Page 1 Cisco MDS 9000 Fabric Manager Switch Configuration Guide March 2004 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Text Part Number: OL-7753-01...
Page 2 OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.;...
Page 3 Product Overview C H A P T E R Hardware Overview Cisco MDS 9216 Fabric Switch Cisco MDS 9500 Modular Directors Cisco MDS 9100 Series Fixed Configuration Fabric Switches Software Features Licensing High Availability Switch Reliability Virtual SANs Intelligent Zoning...
Page 4: Table Of Contents
Controlling Administrator Access with Users and Roles Modifying Device Grouping Setting Fabric Manager Preferences Viewing Reports in Fabric Manager Using Device Manager 3-10 Launching Device Manager from Fabric Manager 3-10 Using Summary View 3-11 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 5 Presenting the Collected Data 3-15 Exporting and Importing Data 3-16 Integration with Cisco Traffic Analyzer 3-16 Configuring PM for Use with Cisco Traffic Analyzer 3-16 Stopping Data Collection 3-19 Exporting Data Collection to XML Files 3-19 Removing Data Collection Files from the List...
Page 6 Recovering a Corrupted Bootflash Default Factory Settings Managing Modules C H A P T E R About Modules Supervisor Modules Switching Modules Viewing the State of a Module Identifying Module LEDs Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 7 Default Settings 11-8 Configuring Interfaces 12-1 C H A P T E R Configuring Fibre Channel Interfaces 12-1 About Interface Modes 12-2 E Port 12-2 F Port 12-2 FL Port 12-3 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 8 Configuring 32-port Switching Modules and Host-Optimized Ports 14-2 Managing Physical Attributes for a Port 14-2 Viewing Port Capability Attributes 14-3 About PortChanneling and Trunking 14-3 Managing PortChannel General Attributes 14-4 Cisco MDS 9000 Fabric Manager Switch Configuration Guide viii OL-7753-01...
Page 9 15-12 Exporting Active Zone Sets 15-12 Deleting Zone Sets or Members 15-12 Clearing the Zone Database 15-13 Recovering a Full Zone Database 15-13 Performing Zone Merge Analysis 15-13 Zone Enforcement 15-14 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 10 IVR Using LUN Zoning or Read-Only Zoning 16-7 Creating IVZs and IVZSs 16-7 Zones versus IVZs 16-8 Automatic IVZ Creation 16-8 Configuring and Activating IVZs and IVZSs 16-9 Using the force Option 16-9 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 11 Remote Authentication Guidelines 18-3 Server Groups 18-4 AAA Service Configuration Options 18-4 Configuring RADIUS 18-4 About RADIUS 18-5 Configuring RADIUS Authentication 18-5 Configuring RADIUS Servers 18-5 Setting the RADIUS Server Address 18-5 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 12 18-16 Configuring Common Roles 18-16 Creating and Modifying Users 18-17 Creating Common Roles 18-18 Editing Common Role Rules (Device Manager Only) 18-19 Deleting Common Roles 18-19 Assigning Users to Roles 18-19 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 13 20-7 Identifying WWNs to Configure Port Security 20-7 Securing Authorized Ports 20-7 Activating the Port Security Database 20-7 Forcing Port Security Activation 20-8 Reactivating the Database 20-8 Database Scenarios 20-8 Cisco MDS 9000 Fabric Manager Switch Configuration Guide xiii OL-7753-01...
Page 14 Configuring Flow Statistics 21-10 Viewing FSPF Statistics 21-10 Default Settings 21-10 Configuring IP Services 22-1 C H A P T E R Traffic Management Services 22-2 Configuring the Ethernet Management Port 22-2 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 15 Viewing TCP Information and Statistics 22-15 Viewing UDP Information and Statistics 22-15 Viewing IP Statistics 22-16 Viewing ICMP Statistics 22-16 Configuring FICON 23-1 C H A P T E R About FICON 23-2 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 16 Entering FICON Port Configuration Information 23-16 Viewing FICON Port Attributes 23-17 FICON Configuration Files 23-17 Accessing FICON Configuration Files 23-18 Editing FICON Configuration Files 23-18 Creating FICON Files 23-18 Deleting FICON Files 23-19 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 17 About VLANs for Gigabit Ethernet 24-3 Verifying Gigabit Ethernet Connectivity 24-4 Gigabit Ethernet High Availability 24-4 Configuring VRRP 24-4 Configuring Ethernet PortChannels 24-5 Configuring CDP 24-6 IPS Core Dumps 24-6 Configuring FCIP 24-7 Cisco MDS 9000 Fabric Manager Switch Configuration Guide xvii OL-7753-01...
Page 18 Ethernet PortChannels and Fibre Channel PortChannels 24-24 Configuring iSCSI 24-24 About iSCSI 24-25 Enabling iSCSI 24-26 Using the iSCSI Wizard 24-26 Routing iSCSI Requests and Responses 24-27 Presenting Fibre Channel Targets as iSCSI Targets 24-27 Cisco MDS 9000 Fabric Manager Switch Configuration Guide xviii OL-7753-01...
Page 19 24-44 Using the IP Filter Wizard 24-45 Creating IP Profiles 24-45 Adding IP Filters to Profiles 24-46 Associating IP Profiles to Interfaces 24-46 Deleting IP Profiles 24-47 Deleting IP Filters 24-47 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 20 Configuring Domain Interfaces 26-5 Viewing Domain Areas 26-6 Viewing Domain Area Ports 26-6 Specifying a Preferred or Static Domain ID 26-6 Setting Switch Priority 26-6 Configuring Allowed Domain ID Lists 26-6 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 21 C H A P T E R About System Message Logging 28-1 Configuring System Message Logging 28-3 Enabling Message Logging 28-4 Configuring Console Severity Level 28-4 Configuring Module Logging 28-4 Configuring Log Files 28-4 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 22 Using the iSCSI Wizard 29-5 Monitoring Network Traffic Using SPAN 30-1 C H A P T E R About SPAN 30-1 SPAN Sources 30-2 IPS Source Ports 30-3 CSM Source Ports 30-3 Cisco MDS 9000 Fabric Manager Switch Configuration Guide xxii OL-7753-01...
Page 23 Advanced Features and Concepts 31-1 C H A P T E R Configuring FC Timers 31-1 Configuring Timers Per-VSAN 31-2 Configuring a Fabric Analyzer 31-2 About the Cisco Fabric Analyzer 31-3 Cisco MDS 9000 Fabric Manager Switch Configuration Guide xxiii OL-7753-01...
Page 24 There is a Red Line Through the Switch. What’s Wrong? 35-2 There is a Dotted Orange Line Through the Switch. What’s Wrong? 35-2 Can I Upgrade Without Losing My Map Settings? 35-2 Cisco MDS 9000 Fabric Manager Switch Configuration Guide xxiv OL-7753-01...
Page 25 Specifying an Interface for Fabric Manager Client or Device Manager 35-4 Configuring a Proxy Server 35-4 Clearing Topology Maps 35-5 Can I Use Fabric Manager in a Mixed Software Environment? 35-5 N D E X Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 26 Contents Cisco MDS 9000 Fabric Manager Switch Configuration Guide xxvi OL-7753-01...
Page 27 Fabric Manager User’s Guide. It also provides information on how to obtain related documentation. Audience This guide is for system administrators who intend to use the Cisco Fabric Manager to configure and monitor the switches that build the network fabric.
Page 28 Chapter 20, “Configuring Port Security”—Provides details on port security features that can • prevent unauthorized access to a switch port in the Cisco MDS 9000 Family. Chapter 21, “Configuring Fibre Channel Routing Services and Protocols”—Provides details • and configuration information on Fibre Channel routing services and protocols.
Page 29 Fabric”—Provides information on using Fabric Manager to • troubleshoot your fabric. Chapter 35, “Troubleshooting Fabric Manager Issues”—Describes some common issues you • may experience while using Cisco Fabric Manager, and provides solutions. Cisco MDS 9000 Fabric Manager Switch Configuration Guide xxix OL-7753-01...
Page 30 Identifies information that you must heed to prevent damaging yourself, the state of software, or equipment. Warnings identify definite security breaches that will result if the information presented is not followed carefully. Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 31: Obtaining Documentation
Preface Obtaining Documentation Obtaining Documentation Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems. Cisco.com You can access the most current Cisco documentation at this URL: http://www.cisco.com/univercd/home/home.htm...
Page 32: Documentation Feedback
Register to receive security information from Cisco. • A current list of security advisories and notices for Cisco products is available at this URL: http://www.cisco.com/go/psirt If you prefer to see advisories and notices as they are updated in real time, you can access a Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed from this URL: http://www.cisco.com/en/US/products/products_psirt_rss_feed.html...
Page 33: Obtaining Technical Assistance
Cisco TAC engineer. The TAC Service Request Tool is located at this URL: http://www.cisco.com/techsupport/servicerequest For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco TAC engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.
Page 34: Definitions Of Service Request Severity
Definitions of Service Request Severity To ensure that all service requests are reported in a standard format, Cisco has established severity definitions. Severity 1 (S1)—Your network is “down,” or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
Page 35 Preface Obtaining Additional Publications and Information iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies • learn how they can use technology to increase revenue, streamline their business, and expand services. The publication identifies the challenges facing these companies and the technologies to help solve them, using real-world case studies and business strategies to help readers make sound technology investment decisions.
Page 36 Preface Obtaining Additional Publications and Information Cisco MDS 9000 Fabric Manager Switch Configuration Guide xxxvi OL-7753-01...
Page 37: New And Changed Information
New and Changed Information The table below summarizes the new and changed features for the Cisco MDS 9000 Family Fabric Manager Switch Configuration Guide, and tells you where they are documented. If a feature has changed in Release 1.3, a brief description of the change appears in the "Description" column, and that release is shown in the "Changed in Release"...
Page 38 New and Changed Information Table 1 Documented Features for the Cisco MDS 9000 Family Fabric Manager Switch Configuration Guide (continued) Where Feature Description Changed in Release Documented Multiple pWWNs to You can add/associate multiple 1.3(4) same alias pWWNs and fWWNs to the same alias name.
Page 39 New and Changed Information Table 1 Documented Features for the Cisco MDS 9000 Family Fabric Manager Switch Configuration Guide (continued) Where Feature Description Changed in Release Documented Terminal connection From the active supervisor module, 1.3(1) options you can connect to a console terminal, a Telnet terminal, or an SSH terminal.
Page 40 New and Changed Information Table 1 Documented Features for the Cisco MDS 9000 Family Fabric Manager Switch Configuration Guide (continued) Where Feature Description Changed in Release Documented FC-SP DHCHAP Configure Fibre Channel Security 1.3(1) Protocol (FC-SP) authentication to overcome security challenges for enterprise-wide fabrics.
Page 41 New and Changed Information Table 1 Documented Features for the Cisco MDS 9000 Family Fabric Manager Switch Configuration Guide (continued) Where Feature Description Changed in Release Documented Call Home Define a Call Home destination 1.3(1) enhancements profile, select predefined types of...
Page 42 New and Changed Information Cisco MDS 9000 Fabric Manager Switch Configuration Guide xlii OL-7753-01...
Page 43: Product Overview
The Cisco MDS 9000 Family provides intelligent networking features such as multiprotocol and multitransport integration, virtual SANs (VSANs), advanced security, sophisticated debug analysis tools, and unified SAN management. This chapter lists the hardware features for the Cisco MDS 9000 Family and describes its software features. This chapter contains the following topics: •...
Page 44 Hardware Overview Cisco MDS 9216 Fabric Switch Cisco MDS 9216 fabric switches share a consistent software architecture with the Cisco MDS 9500 Series in a semi-modular chassis. They consist of the following major hardware components: The chassis has two slots, one of which is reserved for the supervisor module. The supervisor •...
Page 45: Cisco Mds 9100 Series Fixed Configuration Fabric Switches
• wavelength SFPs for connectivity up to 500m and 10km, respectively. Switches in the Cisco MDS 9100 Series do not have a COM1 port (a RS-232 serial port). Note Refer to the Cisco MDS 9100 Series Hardware Installation Guide for additional information.
Page 46: Software Features
Product Overview Software Features Software Features This section provides an overview of the major software features of the Cisco MDS 9000 Family of multilayer directors and fabric switches. Licensing The licensing functionality is available in all switches in the Cisco MDS 9000 Family. This functionality allows you to access specified premium features on the switch after you install the appropriate license for that feature.
Page 47 Routes that traverse one or more VSANs across multiple switches can be established, if necessary, to ensure proper interconnections. IVR used in conjunction with FCIP provides more efficient business continuity or disaster recovery solutions. Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 48 PortChannels can contain up to 16 physical links and can span multiple modules for added high availability. IP Services Switches in the Cisco MDS 9000 Family support the following IP services: IP over Ethernet—These services are limited to management traffic. •...
Page 49: Ip Storage
Multilayer Directors and Fabric Switches. Traffic can be routed between any IP storage port and any other port on a Cisco MDS 9000 Family switch. The Cisco MDS 9000 Family IP Storage Services Module supports the full range of services available on other MDS 9000 Family Switching Modules including VSANs, security, and traffic management.
Page 50: Span And Rspan
Limits the flow of frames from the port causing the congestion. SPAN and RSPAN The switched port analyzer (SPAN) feature is specific to switches in the Cisco MDS 9000 Family. It monitors network traffic though a Fibre Channel interface. Traffic through any Fibre Channel interface can be replicated to a special port called the SPAN Destination port (SD port).
Page 51: Fabric Management
Switches in the Cisco MDS 9000 Family offer fabric management and control through the command-line interface (CLI) by using Telnet, SSH, or a serial console and through the Cisco MDS 9000 Fabric Manager tool by using the Simple Network Management Protocol (SNMP) services: •...
Page 52: Tools For Software Configuration
Each role in the role database can be restricted to one or more VSANs as required. Tools for Software Configuration You can use one of two configuration management tools to configure your SANs: the CLI and the Cisco MDS 9000 Fabric Manager graphical user interface.
Page 53: Cisco Mds 9000 Fabric Manager
Tools for Software Configuration Cisco MDS 9000 Fabric Manager The Cisco Fabric Manager is a Java and SNMP-based network fabric and device management tool with a GUI that displays real-time views of your network fabric and installed devices. The Cisco Fabric...
Page 54 Chapter 1 Product Overview Tools for Software Configuration Cisco MDS 9000 Fabric Manager Switch Configuration Guide 1-12 OL-7753-01...
Page 55: Chapter 2 Getting Started With Cisco Fabric Manager
Performance Manager • Fabric Manager Server is the server component of the Cisco Fabric Manager tool set, and must be started before running Fabric Manager. On a Windows PC, Fabric Manager Server is installed as a service. This service can then be administered using the Service Panel in the Control Panel.
Page 56: Managing Cisco Mds 9000 Switches
• Managing Cisco MDS 9000 Switches The Cisco MDS 9000 Family of switches can be accessed and configured in many different ways, and support standard management protocols. The different protocols that are supported in order to access, monitor, and configure the Cisco MDS 9000 Family of switches are described in the following table:...
Page 57: Storage Management Solutions Architecture
Of these five layers of storage network management, Cisco Fabric Manager provides tools for device (element) management and fabric management. In general, the Device Manager is most useful for device management (a single switch), while Fabric Manager is more efficient for performing fabric management operations involving multiple switches.
Page 58: In-Band Management And Out-Of-Band Management
The mgmt0 interface can be connected to a management network to access the switch through IP over Ethernet. You must connect to at least one Cisco MDS 9000 Family switch in the fabric, through its Ethernet management port. You can then use this connection to manage the other switches using in-band (Fibre Channel) connectivity.
Page 59: Installing The Applications
Must be on each PC. The Cisco Fabric Manager software executables reside on each supervisor module of each Cisco MDS 9000 Family switch in your network. The supervisor module provides an HTTP server that responds to browser requests and distributes the software to Windows or UNIX network management stations.
Page 60: Launching The Applications
%HOME%\.cisco_mds9000. On a UNIX machine, the pathname is $HOME/.cisco_mds9000. On a Windows machine, a Cisco MDS program group is created under Start > Programs. This program group contains shortcuts to batch files in the install directory. On a Solaris or Linux machine, shell scripts are created in the install directory.
Page 61: Using The Management Services Wizard
As long as these two ports are opened, the Fabric Manager client is able to connect to the server. There may be other TCP ports connected to a Fabric Manager client, but they are initiated by server, which is behind the firewall. Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 62 Chapter 2 Getting Started with Cisco Fabric Manager A Note on Ports Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 63: Launching Cisco Fabric Manager
C H A P T E R Overview of Fabric Manager This chapter contains descriptions of, and instructions for using, the Cisco MDS 9000 Fabric Manager. This chapter contains the following topics: • Launching Cisco Fabric Manager, page 3-1 Using Fabric Manager, page 3-2 •...
Page 64: Chapter 3 Overview Of Fabric Manager
Using Fabric Manager Using Fabric Manager The Fabric Manager displays a view of your network fabric, including Cisco MDS 9000 and third-party switches and end devices. To launch the Fabric Manager from your desktop, double-click the Fabric Manager icon and follow the instructions described in the “Launching the Applications”...
Page 65: Menu Bar, Toolbars, And Status Bar
Zone—Manage zones, zone sets, and Inter-VSAN Routing (IVR). • Tools—Verify and troubleshoot connectivity and configuration, as described in the “Analyzing • Switch Fabric Configuration” section. Performance—Run and configure Performance Manager and Cisco Traffic Analyzer, and generate • reports. Server—Run administrative tasks on clients and fabrics. •...
Page 66: Information Pane
(grayed) according to the field or other object that you select in the Information pane. Map Pane The Map pane shows the graphical representation of your fabric.Table 3-1 explains the graphics you may see displayed, depending on which devices you have in your fabric. Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 67 FC HBA (or enclosure) FC Target (or enclosure) iSCSI Host Fibre Channel ISL and Edge connection Fibre Channel Port Channel IP ISL and Edge connection IP Port Channel FC Loop (Storage) Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 68 When a VSAN, zone, or zone member is selected in the VSAN tree, the map highlighting changes to Note identify the selected objects. To remove this highlighting, click the Clear Highlight button on the Map pane toolbar or choose Clear Highlight from the pop-up menu. Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 69: Discovering And Viewing The Network Fabric
The role assigned to this user allows the highest level of privileges, which includes creating new users and roles. Use the Cisco Fabric Manager to create roles and users, and to assign passwords as required for secure management access in your network.
Page 70: Setting Fabric Manager Preferences
Open New Device Manager Each Time—This opens a new instance of Device Manager each time • you invoke it from a switch in your fabric. The default value is OFF, which means only one instance of Device Manager will be open at a time. Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 71: Viewing Reports In Fabric Manager
LUNs Choose Connectivity > Storage > LUNs in the Physical tab of the Fabric Manager Logical/Physical pane to display information about the LUNs in the currently discovered fabric. Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 72: Using Device Manager
Gray—The port is unreachable. Launching Device Manager from Fabric Manager Device Manager gives a graphic representation of a Cisco MDS 9000 Family switch, including the installed switching modules, the supervisor modules, the power supplies, and the status of each port within each module.
Page 73: Using Summary View
The Summary View provides the same menus and options that are available from the Device View. You can access the field descriptions for the windows or dialog boxes in this procedure in the Reference Note section of the Device Manager help system. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 3-11 OL-7753-01...
Page 74: Comparing Device Manager To Fabric Manager
For instance, the dialog box from Fabric Manager may have an option for selecting a specific switch, while the dialog box from Device Manager may have additional port-level detail. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 3-12 OL-7753-01...
Page 75: Performing Device Management
Fabric Manager. The Device View provides a graphic representation of a Cisco MDS 9000 switch, including the installed switching modules, services modules, supervisor modules, and the status of each port within each module.
Page 76: Setting Device Manager Preferences
If you want to ignore flows with Zero counter values, check that check box. Step 4 If you are using Cisco Traffic Analyzer, enter the URL where it is located on your network. Step 5 Click Next to review the collected data.
Page 77: Collecting The Data
Clicking on the ISLs link from the summary page will list the daily traffic charts for all monitored • ISLs in the fabric. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 3-15 OL-7753-01...
Page 78: Exporting And Importing Data
The Cisco Traffic Analyzer for Fibre Channel throughput values are not accurate when used with the original Cisco Port Adapter Analyzer if data truncation is enabled. The A version of the Cisco Port Adapter Analyzer is required to achieve accurate results with truncation, because it adds a count that enables the Cisco Traffic Analyzer to determine how many data bytes were actually transferred.
Page 79 Performance Manager through the MGMT0 port. If the data does not match, you will not be able to view the Cisco Traffic Analyzer information through a Traffic Analyzer link on the detail page of a Performance Manager report.
Page 80 Enter the location of the Cisco Traffic Analyzer, in the format D:\<directory>\ntop.bat where: D: is the drive letter for the disk drive where the Cisco Traffic Analyzer is installed, and <directory> is the directory containing the ntop.bat file. Click OK.
Page 81: Stopping Data Collection
Step 7 In about five minutes, an HTML report appears in your default web browser. To view the Cisco Traffic Analyzer information, click the Cisco Traffic Analyzer link at the top of the Step 8 Host or Storage detail pages.
Page 82 Chapter 3 Overview of Fabric Manager Removing Data Collection Files from the List Cisco MDS 9000 Fabric Manager Switch Configuration Guide 3-20 OL-7753-01...
Page 83: Before You Begin
Before You Begin This chapter lists the information you need to have before you begin using your MDS 9000 Switch. For information on setting up the switch and doing an initial configuration, refer to the Cisco MDS 9000 Family Configuration Guide.
Page 84: Internal Bootflash
Switch Roles Internal bootflash: All switches in the Cisco MDS 9000 Family have one internal bootflash: that resides in the supervisor or switching module.You have access to two directories within the internal bootflash: file system. The volatile: directory which provides temporary storage, and is also the default. Files in temporary •...
Page 85: Chapter 4 Before You Begin
Slot in which the 1 to 15 applicable switching module resides. Switch priority Integer specifying 1 to 254 switch priority. Channel group Integer that specifies a 1 to 100 PortChannel group addition. Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 86 Integer that specifies the 3000 0 to 65535 TCP port number Acceptable time Integer that specifies the 4000 1 to 60,000 difference acceptable time difference in milliseconds for a packet being accepted. Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 87 CDP refresh and hold Integer that specifies the 5 to 255 time refresh time interval and the hold time in seconds for the CDP protocol. Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 88 Chapter 4 Before You Begin Using Valid Formats and Ranges Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 89: License Terminology
C H A P T E R Obtaining and Installing Licenses The licensing functionality is available in all switches in the Cisco MDS 9000 Family. This functionality allows you to access specified premium features on the switch after you install the appropriate license for that feature.
Page 90: C H A P T E R 5 Obtaining And Installing Licenses
Node-locked license—A license that can only be used on a particular switch using the switch’s • unique host ID. Host ID—A host ID is a unique chassis serial number that is specific to each Cisco MDS switch. • Proof of purchase—Also known as the Claim Certificate. A document entitling it’s rightful owner •...
Page 91 Fibre Channel Security Protocol (FC-SP) – authentication Advanced traffic engineering--Quality of • Service (QoS) Enhanced VSAN routing--inter-VSAN • routing SAN extension over IP FCIP protocol • (SAN_EXTN_OVER_IP) • FCIP compression • FCIP write acceleration Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 92: Licensing High Availability
Options to Install a License If you have purchased a new switch through either your reseller or through Cisco, you have two options: • To have the licenses preinstalled in the factory.
Page 93: Performing A Manual Installation
Step 1 Note If you purchased Cisco support through a Cisco reseller, contact the reseller directly. If you purchased support directly from Cisco, contact Cisco Technical Support at this URL: Your switch is shipped with the required licenses installed in the system. The Proof of Purchase document is sent along with the switch.
Page 94: Installing Licenses
Installing Licenses If you need to install multiple licenses in any switch in the Cisco MDS 9000 Family, be sure to provide Note unique file names for each license key file.
Page 95 • Click Close to close the wizard. To install more licenses at this point, you must close the wizard and Step 9 launch it again. Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 96: Installing Licenses Using Device Manager
Enter the URI from which the license file will be picked for installation. Step 3 You should already have copied the license file provided by CISCO-CCO by some other means (for example, through the CLI) to this location. Enter the Target Filename with which the license file will be installed.
Page 97: Viewing License Information In Device Manager
From Fabric Manager, select Switches > License Manager from the Physical pane. The license Step 2 information is listed in the Information pane, one line per feature. From Device Manager, select Admin > License Manager. You see the License Manager dialog. Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 98: Updating Licenses
If your license is time bound, you must obtain and install an updated license. Contact technical support to request an updated license. If you purchased Cisco support through a Cisco reseller, contact the reseller directly. If you purchased support directly from Cisco, contact Cisco Technical Support at this URL: License Expiry Alerts The SAN-OS license counter keeps track of all licenses on a switch.
Page 99: Moving Licenses Between Switches
If you purchased Cisco support through a Cisco reseller, contact the reseller directly. If you purchased support directly from Cisco, contact Cisco Technical Support at this URL: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtm...
Page 100 Chapter 5 Obtaining and Installing Licenses Moving Licenses Between Switches Cisco MDS 9000 Fabric Manager Switch Configuration Guide 5-12 OL-7753-01...
Page 101: Chapter 6 Initial Configuration
C H A P T E R Initial Configuration In order for Cisco MDS 9000 Family switches to be accessed by other devices, they must be initially configured. NTP information is part of this. For the rest of the information, refer to the “Initial Configuration”...
Page 102: Ntp Configuration Guidelines
IP address 10.10.10.1 NTP configuration: NTP server 10.10.10.10 • NTP peer 10.10.10.2 • Stratum-2 Server-2 IP address 10.10.10.9 Switch-2 IP address 10.10.10.2 NTP configuration: NTP server 10.10.10.9 • NTP peer 10.10.10.1 • Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 103: Display General Ntp Statistics For A Switch
Click Create to create the peer or server, or click Close to close the dialog box without creating the peer Step 7 or server. The newly created peer or server is listed on the Peer tab. Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 104: Edit An Ntp Server Or Peer Configuration
To delete a server or peer, click on the IP address in the Peer Address column. Step 3 The Delete button is enabled. Step 4 Click Delete to delete the peer or server, or click Close to close the dialog box without deleting the peer. Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 105: Chapter 7 Configuring High Availability
Directors in the Cisco MDS 9500 Series have two supervisor modules in the two center slots (sup-1 and sup-2). When the switch powers up and both supervisor modules are present, the supervisor module that...
Page 106: Switchover Mechanisms
Switching modules are not reset • Process Restartability Process restartability provides the high availability functionality in Cisco MDS 9000 Family switches. It ensures that the process-level failures do not cause system-level failures. It also restarts the failed processes automatically. This vital process functions on infrastructure that is internal to the switch.
Page 107 Unknown The switch is in an invalid state and requires a support call to TAC. Table 7-3 lists the possible values for the internal redundancy state of the supervisor modules. Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 108 This module is the active supervisor module and the second supervisor module is present but is not functioning. Other The switch is in a transient state. If it persists, call TAC. Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 109: Software Images
The images and variables are important factors in any install procedure. You must specify the variable and the image to upgrade your switch. Both images are not always required for each install. Unless explicitly stated, the software install procedures in this section apply to any switch in the Cisco MDS 9000 Family.
Page 110: Chapter 8 Software Image
If you purchased Cisco support through a Cisco reseller, contact the reseller directly. If you purchased support directly from Cisco, contact Cisco Technical Support at this URL: Scheduling •...
Page 111: Using The Software Install Wizard
For each switch, click ... to choose images from the bootflash to use for the upgrade. Step 5 You must choose at least one image for each switch in order to proceed. Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 112: Maintaining Supervisor Modules
At this point, the standby supervisor module is not running the images set in the boot variables. Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 113: Standby Supervisor Boot Alert
All switch configurations reside in the internal bootflash. If you have a corrupted internal bootflash, you could potentially lose your configuration. Be sure to save and back up your configuration files periodically. Refer to the Cisco MDS 9000 Family Configuration Guide for information on recovering a corrupted bootflash.
Page 114 Chapter 8 Software Images Default Factory Settings Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01...
Page 115: About Modules
Supervisor Modules Supervisor modules are automatically powered up and started with the switch. Cisco MDS 9200 Series switches have one supervisor module that includes an integrated 16-port switching module. Cisco MDS 9000 Fabric Manager Switch Configuration Guide...
Page 116: Switching Modules
Viewing the State of a Module Cisco MDS 9500 Series switches have two supervisor modules--one in slot 5 (sup-1) and one in slot 6 (sup-2). When the switch powers up and both supervisor modules come up together, the module that enters the active mode is dependent on which of the two modules comes up first.
Page 117: Chapter 9 Managing Module
Managing Modules Identifying Module LEDs Identifying Module LEDs Table 9-3 describe the LED location, type, and status for supervisor and switching modules used in Cisco MDS 9000 Family switches. Table 9-3 Module LEDs on a Cisco MDS 9200 Series Switch...
Page 118 Sufficient power is available for all modules. Orange Sufficient power is not available for all modules. Table 9-5 lists the Ethernet interface LEDs on a Cisco MDS 9200 Series Switch. Table 9-5 Ethernet Interface LEDs on a Cisco MDS 9200 Series Switch Module...
Page 119: Configuring Eplds
SAN-OS Release 1.2, EPLD image upgrades are periodically provided to include enhanced hardware functionality or to resolve known issues. Refer to the Cisco MDS SAN-OS Release Notes to verify if the EPLD has changed for the SAN-OS image version being used.
Page 120: Default Supervisor Module Settings
Do not insert or remove any modules while an EPLD upgrade or downgrade is in progress. Caution Switches in the Cisco MDS 9100 Series do not support a forced EPLD upgrade. When you upgrade the Note EPLD module on these switches, you receive the following message: Data traffic on the switch will stop now!! Do you want to continue (y/n)? Refer to the Cisco MDS 9000 Family Configuration Guide for information on upgrading EPLDs.
Page 121: Managing System Hardware
This mode is seldom used, except in cases where the switch has two low power supply capacities but a higher power usage. The chassis in the Cisco MDS 9000 Family uses 1200 Watts when powered at 110 volts, and 2500 Watts Note when powered at 220 volts.
Page 122: Configuring Power Supplies
– Watts. Reason: 3600 Watts is twice the minimum (1800 Watts). Scenario 2—If 2200 Watts is added as power supply 2, then the current capacity increases to – 4400 Watts. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 10-2 OL-7753-01...
Page 123: Guidelines For Power Supplies With Different Capacities
Scenario 3—You have the following usage figures configured: Power supply 1 = 2500 Watts Additional Power supply 2 = 1800 Watts Current Usage = 3000 Watts Current mode = combined mode (so current capacity is 3600 Watts). Cisco MDS 9000 Fabric Manager Switch Configuration Guide 10-3 OL-7753-01...
Page 124: Managing Power Supplies
Fabric Manager displays power supply power attributes for multiple switches. The dialog box from the Device Manager displays power supply power attributes for a single switch. Configure the power attributes for the power supply. Step 2 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 10-4 OL-7753-01...
Page 125: Displaying Module Temperature
The Information pane from the Fabric Manager displays sensor temperature attributes for multiple switches. The Sensors dialog box from the Device Manager displays sensor temperature attributes for a single switch. Configure the sensor attributes. Step 2 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 10-5 OL-7753-01...
Page 126: Monitoring Fan Modules
You can view information about the processes that are currently running on a switch from Device Manager. Choose Admin > Running processes to see the process information listed in the Running Processes dialog box. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 10-6 OL-7753-01...
Page 127: Viewing Flash File Information
The Information pane from the Fabric Manager displays card attributes for multiple switches. The dialog box from the Device Manager view displays attributes for a single switch. Configure the status attributes for the module. Step 2 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 10-7 OL-7753-01...
Page 128 Chapter 10 Managing System Hardware Cisco MDS 9000 Fabric Manager Switch Configuration Guide 10-8 OL-7753-01...
Page 129: Configuring And Managing Vsans
Default and Isolated VSANs, page 11-5 VSAN Membership, page 11-6 • • VSAN Attributes, page 11-6 Adding and Configuring VSANs, page 11-7 • • Deleting VSANs, page 11-7 Default Settings, page 11-8 • Cisco MDS 9000 Fabric Manager Switch Configuration Guide 11-1 OL-7753-01...
Page 130: How Vsans Work
2 (dashed) and VSAN 7 (solid). VSAN 2 includes hosts H1 and H2, application servers AS2 and AS3, and storage arrays SA1 and SA4. VSAN 7 connects H3, AS1, SA2, and SA3. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 11-2...
Page 131 Chapter 11 Configuring and Managing VSANs How VSANs Work The switch icons shown in both figures indicate that these features apply to any switch in the Cisco MDS 9000 family. Figure 11-2 Example of Two VSANs Link in VSAN 2...
Page 132: Vsans Versus Zones
Channel standards. In VSAN 7, two zones are defined: zone A and zone D. No zone crosses the VSAN boundary--they are completely contained within the VSAN. Zone A defined in VSAN 2 is different and separate from zone A defined in VSAN 7. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 11-4 OL-7753-01...
Page 133: Default And Isolated Vsans
Default VSANs The factory settings for switches in the Cisco MDS 9000 Family have only the default VSAN 1 enabled. If you do not need more than one VSAN for a switch, use this default VSAN as the implicit parameter during configuration.
Page 134: Vsan Membership
A VSAN is in the operational state if the VSAN is active and at least one port is up. This state indicates that traffic can pass through this VSAN. This state cannot be configured. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 11-6...
Page 135: Adding And Configuring Vsans
VSAN-based runtime (name server), zoning, and configuration (static routes) information is • removed when the VSAN is deleted. Configured VSAN interface information is removed when the VSAN is deleted. • Cisco MDS 9000 Fabric Manager Switch Configuration Guide 11-7 OL-7753-01...
Page 136: Default Settings
Active state. Name Concatenation of VSAN and a four-digit string representing the VSAN ID. For example, VSAN 3 is VSAN0003. Load-balancing attribute OX ID (src-dst-ox-id). Port membership Default VSAN (VSAN 1). Cisco MDS 9000 Fabric Manager Switch Configuration Guide 11-8 OL-7753-01...
Page 137: Default Settings
Configuring Buffer-to-Buffer Credits, page 12-8 • Configuring Performance Buffers, page 12-8 • Configuring the Beacon Mode, page 12-9 • • Identifying the Beacon LEDs, page 12-9 Configuring Switch Port Defaults, page 12-10 • Cisco MDS 9000 Fabric Manager Switch Configuration Guide 12-1 OL-7753-01...
Page 138: Chapter 12 Configuring Interface
(host or disk) operating as an N port. An F port can be attached to only one N port. F ports support class 2 and class 3 service. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 12-2 OL-7753-01...
Page 139: Fl Port
In translative loop port (TL port) mode, an interface functions as a translative loop port. It may be connected to one or more private loop devices (NL ports). TL port mode is specific to Cisco MDS 9000 family switches and have similar properties as FL ports. TL ports enable communication between a private loop device and one of the following devices: •...
Page 140: St Port
RSPAN Fibre Channel tunnel. The ST port mode and the remote SPAN (RSPAN) feature are specific to switches in the Cisco MDS 9000 Family. When configured in ST port mode, the interface cannot be attached to any device, and thus, cannot be used for normal Fibre Channel traffic.
Page 141: Operational States
If the administrative state is up and the operational state is down, the reason code differs based on the nonoperational reason code. Table 12-4 describes the reason codes for nonoperational states. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 12-5 OL-7753-01...
Page 142 Isolation due to domain ID The assigned domain ID is not assignment failure valid. Isolation due to other side E port The E port at the other end of the isolated link is isolated. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 12-6 OL-7753-01...
Page 143 The default port mode is auto. The Auto option is not allowed in a 32-port switching module or the • host-optimized ports in the Cisco 9100 Series (16 host-optimized ports in the Cisco MDS 9120 switch and 32 host-optimized ports in the Cisco MDS 9140 switch).
Page 144: Configuring Tl Port Alpa Caches
• modes. These values cannot be changed. In the Cisco MDS 9100 Series, the left most groups of ports outlined in white (4 ports in the 9120 switch Note and 8 ports in the 9140 switch) are full line rate like the 16-port switching module. The other ports (16 ports in the 9120 switch and 32 ports in the 9140 switch) are host-optimized like the 32-port switching module.
Page 145: Configuring The Beacon Mode
Status LED Link LEDs and speed LEDs 1/2-Gbps Fibre Channel port group Asset tag (refer to the Cisco MDS 9000 Family Hardware Installation Guide). Each port has one link LED on the left and one speed LED on the right.
Page 146: Configuring Switch Port Defaults
If you delete the VSAN, the attached interface is automatically deleted. • You can configure each interface only in one VSAN. After configuring the VSAN interface, you can configure an IP address or Virtual Router Redundancy Protocol (VRRP) features. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 12-10 OL-7753-01...
Page 147: Configuring Gigabit Ethernet Interfaces
Interface menu. The Fabric Manager Information pane displays interface attributes for multiple switches. The dialog box from Device Manager displays interface attributes for a single switch. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 12-11 OL-7753-01...
Page 148 Chapter 12 Configuring Interfaces Managing Interface Attributes for Ports Cisco MDS 9000 Fabric Manager Switch Configuration Guide 12-12 OL-7753-01...
Page 149: About Trunking
Default Settings, page 13-5 About Trunking Trunking, also known as VSAN trunking, is a feature specific to switches in the Cisco MDS 9000 Family. Trunking enables interconnect ports to transmit and receive frames in more than one VSAN, over the same physical link, using Extended ISL (EISL) frame format.
Page 150: About Trunking Protocol
VSAN list for an interface, and they are called allowed-active VSANs. The trunking protocol uses the list of allowed-active VSANs at the two ends of an ISL to determine the list of operational VSANs in which traffic is allowed. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 13-2 OL-7753-01...
Page 151: Chapter 13 Configuring Trunking
You can configure a select set of VSANs (from the allowed-active list) to control access to those VSANs in a trunking ISL. Using Figure 13-3 as an example, you can configure the list of allowed VSANs on a per-interface basis. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 13-3 OL-7753-01...
Page 152: Trunking Configuration Guidelines
VSAN Mismatch Switch 1 Switch 2 Isolated E port E port VSAN 2 VSAN 3 VSAN mismatch Figure 13-4, the trunking protocol detects potential VSAN merging and isolates the ports involved. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 13-4 OL-7753-01...
Page 153: Default Settings
VSANs 2 and 3 get effectively merged with overlapping entries in the name server and the zone applications. The Cisco MDS 9000 Fabric Manager helps detect such topologies. Refer to the Cisco MDS 9000 Family Fabric Manager User Guide for more information.
Page 154 Chapter 13 Configuring Trunking Default Settings Cisco MDS 9000 Fabric Manager Switch Configuration Guide 13-6 OL-7753-01...
Page 155: Chapter 14 Configuring Portchannels
PortChannels may contain up to 16 physical links and may span multiple modules for added high availability. Cisco MDS 9000 Family of switches support 128 PortChannels with 16 interfaces per PortChannel. This chapter discusses the PortChannel feature provided in the switch.
Page 156: Configuring 32-Port Switching Modules And Host-Optimized Ports
PortChannel. The other three ports continue to remain in a no shutdown state. In the Cisco MDS 9100 Series, the left most groups of ports outlined in white (4 ports in the 9120 switch and 8 ports in the 9140 switch) are full line rate like the 16-port switching module. The other ports (16 ports in the 9120 switch and 32 ports in the 9140 switch) are host-optimized like the 32-port switching module.
Page 157: Viewing Port Capability Attributes
Trunking enables an ISL to carry (trunk) multiple VSANs. Trunking can only be configured on a TE port. A TE port is specific to switches in the Cisco MDS 9000 Family. An industry standard E port can link to other vendor switches and is referred to as a nontrunking interface. (See Figure 14-2.)
Page 158: Managing Portchannel General Attributes
Choose the ISL you want to bring down. Step 3 Click OK to bring down the ISL, or click Cancel to close the dialog without bringing down an ISL. Step 4 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 14-4 OL-7753-01...
Page 159: About Load Balancing
Frame 1 Frame 2 Link 2 Frame 3 SID1, DID1, Exchange 2 Frame n Frame 1 Link 1 Frame 2 Link 2 Frame 3 SID2, DID2 Exchange 1 Frame n Cisco MDS 9000 Fabric Manager Switch Configuration Guide 14-5 OL-7753-01...
Page 160: Considerations For Portchannel Configurations
Each switch on either side of a PortChannel must be connected to the same number of interfaces. • • Each interface must be connected to a corresponding interface on the other side. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 14-6 OL-7753-01...
Page 161: Default Settings
Table 14-1 lists the default settings for PortChannels. Table 14-1 Default PortChannel Parameters Parameters Default PortChannels FSPF is enabled by default. Create PortChannel Administratively up. Default mode Auto. Quiesce Disabled. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 14-7 OL-7753-01...
Page 162 Chapter 14 Configuring PortChannels Default Settings Cisco MDS 9000 Fabric Manager Switch Configuration Guide 14-8 OL-7753-01...
Page 163: Configuring And Managing Zones
Recovering from Link Isolation, page 15-15 LUN Zoning, page 15-16 • • Read-Only Zoning, page 15-17 Default Settings, page 15-18 • Migrating a Non-MDS Database, page 15-18 • Using the Zone Wizard, page 15-18 • Cisco MDS 9000 Fabric Manager Switch Configuration Guide 15-1 OL-7753-01...
Page 164: Chapter 15 Configuring And Managing Zone
– Domain ID and port number—Specifies the domain ID of an MDS domain and additionally – specifies a port belonging to a non-Cisco switch. IP address—Specifies the IP address (and optionally the subnet mask) of an attached device. – Default zone membership includes all ports or WWNs that do not have a specific membership •...
Page 165: Zoning Example
H2 and S2 in zone 3, and to H1 and S1 in Zone 1. Figure 15-2 Fabric with Three Zones Zone 1 Fabric Zone 3 Zone 2 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 15-3 OL-7753-01...
Page 166: Configuring A Zone
FC alias—The alias name is in alphabetic characters (for example, Payroll) and denotes a port ID or WWN. The alias can also include multiple members. • Domain ID—The domain ID is an integer from 1 to 239. A mandatory port number of a non-Cisco switch is required to complete this membership configuration. •...
Page 167: Cloning Zones
FC alias—The alias name in alphabetic characters (for example, Payroll). • LUN—The logical unit number of a disk in a disk device. For more information about port identification types, refer to the Cisco 9000 Family Configuration Guide. To add members to a zone, follow these steps:...
Page 168: Displaying Port Membership Information
Right-click the object and choose Delete from the pop-up menu. The selected object is deleted from the Step 3 zone database. Configuring Aliases You can assign an alias name and configure an alias member using either the FC ID, fabric port WWN (fWWN), or pWWN values. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 15-6 OL-7753-01...
Page 169: Creating Zones With Aliases
Click the Aliases tab to see the aliases for that zone. Step 2 Zone Sets Figure 15-3, two separate sets are created, each with its own membership hierarchy and zone members. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 15-7 OL-7753-01...
Page 170: Active And Full Zone Set Considerations
An FC ID or Nx port that is not part of the active zone set belongs to the default zone and the default • zone information is not distributed to other switches. Figure 15-4 shows a zone being added to an activated zone set. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 15-8 OL-7753-01...
Page 171 Zone A Zone C Zone A Zone B Zone D Zone C Zone C Zone E Zone D Zone D Zone set Z1 Zone A Zone B Zone C Zone D Cisco MDS 9000 Fabric Manager Switch Configuration Guide 15-9 OL-7753-01...
Page 172: Distributing Zone Sets
Distributing Zone Sets All switches in the Cisco MDS 9000 Family distribute active zone sets when new E port links come up or when a new zone set is activated in a VSAN. The distribution takes effect while sending merge requests to the adjacent switch or while activating a zone set.
Page 173: Cloning Zone Sets
Click Activate. You see the zone set in the Active Zone Set folder. If one zone set is active and you activate another zone set, the currently active zone set is Note automatically deactivated. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 15-11 OL-7753-01...
Page 174: Deactivating Zone Sets
Click OK to export the active zone set, or click Close to close the dialog without exporting the active Step 6 zone set. Deleting Zone Sets or Members To delete zone sets or members, follow these steps. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 15-12 OL-7753-01...
Page 175: Clearing The Zone Database
Choose the first switch to be analyzed from the Check Switch 1 drop-down list. Step 2 Choose the second switch to be analyzed from the And Switch 2 drop-down list. Step 3 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 15-13 OL-7753-01...
Page 176: Zone Enforcement
Hard zoning enforces zoning restrictions on every frame, and prevents unauthorized access. Switches in the Cisco MDS 9000 Family support both hard and soft zoning. The Default Zone Each member of a fabric (in effect, a device attached to an Nx port) can belong to any zone. If a member is not part of any active zone, it is considered to be part of the default zone.
Page 177: Setting Default Zone Policy
“Exporting Active Zone Sets” section on • page 15-12. Manually resolve the conflict by editing the full zone set, activating the corrected zone set, and then • bringing up the link. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 15-15 OL-7753-01...
Page 178: Lun Zoning
Importing from one switch and exporting from another switch can lead to isolation again. LUN Zoning Logical unit number (LUN) zoning is a feature specific to switches in the Cisco MDS 9000 Family. LUN zoning can be implemented in Cisco MDS 9000 Family switches running Cisco MDS SAN-OS Release 1.2(x) or above.
Page 179: Assigning Luns To Storage Subsystems
LUN masking and mapping restricts server access to specific LUNs. If LUN masking is enabled on a storage subsystem and if you want to perform additional LUN zoning in a Cisco MDS 9000 Family switch, obtain the LUN number for each Host Bus Adapter (HBA) from the storage subsystem and then configure the LUN-based zone procedure provided in the preceding section.
Page 180: Migrating A Non-Mds Database
From the Fabric Manager, click the Zone Wizard icon in the Fabric Manager Zone toolbar (see Step 1 Figure 15-7). Figure 15-7 Zone Wizard Icon You see the Zone Wizard. Follow the prompts in the wizard to migrate the database. Step 2 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 15-18 OL-7753-01...
Page 181: About Ivr
IVR is not limited to VSANs present on a common switch. Routes that traverse one or more VSANs across multiple switches can be established, if necessary, to establish proper interconnections. IVR used in conjunction with FCIP provides more efficient business continuity or disaster recovery solutions. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 16-1 OL-7753-01...
Page 182: Ivr Features
Inter-VSAN zone sets (IVZS)—One or more IVZs make up an IVZS. You can configure up to 32 • IVZSs on any switch in the Cisco MDS 9000 Family. Only one IVZS can be active at any time. • IVR path—An IVR path is a set of switches and inter-switch links via which a frame from one end-device in one VSAN can reach another end-device in some other VSAN.
Page 183: C H A P T E R 16 Configuring Inter-Vsan Routing
Border switches require SAN-OS Release 1.3(1) or higher. • A border switch must be a member of two or more VSANs. • A border switch that facilities IVR communications must be IVR enabled. • Cisco MDS 9000 Fabric Manager Switch Configuration Guide 16-3 OL-7753-01...
Page 184: Configuring Ivr
The IVR feature must be enabled in all border switches in the fabric that participate in the IVR. By default, this feature is disabled in all switches in the Cisco MDS 9000 Family. To begin configuring the IVR feature, you must explicitly enable IVR on the required switches in the fabric.
Page 185: Creating Ivr Zones And Zone Sets
Zones folder and choose Insert from the pop-up menu. Enter the zone name in the dialog box that appears and click OK to add the zone. Step 2 The zone is automatically added to the zone database. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 16-5 OL-7753-01...
Page 186: Activating Ivr Zone Sets
Choose the source VSAN from which to copy the information from the drop-down list. Step 3 If you selected Copy Full, choose the source switch and the destination VSAN from those drop-down Step 4 lists. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 16-6 OL-7753-01...
Page 187: Recovering An Ivr Full Topology
Click Copy to copy the topology, or click Close to close the dialog without copying. IVR Interoperability When using the IVR feature, all border switches in a given fabric must be Cisco MDS switches. However, other switches in the fabric may be non-MDS switches. For example, end devices that are members of the active IVZS may be connected to non-MDS switches.
Page 188: Zones Versus Ivzs
If pwwn1 and pwwn2 are in an IVZ in the current as well as the new IVZS then activation of the new IVZS does not cause any traffic disruption between them. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 16-8...
Page 189: Configuring And Activating Ivzs And Ivzss
Be sure to repeat this configuration in all border switches participating in the IVR configuration. Using the Cisco MDS Fabric Manager, you can distribute IVZ configurations to all IVR-capable switches in the interconnected VSAN network. Refer to the Cisco MDS 9000 Family Fabric Manager User Guide for more information.
Page 190: Using The Zone Wizard
From the Fabric Manager, click the Zone Wizard icon in the Fabric Manager Zone toolbar. Step 1 Figure 16-2 Zone Wizard icon The Zone Wizard displays. Step 2 Follow the prompts in the wizard to migrate the database. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 16-10 OL-7753-01...
Page 191: Displaying Flogi Details
Managing FLOGI, Name Server, FDMI, and RSCN Databases This chapter describes the fabric login database, the name server features, and Registered State Change Notification (RSCN) information provided in the Cisco MDS 9000 Family. This chapter contains the following topics: •...
Page 192: C H A P T E R 17 Managing Flogi, Name Server, Fdmi, And Rscn Databases
(through SCR). These notifications provide a timely indication of one or more of the following events: Disks joining or leaving the fabric. • A name server registration change. • A new zone enforcement. • IP address change • Cisco MDS 9000 Fabric Manager Switch Configuration Guide 17-2 OL-7753-01...
Page 193: Sending Rscns
To configure proxy ports for the name server from Fabric Manager, choose FC > Name Server on the menu tree and click the Proxies tab. The Information pane from the Fabric Manager displays name server proxy ports for multiple switches. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 17-3 OL-7753-01...
Page 194: Viewing Name Server Statistics
To view FLOGI attributes from the Device Manager, choose FxPorts or All Ports from the Interface menu and click the FLOGI tab. The Information pane in Fabric Manager displays attributes for multiple switches. The dialog box from Device Manager displays attributes for a single switch. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 17-4 OL-7753-01...
Page 195: Viewing Port Elp Attributes
To view trunking for ports from the Device Manager, choose xEPorts from the Interface menu and then click the Trunk Failures tab. The Information pane in Fabric Manager displays attributes for multiple switches. The dialog box from Device Manager displays attributes for a single switch. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 17-5 OL-7753-01...
Page 196 Chapter 17 Managing FLOGI, Name Server, FDMI, and RSCN Databases Viewing Trunk Configuration Cisco MDS 9000 Fabric Manager Switch Configuration Guide 17-6 OL-7753-01...
Page 197: Configuring Switch Security
The authentication, authorization, and accounting (AAA) strategy is used to verify identity of, grant access, and track the actions of remote users in all switches in the Cisco MDS 9000 Family. The Remote Access Dial-In User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+) provide AAA solutions.
Page 198: C H A P T E R 18 Configuring Switch Security
Configuring Switch Security Switch Management Security Switch Management Security Management security in any switch in the Cisco MDS 9000 Family is implemented using the Command-line interface (CLI) or Simple Network Management Protocol (SNMP). SNMP Security The SNMP agent supports security features for SNMPv1, SNMPv2c, and SNMPv3. Normal SNMP security mechanisms apply to all applications that use SNMP (for example, Cisco MDS 9000 Fabric Manager).
Page 199: Authentication
ID and password combination provided by the person trying to manage the switch. Cisco MDS 9000 Family switches allow you to perform local authentication (using the lookup database) or remote authentication (using one or more RADIUS or TACACS+ servers).
Page 200: Server Groups
AAA Service Configuration Options AAA configuration in Cisco MDS switches is service based. You can have separate AAA configurations for following services: Telnet or SSH login—Choose Switches > Security > SSH.
Page 201: About Radius
RADIUS is a distributed client/server system that secures networks against unauthorized access. In the Cisco implementation, RADIUS clients run on Cisco MDS switches and send authentication requests to a central RADIUS server that contains all user authentication and network service access information.
Page 202: Setting The Radius Preshared Key
The Cisco RADIUS implementation supports one vendor-specific option using the format recommended in the specification. The Cisco vendor ID is 9, and the supported option is vendor type 1, which is named cisco-avpair. The value is a string with the following format:...
Page 203: Configuring Tacacs+
Account-Request frames from the RADIUS client on the switch, and it can only be used with the accounting protocol value. Configuring TACACS+ A Cisco MDS switch uses the Terminal Access Controller Access Control System plus (TACACS+) protocol to communicate with remote AAA servers. You can configure multiple TACACS+ servers and set timeout values.
Page 204: Enabling Tacacs+
• Enabling TACACS+ By default, the TACACS+ feature is disabled in all switches in the Cisco MDS 9000 Family. You must explicitly enable the TACACS+ feature to access the configuration and verification commands for fabric authentication. When you disable this feature, all related configurations are automatically discarded.
Page 205: Configuring Server Groups
ID and password combination provided by the person trying to manage the switch. The Cisco MDS 9000 Family switches allow you to perform local authentication (using the lookup database) or remote authentication (using one or more RADIUS servers or TACACS+ servers).
Page 206 No response No response Step 1 When you can log in to the required switch in the Cisco MDS 9000 Family, you have the option to use the Telnet, SSH, or Console login options. Step 2 When you configure server groups using the server group authentication method, an authentication request is sent to the first AAA server in the group.
Page 207: Configuring Role-Based Cli Authorization
When you are successfully authenticated through a remote AAA server, then the following possibilities Step 3 apply: If AAA server protocol is RADIUS, the user roles specified in cisco-av-pair attribute is downloaded • with authentication response If AAA server protocol is TACACS+, then another request is sent to the same server to get the user •...
Page 208: Configuring The Vsan Policy
To recover a administrator password, refer to the Cisco MDS 9000 Family Command Reference. Configuring SSH Services The Telnet service is enabled by default on all Cisco MDS 9000 Family switches. Before enabling the SSH service, generate a host key pair.
Page 209: Enabling Ssh Service
About SNMP Security SNMP is an application layer protocol that facilitates the exchange of management information between network devices. In all Cisco MDS 9000 Family switches, three SNMP versions are available: SNMPv1, SNMPv2c, and SNMPv3. (See Figure 18-2.)
Page 210: Snmp Version 1 And Version 2C
Message integrity—Ensures that a packet has not been tampered with in-transit. • Authentication—Determines the message is from a valid source. Encryption—Scrambles the packet contents to prevent it from being seen by unauthorized sources. • Cisco MDS 9000 Fabric Manager Switch Configuration Guide 18-14 OL-7753-01...
Page 211: Adding Snmp Users
Click Delete (Device Manager) or the Delete Row icon (Fabric Manager). Configuring and Creating SNMP User Roles To configure users roles, choose Security > SNMP from Device Manager, and click the Roles tab. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 18-15 OL-7753-01...
Page 212: Viewing Snmp Community And User Information
SNMP identically, if required. Configuring Common Roles From Release 1.2(x), CLI and SNMP in all switches in the Cisco MDS 9000 Family use common roles. You can use SNMP to modify a role that was created using CLI and vice versa.
Page 213: Creating And Modifying Users
CLI—You can create a user or modify an existing user using the snmp-server user command. • By default, only two roles are available in a Cisco MDS 9000 Family switch—network-operator and network-admin. You can also use any role that is configured in the Common Roles database.
Page 214: Creating Common Roles
The Rules dialog may take a few minutes to display. Click Create to create the common role, or click Close to close the Common Role dialog without Step 8 creating the common role. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 18-18 OL-7753-01...
Page 215: Editing Common Role Rules (Device Manager Only)
To assign users to roles through SNMP, refer to RFC2575. • To assign users to roles through the CLI, refer to the procedure specified in the Cisco MDS 9000 • Family Command Reference.
Page 216: Default Security Settings
TACACS+ key encryption clear text (0)—Not encrypted TACACS+ server connection attempts A switch tries to connect to a TACACS+ server once (1). TACACS+ Authentication port UDP port 49. VSAN policy Permit. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 18-20 OL-7753-01...
Page 217: Restricting Switch Access
Chapter 18 Configuring Switch Security Restricting Switch Access Restricting Switch Access You can restrict access to a Cisco MDS 9000 Family switch using IP Access Control Lists (IP-ACLs). Cisco MDS 9000 Fabric Manager Switch Configuration Guide 18-21 OL-7753-01...
Page 218 Chapter 18 Configuring Switch Security Restricting Switch Access Cisco MDS 9000 Fabric Manager Switch Configuration Guide 18-22 OL-7753-01...
Page 219: About Fabric Authentication
• About Fabric Authentication All switches in the Cisco MDS 9000 Family enable fabric-wide authentication from one switch to another switch, or from a switch to a host. These switches and hosts authentications are performed locally or remotely in each fabric. As storage islands are consolidated and migrated to enterprise-wide fabrics new security challenges arise.
Page 220: C H A P T E R 19 Configuring Fabric Security
It supports MD-5 and SHA-1 algorithm-based authentication. Configuring the DHCHAP feature requires the ENTERPRISE_PKG license. DHCHAP Compatibility with Existing MDS Features This sections identifies the impact of configuring the DHCHAP feature along with existing MDS features: Cisco MDS 9000 Fabric Manager Switch Configuration Guide 19-2 OL-7753-01...
Page 221: Configuring Dhchap Authentication
Verify the DHCHAP configuration. Enabling DHCHAP By default, the DHCHAP feature is disabled in all switches in the Cisco MDS 9000 Family. You must explicitly enable the DHCHAP feature to access the configuration and verification commands for fabric authentication. When you disable this feature, all related configurations are automatically discarded.
Page 222: Configuring The Dhchap Hash Algorithm
DHCHAP authentication. Configuring DHCHAP Groups All switches in the Cisco MDS Family support all DHCHAP groups specified in the standard: 0 (null DH group which does not perform the Diffie-Hellman exchange), 1, 2, 3, or 4. If you change the DH group configuration, ensure to change it globally for all switches in the fabric.
Page 223: Configuring Passwords For Other Devices
We recommend using RADIUS or TACACS+ for fabrics with more than five switches. If you need to use local password database, you can continue to do so using Approach 3 and using the Cisco MDS 9000 Family Fabric Manager to manage the password database. Refer to the Cisco MDS 9000 Family Fabric Manager User Guide for further information.
Page 224 Configuring Fabric Security Default Fabric Security Settings Table 19-2 Default Fabric Security Settings (continued) DHCHAP group default priority exchange order 0, 4, 1, 2, and 3 respectively. DHCHAP timeout value 30 seconds. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 19-6 OL-7753-01...
Page 225: Port Security Features
C H A P T E R Configuring Port Security All switches in the Cisco MDS 9000 Family provide port security features that rejects intrusion attempts and reports these intrusions to the administrator. Port security is only supported for Fibre Channel ports.
Page 226: Chapter 20 Configuring Port Security
The active configuration is copied to the running configuration when the binding is activated. Step 4 Uncheck the check box if you do not want the configuration copied when the binding is activated. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 20-2 OL-7753-01...
Page 227: Deleting A Port Binding
You can instruct the switch to automatically learn (auto-learn) the port security configurations over a specified period. The auto-learn option allows any switch in the Cisco MDS 9000 Family to automatically learn about devices and switches that connect to it. Use this feature to activate port security feature for the first time as it saves tedious manual configuration for each port.
Page 228: Displaying Activated Port Bindings
A switch on configured Permitted more switch ports ports A switch on other ports Denied Not configured Aport that is not Permitted if auto-learn configured option enabled Denied if auto-learn disabled Cisco MDS 9000 Fabric Manager Switch Configuration Guide 20-4 OL-7753-01...
Page 229: Authorization Scenario
P1 is bound to F1 P5, N1, F5 Denied N1 is only allowed on F2 P3, N3, F4 Permitted No conflict S1, F10 Permitted No conflict S2, F11 Denied P10 is bound to Cisco MDS 9000 Fabric Manager Switch Configuration Guide 20-5 OL-7753-01...
Page 230: Turning Auto-Learning On Or Off
Click in the AutoLearn column next to the switch for which you want to enable AutoLearning. Step 3 Choose on from the drop-down menu to turn on AutoLearning; choose off to turn off AutoLearning for Step 4 that switch. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 20-6 OL-7753-01...
Page 231: Manually Configuring Port Security
Configuring Port Security Manually Configuring Port Security Manually Configuring Port Security To configure port security in any switch in the Cisco MDS 9000 Family, follow these steps: Identify the WWN of the ports that need to be secured. Step 1 Secure the fWWN to an authorized nWWN or pWWN.
Page 232: Forcing Port Security Activation
You can overwrite the active database with the the active database. configured database by activating the port security database. An activation using the force option may violate the entries already configured in the active database. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 20-8 OL-7753-01...
Page 233: Displaying Port Security Statistics
Table 20-4 lists the default settings for all security features in any switch. Table 20-4 Default Security Settings Parameters Default Auto-learn Enabled if port security is enabled Port security Disabled Cisco MDS 9000 Fabric Manager Switch Configuration Guide 20-9 OL-7753-01...
Page 234 Chapter 20 Configuring Port Security Default Port Security Settings Cisco MDS 9000 Fabric Manager Switch Configuration Guide 20-10 OL-7753-01...
Page 235 Configuring Fibre Channel Routes, page 21-7 • Broadcast Routing, page 21-8 • In-Order Delivery, page 21-8 • Configuring Flow Statistics, page 21-10 • Viewing FSPF Statistics, page 21-10 • Default Settings, page 21-10 • Cisco MDS 9000 Fabric Manager Switch Configuration Guide 21-1 OL-7753-01...
Page 236: C H A P T E R 21 Configuring Fibre Channel Routing Services And Protocols
Figure 21-1 Fault Tolerant Fabric For example, if all links are of equal speed, the FSPF calculates two equal paths from A to C: A-D-C (green) and A-E-C (blue). Cisco MDS 9000 Fabric Manager Switch Configuration Guide 21-2 OL-7753-01...
Page 237: Redundant Links
Because switches in the Cisco MDS 9000 Family support PortChanneling, each pair of physical links can appear to the FSPF protocol as one single logical link.
Page 238: Configuring Fspf Globally
Step 2 Disabling FSPF Routing Protocols By default, FSPF is enabled on switches in the Cisco MDS 9000 Family. Link State Record Defaults Each time a new switch enters the fabric, a link state record (LSR) is sent to the neighboring switches, and then flooded throughout the fabric.
Page 239: Viewing Link State Records
Specifying Hello Time Intervals, page 21-6 Specifying Dead Intervals, page 21-6 • Disabling FSPF for Specific Interfaces, page 21-6 • Retransmitting Intervals, page 21-6 • Viewing FSPF Interface Statistics, page 21-7 • Cisco MDS 9000 Fabric Manager Switch Configuration Guide 21-5 OL-7753-01...
Page 240: Configuring Fspf Interfaces
You can specify the time after which an unacknowledged link state update should be transmitted on the interface. The integer value to specify retransmit intervals can range from 1 to 65,535 seconds. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 21-6...
Page 241: Viewing Fspf Interface Statistics
Complete the other fields on this window and click OK to add a route. Step 5 Configuring Fibre Channel Route Flows To view Fibre Channel flows and add a route flow, perform the following steps: Cisco MDS 9000 Fabric Manager Switch Configuration Guide 21-7 OL-7753-01...
Page 242: Broadcast Routing
Some Fibre Channel protocols or applications cannot handle out-of-order frame delivery. In these cases, switches in the Cisco MDS 9000 Family preserve frame ordering in the frame flow. The source ID (SID), destination ID (DID), and optionally the originator exchange ID (OX ID) identify the flow of the frame.
Page 243: Reordering Portchannel Frames
Frames which cannot be delivered in-order, through the old path, within the switch latency drop period are dropped. • The new frames are delivered through the new path after the switch latency drop period has elapsed. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 21-9 OL-7753-01...
Page 244: Enabling In-Order Delivery
Configuring Flow Statistics Enabling In-Order Delivery By default, in-order delivery is disabled on switches in the Cisco MDS 9000 Family. We recommend that you only enable this feature in a switch when devices are present in the switch that cannot handle any out-of-order frames. Load-balancing algorithms within the Cisco MDS 9000 Family ensure that frames are delivered in order during normal fabric operation.
Page 245: Default Settings
Static route cost If the cost (metric) of the route is not specified, the default is 10. Remote destination switch If the remote destination switch is not specified, the default is direct. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 21-11 OL-7753-01...
Page 246 Chapter 21 Configuring Fibre Channel Routing Services and Protocols Default Settings Cisco MDS 9000 Fabric Manager Switch Configuration Guide 21-12 OL-7753-01...
Page 247: Configuring Ip Services
C H A P T E R Configuring IP Services Cisco MDS 9000 Family switches can route IP traffic between Ethernet and Fibre Channel interfaces. The IP static routing feature is used to route traffic between VSANs. To do so, each VSAN must be in a different IP subnetwork.
Page 248: Chapter 22 Configuring Ip Service
Before you begin to configure the management interface manually, obtain the switch IP address and IP subnet mask. Also make sure the console cable is connected to the console port. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 22-2 OL-7753-01...
Page 249: Configuring The Default Gateway
IP routing between two switches using the in-band option for Fibre Channel traffic and the mgmt0 option for Ethernet traffic. When a VSAN is created, a VSAN interface is not created automatically. You need to specifically create the interface. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 22-3 OL-7753-01...
Page 250: Configuring The Default Network
To configure a default gateway, enter the IP address of the seed switch in the Gateway field. IP Access Control Lists IP Access control lists (IP-ACLs) provide basic network security to all switches in the Cisco MDS 9000 Family. IP-ACLs restrict IP-related MDS out-of-band management traffic and in-band traffic based on IP addresses (Layer 3 and Layer 4 information).
Page 251: Creating Ip-Acls
= less than • range = range of ports • Port numbers range from 0 to 65535 for TCP and UDP ports. displays the port numbers for associated TCP and UDP ports. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 22-5 OL-7753-01...
Page 252 ICMP packets are filtered by the ICMP message type or the message code. Both values range from 0 to 255. displays the value for each associated ICMP type. Table 22-2 ICMP Type Value ICMP Type Value echo echo-reply destination unreachable traceroute time exceeded Cisco MDS 9000 Fabric Manager Switch Configuration Guide 22-6 OL-7753-01...
Page 253: Applying Ip-Acls
Ethernet MAC frame with MAC address information. It refers to the Layer 2 MAC-layer information dumped to the log. For the output ACL, the raw Layer 2 information is not dumped to the log. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 22-7 OL-7753-01...
Page 254: Configuring Ipfc
Configure a default route on every switch in the Fibre Channel fabric pointing to the switch that provides Step 3 NMS access. Configure default gateway (route) and the IP address on switches that point to the NMS. Step 4 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 22-8 OL-7753-01...
Page 255: Configuring Multiple Vsans
Assign an IP address on every VSAN interface on the same subnet as the corresponding VSAN. Step 3 Step 4 Define the multiple static route on the Fibre Channel switches and the IP cloud. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 22-9 OL-7753-01...
Page 256: Managing Ipfc Connectivity With Multiple Vsans
To configure IPFC from the Device Manager, choose VSAN from the FC menu and click the General tab. Configuring VRRP Cisco MDS 9000 Family switches are compliant with RFC 2338 standards for Virtual Router Redundancy Protocol (VRRP) features. This section provides details on the VRRP feature.
Page 257: Vrrp Features
In both switch 1 and switch 2, the Ethernet interface is in VR 1 and the FC interface is in VR 2. Each virtual router is uniquely identified by the VSAN interface and the VR ID. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 22-11 OL-7753-01...
Page 258: Creating Or Removing A Virtual Router
To view IP addresses of the switches in the current fabric from the Fabric Manager, choose Switches from the menu tree. The Information pane displays IP address information for multiple switches. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 22-12 OL-7753-01...
Page 259: Managing Ip Addresses For Vrrp
You can configure the key using the authentication option in the VRRP submode and distribute it using the configuration file. The security parameter index (SPI) settings assigned in this option should be unique for each VSAN. All VRRP configurations must be duplicated Cisco MDS 9000 Fabric Manager Switch Configuration Guide 22-13 OL-7753-01...
Page 260: Setting The Priority Based On Interface State
You can track one of two interfaces on a switch in the Cisco MDS 9000 Family: a specified VSAN interface or a management interface. Configuring VRRP Operations Attributes To configure VRRP operations attributes from Device Manager, follow these steps: Choose IP >...
Page 261: Enabling Or Disabling Ip Forwarding
IP menu and view the TCP tab. Viewing UDP Information and Statistics To view User Datagram Protocol (UDP) information, from the Device Manager, choose Mgmt TCP/UDP from the IP menu and click the UDP tab. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 22-15 OL-7753-01...
Page 262: Viewing Ip Statistics
In the Device Manager, a prefix (In or Out) identifies whether the packets are received or transmitted. In the Fabric Manager, separate tabs on the Information pane are provided for incoming and outbound ICMP traffic and this prefix is omitted. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 22-16 OL-7753-01...
Page 263: Configuring Ficon
MDS offering by allowing inband management of the switch from FICON processors. FICON features can be implemented in any switch in the Cisco MDS 9000 Family running SAN-OS Release 1.3(x) or above. While no hardware changes are required, you do need the MAINFRAME_PKG license to configure FICON parameters.
Page 264: Chapter 23 Configuring Ficon
Displaying RLIR Information, page 23-26 About FICON The Cisco MDS 9000 Family supports Fibre Channel protocol (FCP), FICON, iSCSI, and FCIP capabilities within a single, high availability platform. This solution simplifies purchasing, reduces deployment and management costs, and reduces the complex evolution to shared mainframe and open systems storage networks.
Page 265: Mds-Specific Ficon Advantages
Further, the ports in each island may be over-provisioned depending on the fabric configuration. By using the Cisco MDS-specific VSAN technology, you can introduce greater efficiency between these physical fabrics by lowering the cost of over-provisioning and reducing the number of switches to be managed.
Page 266: Fcip Support
You can move assets between departments or applications without the expense and disruption of physical relocation of equipment. While you can configure up to 256 VSANs in any Cisco MDS switch, you can enable FICON in only eight of these VSANs.
Page 267: Portchannel Support
By default, the FICON feature is disabled in all switches in the Cisco MDS 9000 Family. When the FICON feature is disabled, FC IDs can be allocated seamlessly. Intermixed environments are addressed by the SAN-OS software.
Page 268: Ficon Port Numbering
FICON Port Numbering With reference to the FICON feature, ports in Cisco MDS switches are identified by a statically defined 8-bit value known as the port number. Port numbers are assigned based on the module and the slot in the chassis.
Page 269 Only Fibre Channel, PortChannel, and FCIP ports are mapped to FICON port numbers. Other types of interfaces do not have a corresponding port number. Table 23-1 lists the port number assignment for the Cisco MDS 9000 Family of switches and directors. Table 23-1 Cisco MDS 9000 Family Port Number Assignments...
Page 270: Port Addresses
Chapter 23 Configuring FICON FICON Port Numbering Table 23-1 Cisco MDS 9000 Family Port Number Assignments (continued) Slot 3 Ports 64 through Slot 4 Ports 96 through Slot 5 None Supervisor modules are not allocated port numbers. Slot 6 None...
Page 271: Implemented And Unimplemented Port Addresses
IPS modules slot. If an IPS module is in Slot 9 in a Cisco MDS 9509 Director, the available range of port numbers is 192 through 223.
Page 272: Port Numbering Summary
Chapter 23 Configuring FICON FICON Port Numbering Figure 23-4 FCIP Port Numbers in the Cisco MDS 9000 Family Module 1 16-Port module 0 1 2 3 4 5 6 7 8 9 10 11 11 13 14 15 Module 2 32-Port module...
Page 273: Fc Id Allocation
You cannot configure persistent FC IDs in FICON-enabled VSANs. Note Cisco MDS switches have a dynamic FC ID allocation scheme. When FICON is enabled or disabled on a VSAN, all the ports are flapped to switch from the dynamic to static FC IDs and vice versa.
Page 274: Enabling Ficon
Chapter 23 Configuring FICON Enabling FICON Enabling FICON By default FICON is disabled in all switches in the Cisco MDS 9000 Family. You can enabled FICON on a per VSAN basis in one of two ways: Manually addressing each prerequisite. •...
Page 275: Creating Ficon Vsans (Enabling Ficon) Using Device Manager
The VSAN that is created here does not need to be a new VSAN. It is a new FICON VSAN. When a new FICON VSAN is created, static (insistent) domain IDs, in-order delivery, and fabric binding must be enabled so the FICON VSAN can operate. When you enable the FICON feature in Cisco MDS switches, the following apply: The IPL configuration file is automatically created (see the “FICON Configuration Files”...
Page 276: Viewing Ficon Director History
Configuring Code Page FICON strings are coded in Extended Binary-Coded Decimal Interchange Code (EBCDIC) format. Refer to your mainframe documentation for details on the code page options. Cisco MDS switches support international-5, france, brazil, germany, italy, japan, spain-latinamerica, uk, and us-canada (default) EBCDIC format options.
Page 277: Binding Port Numbers To Portchannels
You can bind (or associate) an FCIP interface with a FICON port number to the selected PortChannel interface. Configuring FICON Ports You can perform FICON configurations on a per-port address basis in the Cisco MDS 9000 Family of switches. Even if a port is uninstalled, the port address-based configuration is accepted by the Cisco MDS switch.
Page 278: Prohibiting Ports
Click Port Configuration to display the Port Configuration dialog box. Step 4 Enter the port configuration information. Click Apply to save the configuration information, or click Step 5 Cancel to close the dialog box without saving the changes. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 23-16 OL-7753-01...
Page 279: Viewing Ficon Port Attributes
The file format is proprietary to IBM TM. These files can be read and written by IBM hosts using the inband CUP protocol. Additionally, you can use the Cisco MDS CLI or FM applications to operate these FICON configuration files Multiple FICON configuration files with the same name can exist in the same switch, provide they reside in different VSANs.
Page 280: Accessing Ficon Configuration Files
Enter the File Name. Step 5 Enter the Description. Step 6 Click Create to create the new file, or click Close to close the dialog box without creating the file. Step 7 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 23-18 OL-7753-01...
Page 281: Deleting Ficon Files
Step 3 Port Swapping The port swap FICON feature is only provided for maintenance purposes and is supported in all switches in the Cisco MDS 9000 Family support this feature. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 23-19 OL-7753-01...
Page 282: Port Swapping Guidelines
To view the latest FICON information, you must click the Refresh button. See the “FICON Information Note Refresh Note” section on page 23-15 for more information. To swap ports, follow these steps: Cisco MDS 9000 Fabric Manager Switch Configuration Guide 23-20 OL-7753-01...
Page 283: Clearing Ficon Device Allegiance
The CUP specification is proprietary to IBM. CUP is supported by switches and directors in the Cisco MDS 9000 Family. The CUP function allows the mainframe to manage the MDS switches. Host communication includes control functions like blocking/unblocking ports, as well as monitoring and error reporting functions.
Page 284: Port Security Versus Fabric Binding
To configure fabric binding in each switch in the fabric, follow these steps. Enable the fabric configuration feature Step 1 Configure a list of sWWNs and their corresponding domain IDs for devices that are allowed to access Step 2 the fabric. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 23-22 OL-7753-01...
Page 285: Enabling Fabric Binding
The fabric binding feature must be enabled in each switch in the fabric that participate in the fabric binding. By default, this feature is disabled in all switches in the Cisco MDS 9000 Family. The configuration and verification commands for the fabric binding feature are only available when fabric binding is enabled on a switch.
Page 286: Activating Fabric Binding
The fabric binding feature must be enabled in each switch in the fabric that participate in the fabric binding. By default, this feature is disabled in all switches in the Cisco MDS 9000 Family. To activate fabric binding, follow these steps: From Device Manager, choose FICON >...
Page 287: Creating A Fabric Binding Configuration
To view fabric binding violations, follow these steps: From Device Manager, choose FICON > Fabric Binding. You see the Fabric Binding dialog box. Step 1 Click the Violations tab to display fabric binding violations. Step 2 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 23-25 OL-7753-01...
Page 288: Clearing Fabric Binding Statistics
The Registered Link Incident Report (RLIR) application provides a method for a switchport to send a LIR to a registered Nx-port. When a Link Incident Record (LIR) is detected in FICON-enabled switches in the Cisco MDS 9000 Family form a RLIR Extended Link Service (ELS) and sends it to the members in it’s Established Registration List (ERL).
Page 289: Ip Storage Services Module
Channel over IP (FCIP), and allows IP hosts to access Fibre Channel storage using iSCSI protocol. FCIP and iSCSI features are specific to the IPS module and can be implemented in Cisco MDS 9216 switches or Cisco MDS 9500 Directors running Cisco MDS SAN-OS Release 1.1(x) or above.
Page 290: Chapter 24 Configuring Ip Storage
Chapter 24 Configuring IP Storage Configuring Gigabit Ethernet Interfaces FCIP—FCIP transports Fibre Channel frames transparently over an IP network between two Cisco • MDS 9000 Family switches or other FCIP standards-compliant devices. The figure below depicts the FCIP scenarios in which the IPS module is used.
Page 291: About Gigabit Ethernet Interfaces
If you need to have traffic from multiple VLANs terminated on one IPS port, configure subinterfaces—one for each VLAN. Use the VLAN ID as a subscription to the Gigabit Ethernet interface name to create the subinterface name <the slot-number>/<port-number>.<VLAN-ID>). Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-3 OL-7753-01...
Page 292: Verifying Gigabit Ethernet Connectivity
Configuring IP Storage Configuring Gigabit Ethernet Interfaces If the IPS module is connected to a Cisco Ethernet switch, and you need to have traffic from multiple VLANs coming to one IPS port, verify the following requirements on the Ethernet switch: The Ethernet switch port connected to the IPS module is configured as a trunking port.
Page 293: Configuring Ethernet Portchannels
IP address or the IP port, multiple iSCSI initiators are required to take advantage of the Ethernet PortChannel feature. The Cisco Ethernet switch’s PortChannel should be configured as a static PortChannel, and not the default 802.3aa protocol.
Page 294: Configuring Cdp
PortChannel if one of the following cases apply: - if the interface already has an IP address assigned, or - if subinterfaces are configured on that interface. Configuring CDP The Cisco Discovery Protocol (CDP) is supported on the management Ethernet interface on the supervisor module and the Gigabit Ethernet interface on the IPS module. IPS Core Dumps IPS core dumps are different from the system kernel core dumps for other modules.
Page 295: Configuring Fcip
A virtual ISL is established over a FCIP link and transports Fibre Channel traffic. Each associated virtual ISL looks like a Fibre Channel ISL with either an E port or a TE port at each end. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-7...
Page 296: Fcip Link
When the FCIP link comes up, the VE ports at both ends of the FCIP link create a virtual Fibre Channel (E)ISL and initiate the E port protocol to bring up the (E)ISL. By default, the FCIP feature on any Cisco MDS 9000 Family switch creates two TCP connections for each FCIP link.
Page 297: Fcip Interface
To begin configuring the FCIP feature, you must explicitly enable FCIP on the required switches in the fabric. By default, this feature is disabled in all switches in the Cisco MDS 9000 Family. The configuration and verification commands for the F IP feature are only available when FCIP is enabled on a switch.
Page 298: Creating Fcip Profiles
Virtual (E) ISL Switch 2 Switch 1 IP router IP router network IP address of Gigabit Ethernet IP address of Gigabit Ethernet interface 3/1 = 10.1.1.1 interface 3/1 = 10.100.1.25 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-10 OL-7753-01...
Page 299: Creating Fcip Tunnels With Device Manager
To create and manage FCIP tunnels with Device Manager, first verify that the IPS module is inserted in the required Cisco MDS 9000 Family switches, and that the switches’ Gigabit Ethernet interfaces are connected and the connectivity verified using the ping command. The steps in creating FCIP tunnels are: Assigning FCIP Profiles, page 24-11 •...
Page 300: Verifying Interfaces
Open Device Manager. Choose IP > FCIP. Step 3 Click the Trunk Status tab (if it is not already selected) to see the FCIP Trunk Status dialog box. Step 4 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-12 OL-7753-01...
Page 301: Checking For Interface Errors
To create and manage FCIP tunnels with Fabric Manager, you use the FCIP Wizard. First verify that the IPS module is inserted in the required Cisco MDS 9000 Family switches, and that the switches’ Gigabit Ethernet interfaces are connected and the connectivity verified. The steps in creating FCIP tunnels using...
Page 302: Configuring Tcp Listener Ports
By default, PMTU discovery is enabled on all switches with a default timeout of 3600 seconds. If TCP reduces the size of the max segment because of PMTU change, the reset-timeout specifies the time after which TCP tries the original MTU. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-14 OL-7753-01...
Page 303 TCP transmission. The receiving TCP sends back SACK advertisements to the sender. The sender can then retransmit only the missing data segments. By default, SACK is enabled on Cisco MDS 9000 Family switches. Window Management The optimal TCP window size is computed using the max-bandwidth option, the min-available-bandwidth option, and the dynamically-measured round-trip-time (RTT).
Page 304: Advanced Fcip Interface Configuration
Refer to the Fibre Channel IP standards for further information on special frames. Special frame negotiation provides an additional authentication security mechanism because the link validates the WWN of the peer switch. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-16 OL-7753-01...
Page 305: Configuring Active Connection
(2) TCP connections for each FCIP link. You can configure 1 or 2 TCP connections. For example, the Cisco PA-FC-1G Fibre Channel port adapter which has only 1 (one) TCP connection interoperates with any switch in the Cisco MDS 9000 Family. One TCP connection is within the specified limit and you can change the configuration on the switch using the tcp-connection 1 command.
Page 306 E ports, and are therefore incompatible. This is reflected by the terminology used in FC-BB-2: while VE ports establish a virtual ISL over a FCIP link, B ports use a B access ISL. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-18...
Page 307: E Port Configurations
FCIP interface The B port feature in the IPS module allows remote B port SAN extenders to communicate directly with a Cisco MDS 9000 Family switch, therefore eliminating the need for local bridge devices. Configuring B Ports When a FCIP peer is a SAN extender device that only supports Fibre Channel B ports, you need to enable the B port mode for the FCIP link.
Page 308: Configuring Fcip Write Acceleration
The write acceleration feature is disabled by default and must be enabled on both sides of the FCIP link. If it is only enabled on one side of the FCIP tunnel, the tunnel will not initialize. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-20...
Page 309: Enabling Fcip Compression
This feature uses the Lempel-Zif-Stac (LZS) compression algorithm to compress packets. The high-throughput mode allows faster compression but the compression ratio may be lower. The high-comp-ratio mode allows a higher compression ratio, but the throughput may be lower. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-21 OL-7753-01...
Page 310: Fibre Channel Portchannels
Each FCIP link is a separate (E)ISL. • The FCIP links can connect to different switches across two SAN islands. • • The Fibre Channel traffic is load balanced across the FCIP link. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-22 OL-7753-01...
Page 311: Vrrp
The Gigabit Ethernet link level redundancy ensures a transparent failover if one of the Gigabit • Ethernet links fails. Two Gigabit Ethernet ports in one Ethernet PortChannel appears like one logical Gigabit Ethernet • link. The FCIP link stays up during the failover. • Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-23 OL-7753-01...
Page 312: Ethernet Portchannels And Fibre Channel Portchannels
Access Control in iSCSI, page 24-36 • iSCSI User Authentication, page 24-37 • Advanced iSCSI Configuration, page 24-38 • iSCSI High Availability, page 24-39 • iSCSI Authentication Setup Guidelines, page 24-42 • Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-24 OL-7753-01...
Page 313: About Iscsi
Fibre Channel host (in transparent mode), i.e. Host Bus Adaptor (HBA) to the Fibre Channel storage device. The storage device responds to each IP host as if it were a Fibre Channel host connected to the Fibre Channel network. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-25 OL-7753-01...
Page 314: Enabling Iscsi
To begin configuring the iSCSI feature, you must explicitly enable iSCSI on the required switches in the fabric. By default, this feature is disabled in all switches in the Cisco MDS 9000 Family. The configuration and verification commands for the iSCSI feature are only available when iSCSI is enabled on a switch.
Page 315: Routing Iscsi Requests And Responses
Fibre Channel storage devices in the Fibre Channel SAN that are accessible from any Fibre Channel interface of the Cisco MDS 9000 Family switch. Each iSCSI host that requires access to storage via the IPS module needs to have a compatible iSCSI driver installed.
Page 316: Dynamic Importing
Ports that are part of a PortChannel use this format: • iqn.1987-02.com.cisco:05.<mgmt-ip-address>.pc-<port-ch-sub-intf#>.<Target-pWWN> With this format, each IPS port in a Cisco MDS 9000 Family switch creates a different iSCSI target node name for the same Fibre Channel target. Configuring Dynamic Importing with Device Manager...
Page 317 Secondary access = pWWN 2 Figure 24-22, you can create a virtual iSCSI target that is mapped to both pWWN1 and pWWN2 to provide redundant access to the Fibre Channel targets. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-29 OL-7753-01...
Page 318 If you use LUN mapping, you can define a different secondary Fibre Channel LUN if the LU number is different. Refer to the Cisco MDS 9000 Family Configuration Guide for details on setting the secondary pWWN. Enable the revert to primary port option to direct the IPS port to switch back to the primary port when the primary port is up again.
Page 319: Iscsi Virtual Target Configuration Examples
Assigning iSCSI Node Names Example 2 This example maps a subset of LUNs of a Fibre Channel target to three iSCSI virtual targets. Each iSCSI target only has one LUN. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-31 OL-7753-01...
Page 320: Presenting Iscsi Hosts As Virtual Fibre Channel Hosts
Fibre Channel target. • —Used if an iSCSI host should always have the same pWWN or nWWN each time it connects to a Fibre Channel target. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-32 OL-7753-01...
Page 321: Dynamic Mapping
If an iSCSI host connects to multiple IPS ports, each port independently creates one virtual N port for the host. If static mapping is used, enough pWWNs should be configured for as many IPS ports to which a host connects. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-33 OL-7753-01...
Page 322: Making The Dynamic Initiator Wwn Mapping Static
This process can be quite cumbersome. The Proxy initiator feature allows all iSCSI initiators to connect through one IPS port making it appear as one Fibre Channel Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-34...
Page 323: Configuring The Iscsi Proxy Initiator
IP 10.1.1.3 Fabric host for an IPS port IP-10.1.1.1 iSCSI iSCSI pWWN-P9 nWWN-N9 FCID-XXXX09 pWWN-P6 nWWN-N6 FCID-XXXX06 Configuring the iSCSI Proxy Initiator To configure the proxy initiator, follow these steps: Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-35 OL-7753-01...
Page 324: Access Control In Iscsi
For static iSCSI targets, you can manually configure a list of iSCSI initiators that are allowed to access it. The iSCSI initiator is identified by the iSCSI node name or the IP address of the iSCSI host. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-36...
Page 325: Enforcing Access Control
IPS module allows either CHAP authentication or no authentication from iSCSI hosts. The authentication for a Gigabit Ethernet interface or subinterface configuration overrides the Note authentication for the global interface configuration. To configure an authentication method for iSCSI, follow these steps: Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-37 OL-7753-01...
Page 326: Configuring An Iscsi Radius Server
Configuring an iSCSI RADIUS Server To configure an iSCSI RADIUS server, follow these steps: Configure the RADIUS server to allow access from the Cisco MDS switch's management Ethernet IP Step 1 address. Configure the shared secret for the RADIUS server to authenticate the Cisco MDS switch.
Page 327: Setting The Qos Values
Ethernet PortChannel-Based High Availability • Multiple IPS Ports Connected to the Same IP Network Figure 24-29 provides an example of a configuration with multiple Gigabit Ethernet interfaces in the same IP network. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-39 OL-7753-01...
Page 328: Vrrp-Based High Availability
If one Gigabit Ethernet interface fails, the host multi-pathing software is not affected because it can use the second path. VRRP-Based High Availability Figure 24-30 provides an example of a VRRP-based high availability iSCSI configuration. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-40 OL-7753-01...
Page 329: Ethernet Portchannel-Based High Availability
Ethernet PortChannel-Based High Availability All iSCSI data traffic for one iSCSI link is carried on one TCP connection. Consequently, the aggregated bandwidth will be one Gbps for that iSCSI link. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-41 OL-7753-01...
Page 330: Iscsi Authentication Setup Guidelines
Effective Release 1.3(1), the Internet Storage Name Service (iSNS) client feature is available in all switches in the Cisco MDS 9000 Family with IPS modules installed. iSNS services allow your existing TCP/IP networks to function more effectively as storage area networks by automating the discover and management of iSCSI devices.
Page 331: Creating An Isns Profile
Click the General tab. You see the General interface configuration table. Choose the iSNS ProfileName. Step 3 Click Apply to save these changes, or click Cancel to discard changes. Step 4 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-43 OL-7753-01...
Page 332: Default Ip Storage Settings
Table 24-3 lists the default settings for iSCSI parameters. Table 24-3 Default iSCSI Parameters Parameters Default Number of TCP connections One per iSCSI session. Fibre Channel targets to iSCSI Not imported. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-44 OL-7753-01...
Page 333: Using The Ip Filter Wizard
Click the Create Row icon. You see the Create Profile dialog box. Step 3 Choose the switches you want to include in the profile by checking the check box next to the switch’s Step 4 address. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-45 OL-7753-01...
Page 334: Adding Ip Filters To Profiles
Select the switches you want to include in the profile, by checking the check boxes next to the switch’s Step 4 address. Enter an interface name in the Name field. Step 5 Choose the profile direction (either inbound or outbound). Step 6 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-46 OL-7753-01...
Page 335: Deleting Ip Profiles
Click the row you want to delete. If you want to delete multiple rows, hold down the Shift key while Step 3 clicking rows. Click the Delete Row icon to delete the filter from the profile Step 4 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-47 OL-7753-01...
Page 336 Chapter 24 Configuring IP Storage Deleting IP Filters Cisco MDS 9000 Fabric Manager Switch Configuration Guide 24-48 OL-7753-01...
Page 337: Configuring Call Home
XML-based automated parsing applications. Common uses of this feature may include direct paging of a network support engineer, e-mail notification to a Network Operations Center, and utilization of Cisco AutoNotify services for direct case generation with the Technical Assistance Center.
Page 338: Chapter 25 Configuring Call Home
For those who have service contracts directly with Cisco Systems, automatic case generation with the Technical Assistance Center is possible through registration with the AutoNotify service. AutoNotify provides fast time to resolution of system problems by providing a direct notification path to Cisco customer support.
Page 339: Assigning Contact Information
Your name, company address, your email address, and your CCO ID. • The serial number of your Cisco MDS 9000 Family switch. This can be obtained by looking at the • serial number label on the back of the switch (next to the power supply).
Page 340: Configuring Message Levels
The command output is included in the transmitted message. Table 25-2 lists the trigger events. lists event categories and command outputs. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 25-4 OL-7753-01...
Page 341 CISCO_TAC Supervisor module SUP_FAILURE Supervisor and CISCO_TAC module operation failed. POWER_UP_DIA Supervisor module GNOSTICS_FAIL failed power up diagnostics. Call Home Supervisor INBAND_FAIL Failure of inband Hardware and communications CISCO_TAC path Cisco MDS 9000 Fabric Manager Switch Configuration Guide 25-5 OL-7753-01...
Page 342 Switching module hardware Events related to standard or show tech-support intelligent switching modules. Supervisor hardware Events related to supervisor show tech-support modules. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 25-6 OL-7753-01...
Page 343: Call Home Message Severity Levels
This section discusses the severity levels for a Call Home message when using one or more switches in the Cisco MDS 9000 Family. Severity levels are preassigned per event type. Call Home severity levels are not the same as system message logging severity levels. Severity levels range from 0 to 9, with 9 having the highest urgency.
Page 344: Message Contents
Message name Name of message. /mml/header/name Message type Specifically “Call Home”. /mml/header/type Message group Specifically “reactive”. /mml/header/group Severity level Severity level of message. /mml/header/level Source ID Product type for routing. /mml/header/source Cisco MDS 9000 Fabric Manager Switch Configuration Guide 25-8 OL-7753-01...
Page 345 ID by any support service. Site ID Optional user-configurable field /mml/ header/siteId used for Cisco-supplied site ID or other data meaningful to alternate support service. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 25-9 OL-7753-01...
Page 346 Chassis serial number of the /mml/body/chassis/serialNo unit. Chassis part number Top assembly number of the /mml/body/chassis/partNo chassis. Chassis hardware version Hardware version of chassis. /mml/body/chassis/hwVersion Supervisor module software Top level software version. /mml/body/chassis/swVersion version Cisco MDS 9000 Fabric Manager Switch Configuration Guide 25-10 OL-7753-01...
Page 347: Call Home Configuration Overview
The Cisco MDS 9000 switch must have IP connectivity to an E-mail server. • To use Cisco AutoNotify you must obtain an active service contract for the device. • To configure Call Home, use the different tabs on the Call Home dialog box, as summarized below:...
Page 348: Configuring Call Home Attributes
To identify your SMTP server from the Fabric Manager, choose Events > Call Home on the menu tree and click the Email Setup tab. The Information pane from the Fabric Manager displays Call Home information for multiple switches. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 25-12 OL-7753-01...
Page 349: Configuring Call Home Alerts
Profiles tab. The dialog box with the Alerts tab selected from the Device Manager displays Call Home attributes for a single switch. Configure the profile attributes for the Call Home feature. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 25-13 OL-7753-01...
Page 350 Chapter 25 Configuring Call Home Configuring Call Home Profiles Cisco MDS 9000 Fabric Manager Switch Configuration Guide 25-14 OL-7753-01...
Page 351: Configuring Domain Parameters
Stopping Incoming RCFs, page 26-8 • Configuring Persistent FC IDs, page 26-8 • Enabling Persistent FC IDs, page 26-10 • Purging Persistent FC IDs, page 26-11 • Default Settings, page 26-12 • Cisco MDS 9000 Fabric Manager Switch Configuration Guide 26-1 OL-7753-01...
Page 352: About Fcdomain Phases
Switch 99 (subordinate) 99.1.1 Domain IDs and VSAN values used in all procedures are only provided as examples. Be sure to use IDs Note and values that apply to your configuration. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 26-2 OL-7753-01...
Page 353: C H A P T E R 26 Configuring Domain Parameters
The local switch sends a configured domain ID request to the principal switch. The principal switch assigns the requested domain ID if available, otherwise, it assigns another available domain ID. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 26-3 OL-7753-01...
Page 354: Configuring Domain Attributes
From this dialog box you can specify a fabric name for fabric logins on the VSAN and set the priority for the switch used in the principal switch selection process. Configure the principal attributes for the domain. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 26-4 OL-7753-01...
Page 355: Managing Running Attributes For Domains
To configure domain interfaces from the Device Manager, choose Domain Manager from the FC menu and click the Interfaces tab. The Domain Manager dialog box, with the Interfaces tab selected, displays domain interfaces for a single switch. Configure the attributes for domain interfaces. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 26-5 OL-7753-01...
Page 356: Viewing Domain Areas
ID list and separate each range with a comma. The principal switch ensures that the domain requested by any switch in the fabric is specified in the allowed list. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 26-6...
Page 357: Merging Stable Fabrics
By default, the fcdomain feature is enabled on each switch. If you disable the fcdomain feature in a switch, that switch can no longer participate with other switches in the fabric. The fcdomain configuration is applied to runtime through a disruptive restart. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 26-7 OL-7753-01...
Page 358: Setting The Fabric Name
To configure persistent FC IDs from the Fabric Manager, choose FC > Domain Manager on the menu tree and click the Persistent FCIDs tab. The Information pane from the Fabric Manager displays persistent FC IDs for multiple switches. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 26-8 OL-7753-01...
Page 359: Creating A Persistent Fc Id
For information about using the command line interface (CLI), refer to the Cisco 9000 Family Configuration Guide. If you connect to the switch from an AIX or HP-UX host, be sure to create the persistent FC ID in the Note VSAN that connects these hosts.
Page 360: Configuring Persistent Fc Ids Manually
VSANs configured after that stage. VSANs configured before that stage will remain unchanged. When a N or NL port logs into a Cisco MDS 9000 Family switch, it is assigned a FC ID. By default, the persistent FC ID feature is disabled. If this feature is disabled, the following consequences apply:...
Page 361: Purging Persistent Fc Ids
Configuring Domain Parameters Purging Persistent FC IDs A N or NL port logs into a Cisco MDS 9000 Family switch, the WWN of the requesting N or NL • port and the assigned FC ID, are retained and stored in a volatile cache. The contents of this volatile cache are not saved across reboots.
Page 362: Default Settings
Configured domain ID 0 (zero). Configured domain option Preferred. auto-reconfigure option Disabled. contiguous-allocation option Disabled. Priority 128. Allowed list 1 to 239. Fabric-name 20:01:00:05:30:00:28:df. rcf-reject Disabled. Persistent FC ID Disabled (globally configurable). Cisco MDS 9000 Fabric Manager Switch Configuration Guide 26-12 OL-7753-01...
Page 363 C H A P T E R Configuring Traffic Management Fibre Channel Congestion Control (FCC) is a Cisco proprietary flow control mechanism that alleviates congestion on Fibre Channel networks. Quality of service (QoS) offers the following advantages: Provides relative bandwidth guarantee to application traffic.
Page 364: C H A P T E R 27 Configuring Traffic Management
If the Fibre Channel DID is directly connected to one of the switch ports, the input rate limit is • applied to that port. If the destination of the edge quest frame is a Cisco domain or the next hop is a Cisco MDS 9000 • Family switch, the frame is forwarded.
Page 365: Control Traffic
Backup processing requires high bandwidth but is not sensitive to latency. In a network that does not support service differentiation, all traffic is treated identically; they experience similar latency and get similar bandwidths. The QoS feature in all switches in the Cisco MDS 9000 Family provides these guarantees from SAN-OS Release 1.3(x).
Page 366: Configuring Data Traffic
To achieve this traffic differentiation, be sure to enable FCC. Configuring Data Traffic To configure QoS, follow these steps. Enable the QoS feature. Step 1 Create and define class maps. Step 2 Define service policies. Step 3 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 27-4 OL-7753-01...
Page 367: Enabling Qos For Data Traffic
Use the policy-map option to specify the class of service. The policy map name is restricted to 63 alphanumeric characters. Class-maps are processed in the order in which they are configured in each policy-map. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 27-5 OL-7753-01...
Page 368: Applying A Service Policy
MAC. Port rate limiting works on all Fibre Channel ports. Port rate limiting can only be configured in switches in the Cisco MDS 9100 Series. This command can only be configured if the following conditions hold true: The QoS feature is enabled using the qos enable command.
Page 369 Configuring Traffic Management Default Settings Table 27-1 Default FCC, QoS, and Rate Limiting Settings Parameters Default FCC protocol Disabled. QoS control traffic Enabled. QoS data traffic Disabled. Rate limit 100% Cisco MDS 9000 Fabric Manager Switch Configuration Guide 27-7 OL-7753-01...
Page 370 Chapter 27 Configuring Traffic Management Default Settings Cisco MDS 9000 Fabric Manager Switch Configuration Guide 27-8 OL-7753-01...
Page 371: About System Message Logging
C H A P T E R Configuring System Message Logging This chapter describes how to configure system message logging on the Cisco MDS 9000 Family switches. This chapter contains the following topics: About System Message Logging, page 28-1 •...
Page 372: C H A P T E R 28 Configuring System Message Logging
Cisco MDS 9000 Family specific securityd Security Cisco MDS 9000 Family specific syslog Internal syslog messages Standard sysmgr System manager Cisco MDS 9000 Family specific tlport TL port Cisco MDS 9000 Family specific Cisco MDS 9000 Fabric Manager Switch Configuration Guide 28-2 OL-7753-01...
Page 373: Configuring System Message Logging
Debugging messages LOG_DEBUG Refer to the Cisco MDS 9000 Family System Messages Guide for details on the error log message format. Configuring System Message Logging System logging messages are sent to the console based on the default (or configured) logging facility and severity values.
Page 374: Enabling Message Logging
Add the following line to the file /etc/syslog.conf Step 1 local1.debug /var/log/ myfile.log Be sure to add five tab characters betweenlocal1.debug and /var/log/myfile.log. Refer to entries in the /etc/syslog.conf file for further examples. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 28-4 OL-7753-01...
Page 375: Outgoing Syslog Server Logging Facilities
Standard (local7 is the default) Line printer system Standard mail Mail system Standard news USENET news Standard syslog Internal syslog messages Standard user User process Standard uucp Unix-to-Unix copy system Standard Cisco MDS 9000 Fabric Manager Switch Configuration Guide 28-5 OL-7753-01...
Page 376: Configuring Syslog Servers
Servers tab selected displays syslog information for a single switch. Configure the priorities for the syslog. Step 2 Default Settings Table 28-4 lists the default settings for system message logging. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 28-6 OL-7753-01...
Page 377: About Snmp Events
About SNMP Events SNMP is an application layer protocol that facilitates the exchange of management information between network devices. Cisco MDS 9000 Family switches, like other SNMP-enabled devices, send events (traps and informs) to configurable destinations, called trap receivers in SNMPv2.
Page 378: Configuring Event Security
Choose the ports you want to monitor. Step 3 Click OK to accept the selection. Step 4 Alternatively, click the appropriate radio button to select ports by type (All ports, xE ports, or Fx port). Cisco MDS 9000 Fabric Manager Switch Configuration Guide 28-8 OL-7753-01...
Page 379: Enabling Rmon Alarms For Vsans
Manager and click the Physical tab. You see the Create RMON Alarms dialog box with the Physical tab selected. To configure an RMON alarm for a physical component, follow these steps: Cisco MDS 9000 Fabric Manager Switch Configuration Guide 28-9 OL-7753-01...
Page 380: Configuring Rmon Controls
Choose Event s> Threshold Manager, and then click More in the Threshold Manager dialog box. Step 2 Click the Events tab on the RMON Thresholds dialog box. You see the RMON Events dialog box. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 28-10 OL-7753-01...
Page 381: Viewing The Rmon Log
Choose Events > Threshold Manager, and then click More in the Threshold Manager dialog box. Step 1 Click the Log tab on the RMON Thresholds dialog box. You see the RMON Log dialog box. Step 2 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 28-11 OL-7753-01...
Page 382 Chapter 28 Configuring System Message Logging About RMON Facilities Cisco MDS 9000 Fabric Manager Switch Configuration Guide 28-12 OL-7753-01...
Page 383: About Scsi Lun Discovery
C H A P T E R Discovering SCSI Targets This chapter describes the SCSI LUN discovery feature provided in switches in the Cisco MDS 9000 Family. It includes the following sections: This chapter contains the following topics: About SCSI LUN Discovery, page 29-1 •...
Page 384: Chapter 29 Discovering Scsi Target
Click Create. You see the Create iSCSI Targets dialog box. Step 5 Enter the target name in the Name field. Step 6 Enter the port WWN, node access information, and advertised interfaces information in the appropriate Step 7 fields. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 29-2 OL-7753-01...
Page 385: Specifying Lun Mappings
Be sure you are connected to a switch that contains an IPS module. Step 1 Open Device Manager. Step 2 Choose IP > iSCSI. You see the iSCSI dialog box. Step 3 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 29-3 OL-7753-01...
Page 386: Viewing Session Statistics
Step 1 Click the Targets tab. Step 2 Click Create. You see the Create Targets dialog box. Step 3 Enter the logical name to give to this virtual target. Step 4 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 29-4 OL-7753-01...
Page 387: Using The Iscsi Wizard
However, when you log out of the switch, the WWIN is not returned to the pool but is saved for the initiator. The third option is to statically assign the WWN by manually entering WWN that the initiator will use. Click Finish to create the initiator. Step 4 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 29-5 OL-7753-01...
Page 388 Chapter 29 Discovering SCSI Targets Using the iSCSI Wizard Cisco MDS 9000 Fabric Manager Switch Configuration Guide 29-6 OL-7753-01...
Page 389: About Span
• About SPAN The switched port analyzer (SPAN) feature is specific to switches in the Cisco MDS 9000 Family. It monitors network traffic though a Fibre Channel interface. Traffic through any Fibre Channel interface can be replicated to a special port called the SPAN destination port (SD port). Any Fibre Channel port in a switch can be configured as an SD port.
Page 390: Span Sources
Fibre Channel analyzer Cisco MDS 9000 switch fc9/1 SD port Egress source (tx)—Traffic exiting the switch fabric through this source interface is spanned or • copied to the SD port. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 30-2 OL-7753-01...
Page 391: C H A P T E R 30 Monitoring Network Traffic Using Span
24 FCIP interfaces that are available in the IPS module. You can configure SPAN for Ethernet traffic using Cisco switches or routers connected to the Cisco MDS 9000 Family IPS modules.
Page 392: Vsan As A Span Source
SD port For the configuration shown in Figure 30-4, the following apply: • VSAN 2 as a SPAN source includes only the TE port fc1/1 that has port VSAN 2. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 30-4 OL-7753-01...
Page 393: Span Sessions
To edit a SPAN source, follow these steps. From the Device Manager, choose Interface > SPAN. You see the SPAN dialog box. Step 1 Click the Sources tab. Step 2 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 30-5 OL-7753-01...
Page 394: Deleting Span Sessions
If no filters are specified, the traffic from all active VSANs for that interface is spanned by default. • While you can specify arbitrary VSAN filters in a session, traffic can only be monitored on the port • VSAN or on allowed-active VSANs in that interface. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 30-6 OL-7753-01...
Page 395: Sd Port Characteristics
Without SPAN You can monitor traffic using interface fc1/1 in a Cisco MDS 9000 Family switch that is connected to another switch or host. You need to physically connect a Fibre Channel analyzer between the switch and...
Page 396: Using Span
Using SPAN you can monitor ingress traffic on fc1/1 at SD port fc2/2 and egress traffic on SD port fc2/1. This traffic is seamlessly captured by the FC analyzer as shown in Figure 30-6. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 30-8 OL-7753-01...
Page 397: Configuring Analyzers Using Span
This setup is more advantageous and cost-effective than the setup shown in Figure 30-6 because it uses one SD port and one port on the analyzer, instead of using a full, two-port analyzer. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 30-9 OL-7753-01...
Page 398: Default Span Settings
A destination switch is usually different from the source switch(es) but is attached to the same Fibre Channel fabric. You can replicate and monitor traffic in any remote Cisco MDS 9000 Family switch or director, just as you would monitor traffic in a MDS source switch.
Page 399: Advantages To Using Rspan
Provides a cost-effective solution by using one SD port to monitor remote traffic on multiple • switches. Works with any Fibre Channel analyzer. • Compatible with the Cisco MDS 9000 Port Analyzer adapters. • Does not affect traffic in the source switch, but shares the ISL bandwidth with other ports in the • fabric.
Page 400: Guidelines To Configure Rspan
FC analyzer Guidelines to Configure RSPAN The following guidelines apply for a SPAN configuration: All switches in the end-to-end path of the RSPAN tunnel must belong to the Cisco MDS 9000 • Family. All VSANs with RSPAN traffic must be enabled. If a VSAN containing RSPAN traffic is not •...
Page 401: Configuring Rspan
IP address of VSAN 5 FC tunnel 100 IP address of VSAN 5 interface = 10.10.10 1 interface = 10.10.10 2 This example assumes that VSAN 5 is already configured in the VSAN database. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 30-13 OL-7753-01...
Page 402: Configuration In All Intermediate Switches
This section identifies the tasks that must be performed in the destination switch (Switch D). This section contains the following topics: Configuring the SD Port, page 30-15 • Mapping the FC Tunnel, page 30-15 • Cisco MDS 9000 Fabric Manager Switch Configuration Guide 30-14 OL-7753-01...
Page 403: Configuring An Explicit Path
= 10.10.10.1 Configuring An Explicit Path You can specify an explicit path through the Cisco MDS Fibre channel fabric (source-based routing), use the explicit-path option. For example, if you have multiple paths to a tunnel destination, you can use this option to specify the fc-tunnel to always take one path to the destination switch.
Page 404: Monitoring Rspan Traffic
TE port fabric SD port ST port fc2/1 FC analyzer To use this setup, the analyzer should have the capability of distinguishing ingress and egress traffic for all captured frames. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 30-16 OL-7753-01...
Page 405: Sample Scenarios
RSPAN tunnels configured between Switches S and D. Each tunnel has an associated ST port in the source switch and a separate SD port in the destination switch. This configuration is useful for trouble shooting purposes. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 30-17 OL-7753-01...
Page 406: Multiple Sources With Multiple Rspan Tunnels
Cisco MDS Switch B Cisco MDS destination switch D Cisco MDS Fibre Channel fabric Cisco MDS source switch S2 RSPAN tunnels Cisco MDS SPAN Switch C FC analyzer source Cisco MDS 9000 Fabric Manager Switch Configuration Guide 30-18 OL-7753-01...
Page 407 Monitoring Network Traffic Using SPAN Remote SPAN This configuration is useful for remote monitoring purposes. For example, the administrator may be at the destination switch and can remotely monitor the two source switches. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 30-19 OL-7753-01...
Page 408 Chapter 30 Monitoring Network Traffic Using SPAN Remote SPAN Cisco MDS 9000 Fabric Manager Switch Configuration Guide 30-20 OL-7753-01...
Page 409: Configuring Fc Timers
C H A P T E R Advanced Features and Concepts This chapter describes the advanced features provided in switches in the Cisco MDS 9000 Family. It includes the following sections: This chapter contains the following topics: Configuring FC Timers, page 31-1 •...
Page 410: Chapter 31 Advanced Feature And Concept
If a switch is downgraded to SAN-OS Release 1.2(x) or 1.1(x) after the timer is configured for a VSAN, an error message is issued to warn the user about strict incompatibilities. Refer to the Cisco MDS 9000 Family Troubleshooting Guide for further information.
Page 411: About The Cisco Fabric Analyzer
This component is a command-line driven text-based interface that captures traffic to and from the supervisor module in a Cisco MDS 9000 switch. It is a fully-functional decoder that is useful for quick debug purposes or for use when the remote capture daemon is not enabled. Additionally, because this tool is accessed from within the Cisco MDS 9000 switch, it is protected by the roles-based policy that limits access in each switch.
Page 412: Remote Capture Daemon
It can be synchronized to the standby supervisor module and a stateless restart can be issued, if required. To use the Cisco Fabric Analyzer feature, traffic should be flowing to or from the supervisor module. Cisco MDS 9000 Fabric Manager Switch Configuration Guide...
Page 413: Configuring World Wide Names
When a target is assigned with a FC ID that has the same area bits, but different port bits, the HBA fails to discover these targets. To isolate these HBAs in a separate area, switches in the Cisco MDS 9000 Family follow a different FC ID allocation scheme.
Page 414: Enabling Loop Monitoring
To detect such removals, the disks can be polled periodically (every 20 seconds) using the fcinterop loop-monitor command. This command enables loop polling for FL ports in a Cisco MDS 9000 Family switch. By default, the fcinterop loop-monitor command is disabled.
Page 415 Domain IDs. Domain reconfiguration This event is limited to the affected VSAN. Only Cisco MDS nondisruptive 9000 Family switches have this capability--only the domain manager process for the affected VSAN is restarted and not the entire switch.
Page 416: Configuring Interoperability
Brocade’s msplmgmtdeactivate command must explicitly be run prior to connecting from a Brocade switch to either Cisco MDS 9000 Family switches or to McData switches. This command uses Brocade proprietary frames to exchange platform information, which Cisco MDS 9000 Family switches and McData switches do not understand.
Page 417: Managing World Wide Names
Managing World Wide Names Each port on a Cisco MDS 9000 Family switch is uniquely identified by its world wide names (WWNs), which include the switch MAC address and an identifier for each port. The principal switch selection and the allocation of domain IDs use the WWN to identify a specific port.
Page 418 Chapter 31 Advanced Features and Concepts Configuring Timers Cisco MDS 9000 Fabric Manager Switch Configuration Guide 31-10 OL-7753-01...
Page 419: Configuring Fabric Configuration Servers
C H A P T E R Configuring Fabric Configuration Servers This chapter describes the Fabric Configuration Server (FCS) feature provided in the Cisco MDS 9000 Family of directors and switches. This chapter contains the following topics: About FCS, page 32-1 •...
Page 420: C H A P T E R 32 Configuring Fabric Configuration Servers
When a restart or switchover happens, FCSs retrieve the secondary storage information, and rebuild its database. The SNMP manager can query FCSs for all the IEs, ports, and platforms in the fabric. • Cisco MDS 9000 Fabric Manager Switch Configuration Guide 32-2 OL-7753-01...
Page 421: Configuring Kernel Core Dumps
The supervisor sends the module OS kernel core dump to the Cisco MDS 9000 System Debug Server. Similarly, if the supervisor OS fails the supervisor sends its OS kernel core dump to the Cisco MDS 9000 System Debug Server.
Page 422: C H A P T E R 33 Monitoring System Processes And Logs
Chapter 33 Monitoring System Processes and Logs Configuring Kernel Core Dumps Cisco MDS 9000 Fabric Manager Switch Configuration Guide 33-2 OL-7753-01...
Page 423: Analyzing Switch Device Health
Health Analysis window displays any problems affecting the selected switches. Fix these problems. Step 3 Step 4 Click Clear to remove the contents of the Switch Health Analysis window. Click Close to close the window. Step 5 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 34-1 OL-7753-01...
Page 424: Chapter 34 Troubleshooting The Fabric
To use the Fabric Configuration option to analyze the configuration of a switch, follow these steps: Step 1 Choose Tools > Fabric Configuration from the Fabric Manager. You see the Fabric Configuration window. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 34-2 OL-7753-01...
Page 425: Analyzing The Results Of Merging Zones
(for example, 172.22.94.250.jpg). You can zip up all the files (the show tech support output and the map file image) and send the resulting zipped file to technical support. Cisco MDS 9000 Fabric Manager Switch Configuration Guide 34-3 OL-7753-01...
Page 426: Using Traceroute And Other Troubleshooting Tools
Command Line Interface—Open a Telnet or SSH session for the switch selected on the Map pane. To use the Traceroute option to verify connectivity, follow these steps: Select two or more endpoints on the Fabric Manager map. Step 1 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 34-4 OL-7753-01...
Page 427: Locating Other Switches
Enter the appropriate read community string in the Read Community field. The default value for this Step 3 string is “public.” Click Display Cisco MDS 9000 Only to display only the Cisco MDS 9000 Family switches in your Step 4 network fabric.
Page 428 Chapter 34 Troubleshooting the Fabric Configuring an OUI This situation does not affect the availability or the functionality of the switch and/or fabric. Note Cisco MDS 9000 Fabric Manager Switch Configuration Guide 34-6 OL-7753-01...
Page 429: Can I Set The Map Layout So It Stays After I Restart Fabric Manager?
C H A P T E R Troubleshooting Fabric Manager Issues This chapter contains some common issues you may experience while using Cisco Fabric Manager, and provides solutions. This chapter contains the following topics: Can I Set the Map Layout So It Stays After I Restart Fabric Manager?, page 35-1 •...
Page 430: C H A P T E R 35 Troubleshooting Fabric Manager Issues
FCIP device because of a timeout error. It will still see all targets, initiators, and ISLs attached to a Cisco SN5428 (or any other switch) as long as they appear in the name server or FSPF.
Page 431: Running Cisco Fabric Manager With Multiple Interfaces
If you decide to use a different interface than the one you initially selected • If for any reason one of the Cisco Fabric Manager applications did not detect multiple interfaces • Refer to the following sections, depending on which application you want to recognize the interface.
Page 432: Specifying An Interface For Fabric Manager Client Or Device Manager
Click the Manual radio button and enter the IP address of the proxy server in the HTTP Proxy field. Step 4 Enter the HTTP port number used by your proxy service in the HTTP Port field. Click OK. Step 5 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 35-4 OL-7753-01...
Page 433: Clearing Topology Maps
Can I Use Fabric Manager in a Mixed Software Environment? You can use Fabric Manager version 1.3(x) to manage a mixed fabric of Cisco MDS 9000 switches. Certain 1.3 feature tabs will be empty for any switches running a software version that does not support those features.
Page 434 Chapter 35 Troubleshooting Fabric Manager Issues Can I Use Fabric Manager in a Mixed Software Environment? Cisco MDS 9000 Fabric Manager Switch Configuration Guide 35-6 OL-7753-01...
Page 435 31-2 protocol analysis 31-2 FC IDs allocating 31-5 allocating areas 31-5 FSPF remote capture 31-4 interoperability 31-7 remote capture daemon 31-3 Remote Capture Protocol See RPCAP RPCAP Ethereal communication 31-4 Cisco MDS 9000 Fabric Manager Switch Configuration Guide IN-1 OL-7753-01...
Page 436 Index TE ports interoperability 31-7 interoperability 31-6 ranges 31-1 troubleshooting collecting output 31-8 trunking interoperability 31-7 VSANs interop mode 31-7 world wide names See See WWNs WWNs configuring 31-5 Cisco MDS 9000 Fabric Manager Switch Configuration Guide IN-2 OL-7753-01...

Cisco DS-C9216I-K9 Configuration Manual

Table of Contents

Chapter 2 Getting Started with Cisco Fabric Manager

Managing Cisco Mds 9000 Switches

Overview of Fabric Manager

Chapter 3 Overview of Fabric Manager

Chapter 4 before You Begin

Obtaining and Installing Licenses

CHAPTER 5 Obtaining and Installing Licenses5-1

Chapter 6 Initial Configuration

Chapter 7 Configuring High Availability

Software Images

Chapter 8 Software Image

Managing Modules

Chapter 9 Managing Module

Managing System Hardware

Chapter 10 Managing System Hardware

Configuring and Managing Vsans

Chapter 11 Configuring and Managing VSAN

Chapter 12 Configuring Interface

Chapter 13 Configuring Trunking

Chapter 14 Configuring Portchannels

Chapter 15 Configuring and Managing Zone

Configuring Inter-Vsan Routing

CHAPTER 16 Configuring Inter-VSAN Routing16-1

Managing Flogi, Name Server, Fdmi, and Rscn Databases

CHAPTER 17 Managing FLOGI, Name Server, FDMI, and RSCN Databases

CHAPTER 18 Configuring Switch Security

Quick Links

Chapters

Troubleshooting

Related Manuals for Cisco DS-C9216I-K9

Summary of Contents for Cisco DS-C9216I-K9