCDIC format option US-Canada. Switch offline state Hosts are allowed to move the switch to an offline state. Mainframe users Allowed to configure FICON parameters on Cisco MDS switches. Clock in each VSAN Same as the switch hardware clock. Host clock control Allows host to set the clock on this switch.
Page 566 Parameters Default Port address Not blocked Prohibited ports 90–253 and 255 for the Cisco MDS 9200 Series switches. 250–253 and 255 for the Cisco MDS 9500 Series switches. Table 24-5 lists the default settings for fabric binding features. Table 24-5...
Page 567 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . C H A P T E R Advanced Features and Concepts This chapter describes the advanced features provided in switches in the Cisco MDS 9000 Family. It includes the following sections: Fibre Channel Time Out Values, page 25-2 •...
Page 568: Fibre Channel Time Out Values
VSANs. Active VSANs are suspended and activated when their timer values are changed. Caution You cannot perform a nondisruptive downgrade to any earlier version that does not support per-VSAN FC timers. Cisco MDS 9000 Family Configuration Guide 25-2 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 569: Fctimer Distribution
If a switch is downgraded to Cisco MDS SAN-OS Release 1.2 or 1.1 after the timer is configured for a VSAN, an error message is issued to warn against strict incompatibilities. Refer to the Cisco MDS 9000 Family Troubleshooting Guide.
Page 570: Discarding Fctimer Changes
To use administrative privileges and release a locked fctimer session, use the clear fctimer session command. switch# clear fctimer session Database Merge Guidelines See the “CFS Merge Support” section on page 5-7 for detailed concepts. Cisco MDS 9000 Family Configuration Guide 25-4 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 571: Displaying Configured Fc Timer Values
IDs rely on the WWN. The WWN manager, a process-level manager residing on the switch’s supervisor module, assigns WWNs to each switch. Cisco MDS 9000 Family switches support three network address authority (NAA) address formats (see Table 25-1).
Page 572: Link Initialization Wwn Usage
If the peer switch ELP uses the VSAN WWN, then the local switch also uses the VSAN WWN. • Note As of Cisco SAN-OS Release 2.0(2b), the ELP is enhanced to be compliant with FC-SW-3. Configuring a Secondary MAC Address To allocate secondary MAC addresses, follow these steps:...
Page 573: Fc Id Allocation For Hbas
To conserve the number of FC IDs used, Cisco MDS 9000 Family switches use a special allocation scheme. Some HBAs do not discover targets that have FC IDs with the same domain and area. Prior to Cisco SAN-OS Release 2.0(1b), the Cisco SAN-OS software maintained a list of tested company IDs which do not exhibit this behavior.
Page 574: Company Id Configuration Verification
Example 25-6 Displays the List of Default and Configured Company IDs switch# show fcid-allocation area FCID area allocation company id info: Cisco MDS 9000 Family Configuration Guide 25-8 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 575: Switch Interoperability
McData’s nominal restriction to this same range. They can either be set up statically (the Cisco MDS switch accept only one domain ID, if it does not get that domain ID it isolates itself from the fabric) or preferred. (If it does not get its requested domain ID, it accepts any assigned domain ID.)
Page 576 TE ports and PortChannels cannot be used to connect Cisco MDS to non-Cisco PortChannels MDS switches. Only E ports can be used to connect to non-Cisco MDS switches. TE ports and PortChannels can still be used to connect an Cisco MDS to other Cisco MDS switches even when in interop mode. FSPF The routing of frames within the fabric is not changed by the introduction of interop mode.
Page 577: Configuring Interoperability
Cisco MDS 9000 switches request a specific ID, but still join the fabric if the principal switch assigns a different ID. If the static option is used, the Cisco MDS 9000 switches do not join the fabric unless the principal switch agrees, and assigns the requested ID.
Page 578: Verifying Interoperating Status
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . When making changes to the domain, you may or may not need to restart the Cisco MDS domain Step 4 manager function for the altered VSAN.
Page 579 100 preferred vsan 1 ip route 6.1.1.0 255.255.255.0 6.1.1.1 ip routing line console Cisco MDS 9000 Family Configuration Guide 25-13 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 580 1 Number of domains: 5 Domain ID --------- ----------------------- 0x61(97) 10:00:00:60:69:50:0c:fe 0x62(98) 20:01:00:05:30:00:47:9f 0x63(99) 10:00:00:60:69:c0:0c:1d 0x64(100) 20:01:00:05:30:00:51:1f [Local] 0x65(101) 10:00:00:60:69:22:32:91 [Principal] --------- ----------------------- Cisco MDS 9000 Family Configuration Guide 25-14 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 581: Default Settings
0x651500 10:00:00:e0:69:f0:43:9f (JNI) Total number of entries = 12 The Cisco MDS name server shows both local and remote entries, and does not time out the entries. Note Default Settings Table 25-3 lists the default settings for the features included in this chapter.
Page 582 Default Settings for Advanced Features (continued) Parameters Default Remote capture connection mode Passive. Local capture frame limit s 10 frames. FC ID allocation mode Auto mode. Loop monitoring Disabled. Cisco MDS 9000 Family Configuration Guide 25-16 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 583 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . A R T Security...
Page 584 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .
Page 585: Role-Based Authorization
C H A P T E R Configuring Users and Common Roles The CLI and SNMP use common roles in all switches in the Cisco MDS 9000 Family. You can use CLI to modify a role that was created using SNMP and vice versa.
Page 586: Configuring Roles And Profiles
To modify the profile for an existing role, follow these steps: Command Purpose Step 1 Enters configuration mode. switch# config t Step 2 Places you in sangroup role submode. switch(config)# role name sangroup switch(config-role)# Cisco MDS 9000 Family Configuration Guide 26-2 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 587: Configuring The Vsan Policy
These commands include the copy running-config startup-config, show startup-config, show running-config diff, and copy startup-config running-config commands. For information on these commands, see Chapter 2, “Before You Begin.” Cisco MDS 9000 Family Configuration Guide 26-3 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 588: Modifying The Vsan Policy
VSAN 10 to 14, and 21 to 30. Distributing Role-Based Configurations Role-based configurations use the Cisco Fabric Services (CFS) infrastructure to enable efficient database management, provide a single point of configuration for the entire fabric (see Chapter 5, “Using...
Page 589: Committing The Changes
To forcibly clear the existing role session in the fabric, issue the clear role session command from any switch that is part of the initiated session. Caution Any changes in the pending database are lost when you issue this command. switch# clear role session Cisco MDS 9000 Family Configuration Guide 26-5 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 590: Displaying Role-Based Information
Description: SAN management group vsan policy: deny Permitted vsans: 10-30 --------------------------------------------- Rule Type Command-type Feature --------------------------------------------- permit config deny config fspf permit debug zone permit exec fcping Cisco MDS 9000 Family Configuration Guide 26-6 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 591 • myrole Issue the rule 1 permit config feature fspf command. • Issue the show role pending command to see the output in Example 26-3. • Cisco MDS 9000 Family Configuration Guide 26-7 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 592 Example 26-4 Displays the Differences between the Two Databases switch# show role pending-diff +Role: myrole vsan policy: permit (default) --------------------------------------------- Rule Type Command-type Feature --------------------------------------------- permit config fspf Cisco MDS 9000 Family Configuration Guide 26-8 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 593: Mapping Of Cli Operations To Snmp
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Configuring Common Roles CLI and SNMP in all switches in the Cisco MDS 9000 Family use common roles. You can use SNMP to modify a role that was created using CLI and vice versa (see Figure 26-1).
Page 594: Configuring User Accounts
SNMP SET operation. Configuring User Accounts Every Cisco MDS 9000 Family switch user has the account information stored by the system. Your authentication information, user name, user password, password expiration date, and role membership are stored in your user profile.
Page 595: Creating Or Updating Users
If a password is trivial (short, easy-to-decipher), your password configuration is rejected. Be sure to configure a strong password as shown in the sample configuration. Passwords are case-sensitive. “admin” is no longer the default password for any Cisco MDS 9000 Family switch. You must explicitly configure a strong password.
Page 596: Logging Out Users
In the following example, the user named vsam is logged out from the switch. switch# clear user vsam Use the show users command to view a list of the logged in users (see Example 26-5). Cisco MDS 9000 Family Configuration Guide 26-12 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 597: Displaying User Account Information
Remote login through RADIUS is possible Configuring SSH Services The Telnet service is enabled by default on all Cisco MDS 9000 Family switches. Before enabling the SSH service, generate a server key pair. (see the “Generating the SSH Server Key Pair” section on page 26-14).
Page 598: Specifying The Ssh Key
The rsa option generates the RSA key pair for the SSH version 2 protocol. • Caution If you delete all of the SSH keys, you cannot start a new SSH session. Cisco MDS 9000 Family Configuration Guide 26-14 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 599: Overwriting A Generated Key Pair
Clearing SSH Hosts The clear ssh hosts command clears the existing list of trusted SSH hosts and reallows you to use SCP/SFTP along with copy command for particular hosts. Cisco MDS 9000 Family Configuration Guide 26-15 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 600: Displaying Ssh Protocol Status
2 enabled Use the show ssh key command to display the server key pair details for the specified key or for all keys, (see Example 26-11). Cisco MDS 9000 Family Configuration Guide 26-16 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 601: Recovering The Administrator Password
If your user name has network-admin privileges, issue the username command to assign a new Step 2 administrator password. switch# config t switch(config)# username admin password <new password> switch(config)# end switch# Save the software configuration. Step 3 switch# copy running-config startup-config Cisco MDS 9000 Family Configuration Guide 26-17 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 602: Power Cycling The Switch
Removing the supervisor module in slot 6 ensures that a switchover will not occur during the password recovery procedure. Power cycle the switch. Step 2 Press the Ctrl-] key sequence when the switch begins its Cisco SAN-OS software boot sequence to enter Step 3 prompt mode. switch(boot)#...
Page 603: Default Settings
Network operator (network-operator). VSAN policy for roles Permit. User account No expiry (unless configured). Password None. Accounting log size 250 KB. SSH service Disabled. Telnet service Enabled. Cisco MDS 9000 Family Configuration Guide 26-19 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 604 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Cisco MDS 9000 Family Configuration Guide 26-20 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 605 C H A P T E R Configuring SNMP The CLI and SNMP use common roles in all switches in the Cisco MDS 9000 Family. You can use SNMP to modify a role that was created using CLI and vice versa.
Page 606: Snmp Security
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . SNMP Security SNMP is an application layer protocol that facilitates the exchange of management information between network devices. In all Cisco MDS 9000 Family switches, three SNMP versions are available: SNMPv1, SNMPv2c, and SNMPv3 (see Figure 27-1).
Page 607: Snmpv3 Cli User Management And Aaa Integration
SNMP v3 user management can be centralized at the AAA server level. This centralized user management allows the SNMP agent running on the Cisco MDS switch to leverage the user authentication service of AAA server. Once user authentication is verified, the SNMP PDUs are processed further.
Page 608: Restricting Switch Access
Fabric Manager or Device Manager, you must use the CLI password for all future logins. If a user exists in both the SNMP database and the CLI database before upgrading to Cisco MDS SAN-OS Release 2.0(1b), then the set of roles assigned to the user becomes the union of both sets of roles after the upgrade.
Page 609 (see to the “Configuring the Notification Target User” section on page 27-11). If the engineID is not specified, the local user is created. Cisco MDS 9000 Family Configuration Guide 27-5 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 610: Enforcing Snmpv3 Message Encryption
Creates or modifies the settings for an SNMPv3 user switch(config)# snmp-server user NewUser role2 (NewUser) for the role2 role. Removes role2 for the specified user (User5) switch(config)# no snmp-server user User5 role2 Cisco MDS 9000 Family Configuration Guide 27-6 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 611: Aes Encryption-Based Privacy
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . AES Encryption-Based Privacy The Advanced Encryption Standard (AES) is the symmetric cipher algorithm. The Cisco SAN-OS software uses AES as one of the privacy protocols for SNMP message encryption and conforms with RFC3826.
Page 612: Configuring Snmpv1 And Snmpv2C Notifications
Use the SNMP-TARGET-MIB to obtain more information on the destinations to which notifications are Note to be sent either as Traps or as Informs. Refer to the Cisco MDS 9000 Family MIB Quick Reference for more information. The SNMP version 1 option is not available with the snmp-server host ip-address informs command.
Page 613: Configuring Snmpv3 Notifications
Notifications (Traps and Informs) are system alerts that the switch generates when certain events occur. As of Cisco MDS SAN-OS Release 2.1(1a) , you can enable or disable notifications. By default, no notification is defined or issued. If a notification name, is not specified all notifications are disabled or enabled.
Page 614 As of Cisco MDS SAN-OS Release 2.1(1a), you can use the show snmp trap command to display all the traps and their status. switch# show snmp trap...
Page 615: Configuring The Notification Target User
Configuring LinkUp/LinkDown Notifications for Interfaces As of Cisco MDS SAN-OS Release 2.1(2), you can configure which linkUp/linkDown notifications to enable on the interfaces. You can enable the following types of linkUp/linkDown notifications: Cisco—Only traps (cieLinkUp, cieLinkDown) defined in CISCO-IF-EXTENSION-MIB.my are...
Page 616 IEFT extended—Only traps (linkUp, linkDown) defined in IF-MIB are sent for an interface, if • ifLinkUpDownTrapEnable (defined in IF-MIB) is enabled for that interface. In addition to the varbinds defined in trap definition, varbinds defined in the IF-MIB specific to the Cisco Systems implementation are sent. This is the default setting. •...
Page 617: Displaying Snmp Security Information
Level Type SecName ____ ____ _______ ______ ____ ______ 171.16.126.34 2162 v2c noauth trap public 171.16.75.106 2162 v2c noauth trap public 171.31.58.97 2162 v2c auth trap public Cisco MDS 9000 Family Configuration Guide 27-13 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 618 The show snmp command displays counter information for SNMP contact, location, and packet settings. This command provides information that is used entirely by the Cisco MDS 9000 Family Fabric Manager (refer to the Cisco MDS 9000 Family Fabric Manager Configuration Guide). See Example 27-4.
Page 619: Default Settings
Table 27-2 lists the default settings for all SNMP features in any switch. Table 27-2 Default SNMP Settings Parameters Default User account No expiry (unless configured). Password None. Cisco MDS 9000 Family Configuration Guide 27-15 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 620 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Cisco MDS 9000 Family Configuration Guide 27-16 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 621 The authentication, authorization, and accounting (AAA) mechanism verifies the identity of, grants access to, and tracks the actions of users managing a switch. All Cisco MDS 9000 Family switches use Remote Access Dial-In User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+) protocols to provide solutions using remote AAA servers.
Page 622: Switch Management Security
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Switch Management Security Management security in any switch in the Cisco MDS 9000 Family provides security to all management access methods including the command-line interface (CLI) or Simple Network Management Protocol (SNMP).
Page 623: Authorization
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . When you log in to a Cisco MDS switch successfully using the Fabric Manager or Device Manager via...
Page 624: Remote Aaa Services
If all the AAA servers in the server group fails to respond, then that server group option is considered a failure. If required, you can specify multiple server groups. If the Cisco MDS switch encounters errors from the servers in the first group, it tries the servers in the next server group.
Page 625: Error-Enabled Status
Configuring RADIUS Cisco MDS 9000 Family switches can use the RADIUS protocol to communicate with remote AAA servers. You can configure multiple RADIUS servers and server groups and set timeout and retry counts. This section defines the RADIUS operation, identifies its network environments, and describes its configuration possibilities.
Page 626: Setting The Radius Server Address
RADIUS is a distributed client/server protocol that secures networks against unauthorized access. In the Cisco implementation, RADIUS clients run on Cisco MDS 9000 Family switches and send authentication requests to a central RADIUS server that contains all user authentication and network service access information.
Page 627: Setting The Radius Server Timeout Interval
(VSAs) between the network access server and the RADIUS server. The IETF uses attribute 26. VSAs allow vendors to support their own extended attributes that are not suitable for Cisco MDS 9000 Family CLI Configuration Guide 28-7 OL-8222-01, Cisco MDS SAN-OS Release 3.x...
Page 628: Vsa Format
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . general use. The Cisco RADIUS implementation supports one vendor-specific option using the format recommended in the specification. The Cisco vendor ID is 9, and the supported option is vendor type 1, which is named The value is a string with the following format: cisco-avpair.
Page 629: Displaying Radius Server Details
RADIUS server groups are configured: group radius: server: all configured radius servers group Group1: server: Server3 on auth-port 1812, acct-port 1813 server: Server5 on auth-port 1812, acct-port 1813 group Group5: Cisco MDS 9000 Family CLI Configuration Guide 28-9 OL-8222-01, Cisco MDS SAN-OS Release 3.x...
Page 630: Configuring Tacacs+
“Setting the Global Secret Key” section on page 28-11). Prior to Cisco MDS SAN-OS Release 2.1(2), you can use the dollar sign ($) in the key but the key must Note be enclosed in double quotes, for example “k$”. The percent sign (%) is not allowed. In Cisco MDS SAN-OS Release 2.1(2) and later, you can use the dollar sign ($) (without double quotes) and the percent...
Page 631: Setting The Global Secret Key
Note If secret keys are configured for individual servers, those keys override the globally configured key. Prior to Cisco MDS SAN-OS Release 2.1(2), you can use the dollar sign ($) in the key but the key must Note be enclosed in double quotes, for example “k$”. The percent sign (%) is not allowed. In Cisco MDS SAN-OS Release 2.1(2) and later, you can use the dollar sign ($) (without double quotes) and the percent...
Page 632: Setting The Timeout Value
30 factory default of 5 seconds. Defining Custom Attributes for Roles Cisco MDS 9000 Family switches use the TACACS+ custom attribute for service shells to configure roles to which a user belongs. TACACS+ attributes are specified in format. The attribute...
Page 633: Supported Tacacs+ Servers
TACACS+ custom attributes can be defined on an Access Control Server (ACS) for various services (for Note example, shell). Cisco MDS 9000 Family switches require the TACACS+ custom attribute for the service shell to be used for defining roles. Supported TACACS+ Servers...
Page 634: Configuring Server Groups
Step 4 Configures ServerB to be tried second within switch(config-tacacs+)# server ServerB TacacsServer1. Deletes ServerZ within the TacacsServer1 list of switch(config-tacacs+)# no server ServerZ servers. Cisco MDS 9000 Family CLI Configuration Guide 28-14 OL-8222-01, Cisco MDS SAN-OS Release 3.x...
Page 635: Distributing Aaa Server Configuration
ServerB on port 49: Distributing AAA Server Configuration Configuration for RADIUS and TACACS+ AAA on a MDS switch can be distributed using the Cisco Fabric Services (CFS). The distribution is disabled by default (see Chapter 5, “Using the CFS Infrastructure”).
Page 636: Starting A Distribution Session On A Switch
: enabled session ongoing: yes session owner: admin session db: exists merge protocol status: merge activation done last operation: enable last operation status: success Cisco MDS 9000 Family CLI Configuration Guide 28-16 OL-8222-01, Cisco MDS SAN-OS Release 3.x...
Page 637: Displaying The Configuration To Be Distributed
To commit TACACS+ configuration changes, follow these steps: Command Purpose Step 1 Enters configuration mode. switch# config t Step 2 Commits the TACACS+ configuration changes to the running switch(config)# tacacs+ commit configuration. Cisco MDS 9000 Family CLI Configuration Guide 28-17 OL-8222-01, Cisco MDS SAN-OS Release 3.x...
Page 638: Discarding The Distribution Session
If there is a conflict between two switches in the server ports configured, the merge fails. Caution Use the show radius distribution status command to view the status of the RADIUS fabric merge (see Example 28-9). Cisco MDS 9000 Family CLI Configuration Guide 28-18 OL-8222-01, Cisco MDS SAN-OS Release 3.x...
Page 639: Disabling Aaa Authentication
Disabling AAA Authentication You can turn off password verification using the none option. If you configure this option, users can login without giving a valid password. But the user should at least exist locally on the Cisco MDS 9000 Family switch.
Page 640: Displaying Aaa Authentication
The following steps explain the authorization and authentication process. When you can log in to the required switch in the Cisco MDS 9000 Family, you can use the Telnet, SSH, Step 1 Fabric Manager/Device Manager, or console login options.
Page 641 AAA policies using the console. If the aaa authentication login console command is not configured for console login, the software automatically uses policies used by the aaa authentication login default command. Cisco MDS 9000 Family CLI Configuration Guide 28-21 OL-8222-01, Cisco MDS SAN-OS Release 3.x...
Page 642: Configuring Accounting Services
(using RADIUS). The default maximum size of the accounting log is 250,000 bytes and cannot be changed. The Cisco MDS 9000 Family switch uses interim-update RADIUS accounting-request packets to communicate accounting log information to the RADIUS server. The RADIUS server must be appropriately configured to log the information communicated in these packets.
Page 643: Clearing Accounting Logs
Sat Jan 17 00:01:42 1981:stop:snmp_348537702_171.71.58.100:admin: Clearing Accounting Logs To clear out the contents of the current log, use the clear accounting log command. switch# clear accounting log Cisco MDS 9000 Family CLI Configuration Guide 28-23 OL-8222-01, Cisco MDS SAN-OS Release 3.x...
Page 644: Configuring Cisco Acs Servers
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Configuring Cisco ACS Servers The Cisco Access Control Server (ACS) uses TACACS+ and RADIUS protocols to provide AAA services that ensure a secure environment.When using the AAA server, user management is normally done using Cisco ACS.
Page 645 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Figure 28-3 Configuring Multiple Roles with SNMPv3 Attributes When Using RADIUS Cisco MDS 9000 Family CLI Configuration Guide 28-25 OL-8222-01, Cisco MDS SAN-OS Release 3.x...
Page 646 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Figure 28-4 Configuring the network-admin Role with SNMPv3 Attributes When Using TACACS+ Cisco MDS 9000 Family CLI Configuration Guide 28-26 OL-8222-01, Cisco MDS SAN-OS Release 3.x...
Page 647: Default Settings
Figure 28-5 Configuring Multiple Roles with SNMPv3 Attributes When Using TACACS+ Default Settings Table 28-2 lists the default settings for all switch security features in any switch. Cisco MDS 9000 Family CLI Configuration Guide 28-27 OL-8222-01, Cisco MDS SAN-OS Release 3.x...
Page 648 1 (one) second. RADIUS server retries Once. TACACS+ Disabled. TACACS+ servers None configured. TACACS+ server timeout 5 seconds. AAA server distribution Disabled. Accounting log size 250 KB. Cisco MDS 9000 Family CLI Configuration Guide 28-28 OL-8222-01, Cisco MDS SAN-OS Release 3.x...
Page 649: Ip Access Control Lists
IP packet, and if the packet matches, the rule also stipulates if the packet should be permitted or denied. Each switch in the Cisco MDS 9000 Family can have a maximum total of 128 IP-ACLs, each IP-ACL can have a maximum of 256 filters.
Page 650: Ip-Acl Configuration Guidelines
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . IP-ACL Configuration Guidelines Follow these guidelines when configuring IP-ACLs in any switch or director in the Cisco MDS 9000 Family: You could apply IP-ACLs to VSAN interfaces, the management interface, Gigabit Ethernet •...
Page 651: Port Information
Table 29-1 displays the port • numbers recognized by the Cisco SAN-OS software for associated TCP and UDP ports. Specify the name of a TCP or UDP port as follows: • TCP port names can only be used when filtering TCP.
Page 652: Icmp Information
IP packets can be filtered based on the following optional TOS conditions: The TOS level, as specified by a number from 0 to 15 • The TOS name: max-reliability, max-throughput, min-delay, min-monetary-cost, and normal • Cisco MDS 9000 Family Configuration Guide 29-4 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 653: Ip-Acl Creation
Step 2 Denies TCP traffic from 1.2.3.0 through switch(config)# ip access-list List2 deny tcp 1.2.3.0 0.0.0.255 eq port 5 any source port 5 to any destination. Cisco MDS 9000 Family Configuration Guide 29-5 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 654: Adding Filters To An Existing Ip-Acl
Ethernet MAC frame with MAC address information. It refers to the Layer 2 MAC-layer information dumped to the log. For the output ACL, the raw Layer 2 information is not logged. Cisco MDS 9000 Family Configuration Guide 29-6...
Page 655: Applying An Ip-Acl To An Interface
Create all conditions in an IP-ACL before applying it to the interface. If you apply an IP-ACL to an interface before creating it, all packets in that interface are dropped because Caution the IP-ACL is empty. Cisco MDS 9000 Family Configuration Guide 29-7 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 656: Ip-Acl Configuration Verification
SampleName for local egress traffic. IP-ACL Configuration Verification Use the show ip access-list command to view the contents of configured access filters. Each access filter can have several conditions. Cisco MDS 9000 Family Configuration Guide 29-8 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 657: Ip-Acl Counter Cleanup
Use the clear command to clear the counters for a specified IP-ACL entry. You cannot use this command to clear the counters for each individual filter. Note switch# clear ip access-list counters abc Cisco MDS 9000 Family Configuration Guide 29-9 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 658 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Cisco MDS 9000 Family Configuration Guide 29-10 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 659 The overall IPsec implementation is per the latest version of RFC2401. Cisco SAN-OS IPsec implements RFC 2402 through RFC 2410.
Page 660: About Ipsec
This enables applications such as Virtual Private Networks (VPNs), including intranets, extranets, and remote user access. IPsec as implemented in Cisco SAN-OS software supports the Encapsulating Security Payload (ESP) protocol. This protocol encapsulates the data to be protected and provides data privacy services, optional data authentication, and optional anti-replay services.
Page 661: About Ike
“Initializing IKE” section on page 30-7. • The IPsec feature inserts new headers in existing packets (see “Configuring the MTU Frame Size” Note section on page 37-6 for more information). Cisco MDS 9000 Family Configuration Guide 30-3 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 662: Ipsec Compatibility
SA. When using IKE to establish the SAs, the SPI for each SA is a pseudo-randomly derived number. Peer—A switch or other device that participates in IPsec. For example, a Cisco MDS switch or –...
Page 663: Supported Ipsec Transforms And Algorithms
Mode of operation—Two modes of operation are generally available for IPsec: tunnel mode and – transport mode. The Cisco SAN-OS implementation of IPsec only supports the tunnel mode. The IPsec tunnel mode encrypts and authenticates the IP packet, including its header. The gateways encrypt traffic on behalf of the hosts and subnets.
Page 664: Supported Ike Transforms And Algorithms
Triple DES (3DES) is a stronger form of DES with 168-bit encryption keys that allow sensitive • information to be transmitted over untrusted networks. Cisco SAN-OS images with strong encryption are subject to United States government export Note controls, and have a limited distribution. Images to be installed outside the United States require an export license.
Page 665: Initializing Ike
An IKE tunnel is a secure IKE session between two end points. IKE creates this tunnel to protect IKE messages used in IPsec SA negotiations. Two versions of IKE are used in the Cisco SAN-OS implementation. IKE version 1 (IKEv1) is implemented using RFC 2407, 2408, 2409, and 2412.
Page 666 The remote peer looks for a match by comparing its own highest priority policy against the other peer's received policies. The remote peer checks each of its policies in order of its priority (highest priority first) until a match is found. Cisco MDS 9000 Family Configuration Guide 30-8 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 667: Optional Configurations
You may need to configure this option even when the switch doesn't behave as an IKE initiator Caution under normal circumstances. Always using this option guarantees a faster recovery of traffic flows in case of failures. Cisco MDS 9000 Family Configuration Guide 30-9 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 668 When IPSec implementations in the host prefer to initiate the IPSec rekey, be sure to configure the IPsec Note lifetime value in the Cisco MDS switch to be higher than the lifetime value in the host. To configure the lifetime association for each policy, follow these steps:...
Page 669: Clearing Ike Tunnels Or Domains
Apply the crypto map to the required interface. Step 4 Crypto ACLs IP Access Control Lists (IP-ACLs) provide basic network security to all switches in the Cisco MDS 9000 Family. IP-ACLs restrict IP-related traffic based on the configured IP filters. Refer to the “IP Access Control Lists”...
Page 670: Crypto Acl Guidelines
Each permit and deny specifies conditions to determine which IP packets must be protected. Crypto ACL Guidelines Follow these guidelines when configuring ACLs for the IPsec feature: The Cisco SAN-OS software only allows name-based IP-ACLs. • • When an IP-ACL is applied to a crypto map, the following applies: Permit—applying the IPsec feature to the traffic.
Page 671 Each ACL filter assigned to the crypto map entry is equivalent to one security policy entry. The IPsec • feature supports up to 120 security policy entries for each MPS-14/2 module and Cisco MDS 9216i Switch. •...
Page 672: Mirror Image Crypto Acls
IPsec SA establishment is critical to IPsec—without SAs, IPsec does not work, causing any packets matching the crypto ACL criteria to be silently dropped instead of being forwarded with IPsec security. Cisco MDS 9000 Family Configuration Guide 30-14 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 673: The Any Keyword In Crypto Acls
If you want the new settings to take effect sooner, you can clear all or part of the security association database. When you enable IPsec, the Cisco SAN-OS software automatically creates a default transform set Note (ipsec_default_tranform_set) using AES-128 encryption and SHA-1 authentication algorithms.
Page 674 3DES encryption algorithm. In this case, the default no authentication is performed. Deletes the applied transform set. switch(config)# no crypto transform-set domain ipsec test esp-3des Cisco MDS 9000 Family Configuration Guide 30-16 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 675: Crypto Map Entries
When a packet matches a permit entry in a particular ACL, the corresponding crypto map entry is tagged, and connections are established. Cisco MDS 9000 Family Configuration Guide 30-17 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 676: Crypto Map Configuration Guidelines
If you do, this value overrides the globally set values. If you do not specify the crypto map specific lifetime, the global value (or global default) is used. Cisco MDS 9000 Family Configuration Guide 30-18 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 677: The Auto-Peer Option
Each host will setup its own SA, but will share the crypto map entry. Without the auto-peer option, each host needs one crypto map entry. Refer to Figure 30-6 on page 30-35 for more details. Cisco MDS 9000 Family Configuration Guide 30-19 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 678 Directs the software to select (during the SA setup) the switch(config-crypto-map-ip)# set peer auto-peer destination peer IP address dynamically. Deletes the auto-peer configuration. switch(config-crypto-map-ip)# no set peer auto-peer Cisco MDS 9000 Family Configuration Guide 30-20 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 679: Perfect Forward Secrecy
Applies the crypto map set to the selected switch(config-if)# crypto map domain ipsec cm10 interface. Step 4 Deletes the crypto map that is currently switch(config-if)# no crypto map domain ipsec applied to this interface. Cisco MDS 9000 Family Configuration Guide 30-21 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 680: Ipsec Maintenance
(in seconds) has passed or after the specified amount of traffic (in bytes) has passed. A new SA is negotiated before the lifetime threshold of the existing SA is reached, to ensure that negotiation completes before the existing SA expires. Cisco MDS 9000 Family Configuration Guide 30-22 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 681: Displaying Ike Configurations
60000 Example 30-2 Displays the Initiator Configuration switch# show crypto ike domain ipsec initiator initiator version 1 address 1.1.1.1 initiator version 1 address 1.1.1.2 Cisco MDS 9000 Family Configuration Guide 30-23 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 682: Displaying Ipsec Configurations
Transform set: 3des-md5 {esp-3des esp-md5-hmac} will negotiate {tunnel} Transform set: des-md5 {esp-des esp-md5-hmac} will negotiate {tunnel} Transform set: test {esp-aes-128-cbc esp-md5-hmac} will negotiate {tunnel} Cisco MDS 9000 Family Configuration Guide 30-24 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 683 IP ACL = acl100 permit ip 10.10.100.0 255.255.255.0 10.10.100.0 255.255.255.0 Transform-sets: 3des-md5, des-md5, Security Association Lifetime: 4500 megabytes/120 seconds PFS (Y/N): N Interface using crypto map set cm100: GigabitEthernet4/2 Cisco MDS 9000 Family Configuration Guide 30-25 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 684 Policy Database for interface: GigabitEthernet3/1, direction: Both deny udp any port eq 500 any deny udp any any port eq 500 permit ip 10.10.10.0 255.255.255.0 10.10.10.0 255.255.255.0 # 127: deny ip any any Cisco MDS 9000 Family Configuration Guide 30-26 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 685 AuthMethod none, HeaderDigest None (len 0), DataDigest None (len 0) Version Min: 0, Max: 0 FC target: Up, Reorder PDU: No, Marker send: No (int 0) Received MaxRecvDSLen key: Yes Cisco MDS 9000 Family Configuration Guide 30-27 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 686 IPSec global statistics: Number of crypto map sets: 3 IKE transaction stats: 0 num, 256 max Inbound SA stats: 0 num Outbound SA stats: 0 num Cisco MDS 9000 Family Configuration Guide 30-28 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 687: Sample Fcip Configuration
Configure the ACLs in Switch MDS A. Step 3 sw10.1.1.100# conf t sw10.1.1.100(config)# ip access-list acl1 permit ip 10.10.100.231 0.0.0.0 10.10.100.232 0.0.0.0 Cisco MDS 9000 Family Configuration Guide 30-29 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 688 2 sw10.1.1.100(config-profile)# ip address 10.10.100.231 sw10.1.1.100(config-profile)# int fcip 2 sw10.1.1.100(config-if)# peer-info ipaddr 10.10.100.232 sw10.1.1.100(config-if)# use-profile 2 sw10.1.1.100(config-if)# no shut sw10.1.1.100(config-if)# end sw10.1.1.100# Cisco MDS 9000 Family Configuration Guide 30-30 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 689 10.10.100.232 0.0.0.0 10.10.100.231 0.0.0.0 Step 12 Configure the transform set in Switch MDS C. sw11.1.1.100(config)# crypto transform-set domain ipsec tfs-02 esp-aes 128 esp-sha1-hmac Cisco MDS 9000 Family Configuration Guide 30-31 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 690 2 sw11.1.1.100(config-profile)# ip address 10.10.100.232 sw11.1.1.100(config-profile)# int fcip 2 sw11.1.1.100(config-if)# peer-info ipaddr 10.10.100.231 sw11.1.1.100(config-if)# use-profile 2 sw11.1.1.100(config-if)# no shut sw11.1.1.100(config-if)# exit sw11.1.1.100(config)# exit Cisco MDS 9000 Family Configuration Guide 30-32 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 691 Local Addr Remote Addr Encr Hash Auth Method Lifetime ---------------------------------------------------------------------------------------- 10.10.100.232[500] 10.10.100.231[500] 3des preshared key 86300 ----------------------------------------------------------------------------------------- NOTE: tunnel id ended with * indicates an IKEv1 tunnel Cisco MDS 9000 Family Configuration Guide 30-33 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 692: Sample Iscsi Configuration
Ethernet port 7/1, an SA is created between the hosts and MDS. With auto-peer, only one crypto map is necessary to create SAs for all the hosts in the same subnet. Without auto-peer, you need one crypto map entry per host. Cisco MDS 9000 Family Configuration Guide 30-34 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 693 10.10.1.0 0.0.0.255 12.12.1.0 0.0.0.255 Configure the transform set in Switch MDS A. Step 2 sw10.1.1.100(config)# crypto transform-set domain ipsec tfs-01 esp-3des esp-md5-hmac Cisco MDS 9000 Family Configuration Guide 30-35 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 694: Default Settings
You have now configured IPsec in MDS A using the Cisco MDS IPsec and iSCSI features. Default Settings Table 30-3 lists the default settings for IKE parameters. Table 30-3...
Page 695 Diffie-Hellman Challenge Handshake Authentication Protocol (DHCHAP) is an FC-SP protocol that provides authentication between Cisco MDS 9000 Family switches and other devices. DHCHAP consists of the CHAP protocol combined with the Diffie-Hellman exchange.
Page 696: About Fabric Authentication
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . About Fabric Authentication All switches in the Cisco MDS 9000 Family enable fabric-wide authentication from one switch to another switch, or from a switch to a host. These switch and host authentications are performed locally or remotely in each fabric.
Page 697: About Dhchap
Chapter 3, “Obtaining and Installing Licenses”). DHCHAP Compatibility with Existing Cisco MDS Features This sections identifies the impact of configuring the DHCHAP feature along with existing Cisco MDS features: PortChannel interfaces—If DHCHAP is enabled for ports belonging to a PortChannel, DHCHAP •...
Page 698: Dhchap Configuration
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . DHCHAP Configuration By default, the DHCHAP feature is disabled in all switches in the Cisco MDS 9000 Family. You must explicitly enable the DHCHAP feature to access the configuration and verification commands for fabric authentication.
Page 699 Changes the DHCHAP authentication mode to switch(config-if)# fcsp auto-active auto-active for the selected interfaces with reauthentication disabled (default). The reauthorization configuration is the same as Note setting it to zero (0). Cisco MDS 9000 Family Configuration Guide 31-5 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 700: Dhchap Hash Algorithm Configuration
SHA-1 hash algorithm. DHCHAP Group Configuration All switches in the Cisco MDS Family support all DHCHAP groups specified in the standard: 0 (null DH group, which does not perform the Diffie-Hellman exchange), 1, 2, 3, or 4.
Page 701: Dhchap Password Configuration
We recommend using RADIUS or TACACS+ for fabrics with more than five switches. If you need to use a local password database, you can continue to do so using Approach 3 and using the Cisco MDS 9000 Family Fabric Manager to manage the password database.
Page 702: Locally Configuring The Device Name
Configures a password entered in an encrypted switch(config)# fcsp dhchap devicename 00:11:22:33:55:aa:bb:cc password 7 asdflkjh format for another switch in the fabric that is identified by the switch WWN device name. Cisco MDS 9000 Family Configuration Guide 31-8 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 703: Dhchap Timeout Value
Example 31-3 Displays the FC-SP WWN of the Device Connected through a Specified Interface switch# show fcsp interface fc 2/1 wwn fc2/1: fcsp authentication mode:SEC_MODE_ON Status: Successfully authenticated Other device's WWN:20:00:00:e0:8b:0a:5d:e7 Cisco MDS 9000 Family Configuration Guide 31-9 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 704: Dhchap Aaa Authentication
Enables DHCHAP to use the RADIUS server group switch(config)# aaa authentication dhchap default group RadiusServer1 (in this example, RadiusServer1) for authentication. Cisco MDS 9000 Family Configuration Guide 31-10 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 705: Sample Configuration
Verify the protocol security information configured in this switch by displaying the DHCHAP local password database. MDS-9216# show fcsp dhchap database DHCHAP Local Password: Non-device specific password:upt9216 Other Devices' Passwords: Password for device with WWN:20:00:00:05:30:00:38:5e is upt9509 Cisco MDS 9000 Family Configuration Guide 31-11 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 706: Default Settings
A priority list of MD5 followed by SHA-1 for DHCHAP authentication. DHCHAP authentication mode Auto-passive. DHCHAP group default priority 0, 4, 1, 2, and 3 respectively. exchange order DHCHAP timeout value 30 seconds. Cisco MDS 9000 Family Configuration Guide 31-12 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 707 C H A P T E R Configuring Port Security All switches in the Cisco MDS 9000 Family provide port security features that reject intrusion attempts and report these intrusions to the administrator. Port security is only supported for Fibre Channel ports.
Page 708: Port Security Features
The software uses this active database to enforce authorization. Port Security Initiation By default, the port security feature is disabled in all switches in the Cisco MDS 9000 Family. To enable port security, follow these steps: Command...
Page 709: Port Security Manual Configuration
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Port Security Manual Configuration To configure port security on any switch in the Cisco MDS 9000 Family, follow these steps: Identify the WWN of the ports that need to be secured.
Page 710: Port Security Activation
Port Security Activation By default, the port security feature is not activated in any switch in the Cisco MDS 9000 Family. When you activate the port security feature, the following apply: Auto-learning is also automatically enabled. When auto-learning is enabled, the following apply: •...
Page 711: Database Activation Rejection
Step 1 Enters configuration mode. switch# config t switch(config)# Step 2 Forces the VSAN 1 port security switch(config)# port-security activate vsan 1 force database to activate despite conflicts. Cisco MDS 9000 Family Configuration Guide 32-5 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 712: Database Reactivation
1 Step 4 Activates the port security database for the specified switch# config t switch(config)# port-security activate VSAN, and automatically enables auto-learn. vsan 1 Cisco MDS 9000 Family Configuration Guide 32-6 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 713: About Auto-Learning
You can instruct the switch to automatically learn (auto-learn) the port security configurations over a specified period. This feature allows any switch in the Cisco MDS 9000 Family to automatically learn about devices and switches that connect to it. Use this feature to activate the port security feature for the first time as it saves tedious manual configuration for each port.
Page 714: Auto-Learning Device Authorization
F1 is bound to P1/P2. P1, N3, F1 Permitted Wildcard match for N3. P1, N1, F3 Permitted Wildcard match for F3. P1, N4, F5 Denied P1 is bound to F1. Cisco MDS 9000 Family Configuration Guide 32-8 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 715 Wildcard ( * ) match for N3. Port Security Configuration Distribution The port security feature uses the Cisco Fabric Services (CFS) infrastructure to enable efficient database management, provide a single point of configuration for the entire fabric in the VSAN, and enforce the port security policies on throughout the fabric (see Chapter 5, “Using the CFS...
Page 716: Locking The Fabric
If the pending database contains more than one activation and autolearning configuration when you commit the changes, then the activation and autolearning changes are consolidated and the behavior may change (see Table 32-3). Cisco MDS 9000 Family Configuration Guide 32-10 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 717 A database merge refers to a union of the configuration database and static (unlearned) entries in the active database. See the “CFS Merge Support” section on page 5-7 for detailed concepts. Cisco MDS 9000 Family Configuration Guide 32-11 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 718: Database Interaction
Database Scenarios Figure 32-1 depicts various scenarios to depict the active database and the configuration database status based on port security configurations. Cisco MDS 9000 Family Configuration Guide 32-12 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 719: Port Security Database Copy
If distribution is enabled, this command results in acquire of temporary copy (and consequently a fabric lock) of the configuration database. If you lock the fabric, you need to commit the changes to the configuration database of all the switches. Cisco MDS 9000 Family Configuration Guide 32-13 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 720: Port Security Database Deletion
Use the port-security clear vsan command to clear the pending session in the VSAN from any switch in the VSAN. switch# clear port-security session vsan 5 Cisco MDS 9000 Family Configuration Guide 32-14 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 721 ---------------------------------------------------------------------------------------- VSAN Logging-in Entity Logging-in Point (Interface) Learnt ---------------------------------------------------------------------------------------- 21:00:00:e0:8b:06:d9:1d(pwwn) 20:0d:00:05:30:00:95:de(fc1/13) 50:06:04:82:bc:01:c3:84(pwwn) 20:0c:00:05:30:00:95:de(fc1/12) 20:00:00:05:30:00:95:df(swwn) 20:0c:00:05:30:00:95:de(port-channel 128) Yes 20:00:00:05:30:00:95:de(swwn) 20:01:00:05:30:00:95:de(fc1/1) [Total 4 entries] Cisco MDS 9000 Family Configuration Guide 32-15 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 722 20:01:00:05:30:00:95:de vsan 1 20:00:00:0c:88:00:4a:e2(swwn) Example 32-8 Displays the Interface Port Information in VSAN 2 switch# show port-security database interface fc 1/1 vsan 2 20:00:00:0c:88:00:4a:e2(swwn) Cisco MDS 9000 Family Configuration Guide 32-16 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 723 20:00:00:05:30:00:95:de(swwn) 9 08:32:40 2003 [Total 2 entries] The show port-security command issued with the last number option displays only the specified number of entries that appear first. Cisco MDS 9000 Family Configuration Guide 32-17 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 724 Default Security Settings Parameters Default Auto-learn Enabled if port security is enabled. Port security Disabled. Distribution Disabled. Enabling distribution enables it on all VSANs in the switch. Note Cisco MDS 9000 Family Configuration Guide 32-18 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 725 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . A R T IP Services...
Page 726 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .
Page 727 IP-based technology. The switch can connect separated SAN islands using Fibre Channel over IP (FCIP). Note FCIP is specific to the IPS module and is available in Cisco MDS 9200 Switches or Cisco MDS 9500 Directors. The Cisco MDS 9216I switch and the 14/2 Multiprotocol Services (MPS-14/2) module also allow you to use Fibre Channel, FCIP, and iSCSI features.
Page 728: About Fcip
Figure 33-2 describes the internal model of FCIP with respect to Fibre Channel Inter-Switch Links (ISLs) and Cisco's enhanced ISLs (EISLs). FCIP virtual E (VE) ports behave exactly like standard Fibre Channel E ports, except that the transport in this case is FCIP instead of Fibre Channel. The only requirement is for the other end of the VE port to be another VE port.
Page 729: Fcip Links
When the FCIP link comes up, the VE ports at both ends of the FCIP link create a virtual Fibre Channel (E)ISL and initiate the E port protocol to bring up the (E)ISL. By default, the FCIP feature on any Cisco MDS 9000 Family switch creates two TCP connections for each FCIP link.
Page 730: Fcip Profiles
To begin configuring the FCIP feature, you must explicitly enable FCIP on the required switches in the fabric. By default, this feature is disabled in all switches in the Cisco MDS 9000 Family. The configuration and verification commands for the FCIP feature are only available when FCIP is enabled on a switch.
Page 731: Basic Fcip Configuration
1 to 255. Step 3 Associates the profile (10) with the local IP switch1(config-profile)# ip address 10.100.1.25 address of the Gigabit Ethernet interface (3/1). Cisco MDS 9000 Family Configuration Guide 33-5 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 732: Creating Fcip Links
Step 4 Assigns the peer IP address information switch1(config-if)# peer-info ipaddr 10.1.1.1 (10.1.1.1 for switch 2) to the FCIP interface. Step 5 Enables the interface. switch1(config-if)# no shutdown Cisco MDS 9000 Family Configuration Guide 33-6 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 733 You can control TCP behavior in a switch by configuring the following TCP parameters. Minimum Retransmit Timeout, page 33-8 • Keepalive Timeout, page 33-8 • Maximum Retransmissions, page 33-9 • Cisco MDS 9000 Family Configuration Guide 33-7 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 734: Minimum Retransmit Timeout
(120). The range is from 1 to 7200 seconds. Reverts the keepalive timeout interval to the default 60 switch(config-profile)# no tcp keepalive-timeout 120 seconds. Cisco MDS 9000 Family Configuration Guide 33-8 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 735: Maximum Retransmissions
TCP transmission. The receiving TCP sends back SACK advertisements to the sender. The sender can then retransmit only the missing data segments. By default, SACK is enabled on Cisco MDS 9000 Family switches. To configure SACK, follow these steps:...
Page 736: Monitoring Congestion
The software uses standard TCP rules to increase the window beyond the one required to maintain the min-available-bandwidth to reach the max-bandwidth. The default burst size is 50 KB. Note Cisco MDS 9000 Family Configuration Guide 33-10 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 737: Estimating Maximum Jitter
You can configure the maximum estimated jitter in microseconds by the packet sender. The estimated variation should not include network queuing delay. By default, this parameter is enabled in Cisco MDS switches when IPS modules or MPS-14/2 modules are present.
Page 738 Special frames—Configures one end of the FCIP link when security gateways are present in the IP network. Optionally, you can also use the switch WWN (sWWN) and profile ID along with the IP address. Cisco MDS 9000 Family Configuration Guide 33-12 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 739: Peer Ip Address
The peer WWN is the WWN of the peer Note switch. Use the show wwn switch command to obtain the peer WWN. Disables special frames (default). switch(config-if)# no special-frame peer-wwn 12:12:34:45:ab:bc:cd:00 Cisco MDS 9000 Family Configuration Guide 33-13 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 740: Active Connections
Cisco PA-FC-1G Fibre Channel port adapter, which has only one (1) TCP connection, interoperates with any switch in the Cisco MDS 9000 Family. One TCP connection is within the specified limit. If the peer initiates one TCP connection, and your MDS switch is configured for two TCP connections, then the software handles it gracefully and moves on with just one connection.
Page 741 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . By default, time stamp control is disabled in all switches in the Cisco MDS 9000 Family. If a packet arrives within a 2000 millisecond interval (+ or –2000 ms) from the network time, that packet is...
Page 742: B Port Interoperability Mode
While E ports typically interconnect Fibre Channel switches, some SAN extender devices, such as Cisco's PA-FC-1G Fibre Channel port adapter and the SN 5428-2 storage router, implement a bridge port model to connect geographically dispersed fabrics. This model uses B port as described in the T11 Standard FC-BB-2.
Page 743: Configuring B Ports
FCIP interface The B port feature in the IPS module and MPS-14/2 module allows remote B port SAN extenders to communicate directly with a Cisco MDS 9000 Family switch, therefore eliminating the need for local bridge devices. Configuring B Ports When an FCIP peer is a SAN extender device that only supports Fibre Channel B ports, you need to enable the B port mode for the FCIP link.
Page 744: Quality Of Service
Fibre Channel domains (fcdomains) (see Chapter 14, “Configuring Domain Parameters.”). Importing and exporting the zone database from the adjacent switch (see Chapter 19, “Configuring • and Managing Zones”). Cisco MDS 9000 Family Configuration Guide 33-18 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 745: Advanced Fcip Features
FCIP link of the WRITE command and Transfer Ready. It also eliminates the delay caused by multiple Transfer Readys needed for the exchange going over the FCIP link. Cisco MDS 9000 Family Configuration Guide 33-19 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 746 When write acceleration is enabled in an FCIP interface, a FICON VSAN cannot be enabled in that Caution interface. Likewise, if an FCIP interface is up in a FICON VSAN, write acceleration cannot be enabled on that interface. Cisco MDS 9000 Family Configuration Guide 33-20 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 747: Fcip Tape Acceleration
Acting as a proxy for the remote tape drives, the local Cisco MDS switch proxies a transfer ready to signal the host to start sending data. After receiving all the data, the local Cisco MDS switch proxies the successful completion of the SCSI WRITE operation.
Page 748 In Tape Acceleration after a certain amount of data has been buffered at the remote Cisco MDS switch, the write operations from the host are flow controlled by the local Cisco MDS switch, by not proxying the Transfer Ready.
Page 749: Fcip Compression
MPS-14/2 modules, and software compression in IPS-4 and IPS-8 modules. The Cisco MDS 9216i Switch also supports IP compression feature. The integrated supervisor module Note has the same hardware components that are available in the MPS-14/2 module.
Page 750: Displaying Fcip Information
Cisco SAN-OS Release 1.3(1) and earlier. If one end of the FCIP link is running Cisco SAN-OS Release 2.0(1b) (or later) and the other end is running Cisco SAN-OS Release 1.3(1) (or earlier), then you must disable compression at both ends of the FCIP link.
Page 751 Target End Buffering 0 Bytes, Auto Max Writes 1 Flags 0x0, FSM state Non TA Mode First index 0xfffffff7, Last index 0xfffffff7 Current index=0xfffffffe, Els Oxid 0xfff7, Seq-Id 0x0000 Hosts 1 FCID 0x20300 Cisco MDS 9000 Family Configuration Guide 33-25 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 752 5 minutes input rate 491913172779207224 bits/sec, 61489146597400903 bytes/se c, 0 frames/sec 5 minutes output rate 491913175298921320 bits/sec, 61489146912365165 bytes/s ec, 14316551 frames/sec 5702 frames input, 482288 bytes 5697 Class F frames input, 481736 bytes Cisco MDS 9000 Family Configuration Guide 33-26 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 753 37 XFER_RDY rcvd (host) 0 XFER_RDY not proxied due to flow control (host) 0 bytes queued for sending 0 estimated bytes queued on the other side for sending Cisco MDS 9000 Family Configuration Guide 33-27 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 754 0 input bytes, 0 output bytes 0 input pkts, 0 output pkts Miscelleneous stats 32 min input pktlen, 32 max input pktlen 28 min output pktlen, 28 max output pktlen Cisco MDS 9000 Family Configuration Guide 33-28 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 755 Maximum number of re-transmissions is 4 Send buffer size is 0 KB Maximum allowed bandwidth is 1000000 kbps Minimum available bandwidth is 15000 kbps Estimated round trip time is 1000 usec Cisco MDS 9000 Family Configuration Guide 33-29 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 756: Fcip High Availability
All FCIP links in the PortChannel should be across the same two switches. • The Fibre Channel traffic is load balanced across the FCIP links in the PortChannel. Cisco MDS 9000 Family Configuration Guide 33-30 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 757: Fspf
If the active VRRP port fails, the standby VRRP port takes over the VRRP IP address. When the VRRP switchover happens, the FCIP link automatically disconnects and reconnects. • This configuration has only one FCIP (E)ISL link. • Cisco MDS 9000 Family Configuration Guide 33-31 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 758: Ethernet Portchannels
• Ethernet PortChannels and Fibre Channel PortChannels Ethernet PortChannels offer link redundancy between the Cisco MDS 9000 Family switch’s Gigabit Ethernet ports and the connecting ethernet switch. On the other hand, Fibre Channel PortChannels offer (E)ISL link redundancy between Fibre Channel switches. FCIP is an (E)ISL link and is only applicable for a Fibre Channel PortChannel.
Page 759: Default Settings
Control TCP and data connection No packets are transmitted. TCP congestion window monitoring Enabled. Burst size 50KB. TCP connection mode Active mode is enabled. special-frame Disabled. FCIP timestamp Disabled. Cisco MDS 9000 Family Configuration Guide 33-33 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 760 Table 33-1 Default FCIP Parameters (continued) Parameters Default acceptable-diff range to accept packets +/– 2000 ms. B port keepalive responses Disabled. Write acceleration Disabled. Tape acceleration Disabled. Cisco MDS 9000 Family Configuration Guide 33-34 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 761 C H A P T E R Configuring the SAN Extension Tuner The SAN extension tuner (SET) feature is unique to the Cisco MDS 9000 Family of switches. This feature helps you optimize FCIP performance by generating SCSI I/O commands and directing such traffic to a specific virtual target.
Page 762: About Set
I/ O over FCIP link. License Prerequisites To use the SET, you need to obtain the SAN_EXTN_OVER_IP license (see Chapter 3, “Obtaining and Installing Licenses”). Cisco MDS 9000 Family Configuration Guide 34-2 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 763: Tuner Guidelines
N ports may interfere with the performance of the FCIP link. Tuner Initialization The tuning feature is disabled by default in all switches in the Cisco 9000 Family. When you enable this feature, tuning is globally enabled for the entire switch.
Page 764 Add more N ports (as required) to other Gigabit Ethernet ports in the switch to obtain maximum Step 6 throughput. One scenario that may require additional N ports is if you use FCIP PortChannels. Cisco MDS 9000 Family Configuration Guide 34-4 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 765: Nwwn Configuration
To assign SCSI read and (or) write commands on a one-time basis, follow these steps: Command Purpose Step 1 Enters the SET configuration submode. switch# san-ext-tuner switch(san-ext)# Step 2 Configures the nWWN for the SAN switch(san-ext)# nWWN 10:00:00:00:00:00:00:00 extension tuner. Cisco MDS 9000 Family Configuration Guide 34-5 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 766 Step 7 Clears the counters associated with this N switch(san-ext-nport)# clear counters port. Step 8 Exits the SAN extension tuner submode. switch(san-ext-nport)# end switch# Cisco MDS 9000 Family Configuration Guide 34-6 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 767: Data Pattern
Removes the specified transfer ready size configuration for SCSI write commands and defaults to using the all-zero pattern. Cisco MDS 9000 Family Configuration Guide 34-7 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 768: Tuning Configuration Verification
Exits the SAN extension tuner submode. switch(san-ext-nport)# end switch# Tuning Configuration Verification The show commands display the current tuning settings for the Cisco MDS switch (see Examples 34-1 to 34-6). Example 34-1 Displays Entries in the FLOGI Database switch# show flogi database...
Page 769: Default Settings
Parameters Default Tuning Disabled. Transfer ready size Same as the transfer size in the SCSI write command. Outstanding I/Os Number of transactions Data generation format All-zero format. Cisco MDS 9000 Family Configuration Guide 34-9 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 770 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Cisco MDS 9000 Family Configuration Guide 34-10 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 771: Configuring Iscsi
Note The iSCSI feature is specific to the IPS module and is available in Cisco MDS 9200 Switches or Cisco MDS 9500 Directors. The Cisco MDS 9216I switch and the 14/2 Multiprotocol Services (MPS-14/2) module also allow you to use Fibre Channel, FCIP, and iSCSI features.
Page 772 (Through the IPS module) Each iSCSI host that requires access to storage through the IPS module or MPS-14/2 module needs to have a compatible iSCSI driver installed. (The Cisco.com website at http://www.cisco.com/cgi-bin/tablebuild.pl/sn5420-scsi provides a list of compatible drivers). Using the iSCSI protocol, the iSCSI driver allows an iSCSI host to transport SCSI requests and responses over an IP network.
Page 773: Configuring Iscsi
Refer to the IETF standards for IP storage at http://www.ietf.org for information on the iSCSI protocol. Configuring iSCSI This section describes how to configure iSCSI on the Cisco MDS 9000 Family switches. Cisco MDS 9000 Family Configuration Guide 35-3 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 774: Enabling Iscsi
To use the iSCSI feature, you must explicitly enable iSCSI on the required switches in the fabric. By default, this feature is disabled in all switches in the Cisco MDS 9000 Family. To enable iSCSI on any participating switch, follow these steps:...
Page 775: Dynamic Mapping
If you have not configured a switch name, the management IP address is used. With this convention, each IPS port in a Cisco MDS 9000 Family switch creates a unique iSCSI target node name for the same Fibre Channel target port in the SAN.
Page 776 Step 2 IPS modules and MPS-14/2 modules dynamically switch(config)# iscsi import target fc import all Fibre Channel targets in the Fibre Channel SAN into the IP network. Cisco MDS 9000 Family Configuration Guide 35-6 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 777: Static Mapping
An iSCSI target cannot contain more than one Fibre Channel target port. If you have already mapped the whole Fibre Channel target port, you cannot use the LUN mapping option. Cisco MDS 9000 Family Configuration Guide 35-7 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 778: Iscsi Virtual Target Configuration Examples
This example maps a subset of LUNs of a Fibre Channel target to three iSCSI virtual targets. Each iSCSI target only has one LUN (see Figure 35-8). Cisco MDS 9000 Family Configuration Guide 35-8 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 779 28:00:01:02:03:04:05:06 fc-lun 0 iscsi-lun 0 iscsi virtual-target name iqn.1987-02.com.cisco.target-2 pWWN 28:00:01:02:03:04:05:06 fc-lun 1 iscsi-lun 0 iscsi virtual-target name iqn.1987-02.com.cisco.target-3 pWWN 28:00:01:02:03:04:05:06 fc-lun 2 iscsi-lun 0 pWWN 28:00:01:02:03:04:05:06 fc-lun 3 iscsi-lun 1 Cisco MDS 9000 Family Configuration Guide 35-9 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 780: Initiator Identification
Identifies the iSCSI initiator based on the IP address. switch(config-if)# switchport initiator id ip-address Identifies the iSCSI initiator based on the initiator node switch(config-if)# switchport initiator id name name. This is the default behavior. Cisco MDS 9000 Family Configuration Guide 35-10 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 781: Initiator Presentation Modes
LUN access control for every host, the static configuration for each iSCSI initiator can be overwhelming. In such case, using the proxy-initiator mode simplifies the configuration. The Cisco MDS switches support the following iSCSI session limits: The maximum number of iSCSI sessions on a switch is 5000.
Page 782 35-10, there are three iSCSI hosts and all three of them connect to the same Fibre Channel target. There is one Fibre Channel session from each of the three virtual Fibre Channel hosts to the target. Cisco MDS 9000 Family Configuration Guide 35-12 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 783 We recommend using the system-assign option. If you manually assign a WWN, you must ensure its uniqueness (see the “Configuring World Wide Names” section on page 25-5). You should not use any previously-assigned WWNs. Cisco MDS 9000 Family Configuration Guide 35-13 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 784 After a dynamic initiator has already logged in, you may decide to permanently keep the automatically assigned nWWN/pWWN mapping so this initiator uses the same mapping the next time it logs in. Cisco MDS 9000 Family Configuration Guide 35-14 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 785 WWNs to other iSCSI initiators (dynamic or static) and cause conflicts. As of Cisco MDS SAN-OS Release 2.1(2), you can fix this problem by checking for and removing any configured WWNs that belong to the system whenever such scenarios occur.
Page 786 Step 1 Enters configuration mode. switch# config terminal switch(config)# Step 2 Selects the iSCSI interface on the switch that switch(config)# interface iscsi 4/1 switch(config-if)# initiators will connect to. Cisco MDS 9000 Family Configuration Guide 35-16 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 787: Vsan Membership For Iscsi
Assigns the iSCSI initiator node to a specified VSAN. switch(config-iscsi-init)# vsan 3 Note You can assign this host to one or more VSANs. Removes the iSCSI node from the specified VSAN. switch(config-iscsi-init)# no vsan 5 Cisco MDS 9000 Family Configuration Guide 35-17 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 788: Example Of Vsan Membership For Iscsi Devices
The default port VSAN of an iSCSI interface is VSAN 1. This feature was introduced in Cisco SAN-OS Release 1.3(1). If you downgrade to an earlier release, be sure to delete any assigned VSAN and to issue the no iscsi interface vsan-membership command before performing the downgrade procedure.
Page 789: Advanced Vsan Membership For Iscsi Hosts
VSAN. Fibre Channel zoning has been extended to support iSCSI devices and their extension has the advantage of having a uniform, flexible access control mechanism across the whole SAN. Cisco MDS 9000 Family Configuration Guide 35-19 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 790 Assigns an iSCSI port WWN-based membership switch(config-zone)# member pwwn 20:00:00:05:30:00:59:11 into a zone. Deletes the device identified by the port WWN switch(config-zone)# no member pwwn 20:00:00:05:30:00:59:11 from a zone. Cisco MDS 9000 Family Configuration Guide 35-20 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 791: Iscsi Acl Based Access Control
10.50.1.0 255.255.255.0 permit accessing virtual targets. Allows all initiator nodes to access this virtual switch(config-iscsi-tgt)# all-initiator-permit target. Prevents any initiator from accessing virtual targets switch(config-iscsi-tgt)# no all-initiator-permit (default). Cisco MDS 9000 Family Configuration Guide 35-21 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 792: Enforcing Access Control
If authentication should always be used, you must configure the switch to allow only CHAP authentication. For CHAP username or secret validation you can use any method supported and allowed by the Cisco MDS AAA infrastructure (see Chapter 28, “Configuring RADIUS and...
Page 793: Authentication Mechanism
Configures CHAP as the default authentication switch(config)# iscsi authentication chap mechanism globally for the Cisco MDS switch. CHAP authentication is required for all iSCSI sessions. To configure the authentication mechanism for iSCSI sessions to a particular interface, follow these steps:...
Page 794: Restricting Iscsi Initiator Authentication
In addition to the IPS module or MPS-14/2 module authentication of the iSCSI initiator, the IPS module or MPS-14/2 module also supports a mechanism for the iSCSI initiator to authenticate the Cisco MDS switch’s iSCSI target during the iSCSI login phase. This authentication requires the user to configure a username and password for the switch to present to the iSCSI initiator.
Page 795 35-14) commands to display the initiator specific configuration. iSCSI Immediate Data and Unsolicited Data Features Cisco MDS SAN-OS Release 2.1(1a), and later, supports the iSCSI immediate data and unsolicited data features if requested by the initiator during the login negotiation phase. Immediate data is iSCSI write data contained in the data segment of an iSCSI command protocol data unit (PDU), such as combining the write command and write data together in one PDU.
Page 796: Iscsi Listener Port
Selects the iSCSI interface on the switch. switch(config)# interface iscsi 4/1 switch(config-if)# Cisco MDS switches support the following advanced features for iSCSI interfaces. iSCSI Listener Port You can configure the TCP port number for the iSCSI interface which listens for new TCP connections.
Page 797: Iscsi Routing Modes
5 with DSCP value 0). iSCSI Routing Modes Cisco MDS 9000 Family switches support multiple iSCSI routing modes. Each mode negotiates different operational parameters, has different advantages and disadvantages, and is suitable for different usages. Pass-thru mode •...
Page 798 Data digest cannot be used. Cisco MDS 9000 Family Configuration Guide 35-28 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 799: Displaying Iscsi Information
Input 0 packets, 0 bytes Command 0 pdus, Data-out 0 pdus, 0 bytes Output 0 packets, 0 bytes Response 0 pdus (with sense 0), R2T 0 pdus Cisco MDS 9000 Family Configuration Guide 35-29 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 800: Displaying Iscsi Statistics
Response 2352 pdus (with sense 266), R2T 1804 pdus Data-in 90453 pdus, 92458248 bytes iSCSI Forward: Command:2352 PDUs (Rcvd:2352) Data-Out (Write):16236 PDUs (Rcvd 44198), 0 fragments, 92364800 bytes, unsolicited 0 bytes FCP Forward: Cisco MDS 9000 Family Configuration Guide 35-30 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 801: Displaying Proxy Initiator Information
(see Example 35-4 Example 35-5). Example 35-4 Displays Proxy Initiator Information for the iSCSI Interface with System-Assigned WWNs switch# show interface iscsi 4/1 Cisco MDS 9000 Family Configuration Guide 35-31 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 802 Command 0 pdus, Data-out 0 pdus, 0 bytes Output 7 packets, 336 bytes Response 0 pdus (with sense 0), R2T 0 pdus Data-in 0 pdus, 0 bytes Cisco MDS 9000 Family Configuration Guide 35-32 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 803: Displaying Global Iscsi Information
Without parameters, this command displays all sessions. The output can be filtered by specifying an initiator, a target, or both. Example 35-7 displays one iSCSI initiator configured based on the IQN (iqn.1987-05.com.cisco:02.3021b0f2fda0.avanti12-w2k) and another based on its IP address (10.10.100.199). Example 35-7 Displays Brief Information of All iSCSI Sessions switch# show iscsi session Initiator iqn.1987-05.com.cisco:02.3021b0f2fda0.avanti12-w2k...
Page 804: Displaying Iscsi Initiators
Virtual Port WWN is 22:04:00:05:30:00:10:e1 (configured) Interface iSCSI 4/1, Portal group tag: 0x180 VSAN ID 1, FCID 0x6c0202 VSAN ID 2, FCID 0x6e0000 VSAN ID 10, FCID 0x790000 Cisco MDS 9000 Family Configuration Guide 35-34 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 805 Interface iSCSI 4/1, Portal group tag: 0x180 VSAN ID 5, FCID 0x640000 VSAN ID 1, FCID 0x6c0203 Example 35-11 Displays Detailed Information About the iSCSI Initiator switch# show iscsi initiator iqn.1987-05.com.cisco:02.3021b0f2fda0.avanti12-w2k detail iSCSI Node name is iqn.1987-05.com.cisco:02.3021b0f2fda0.avanti12-w2k Initiator ip addr (s): 10.10.100.116 iSCSI alias name: AVANTI12-W2K...
Page 806 :10.2.2.11 :ff ff ff ff ff ff ff ff fc4-types:fc4_features:scsi-fcp:init iscsi-gw symbolic-port-name symbolic-node-name :iqn.1987-05.com.cisco.01.14ac33ba567f986f174723b5f9f2377 port-type port-ip-addr :0.0.0.0 fabric-port-wwn :22:01:00:05:30:00:35:de hard-addr :0x000000 Total number of entries = 10 Cisco MDS 9000 Family Configuration Guide 35-36 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 807 Node WWN is 22:03:00:05:30:00:10:e1 No. of PWWN: 4 Port WWN is 22:00:00:05:30:00:10:e1 Port WWN is 22:09:00:05:30:00:10:e1 Port WWN is 22:0a:00:05:30:00:10:e1 Port WWN is 22:0b:00:05:30:00:10:e1 User Name for Mutual CHAP: testuser Cisco MDS 9000 Family Configuration Guide 35-37 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 808: Displaying Iscsi Virtual Targets
Transparent Target Failover The following high availability configurations are available: iSCSI high availability with host running multi-path software • iSCSI High availability with host not having multi-path software • Cisco MDS 9000 Family Configuration Guide 35-38 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 809 3/4 are still available. If the Storage port P-1 fails, then the IPS ports will terminate session 1 and 3 (put iSCSI virtual target iqn.com.cisco.mds-5.1-2.p1 and iqn-com.cisco.mds-5.1-1.p1 in off-line state). But session 2/4 are still available. In this topology, you have recovery from failure of any of the components. The host multi-path software takes care of load-balancing/fail-over across the different paths to access the storage.
Page 810 To create a static iSCSI virtual target, follow these steps: Command Purpose Step 1 Enters configuration mode. switch# config terminal switch(config)# Step 2 Creates the iSCSI target name switch(config)# iscsi virtual-target name iqn.1987-02.com.cisco.initiator iqn.1987-02.com.cisco.initiator. Cisco MDS 9000 Family Configuration Guide 35-40 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 811 Fibre Channel target with redundant ports. When the active port fails, the passive port becomes active, and if the trespass feature is enabled, the Cisco MDS switch sends a request to the target to move the LUs on the new active port. The iSCSI session switches to use the new...
Page 812 Multiple IPS Ports Connected to the Same IP Network Figure 35-17 provides an example of a configuration with multiple Gigabit Ethernet interfaces in the same IP network. Cisco MDS 9000 Family Configuration Guide 35-42 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 813 (with different names). The multi-pathing software on the host provides load-balancing over both paths. If one Gigabit Ethernet interface fails, the host multi-pathing software is not affected because it can use the second path. Cisco MDS 9000 Family Configuration Guide 35-43 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 814 Gigabit Ethernet interface has taken over the virtual IP address as the new master. Cisco MDS 9000 Family Configuration Guide 35-44 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 815: Ethernet Portchannel-Based High Availability
This section does not specify the steps to enter or exit EXEC mode, configuration mode, or any submode. Note Be sure to verify the prompt before issuing any command. Cisco MDS 9000 Family Configuration Guide 35-45 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 816: No Authentication
Configure the user names and passwords for iSCSI users. Step 3 switch(config)# username iscsi-user password abcd iscsi If you do not specify the iscsi option, the user name is assumed to be a Cisco MDS switch user Note instead of an iSCSI user.
Page 817: Iscsi Transparent Mode Initiator
To configure an iSCSI RADIUS server, follow these steps: Step 1 Configure the RADIUS server to allow access from the Cisco MDS switch's management Ethernet IP address. Step 2 Configure the shared secret for the RADIUS server to authenticate the Cisco MDS switch.
Page 818 To configure scenario 1 (see Figure 35-20), follow these steps: Configure null authentication for all iSCSI hosts in Cisco MDS switches. Step 1 switch(config)# iscsi authentication none Configure iSCSI to dynamically import all Fibre Channel targets into the iSCSI SAN using Step 2 auto-generated iSCSI target names.
Page 819 Step 10 switch(config)# zoneset name zoneset-iscsi vsan 1 switch(config-zoneset)# member iscsi-zone-1 switch(config-zoneset)# member iscsi-zone-2 Activate the zone set. Step 11 switch(config)# zoneset activate name zoneset-iscsi vsan 1 Cisco MDS 9000 Family Configuration Guide 35-49 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 820 VSAN 1, ISID 00023d000001, Status active, no reservation Initiator 10.11.1.10 <-----------------------------------Host 1 Initiator name iqn.1987-05.com.cisco:01.e41695d16b1a Session #1 Target iqn.1987-05.com.cisco:05.172.22.92.166.07-01.21000020376ffd97 VSAN 1, ISID 00023d000001, Status active, no reservation Cisco MDS 9000 Family Configuration Guide 35-50 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 821 Interface iSCSI 7/5, Portal group tag: 0x304 VSAN ID 1, FCID 0x6d0300 <------------------------ Host 1: Initiator iSCSI Node name is 10.11.1.10 iSCSI Initiator name: iqn.1987 - 05.com.cisco:01.e41695d16b1a ID based on IP iSCSI alias name: oasis10.cisco.com address because Node WWN is 20:04:00:0b:fd:44:68:c2 (dynamic)
Page 822 <------ fc4-types:fc4_features:scsi-fcp:init iscsi-gw symbolic-port-name <--------------------- iSCSI initiator ID is symbolic-node-name :10.11.1.10 port-type based on the IP address port-ip-addr :0.0.0.0 registered in fabric-port-wwn :21:81:00:0b:fd:44:68:c0 symbolic-node-name hard-addr :0x000000 field Cisco MDS 9000 Family Configuration Guide 35-52 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 823: Target Storage Device Requiring Lun Mapping
Configure the iSCSI interface in slot 7 port 1 to identify all dynamic iSCSI initiators by the IP address Step 4 and enable the interface. switch(config)# int iscsi 7/1 switch(config-if)# switchport initiator id ip-address switch(config-if)# no shut Cisco MDS 9000 Family Configuration Guide 35-53 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 824 The following command is based on the persistent pWWN assigned to the initiator. You can obtain • the pWWN from the show iscsi initiator output. switch(config-zone)# member pwwn 20:02:00:0b:fd:44:68:c2 Cisco MDS 9000 Family Configuration Guide 35-54 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 825 Number of Virtual n_ports: 1 <---- The configured pWWN Virtual Port WWN is 20:02:00:0b:fd:44:68:c2 (configured) Interface iSCSI 7/1, Portal group tag: 0x300 VSAN ID 1, FCID 0x680102 Cisco MDS 9000 Family Configuration Guide 35-55 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 826 0x680102 detail vsan 1 ------------------------ VSAN:1 FCID:0x680102 ------------------------ port-wwn (vendor) :20:02:00:0b:fd:44:68:c2 (Cisco) node-wwn :20:03:00:0b:fd:44:68:c2 class :2,3 node-ip-addr :10.11.1.10 :ff ff ff ff ff ff ff ff fc4-types:fc4_features:scsi-fcp:init iscsi-gw symbolic-port-name Cisco MDS 9000 Family Configuration Guide 35-56 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 827 -------------------------------------------------------------------------- 0x750001 21:00:00:20:37:6f:fe:54 (Seagate) scsi-fcp:target 0x750101 21:00:00:20:37:a6:a6:5d (Seagate) scsi-fcp:target <-- iSCSI 0x750200 20:06:00:0b:fd:44:68:c2 (Cisco) scsi-fcp:init isc..w Total number of entries = 3 initiator entry in name server Cisco MDS 9000 Family Configuration Guide 35-57 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 828: About Iscsi Storage Name Services
A Cisco MDS 9000 Family switch can act as an iSNS client and register all available iSCSI targets with an external iSNS server. All switches in the Cisco MDS 9000 Family with IPS modules or MPS-14/2 modules installed support iSNS server functionality.
Page 829: About Isns Client Functionality
To remove an iSNS profile, follow these steps: Command Purpose Step 1 Enters configuration mode. switch# config t switch(config)# Step 2 Removes a configured iSNS profile called switch(config)# no isns profile name OldIsns OldIsns. Cisco MDS 9000 Family Configuration Guide 35-59 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 830: Verifying Isns Client Configuration
Server 10.10.100.211 Example 35-18 Displays a Specified iSNS Profile switch# show isns profile ABC iSNS profile name ABC tagged interface GigabitEthernet2/3 tagged interface GigabitEthernet2/2 iSNS Server 10.10.100.204 Cisco MDS 9000 Family Configuration Guide 35-60 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 831 Example 35-21 Displays iSNS Queries switch# show isns query ABC gigabitethernet 2/3 iSNS server: 10.10.100.204 Init: iqn.1991-05.com.w2k Alias: <MS SW iSCSI Initiator> Tgt : iqn.1987-05.com.cisco:05.172.22.94.22.02-03 Tgt : iqn.1987-05.com.cisco:05.172.22.94.22.02-03.210000203762fa34 nWWN: 200000203762fa34 Cisco MDS 9000 Family Configuration Guide 35-61 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 832: About Isns Server Functionality
0 carrier errors About iSNS Server Functionality When enabled, the iSNS server on the Cisco 9000 Family MDS switch tracks all registered iSCSI devices. As a result, iSNS clients can locate other iSNS clients by querying the iSNS server. The iSNS...
Page 833: Configuring Isns Servers
Change Notification (SCN) message to the initiator so that the initiator can remove the session. Configuring iSNS Servers This section describe how to configure an iSNS server on a Cisco MDS 9000 Family switch. Cisco MDS 9000 Family Configuration Guide 35-63 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 834: Enabling The Isns Server
The default ESI retry count is 3. The client sends the server a response to indicate that it is still alive. If the client fails to respond after the configured number of retries, the client is deregistered from the server. Cisco MDS 9000 Family Configuration Guide 35-64...
Page 835 Dynamic import of FC target configuration changes Zone set changes Default zone access control changes IPS interface state changes Initiator configuration that change make the target accessible or inaccessible. Cisco MDS 9000 Family Configuration Guide 35-65 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 836 Example 35-23). Example 35-23 Displays the iSNS Server Configuration of ESI Interval and Database Contents switch# show isns config Server Name: switch1(Cisco Systems) Up since: Fri Jul 30 04:08:16 2004 Index: 1 Version: 1 TCP Port: 3205 fabric distribute (remote sync): ON...
Page 837 Node Name: iqn.com.cisco.disk2 Entity Index: 1 Node Type: Target(1) Node Index: 0x80000003 WWN(s): 22:00:00:20:37:39:dc:45 VSANS: Portal IP Address: 192.168.100.5 TCP Port: 3205 Entity Index: 1 Portal Index: 3 Cisco MDS 9000 Family Configuration Guide 35-67 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 838 Example 35-28 Displays Explicitly Registered Objects switch# show isns node all ------------------------------------------------------------------------------- iSCSI Node Name Type ------------------------------------------------------------------------------- iqn.1987-05.com.cisco:05.switch1.02-03.22000020375a6c8 Target iqn.com.cisco.disk1 Target iqn.com.cisco.ipdisk Target iqn.isns-first-virtual-target Target iqn.1991-05.cw22 Target iqn.1991-05.cw53 Target Cisco MDS 9000 Family Configuration Guide 35-68 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 839 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Example 35-29 Displays of the Specified Node switch# show isns node name iqn.com.cisco.disk1 iSCSI Node Name: iqn.com.cisco.disk1...
Page 840 35-40). If you do not specify any option, this command displays the entity ID and number of nodes or portals associated with the entity in a compact format; one per line. Cisco MDS 9000 Family Configuration Guide 35-70 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 841 Example 35-41 Displays the Import Target Settings for the Specified Switch switch# show isns iscsi global config switch 20:00:00:05:ec:01:04:00 iSCSI Global configuration: Switch: 20:00:00:05:ec:01:04:00 iSCSI Auto Import: Enabled Cisco MDS 9000 Family Configuration Guide 35-71 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 842: Default Settings
No packets are transmitted. TCP congestion window monitoring Enabled. Burst size 50KB. Jitter 500 Microseconds. TCP connection mode Active mode is enabled. Fibre Channel targets to iSCSI Not imported. Cisco MDS 9000 Family Configuration Guide 35-72 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 843 This feature cannot be configured and is not available in store-and-forward mode. iSNS registration interval 60 seconds (not configurable). iSNS registration interval retries Fabric distribution Enabled. Cisco MDS 9000 Family Configuration Guide 35-73 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 844 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Cisco MDS 9000 Family Configuration Guide 35-74 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 845 C H A P T E R Configuring IP Services Cisco MDS 9000 Family switches can route IP traffic between Ethernet and Fibre Channel interfaces. The IP static routing feature is used to route traffic between VSANs. To do so, each VSAN must be in a different IP subnetwork.
Page 846: Traffic Management Services
IP parameters (IP address, subnet mask) so that the switch is reachable. You can manually configure the management interface from the CLI. Cisco MDS 9000 Family Configuration Guide 36-2 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 847: Default Gateway Configuration
Ethernet spanning tree processing that the Ethernet switch would run if enabled. FoR Cisco Ethernet switches, use either the switchport host command in IOS is or the set port host in Catalyst OS. Refer to the configuration guide for your Ethernet switch.
Page 848: Default Network Configuration
When a VSAN is created, a VSAN interface is not created automatically. You need to specifically create the interface (see the “Configuring VSAN Interfaces” section on page 11-22). Cisco MDS 9000 Family Configuration Guide 36-4 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 849: Ipfc Configuration
Step 2 Enables IP routing (disabled by default). switch(config)# ip routing switch(config)# Step 3 Disables IP routing and reverts to the factory settings. switch(config)# no ip routing switch(config)# Cisco MDS 9000 Family Configuration Guide 36-5 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 850: Ipfc Configuration Example
Configure the IP address and subnet mask. switch_1(config-if)# ip address 10.1.1.1 255.0.0.0 Enable the VSAN interface and exit interface configuration submode. Step 3 switch_1(config-if)# no shutdown switch_1(config-if)# exit switch_1(config)# Cisco MDS 9000 Family Configuration Guide 36-6 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 851 Step 4 Enable the VSAN interface and exit interface configuration submode. switch_2(config-if)# no shutdown switch_2(config-if)# exit switch_2(config)# Enable IPv4 routing. Step 5 switch_2(config)# ip routing switch_2(config)# exit switch_2# Cisco MDS 9000 Family Configuration Guide 36-7 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 852 Enable the VSAN interface and exit interface configuration submode. Step 3 switch_3(config-if)# no shutdown switch_3(config-if)# exit switch_3(config)# Enable IPv4 routing. Step 4 switch_3(config)# ip routing switch_3(config)# exit switch_3# Cisco MDS 9000 Family Configuration Guide 36-8 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 853 64 bytes from 10.1.1.1: icmp_seq=3 ttl=64 time=0.653 ms --- 10.1.1.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2008 ms rtt min/avg/max/mdev = 0.510/0.787/1.199/0.297 ms Cisco MDS 9000 Family Configuration Guide 36-9 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 854: Configuring Ip Static Routes
Displaying and Clearing ARPs Address Resolution Protocol (ARP) entries in Cisco MDS 9000 Family switches can be displayed, deleted, or cleared. The ARP feature is enabled on all switches. Use the show arp command to display the ARP table.
Page 855: Displaying Ip Interface Information
172.22.95.1 0.0.0.0 mgmt0 10.1.1.0 0.0.0.0 255.255.255.0 vsan1 172.22.95.0 0.0.0.0 255.255.255.0 mgmt0 Example 36-4 Displays the IP Routing Status switch# show ip routing ip routing is disabled Cisco MDS 9000 Family Configuration Guide 36-11 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 856: Overlay Vsan Configuration
IP default gateway 10.10.10.34 VSAN 10 Int vsan10 - 10.10.10.35 Int vsan10 - 10.10.10.34 VSAN ENG 172.23.84.74 mgmt 0 172.23.84.86 IP cloud ip route 10.10.10.0 255.255.255.0 172.23.93.74 Cisco MDS 9000 Family Configuration Guide 36-12 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 857 Defines a static route on the NMS pointing to nms# route ADD 10.10.10.0 MASK 255.255.255.0 172.22.93.74 the management interface of the edge switch that provides access to the Fibre Channel fabric. Cisco MDS 9000 Family Configuration Guide 36-13 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 858: Multiple Vsan Configuration
IP default-gateway 10.10.10.35 next_hop 11.12.12.34 If vsan11 - 11.11.11.34 VSAN 11 default gateway If vsan11 - 11.11.11.72 172.23.84.74 172.23.84.86 IP cloud ip route 10.10.10.0 255.255.255.0 172.23.84.74 ip route 11.11.11.0 255.255.255.0 172.23.84.74 Cisco MDS 9000 Family Configuration Guide 36-14 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 859 Fibre Channel fabric. Step 18 Defines the route to reach subnet 10 from switch# route 10.10.10.0 255.255.255.0 next_hop 11.11.11.35 subnet 11. Cisco MDS 9000 Family Configuration Guide 36-15 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 860: Vrrp Functionality
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . The Virtual Router Redundancy Protocol Cisco MDS 9000 Family switches are compliant with RFC 2338 standards for Virtual Router Redundancy Protocol (VRRP) features. This section provides details on the VRRP feature.
Page 861: Virtual Router Addition And Deletion
Configures a VSAN interface (VSAN 1). switch(config)# interface vsan 1 switch(config-if)# Step 3 Creates a VR ID 250. switch(config-if)# vrrp 250 switch(config-if-vrrp) switch(config-if-vrrp)# no vrrp 250 Removes a VR ID 250. switch(config-if) Cisco MDS 9000 Family Configuration Guide 36-17 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 862: Virtual Router Initiation
This IP address should be in the same Note subnet as the IP address of the interface. Removes the IP address (10.0.0.10) for the switch(config-if-vrrp)# no address 10.0.0.10 selected VR. Cisco MDS 9000 Family Configuration Guide 36-18 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 863: Priority For The Virtual Router
1 switch(config-if)# Step 3 Creates a virtual router. switch(config-if)# vrrp 250 switch(config-if-vrrp)# Step 4 Sets the interval time in seconds between switch(config-if-vrrp)# advertisement-interval 15 sending advertisement frames. Cisco MDS 9000 Family Configuration Guide 36-19 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 864: Priority Preemption
You can configure the key using the authentication option in the VRRP submode and distribute it using the configuration file. The security parameter index (SPI) settings assigned in this option should be unique for each VSAN. Note All VRRP configurations must be duplicated. Cisco MDS 9000 Family Configuration Guide 36-20 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 865: Priority Based On Interface State
You can track one of two interfaces on a switch in the Cisco MDS 9000 Family: a specified VSAN interface or a management interface. For interface tracking to function, you must enable preemption on the interface. See the “Priority...
Page 866: Clearing Vrrp Statistics
Use the clear vrrp command to clear all the software counters for the specified virtual router (see Example 36-9). Example 36-9 Clears VRRP Information switch# clear vrrp 7 interface vsan2 switch# Cisco MDS 9000 Family Configuration Guide 36-22 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 867: Dns Server Configuration
Any IP host name that does not contain a domain name (that is, any name without a dot), will have the dot and cisco.com appended to it before being added to the host table. Step 4...
Page 868: Displaying Dns Host Information
10. Remote destination switch If the remote destination switch is not specified, the default is direct. Multicast routing Uses the principal switch to compute the multicast tree. Cisco MDS 9000 Family Configuration Guide 36-24 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 869 IP (FCIP), and it allows IP hosts to access Fibre Channel storage using the iSCSI protocol. Note FCIP and iSCSI features are specific to the IPS module and are available in Cisco MDS 9200 Switches or Cisco MDS 9500 Directors.
Page 870 IPS module provides IP hosts access to Fibre Channel storage devices. The IP host • sends SCSI commands encapsulated in iSCSI protocol data units (PDUs) to a Cisco MDS 9000 Family switch IPS port over a TCP/IP connection. At this point, the commands are routed from an IP network into a Fibre Channel network and forwarded to the intended target.
Page 871: Module Status Verification
IPS modules use a rolling upgrade install mechanism where each module in a given switch can only be upgraded in sequence. To guarantee a stable state, each IPS module in a switch requires a 5-minute delay before the next IPS module is upgraded. Cisco MDS 9000 Family Configuration Guide 37-3 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 872: Mps-14/2 Module Upgrade
Supported Hardware You can configure the FCIP and iSCSI features using one of more of the following hardware: IPS-4 and IPS-8 modules (refer to the Cisco MDS 9200 Series Hardware Installation Guide or the • Cisco MDS 9500 Series Hardware Installation Guide for more information) MPS-14/2 module (refer to the Cisco MDS 9200 Series Hardware Installation Guide or the Cisco •...
Page 873: Basic Gigabit Ethernet Configuration
Ethernet spanning tree processing that the Ethernet switch would run if enabled. FoR Cisco Ethernet switches, use either the switchport host command in IOS is or the set port host in Catalyst OS. Refer to the configuration guide for your Ethernet switch.
Page 874: Configuring Beacon Mode
2/2 switch(config-if)# Gigabit Ethernet interface (slot 2, port 2). Step 3 Changes the MTU size to 3000 bytes. The switch(config-if)# switchport mtu 3000 default is 1500 bytes. Cisco MDS 9000 Family Configuration Guide 37-6 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 875: Configuring Promiscuous Mode
If you need to have traffic from multiple VLANs terminated on one Gigabit Ethernet port, configure subinterfaces—one for each VLAN. If the IPS module or MPS-14/2 module is connected to a Cisco Ethernet switch, and you need to have Note...
Page 876: Configuring The Vlan Subinterface
The mgmt0 interface cannot be configured in the same subnet as the Gigabit Ethernet interfaces or mgmt0 Gigabit Ethernet 1/1 subinterfaces. The configuration requirements in Table 37-1 also apply to Ethernet PortChannels. Note Cisco MDS 9000 Family Configuration Guide 37-8 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 877: Configuring Static Ip Routing
Example 37-2 Verifying Gigabit Ethernet Connectivity switch# ping 10.100.1.25 PING 10.100.1.25 (10.100.1.25): 56 data bytes 64 bytes from 10.100.1.25: icmp_seq=0 ttl=255 time=0.1 ms 64 bytes from 10.100.1.25: icmp_seq=1 ttl=255 time=0.1 ms Cisco MDS 9000 Family Configuration Guide 37-9 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 878: Gigabit Ethernet Ip-Acl Guidelines
Step 3 Applies the IP-ACL SampleName on switch(config-if)# ip access-group SampleName Gigabit Ethernet 3/1 for both ingress and egress traffic (if the association does not exist already). Cisco MDS 9000 Family Configuration Guide 37-10 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 879: Displaying Arp Caches
10.2.2.2 interface gigabitethernet 8/7 arp clear successful Example 37-5 Clearing All ARP Cache Entries switch# clear ips arp interface gigabitethernet 8/7 arp clear successful Cisco MDS 9000 Family Configuration Guide 37-11 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 880: Displaying Statistics
The show ips stats mac interface gigabitethernet command takes the main Gigabit Ethernet interface as a parameter and returns Ethernet statistics for that interface. See Example 37-8. Use the physical interface, not the subinterface, to display Ethernet MAC statistics. Note Cisco MDS 9000 Family Configuration Guide 37-12 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 881: Displaying Dma-Bridge Statistics
Use the show ips stats ip interface gigabitethernet to display and verify IP statistics. This command takes the main Ethernet interface as a parameter and returns the IP statistics for that interface. See Example 37-10. Cisco MDS 9000 Family Configuration Guide 37-13 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 882 30 pcb hash miss, 0 no port, 0 bad SYN, 0 paws drops TCP Connection Stats 0 attempts, 3 accepts, 3 established 3 closed, 2 drops, 0 conn drops 0 drop in retransmit timeout, 1 drop in keepalive timeout Cisco MDS 9000 Family Configuration Guide 37-14 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 883: Configuring Gigabit Ethernet High Availability
Configuring Gigabit Ethernet High Availability Virtual Router Redundancy Protocol (VRRP) and Ethernet PortChannels are two Gigabit Ethernet features that provide high availability for iSCSI and FCIP services. Cisco MDS 9000 Family Configuration Guide 37-15 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 884: Vrrp For Iscsi And Fcip Services
Ethernet interface (slot 2, port 2). switch(config-if)# Step 3 Enters the IP address (10.1.1.10) and IP mask switch(config-if)# ip address 10.1.1.10 255.255.255.0 (255.255.255.0) for the Gigabit Ethernet interface. Cisco MDS 9000 Family Configuration Guide 37-16 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 885: About Ethernet Portchannel Aggregation
All FCIP data traffic for one FCIP link is carried on one TCP connection. Consequently, the aggregated bandwidth is 1 Gbps for that FCIP link. The Cisco Ethernet switch’s PortChannel should be configured as a static PortChannel, and not the Note default 802.3ad protocol.
Page 886: Configuring Ethernet Portchannels
“no shutdown” at both ends to bring them up switch(config-if)# Step 7 Enables the selected interface. switch(config-if)# no shutdown Cisco MDS 9000 Family Configuration Guide 37-18 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 887: Ips Module Core Dumps
(OS) unexpectedly resets, it is useful to obtain a copy of the memory image (called a IPS core dump) to identify the cause of the reset. Under that condition, the IPS module sends the core dump to the supervisor module for storage. Cisco MDS switches have two levels of IPS core dumps: Partial core dumps (default)—Each partial core dump consists of four parts (four files).
Page 888: Default Settings
Gigabit Ethernet parameters. Table 37-2 Default Gigabit Ethernet Parameters Parameters Default IP MTU frame size 1500 bytes for all Ethernet ports Auto-negotiation Enabled. Promiscuous mode Disabled Cisco MDS 9000 Family Configuration Guide 37-20 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 889 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . A R T Intelligent Storage Services...
Page 890 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .
Page 891: About Scsi Flow Services
C H A P T E R Configuring SCSI Flow Services and Statistics Storage Services Module (SSM) supports in SCSI flow services and SCSI flow statistics in Cisco MDS SAN-OS Release 2.0(2b) and later. This chapter includes the following sections: About SCSI Flow Services, page 38-1 •...
Page 892: Scsi Flow Manager
The SFM on the initiator communicates to its peer on the target side using Cisco Fabric Services (CFS). Peer communication allows the initiator SFM to validate target parameters and program information on the target side.
Page 893: Scsi Flow Configuration Client
In Cisco MDS SAN-OS Releases 2.0(1b) through 2.1(1a), you can only enable SCSI flow services on the entire SSM. As of Cisco MDS SAN-OS Release 2.1(2), you can enable SCSI flow services either on the entire SSM or on groups of four interfaces.
Page 894: Enabling Scsi Flow Configuration Distribution
Step 2 Enables SCSI flow configuration distribution switch(config)# scsi-flow distribute through CFS. The default is enabled. Disables CFS distribution for SCSI flow switch(config)# no scsi-flow distribute configuration. Cisco MDS 9000 Family Configuration Guide 38-4 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 895: Configuring Scsi Flow Identifiers
– Read capacity – Mode sense Request sense – Errors • Number of timeouts – Number of I/O failures – Number of various SCSI status events – Cisco MDS 9000 Family Configuration Guide 38-5 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 896: Enabling Scsi Flow Statistics
Note switches. For SCSI flow statistics, the initiator must connect to an SSM on a Cisco MDS switch while the target Note can connect to any other switch in the fabric. The SCSI flow initiator and target cannot connect to the same switch.
Page 897 Initiator Verification Status: success Target Verification Status: success Initiator Linecard Status: success Target Linecard Status: success Feature Status: --------------- Write-Acceleration enabled Write-Acceleration Buffers: 1024 Configuration Status: success Statistics enabled Cisco MDS 9000 Family Configuration Guide 38-7 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 898 Sense Key Unit Attention=28 Sense Key Data Protect=0 Sense Key Blank Check=0 Sense Key Copy Aborted=0 Sense Key Aborted Command=0 Sense Key Volume Overflow=0 Sense Key Miscompare=0 Cisco MDS 9000 Family Configuration Guide 38-8 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 899 Sense Key Unit Attention=28 Sense Key Data Protect=0 Sense Key Blank Check=0 Sense Key Copy Aborted=0 Sense Key Aborted Command=0 Sense Key Volume Overflow=0 Sense Key Miscompare=0 Cisco MDS 9000 Family Configuration Guide 38-9 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 900: Default Settings
Intelligent Storage Services parameters. Table 38-1 Default Intelligent Storage Services Parameters Parameters Default SCSI flow services Disabled SCSI flow services distribution Enabled SCSI flow statistics Disabled Cisco MDS 9000 Family Configuration Guide 38-10 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 901: About Fibre Channel Write Acceleration
The initiator and target cannot connect to the same Cisco MDS switch. Fibre Channel write acceleration Note requires that the negotiator and target must each connect to an SSM module installed on different Cisco MDS switches. Cisco MDS 9000 Family Configuration Guide 39-1 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 902: Enabling Fibre Channel Write Acceleration
Initiator Verification Status: success Target Verification Status: success Initiator Linecard Status: success Target Linecard Status: success Feature Status: --------------- Write-Acceleration enabled Write-Acceleration Buffers: 1024 Configuration Status: success Statistics enabled Cisco MDS 9000 Family Configuration Guide 39-2 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 903: Default Settings
Fibre Channel Write Acceleration parameters. Table 39-1 Default Intelligent Storage Services Parameters Parameters Default Fibre Channel write acceleration Disabled Fibre Channel write acceleration buffers 1024 Cisco MDS 9000 Family Configuration Guide 39-3 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 904 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Cisco MDS 9000 Family Configuration Guide 39-4 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 905 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . C H A P T E R Configuring SANTap The Storage Services Module (SSM) supports Intelligent Storage Services in Cisco MDS SAN-OS Release 2.1(1a) and later that include SANTap. This chapter includes the following sections: About SANTap, page 40-1 •...
Page 906 SSM. See Figure 40-2. Figure 40-2 SANTap Transparent Mode Example Host initiators (connected directly to ports on SSM) SAN 1 SAN 2 with SANTap capability Appliance Target Cisco MDS 9000 Family Configuration Guide 40-2 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 907 Proxy mode-1 • Proxy mode-1 assigns Cisco-specific WWNs to the virtual initiators (VIs) and digital virtual targets (DVTs). The benefit of this mode is that it eliminates the requirement of transparent mode that a host initiator or a target be connected directly to an SSM. In proxy mode-1, the SSM can be anywhere in the SAN.
Page 908: Enabling Santap
The groups of four interfaces do not need to be consecutive. You can specify fc1 through fc8 and fc17 through fc20. To enable the SANTap feature, follow these steps: Command Purpose Step 1 Enters configuration mode. switch# config t switch(config)# Cisco MDS 9000 Family Configuration Guide 40-4 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 909: Displaying Santap Information
Example 40-1 Displays SANTap Control Virtual Terminal Information switch# show santap module 2 cvt CVT Information : cvt pwwn = 25:3c:00:05:30:00:22:25 cvt nwwn = 25:3d:00:05:30:00:22:25 cvt id cvt xmap_id cvt vsan = 10 Cisco MDS 9000 Family Configuration Guide 40-5 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 910 = 77:77:77:77:77:77:77:77 adt lun = 0x0 num ranges dvt id vdisk id session state = 0 mrl requested = 1 pwl requested = 1 iol requested = 0 Cisco MDS 9000 Family Configuration Guide 40-6 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 911 RVT LUN Information : rvt pwwn = 2a:61:00:05:30:00:22:25 rvt lun = 0x0 xmap id = 22 rvt id = 17 app pwwn = 22:00:00:20:37:39:b1:00 app lun = 0x0 app vsan Cisco MDS 9000 Family Configuration Guide 40-7 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 912: Default Settings
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Default Settings Table 40-1 lists the default settings for Intelligent Storage Services parameters. Table 40-1 Default Intelligent Storage Services Parameters Parameters Default SANTap feature Disabled Cisco MDS 9000 Family Configuration Guide 40-8 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 913 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . C H A P T E R Configuring NASB The Storage Services Module (SSM) supports Intelligent Storage Services in Cisco MDS SAN-OS Release 2.1(1a) and later that include Network-Accelerated Serverless Backup (NASB). This chapter includes the following sections: About NASB, page 41-1 •...
Page 914 For example, if the destination is a tape library, the media server issues commands to load and unload the correct tape and position of the tape write head at the correct offset within the tape. Cisco MDS 9000 Family Configuration Guide 41-2...
Page 915: Enabling Nasb
Forces the switch to disable the NASB switch(config)# no ssm enable feature nasb force interface fc 4/1 - 4 application on ports 1 through 4 on the SSM in slot 4. Cisco MDS 9000 Family Configuration Guide 41-3 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 916: Nasb Target Rediscovery
Initiates a rediscovery of a target device for switch# nasb rediscover module 2 vsan 9 target-pwwn 20:02:00:a0:b8:16:a1:5f the SSM in slot 2. nasb rediscovery initiated Displaying NASB Information Cisco MDS 9000 Family Configuration Guide 41-4 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 917 NASB:module 3 vsan 1:DPP-1, VT-nWWN=22f90005300036a2, pWWN=22fa0005300036a2 (provisioned) NASB:module 3 vsan 1:DPP-2, VT-nWWN=22fb0005300036a2, pWWN=22fc0005300036a2 (provisioned) NASB:module 3 vsan 1:DPP-3, VT-nWWN=22fd0005300036a2, pWWN=22fe0005300036a2 (provisioned) NASB:module 3 vsan 1:DPP-4, VT-nWWN=22ff0005300036a2, pWWN=26000005300036a2 (provisioned) Cisco MDS 9000 Family Configuration Guide 41-5 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 918: Default Settings
NASB:module 3 vsan 1:DPP-8, VT-nWWN=26070005300036a2, pWWN=26080005300036a2 (provisioned) Default Settings Table 41-1 lists the default settings for Intelligent Storage Services parameters. Table 41-1 Default Intelligent Storage Services Parameters Parameters Default NASB feature Disabled Cisco MDS 9000 Family Configuration Guide 41-6 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 919 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . A R T Network and Switch Monitoring...
Page 920 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .
Page 921: About Rmon
• Default Settings, page 42-3 • About RMON All switches in the Cisco MDS 9000 Family support the following RMON functions (defined in RFC 2819): • Alarm—Monitors a specific management information base (MIB) object for a specified interval, triggers an alarm at a specified value (rising threshold), and resets the alarm at another value (falling threshold).
Page 922: Rmon Alarm Configuration
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . We recommend an additional, generic RMON console application on the network management station (NMS) to take advantage of RMON's network management capabilities. Refer to the Cisco MDS 9000 Family Fabric Manager Configuration Guide.
Page 923: Rmon Event Configuration
Default Settings Table 42-1 lists the default settings for all RMON features in any switch. Table 42-1 Default RMON Settings Parameters Default RMON alarms Disabled. RMON events Disabled. Cisco MDS 9000 Family Configuration Guide 42-3 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 924 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Cisco MDS 9000 Family Configuration Guide 42-4 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 925 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . C H A P T E R Monitoring Network Traffic Using SPAN This chapter describes the Switched Port Analyzer (SPAN) features provided in switches in the Cisco MDS 9000 Family. It includes the following sections: About SPAN, page 43-2 •...
Page 926: About Span
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . About SPAN The SPAN feature is specific to switches in the Cisco MDS 9000 Family. It monitors network traffic though a Fibre Channel interface. Traffic through any Fibre Channel interface can be replicated to a special port called the SPAN destination port (SD port).
Page 927: Span Sources
Ethernet ports. You can configure SPAN for ingress traffic, egress traffic, or traffic in both directions for all eight iSCSI and 24 FCIP interfaces that are available in the IPS module. You can configure SPAN for Ethernet traffic using Cisco switches or routers connected to the Cisco MDS Note 9000 Family IPS modules.
Page 928: Csm Source Ports
CSM Source Ports SPAN capabilities are available on the Caching Services Module (CSM). Refer to the Cisco MDS 9000 Family SAN Volume Controller Configuration Guide for more information. Allowed Source Interface Types The SPAN feature is available for the following interface types: Physical ports such as F ports, FL ports, TE ports, E ports, and TL ports.
Page 929: Span Sessions
A source can be shared by two sessions, however, each session must be in a different direction—one ingress and one egress. You can temporarily deactivate (suspend) any SPAN session. The traffic monitoring is stopped during this time. Cisco MDS 9000 Family Configuration Guide 43-5 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 930: Specifying Filters
You can configure up to 16 SPAN sessions with multiple ingress (Rx) sources. • You can configure a maximum of three SPAN sessions with one egress (Tx) port. • Cisco MDS 9000 Family Configuration Guide 43-6 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 931: Configuring Span
Configures the source (fc7/1) interface in switch(config-span)# source interface fc7/1 both directions. Removes the specified destination interface switch(config-span)# no source interface fc7/1 (fc 7/1) from this session. Cisco MDS 9000 Family Configuration Guide 43-7 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 932: Suspending And Reactivating Span Sessions
Step 2 Configures the specified session (1). switch(config)# span session 1 switch(config-span)# Step 3 Temporarily suspends the session. switch(config-span)# suspend Reactivates the session. switch(config-span)# no suspend Cisco MDS 9000 Family Configuration Guide 43-8 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 933: Encapsulating Frames
SPAN Conversion Behavior As of Cisco MDS SAN-OS Release 1.1(1), SPAN features (configured in any prior release) are converted as follows: If source interfaces and source VSANs are configured in a given session, then all the source VSANs •...
Page 934: Monitoring Traffic Using Fibre Channel Analyzers
The deprecated configurations are removed from persistent memory once a switchover or a new startup configuration is implemented. Session 2 had a source VSAN 12 and a source interface fc1/6 with VSAN filters specified in Cisco MDS SAN-OS Release 1.0(4). When upgraded to Cisco MDS SAN-OS Release 1.1(1) the following changes are made: The source VSAN (VSAN 12) is removed (rule 1).
Page 935: With Span
Using SPAN you can monitor ingress traffic on fc1/1 at SD port fc2/2 and egress traffic on SD port fc2/1. This traffic is seamlessly captured by the FC analyzer as shown in Figure 43-6. Cisco MDS 9000 Family Configuration Guide 43-11 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 936: Configuring Analyzers Using Span
Step 6 Configures the destination interface fc2/2. switch(config-span)## destination interface fc2/2 Step 7 Configures the source interface fc1/1 in switch(config-span)# source interface fc1/1 tx the egress direction. Cisco MDS 9000 Family Configuration Guide 43-12 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 937: Single Sd Port To Monitor Traffic
Step 3 Configures the destination interface fc2/1. switch(config-span)## destination interface fc2/1 Step 4 Configures the source interface fc1/1 on the switch(config-span)# source interface fc1/1 same SD port. Cisco MDS 9000 Family Configuration Guide 43-13 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 938: Displaying Span Information
Destination is not configured Session filter vsans are 1-20 Ingress (rx) sources are fc3/2, fc3/3, fc3/4, fcip 51, port-channel 2, sup-fc0, Egress (tx) sources are fc3/2, fc3/3, fc3/4, sup-fc0, Cisco MDS 9000 Family Configuration Guide 43-14 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 939 0 frames output, 0 bytes, 0 discards 0 input OLS, 0 LRR, 0 NOS, 0 loop inits 0 output OLS, 0 LRR, 0 NOS, 0 loop inits Cisco MDS 9000 Family Configuration Guide 43-15 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 940: Remote Span
Fibre Channel fabric. You can replicate and monitor traffic in any remote Cisco MDS 9000 Family switch or director, just as you would monitor traffic in a Cisco MDS source switch.
Page 941: Fc And Rspan Tunnels
FC analyzer Guidelines to Configure RSPAN The following guidelines apply for a SPAN configuration: All switches in the end-to-end path of the RSPAN tunnel must belong to the Cisco MDS 9000 • Family. All VSANs with RSPAN traffic must be enabled. If a VSAN containing RSPAN traffic is not •...
Page 942: St Port Characteristics
Switch S to be the source and Switch D to be the destination. Note Besides the source and destination switches, the VSAN must also be configured in each Cisco MDS switch in the Fibre Channel fabric, if they exist.
Page 943 Step 2 Initiates the FC tunnel (100) in the source switch switchS(config)# interface fc-tunnel 100 switchS(config-if)# (switch S). The tunnel IDs range from 1 to 255. Cisco MDS 9000 Family Configuration Guide 43-19 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 944 Associates and binds the ST port with the RSPAN switchS(config-if)# rspan-tunnel interface fc-tunnel 100 tunnel (100). Step 6 Enables traffic flow through this interface. switchS(config-if)# no shutdown Cisco MDS 9000 Family Configuration Guide 43-20 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 945: Configuration In All Intermediate Switches
10.10.10.2 255.255.255.0 interface in the destination switch (Switch D). Step 4 Enables traffic flow to administratively allow traffic switchD(config-if)# no shutdown (provided the operational state is up). Cisco MDS 9000 Family Configuration Guide 43-21 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 946: Configuration In The Destination Switch
10.10.10.2 255.255.255.0 interface in the destination switch (Switch D). Step 4 Enables traffic flow to administratively allow traffic switchD(config-if)# no shutdown (provided the operational state is up). Cisco MDS 9000 Family Configuration Guide 43-22 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 947 SD Step 4 Configures the SD port speed to 2000 Mbps. switchD(config-if)# switchport speed 2000 Step 5 Enables traffic flow through this interface. switchD(config-if)# no shutdown Cisco MDS 9000 Family Configuration Guide 43-23 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 948: Explicit Paths
(switch D). The tunnel ID range is from 1 to 255. Explicit Paths You can specify an explicit path through the Cisco MDS Fibre channel fabric (source-based routing), using the explicit-path option. For example, if you have multiple paths to a tunnel destination, you can use this option to specify the fc-tunnel to always take one path to the destination switch.
Page 949 Path1—10.10.10.3 exists in Path 1. Using the loose option, you can achieve the same effect with one command instead of issuing three commands (using the strict option) in Step 3. Cisco MDS 9000 Family Configuration Guide 43-25 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 950: Monitoring Rspan Traffic
RSPAN can be combined with the local SPAN feature so SD ports forward local SPAN traffic along with Note remote SPAN traffic. Various SPAN source and tunnel scenarios are described in this section. Cisco MDS 9000 Family Configuration Guide 43-26 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 951: Single Source With One Rspan Tunnel
Cisco MDS Cisco MDS source switch S RSPAN tunnels destination switch D SPAN Cisco MDS sources Fibre Channel fabric Cisco MDS Switch C FC analyzer FC analyzer Cisco MDS 9000 Family Configuration Guide 43-27 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 952: Multiple Sources With Multiple Rspan Tunnels
------------------------------------------------------------------------------- Interface Vsan Admin Admin Status Oper Oper Port-channel Mode Trunk Mode Speed Mode (Gbps) ------------------------------------------------------------------------------- fc1/1 auto trunking fc1/14 auto trunking fc1/15 Cisco MDS 9000 Family Configuration Guide 43-28 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 953 0 input OLS, 0 LRR, 0 NOS, 0 loop inits 0 output OLS, 0 LRR, 0 NOS, 0 loop inits Example 43-7 Displays the FC Tunnel Status switch# show fc-tunnel fc-tunnel is enabled Cisco MDS 9000 Family Configuration Guide 43-29 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 954: Default Span And Rspan Settings
If filters are not specified SPAN traffic includes traffic through a specific interface from all active VSANs. Encapsulation Disabled. SD port Output frame format is Fibre Channel. Cisco MDS 9000 Family Configuration Guide 43-30 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 955: Default Rspan Settings
RSPAN parameters. Table 43-3 Default RSPAN Configuration Parameters Parameters Default FC tunnel Disabled. Explicit path Not configured. Minimum cost path Used if explicit path is not configured. Cisco MDS 9000 Family Configuration Guide 43-31 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 956 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Cisco MDS 9000 Family Configuration Guide 43-32 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 957: About System Message Logging
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . C H A P T E R Configuring System Message Logging This chapter describes how to configure system message logging on Cisco MDS 9000 Family switches. It includes the following sections: About System Message Logging, page 44-1 •...
Page 958 Security Cisco MDS 9000 Family specific syslog Internal system messages Standard sysmgr System manager Cisco MDS 9000 Family specific tlport TL port Cisco MDS 9000 Family specific Cisco MDS 9000 Family Configuration Guide 44-2 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 959: System Message Logging Configuration
LOG_INFO debugging Debugging messages LOG_DEBUG Refer to the Cisco MDS 9000 Family System Messages References for details on the error log message Note format. System Message Logging Configuration System logging messages are sent to the console based on the default (or configured) logging facility and severity values.
Page 960: Message Logging Initiation
Reverts console logging to the factory set default severity level switch(config)# no logging console of 2 (critical). Logging messages with a severity level of 2 or above are displayed on the console. Cisco MDS 9000 Family Configuration Guide 44-4 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 961: Monitor Severity Level
Telnet or SSH logging for the kernel facility. Note Use the show logging info command to display the default logging levels for the facilities listed Table 44-1. Cisco MDS 9000 Family Configuration Guide 44-5 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 962: Log Files
You can use the show logging logfile and clear logging logfile commands to view and delete the contents of this file. As of Cisco MDS SAN-OS Release 2.1(1a), you can use the the dir log: command to view logging file statistics. You can use the delete log: command to remove the log file.
Page 963 Cron or at facility Standard daemon System daemons Standard File Transfer Protocol Standard kernel Kernel Standard local0 to local7 Locally defined messages Standard (local7 is the default) Cisco MDS 9000 Family Configuration Guide 44-7 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 964 Standard System Message Logging Configuration Distribution You can enable fabric distribution for all Cisco MDS switches in the fabric. When you perform system message logging configurations, and distribution is enabled, that configuration is distributed to all the switches in the fabric.
Page 965: Displaying System Message Logging Information
Example 44-1 Displays Current System Message Logging switch# show logging Logging console: enabled (Severity: critical) Logging monitor: enabled (Severity: debugging) Logging linecard: enabled (Severity: debugging) Logging server: enabled Cisco MDS 9000 Family Configuration Guide 44-9 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 966 Cisco MDS 9000 Family Configuration Guide 44-10 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 967 Facility Default Severity Current Session Severity -------- ---------------- ------------------------ kern user mail daemon auth syslog news uucp cron authpriv local0 local1 local2 local3 local4 Cisco MDS 9000 Family Configuration Guide 44-11 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 968 Logging logfile: enabled Name - messages: Severity - debugging Size - 4194304 Facility Default Severity Current Session Severity -------- ---------------- ------------------------ kern user mail Cisco MDS 9000 Family Configuration Guide 44-12 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 969 Example 44-7 Displays Last Few Lines of a Log File switch# show logging last 2 Nov 8 16:48:04 excal-113 %LOG_VSHD-5-VSHD_SYSLOG_CONFIG_I: Configuring console from pts/1 (171.71.58.56) Nov 8 17:44:09 excal-113 %LOG_VSHD-5-VSHD_SYSLOG_CONFIG_I: Configuring console from pts/0 (171.71.58.72) Cisco MDS 9000 Family Configuration Guide 44-13 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 970: Default Settings
Message (change to a name with up to 200 characters). Logging server Disabled. Syslog server IP address Not configured. Number of servers Three servers. Server facility Local 7. Cisco MDS 9000 Family Configuration Guide 44-14 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 971 RMON alert messages are added to the list of deliverable Call Home messages. If required you can also use the Cisco Fabric Services application to distribute the Call Home configuration to all other switches in the fabric.
Page 972: Call Home Features
For those who have service contracts directly with Cisco Systems, automatic case generation with the Technical Assistance Center is possible by registering with the AutoNotify service. AutoNotify provides fast time to resolution of system problems by providing a direct notification path to Cisco customer support.
Page 973: Call Home Configuration Process
The exact product number of your Cisco MDS 9000 Family switch. For example, valid product • numbers are DS-C6509 and DS-C9216-K9. The serial number of your Cisco MDS 9000 Family switch. This can be obtained by looking at the • serial number label on the back of the switch (next to the power supply).
Page 974: Destination Profiles
You can configure multiple destination profiles of one or more types. You can use one of the predefined destination profiles or define a desired profile. If you define a new profile, you must assign a profile name. Cisco MDS 9000 Family Configuration Guide 45-4 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 975 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . If you use the Cisco AutoNotify service, the XML destination profile is required (see Note http://www.cisco.com/en/US/partner/products/hw/ps4159/ps4358/products_configuration_example091...
Page 976 XML-destination profile. The email-addresses in this email-addr findout@.cisco.com destination-profile receives messages in XML format. This format provides information that is compatible with Cisco Systems TAC support. Do not add a pager-related e-mail address to this destination profile because of the large message size.
Page 977: Alert Groups
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Alert Groups An alert group is a predefined subset of Call Home alerts supported in all switches in the Cisco MDS 9000 Family. Different types of Call Home alerts are grouped into different alert groups depending on their type.
Page 978: Call Home Message Level Feature
5 and above for the user-defined profile (test1). Removes a previously configured urgency level switch(config-callhome)# no destination-profile oldtest message-level 7 and reverts it to the default of 0 (all messages are sent). Cisco MDS 9000 Family Configuration Guide 45-8 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 979: Syslog-Based Alerts
Call Home does not change the syslog message level in the message text. The syslog message texts in Note the Call Home log appear as they are described in the Cisco MDS 9000 Family System Messages Guide. Whenever a syslog message is generated, the Call Home application sends a Call Home message depending on the mapping between the destination profile and the alert group mapping and based on the severity level of the generated syslog message.
Page 980: E-Mail Options
The port usage defaults to 25 if no port is specified. switch(config-callhome)# transport email smtp-server 192.168.1.1 port 30 The port number is optional and, if required, may Note be changed depending on the server location. Cisco MDS 9000 Family Configuration Guide 45-10 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 981: Periodic Inventory Notification
By default, this feature is disabled in all switches in the Cisco MDS 9000 Family. When you enable this feature without configuring an interval value, the Call Home message is sent every 7 days. This value ranges form 1 to 30 days.
Page 982: Call Home Enable Function
Call Home event is sent. Call Home Configuration Distribution You can enable fabric distribution for all Cisco MDS switches in the fabric. When you perform Call Home configurations, and distribution is enabled, that configuration is distributed to all the switches in the fabric.
Page 983: Fabric Lock Override
The changes are only available in the volatile directory and are subject to being discarded if the switch is restarted. To use administrative privileges and release a locked Call Home session, use the clear callhome session command. switch# clear callhome session Cisco MDS 9000 Family Configuration Guide 45-13 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 984: Call Home Communications Test
Picaboo Street, Any city, Any state, 12345 site id:Site1ManhattanNewYork customer id:Customer1234 contract id:Cisco1234 switch priority:0 Cisco MDS 9000 Family Configuration Guide 45-14 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 985 Example 45-4 Displays the Full-Text Profile switch# show callhome destination-profile profile full-txt-destination full-txt destination profile information maximum message size:250000 email addresses configured: person2@company2.com Cisco MDS 9000 Family Configuration Guide 45-15 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 986 Interface fc2/5, vsan 1 is up syslog_facility:PORT start chassis information: Affected Chassis:DS-C9506 Affected Chassis Serial Number:FG@07120011 Affected Chassis Hardware Version:0.104 Affected Chassis Software Version:2.0(1) Affected Chassis Part No:73-8607-01 end chassis information: Cisco MDS 9000 Family Configuration Guide 45-16 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 987 </nvp> </body> </mml> Sample RMON Notification in XML Format Return-Path: <tester@cisco.com> <?xml version="1.0" encoding="UTF-8" standalone="no" ?> <!DOCTYPE mml SYSTEM "mml10.dtd">  <mml> <header> <time>2004-10-12T04:59:13</time> <name>RMON_ALERT</name> Cisco MDS 9000 Family Configuration Guide 45-17 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 988: Default Settings
DNS or IP address of the SMTP server to reach the server if no port is specified. Alert group association with profile. All. Format type. XML. Call Home message level. 0 (zero). Cisco MDS 9000 Family Configuration Guide 45-18 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 989: Event Triggers
Supervisor MGMT_PORT_FAILURE Hardware failure of management Hardware and Ethernet port. CISCO_TAC License LICENSE_VIOLATION Feature in use is not licensed, and are turned off after grace period expiration. Cisco MDS 9000 Family Configuration Guide 45-19 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 990: Call Home Message Levels
This section discusses the severity levels for a Call Home message when using one or more switches in the Cisco MDS 9000 Family. Call Home message levels are preassigned per event type. Severity levels range from 0 to 9, with 9 having the highest urgency. Each syslog level has keywords and...
Page 991: Message Contents
Alarm urgency level Error level such as that applied to system message Table 45-6, Table 45-7, and Table 45-8 display the information contained in plain text and XML messages. Cisco MDS 9000 Family Configuration Guide 45-21 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 992 Optional user-configurable field used for contract info or other ID by /mml/ header /contractId any support service. Site ID Optional user-configurable field used for Cisco-supplied site ID or /mml/ header/siteId other data meaningful to alternate support service. Server ID If the message is generated from the fabric switch, it is the unique /mml/header/serverId device identifier (UDI) of the switch.
Page 993 Specifically command output. /mml/attachments/attachment/ type MIME type Normally text or plain or encoding type. /mml/attachments/attachment/ mime Command output Output of command automatically executed (see Table 45-3). /mml/attachments/attachment/ text atdata Cisco MDS 9000 Family Configuration Guide 45-23 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 994 Optional user-configurable field used for contact info or other ID by any /mml/ header /contractId support service. Site ID Optional user-configurable field, can be used for Cisco-supplied site ID /mml/ header /siteId or other data meaningful to alternate support service. Server ID...
Page 995 Normally text or plain or encoding type. /mml/attachments/attachment /mime Command output Output of command automatically executed after event categories (see /mml/attachments/attachment text “Event Triggers” section on page 45-19). /atdata Cisco MDS 9000 Family Configuration Guide 45-25 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 996 Optional user-configurable field used for contract info or other ID by any /mml/ header /contractId support service. Site ID Optional user-configurable field used for Cisco-supplied site ID or other /mml/ header /siteId data meaningful to alternate support service. Server ID...
Page 997 Normally text or plain or encoding type. /mml/attachments/attachmen t/mime Attachment type Specifically command output. /mml/attachments/attachmen t/type Command output The exact name of the issued command. /mml/attachments/attachmen name t/name Cisco MDS 9000 Family Configuration Guide 45-27 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 998 S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m . Cisco MDS 9000 Family Configuration Guide 45-28 OL-6973-03, Cisco MDS SAN-OS Release 2.x...
Page 999: About Fcs
C H A P T E R Configuring Fabric Configuration Servers This chapter describes the Fabric Configuration Server (FCS) feature provided in the Cisco MDS 9000 Family of directors and switches. It includes the following sections: About FCS, page 46-1 •...
Page 1000: Significance Of Fcs
You can specify if the unique name verification is for the entire fabric (globally) or only for locally (default) registered platforms. Set this command globally only if all switches in the fabric belong to the Cisco MDS 9000 Family. Note...

This manual is also suitable for:

Mds 9216 Mds 9216a Mds 9506 Mds 9509 Mds 9120 - fabric switch Mds 9140 - fabric switch ... Show all