manualshive.com logo in svg

Cisco DS-C9216I-K9, Configuration Manual

The Cisco DS-C9216I-K9 Configuration Manual is a valuable resource for users of this product, providing step-by-step guidance on setting up and fine-tuning its features. Available for free download from manualshive.com, this comprehensive manual ensures optimal usage of the DS-C9216I-K9, empowering users to maximize its capabilities.

Share
Download
background image

 

18-5

Cisco MDS 9000 Fabric Manager Switch Configuration Guide

OL-7753-01

Chapter 18      Configuring Switch Security

    Configuring RADIUS

Setting Iterations of the RADIUS Server, page 18-6

Defining Vendor-Specific Attributes, page 18-6

About RADIUS

RADIUS is a distributed client/server system that secures networks against unauthorized access. In the 
Cisco implementation, RADIUS clients run on Cisco MDS switches and send authentication requests to 
a central RADIUS server that contains all user authentication and network service access information.

RADIUS is a fully open protocol, distributed in source code format, that can be modified to work with 
any security system currently available on the market.

You can set the RADIUS server address, the RADIUS preshared key, the RADIUS server time-out 
interval, iterations of the RADIUS server, define vendor-specific attributes, and display RADIUS server 
details.

Configuring RADIUS Authentication

To configure RADIUS authentication from the Fabric Manager, choose 

Security > Radius

 from the 

menu tree.

To configure RADIUS authentication from the Device Manager, choose 

Security > Radius (CLI)

.

Configuring RADIUS Servers

To configure RADIUS servers, perform the following steps:

Step 1

From the Device Manager, choose 

Security > Radius

 and click the 

Servers

 tab. You see the Radius 

dialog box with the Servers tab selected.

To configure RADIUS servers from the Fabric Manager, choose 

Security > Radius

 from the menu tree 

and click the 

Servers

 tab. You see the Radius information in the Information pane.

Step 2

To add a Radius server, click 

Create

 on the Device Manager dialog box, or click the 

Create Row

 icon 

on the Fabric Manager toolbar.

You see the Create Radius Server dialog box.(In Fabric Manager, you can specify the switches to which 
the configuration applies.)

Step 3

Complete the fields, and click 

OK

.

Setting the RADIUS Server Address

You can add up to 64 RADIUS servers. RADIUS keys are always stored in encrypted form in persistent 
storage. The running configuration also displays encrypted keys. From Fabric Manager, choose 

Switches > Security > Radius > Servers

 to set RADIUS server addresses.

Summary of Contents for DS-C9216I-K9

Page 1: ...o Systems Inc 170 West Tasman Drive San Jose CA 95134 1706 USA http www cisco com Tel 408 526 4000 800 553 NETS 6387 Fax 408 526 4100 Cisco MDS 9000 Fabric Manager Switch Configuration Guide March 2004 Text Part Number OL 7753 01 ...

Page 2: ...NCIDENTAL DAMAGES INCLUDING WITHOUT LIMITATION LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES Cisco MDS 9000 Fabric Manager Switch Configuration Guide Copyright 2004 2005 Cisco Systems Inc All rights reserved CCSP CCVP the Cisco Square Bridge logo Follow Me Browsing an...

Page 3: ...xxxiii Cisco Technical Support Website xxxiii Submitting a Service Request xxxiii Definitions of Service Request Severity xxxiv Obtaining Additional Publications and Information xxxiv New and Changed Information xxxvii C H A P T E R 1 Product Overview 1 1 Hardware Overview 1 1 Cisco MDS 9216 Fabric Switch 1 2 Cisco MDS 9500 Modular Directors 1 2 Cisco MDS 9100 Series Fixed Configuration Fabric Swi...

Page 4: ...In Band Management and Out of Band Management 2 4 MGMT0 2 4 IPFC 2 4 Installing the Applications 2 5 Launching the Applications 2 6 Using the Management Services Wizard 2 7 A Note on Ports 2 7 C H A P T E R 3 Overview of Fabric Manager 3 1 Launching Cisco Fabric Manager 3 1 Using Fabric Manager 3 2 Menu Bar Toolbars and Status Bar 3 3 Logical Physical Pane 3 3 Information Pane 3 4 Map Pane 3 4 Dis...

Page 5: ...ollection to XML Files 3 19 Removing Data Collection Files from the List 3 19 C H A P T E R 4 Before You Begin 4 1 About Flash Devices 4 1 Internal bootflash 4 2 External CompactFlash Slot0 4 2 Switch Roles 4 2 Using Valid Formats and Ranges 4 2 C H A P T E R 5 Obtaining and Installing Licenses 5 1 License Terminology 5 1 Licensing Model 5 2 Licensing High Availability 5 4 Options to Install a Lic...

Page 6: ...ity 7 1 About High Availability 7 1 Switchover Mechanisms 7 2 HA Switchover 7 2 Process Restartability 7 2 Synchronizing Supervisor Modules 7 2 HA Redundancy States 7 2 C H A P T E R 8 Software Images 8 1 About Software Images 8 1 Essential Upgrade Prerequisites 8 2 Using the Software Install Wizard 8 3 Maintaining Supervisor Modules 8 4 Standby Supervisor Boot Variable Version 8 4 Standby Supervi...

Page 7: ...Modules 10 6 Viewing System Attributes 10 6 Viewing Running Processes 10 6 Viewing Flash File Information 10 7 Managing Inventory Information 10 7 Managing Module Attributes 10 7 10 7 C H A P T E R 11 Configuring and Managing VSANs 11 1 How VSANs Work 11 2 VSANs Versus Zones 11 4 Default and Isolated VSANs 11 5 Default VSANs 11 5 Isolated VSANs 11 5 VSAN Membership 11 6 VSAN Attributes 11 6 Operat...

Page 8: ...tings 12 10 Configuring VSAN Interfaces 12 10 Configuring Gigabit Ethernet Interfaces 12 11 Enabling or Disabling Ports 12 11 Managing Interface Attributes for Ports 12 11 C H A P T E R 13 Configuring Trunking 13 1 About Trunking 13 1 About Trunking Protocol 13 2 Configuring Trunk Modes 13 2 Configuring Trunk Allowed VSAN List 13 2 Trunking Configuration Guidelines 13 4 Default Settings 13 5 C H A...

Page 9: ...laying Port Membership Information 15 6 Viewing Zone Statistics 15 6 Deleting Zones and Members 15 6 Configuring Aliases 15 6 Creating Zones with Aliases 15 7 Viewing Aliases 15 7 Zone Sets 15 7 Active and Full Zone Set Considerations 15 8 Distributing Zone Sets 15 10 Copying Zone Sets 15 10 Creating Zone Sets 15 10 Creating Additional Zone Sets 15 10 Cloning Zone Sets 15 11 Adding Zones to a Zone...

Page 10: ...rminology 16 2 IVR Guidelines 16 3 Domain ID Guidelines 16 3 Transit VSANs Guidelines 16 3 Border Switch Guidelines 16 3 Configuring IVR 16 4 Unique Domain ID Configuration Options 16 4 Enabling IVR 16 4 Configuring an IVR Topology 16 4 Creating an IVR Topology 16 4 Creating IVR Zones and Zone Sets 16 5 Creating Additional IVR Zones and Zone Sets 16 5 Activating IVR Zone Sets 16 6 Deactivating IVR...

Page 11: ...orts for the Name Server 17 3 Viewing Name Server Statistics 17 4 Viewing RSCN Nx Registrations 17 4 Viewing RSCN Statistics 17 4 Viewing FLOGI Attributes 17 4 Viewing Port ELP Attributes 17 5 Viewing Trunk Configuration 17 5 C H A P T E R 18 Configuring Switch Security 18 1 Switch Management Security 18 2 SNMP Security 18 2 CLI Security 18 2 Switch AAA Functionalities 18 2 Authentication 18 3 Aut...

Page 12: ...8 11 Configuring Rules and Features for Each Role 18 11 Configuring the VSAN Policy 18 12 Recovering Administrator Password 18 12 Configuring SSH Services 18 12 Enabling SSH Service 18 13 Generating an SSH Host Key Pair 18 13 Using the force Option 18 13 About SNMP Security 18 13 SNMP Version 1 and Version 2c 18 14 Adding a Community String 18 14 Deleting a Community String 18 14 SNMP Version 3 18...

Page 13: ...he DHCHAP Timeout Value 19 5 Default Fabric Security Settings 19 5 C H A P T E R 20 Configuring Port Security 20 1 Port Security Features 20 1 Enforcing Port Security 20 1 Configuring a Port Binding 20 2 Copying an Active Configuration to the Running Configuration 20 2 Deleting a Port Binding 20 3 About Auto Learn 20 3 Activating Port Security 20 3 Activating a Port Binding 20 3 Displaying Activat...

Page 14: ...ink State Records 21 5 Viewing FSPF Links 21 5 Configuring FSPF for a Specific Interface 21 5 Configuring FSPF Interfaces 21 6 Computing Route Cost 21 6 Specifying Hello Time Intervals 21 6 Specifying Dead Intervals 21 6 Disabling FSPF for Specific Interfaces 21 6 Retransmitting Intervals 21 6 Viewing FSPF Interface Statistics 21 7 Configuring Fibre Channel Routes 21 7 Configuring Fibre Channel Ro...

Page 15: ...2 12 Enabling a Virtual Router 22 12 Adding an IP Address for a Virtual Router 22 12 Viewing IP Address Information 22 12 Managing IP Addresses for VRRP 22 13 Setting Priority for the Virtual Router 22 13 Setting the Time Interval for the Advertisement Packet 22 13 Preempting the Master Virtual Router 22 13 Configuring Authentication for the Virtual Router 22 13 Setting the Priority Based on Inter...

Page 16: ...Enabling FICON 23 12 Creating FICON VSANs enabling FICON Using Fabric Manager 23 12 Creating FICON VSANs enabling FICON Using Device Manager 23 13 Deleting FICON VSANs Disabling FICON 23 13 Viewing FICON Director History 23 14 Configuring Code Page 23 14 Configuring the FC ID Last Byte 23 14 Automatically Saving the Running Configuration 23 14 Binding Port Numbers to PortChannels 23 15 Binding Por...

Page 17: ...c Binding CopyActive to Config 23 24 Creating a Fabric Binding Configuration 23 25 Deleting a Fabric Binding Configuration 23 25 Viewing Fabric Binding Active Database 23 25 Viewing Fabric Binding Violations 23 25 Clearing Fabric Binding Statistics 23 26 Viewing EFMD Statistics 23 26 Displaying RLIR Information 23 26 C H A P T E R 24 Configuring IP Storage 24 1 IP Storage Services Module 24 1 Conf...

Page 18: ...13 Advanced FCIP Profile Configuration 24 13 Configuring TCP Listener Ports 24 14 Configuring TCP Parameters 24 14 Advanced FCIP Interface Configuration 24 16 Configuring Peers 24 16 Configuring Active Connection 24 17 Configuring the Number of TCP Connections 24 17 Enabling Time Stamps 24 17 B Port Interoperability Mode 24 17 E Port Configurations 24 19 Configuring FCIP Write Acceleration 24 20 E...

Page 19: ...g Access Control 24 37 iSCSI User Authentication 24 37 Configuring an Authentication Mechanism 24 37 Configuring an iSCSI RADIUS Server 24 38 Advanced iSCSI Configuration 24 38 Setting the QOS Values 24 39 iSCSI Forwarding Mode 24 39 iSCSI High Availability 24 39 Multiple IPS Ports Connected to the Same IP Network 24 39 VRRP Based High Availability 24 40 Ethernet PortChannel Based High Availabilit...

Page 20: ...iew 25 11 Configuring Call Home Attributes 25 12 Configuring Call Home Destination Attributes 25 12 Configuring Call Home E Mail Addresses 25 12 Configuring Call Home Alerts 25 13 Configuring Call Home Profiles 25 13 C H A P T E R 26 Configuring Domain Parameters 26 1 About fcdomain Phases 26 2 Restarting the Domain 26 3 Performing a Domain Restart 26 3 Configuring the Domain 26 3 Configuring Doma...

Page 21: ...26 11 Default Settings 26 12 C H A P T E R 27 Configuring Traffic Management 27 1 FCC 27 1 FCC Process 27 2 Enabling FCC 27 2 QoS 27 2 Control Traffic 27 3 Disabling Control Traffic 27 3 Data Traffic 27 3 Configuring Data Traffic 27 4 Enabling QoS for Data Traffic 27 5 Creating Class Maps 27 5 Defining Service Policies 27 5 Applying a Service Policy 27 6 Scheduling Traffic 27 6 Ingress Port Rate L...

Page 22: ... for VSANs 28 9 Enabling RMON Alarms for Physical Components 28 9 Configuring RMON Controls 28 10 Managing RMON Alarms 28 10 Managing RMON Event Severity Levels 28 10 Viewing the RMON Log 28 11 C H A P T E R 29 Discovering SCSI Targets 29 1 About SCSI LUN Discovery 29 1 Initiating Customized Discovery 29 2 Authenticating iSCSI Targets 29 2 Specifying Targets 29 2 Specifying LUN Mappings 29 3 Viewi...

Page 23: ...to Monitor Traffic 30 9 Default SPAN Settings 30 10 Remote SPAN 30 10 Advantages to Using RSPAN 30 11 FC and RSPAN Tunnels 30 11 Guidelines to Configure RSPAN 30 12 ST Port Characteristics 30 12 Configuring RSPAN 30 13 Configuration in the Source Switch 30 13 Configuration in All Intermediate Switches 30 14 Configuration in the Destination Switch 30 14 Configuring An Explicit Path 30 15 Monitoring...

Page 24: ...toring System Processes and Logs 33 1 Configuring Kernel Core Dumps 33 1 C H A P T E R 34 Troubleshooting the Fabric 34 1 Analyzing Switch Device Health 34 1 Analyzing End to End Connectivity 34 2 Analyzing Switch Fabric Configuration 34 2 Analyzing the Results of Merging Zones 34 3 Issuing the Show Tech Support Command 34 3 Using Traceroute and Other Troubleshooting Tools 34 4 Locating Other Swit...

Page 25: ...isco Fabric Manager with Multiple Interfaces 35 3 Specifying an Interface for Fabric Manager Server 35 3 Specifying an Interface for Performance Manager 35 3 Specifying an Interface for Fabric Manager Client or Device Manager 35 4 Configuring a Proxy Server 35 4 Clearing Topology Maps 35 5 Can I Use Fabric Manager in a Mixed Software Environment 35 5 I N D E X ...

Page 26: ...Contents xxvi Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL 7753 01 ...

Page 27: ...llowing chapters New and Changed Information Summarizes the new and changed features for the Cisco MDS 9000 Family Fabric Manager Switch Configuration Guide Chapter 1 Product Overview Presents an overview of the Cisco MDS 9000 Family of multilayer switches and directors Chapter 2 Getting Started with Cisco Fabric Manager Provides a brief overview of Fabric Manager components and capabilities and i...

Page 28: ...uring a zone set and zone management features Chapter 16 Configuring Inter VSAN Routing Describes Inter VSAN Routing Chapter 17 Managing FLOGI Name Server FDMI and RSCN Databases Provides name server and fabric login details required to manage storage devices and display registered state change notification RSCN databases Chapter 18 Configuring Switch Security Discusses the AAA parameters user pro...

Page 29: ...zer SPAN identifies SPAN sources specifies filters explains SPAN Sessions SD port characteristics and configuration details Chapter 31 Advanced Features and Concepts Describes the advanced configuration features features time out values fctrace fabric analyzer world wide names flat FC IDs loop monitoring and interoperating switches Chapter 32 Configuring Fabric Configuration Servers Describes how ...

Page 30: ...potential breach in your network security Warning Identifies information that you must heed to prevent damaging yourself the state of software or equipment Warnings identify definite security breaches that will result if the information presented is not followed carefully Item Convention Commands keywords special terminology and options that should be selected during procedures boldface font Varia...

Page 31: ...roduct The Documentation DVD is updated regularly and may be more current than printed documentation The Documentation DVD package is available as a single unit Registered Cisco com users Cisco direct customers can order a Cisco Documentation DVD product number DOC DOCDVD from the Ordering tool or Cisco Marketplace Cisco Ordering tool http www cisco com en US partner ordering Cisco Marketplace htt...

Page 32: ...t this URL http www cisco com go psirt If you prefer to see advisories and notices as they are updated in real time you can access a Product Security Incident Response Team Really Simple Syndication PSIRT RSS feed from this URL http www cisco com en US products products_psirt_rss_feed html Reporting Security Problems in Cisco Products Cisco is committed to delivering secure products We test our pr...

Page 33: ...ce You can access the CPI tool from the Cisco Technical Support Website by clicking the Tools Resources link under Documentation Tools Choose Cisco Product Identification Tool from the Alphabetical Index drop down list or click the Cisco Product Identification Tool link under Alerts RMAs The CPI tool offers three search options by product ID or model name by tree view or for certain products by co...

Page 34: ...sources during normal business hours to restore service to satisfactory levels Severity 4 S4 You require information or assistance with Cisco product capabilities installation or configuration There is little or no effect on your business operations Obtaining Additional Publications and Information Information about Cisco products technologies and network solutions is available from various online...

Page 35: ...lp solve them using real world case studies and business strategies to help readers make sound technology investment decisions You can access iQ Magazine at this URL http www cisco com go iqmagazine Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing developing and operating public and private internets and intranets You c...

Page 36: ...xxxvi Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL 7753 01 Preface Obtaining Additional Publications and Information ...

Page 37: ...iguration Guide Feature Description Changed in Release Where Documented All Updated procedures to remove CLI command references Fabric Manager Switch Tree Change QoS Switch QoS has been moved to Switch FC QoS QoS can only apply to Fibre Channel 1 3 4 Fabric Manager Switch Tree Change Interfaces Switch Interfaces is a new folder which contains Port Channels moved from Switch FC FC Physical moved fr...

Page 38: ... upgrades The Cashing Services Module CSM and the IP Storage IPS services module use a rolling upgrade install mechanism 1 3 2a Running configuration information Display Configurations based a specified feature interface module or VSAN 1 3 1 Licensing Access specified premium features on the switch 1 3 1 Initial Setup Additions Configure the full zoneset distribution and FC ID persistence features...

Page 39: ...formation 1 3 1 PortChannel Quiesce Use the quiesce feature on an ISL to gracefully shutdown an interface without dropping any frames 1 3 1 Zone membership Assign zone membership criteria is also based on the interface and domain ID domain ID and port number and IP address 1 3 1 Inter VSAN routing IVR Access resources across VSANs without compromising other VSAN benefits 1 3 1 Fabric Device Manage...

Page 40: ...o send a LIR to a registered Nx port 1 3 1 Trespass support Use the trespass feature to enable the export of Logical Units LUs from the active to the passive port of a statically imported iSCSI target 1 3 1 Internet Storage Name Service iSNS Use the iSNS services to automate the discovery and management of iSCSI devices 1 3 1 Proxy initiator Connect all iSCSI initiators through one IPS port to mak...

Page 41: ...rt 1 3 1 Quality of Service QoS Configure four priority levels for service differentiation 1 3 1 Auto discovery of SCSI targets Displays automatically discovered SCSI targets 1 3 1 IPS SPAN source Assign a Switched Port Analyzer SPAN source on the IP Storage Services IPS module 1 3 1 Per VSAN Time Out Values TOV Configure different TOVs for a specified VSAN with special links like FC or IP tunnels...

Page 42: ...xlii Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL 7753 01 New and Changed Information ...

Page 43: ...amily and describes its software features This chapter contains the following topics Hardware Overview page 1 1 Software Features page 1 4 Tools for Software Configuration page 1 10 Hardware Overview This section provides an overview of the Cisco MDS 9000 Family of multilayer directors and fabric switches Cisco MDS 9216 multilayer fabric switches contain one fixed integrated supervisor module with...

Page 44: ...e configurable for both FCIP and iSCSI operation on a port by port basis Ports configured for FCIP operation can be further configured to support up to three virtual ISL connections Refer to the Cisco MDS 9200 Series Hardware Installation Guide for more information Cisco MDS 9500 Modular Directors The Cisco MDS 9500 Series includes two multilayer modular directors The Cisco MDS 9509 Director addre...

Page 45: ...peration can be further configured to support up to three virtual ISL connections Refer to the Cisco MDS 9500 Series Hardware Installation Guide for additional information Cisco MDS 9100 Series Fixed Configuration Fabric Switches Cisco MDS 9100 Series includes two multilayer fixed configuration non modular switches The Cisco MDS 9140 provides 40 ports 8 full rate ports 32 host optimized ports The ...

Page 46: ...ruptive software upgrade capability Protects against link failure using the PortChannel port aggregation feature This feature is also available in Cisco MDS 9216 switches and in the Cisco MDS 9100 Series Provides management redundancy using Virtual Router Redundancy Protocol VRRP This feature is also available in Cisco MDS 9216 switches and in the Cisco MDS 9100 Series Performs nondisruptive resta...

Page 47: ...ontrols access between devices in a VSAN Zoning accomplishes the following Partitions devices that use different operating systems In a heterogeneous environment it is often necessary to separate servers and storage devices to avoid accidental transfer of information between devices with different operating systems Such transfers could result in corruption or deletion of data Creates logical subse...

Page 48: ...ination ID DID and optionally the originator exchange ID OX ID that identify the flow of the frame Provides high availability on an ISL If one link fails traffic previously carried on this link is switched to the remaining links If a link goes down in a PortChannel the upper protocol is not aware of it To the upper protocol the link is still there although the bandwidth is diminished The routing t...

Page 49: ... a single Gigabit Ethernet port Reduces SAN complexity by eliminating the need to deploy and manage a separate remote connectivity platform Preserves Cisco MDS 9000 Family enhanced capabilities including VSANs advanced traffic management and security across remote connections iSCSI highlights Extends the benefits of Fibre Channel SAN based storage to IP enabled servers at a lower cost point than p...

Page 50: ...re source switches in a Fibre Channel fabric The SPAN destination SD port is used for remote monitoring in a destination switch A destination switch may be different from the source switch es provided that it is attached to the same Fibre Channel fabric You can replicate and monitor traffic in any remote Cisco MDS 9000 Family switch or director just as you would monitor traffic in a MDS source swi...

Page 51: ...ole or Telnet session for asynchronous events such as an interface transition Syslogs are directed to an internal log and optionally to an external server See the Cisco MDS 9000 Family System Messages Guide for additional information Security Management The Cisco MDS 9000 Family of switches offer strict and secure switch management options through switch access security port security user authenti...

Page 52: ...rmission level associated with each user ID Your administrator can provide complete access to each user or restrict access to specific read and write levels for each command From Release 1 2 x CLI and SNMP in all switches in the Cisco MDS 9000 Family synchronize CLI and SNMP roles This database contains any role that is created using CLI or SNMP You can use SNMP to modify a role that was created u...

Page 53: ...ntinuously updated physical picture of device configuration and health conditions for a single switch The Summary View presents real time performance statistics all active ports and channels on a single switch The Fabric View displays a view of your network fabric including multiple switches The Cisco Fabric Manager provides an alternative to the CLI for most switch configuration commands The Cisc...

Page 54: ...1 12 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL 7753 01 Chapter 1 Product Overview Tools for Software Configuration ...

Page 55: ...c Manager displays a map of your network fabric including Cisco MDS 9000 Family switches third party switches hosts and storage devices The Device Manager presents two views of a switch Device View displays a graphic representation of the switch configuration and provides access to statistics and configuration information for a single switch Summary View displays a summary of xEPorts Inter Switch ...

Page 56: ...ed in the following table Table 2 1 Supported Management Protocols Management Protocol Purpose Telnet SSH Provides remote access to the CLI for a Cisco MDS 9000 switch FTP SFTP TFTP SCP Copies configuration and software images between devices SNMPv1 v2c and v3 Includes over 70 distinct Management Information Bases MIBs Cisco MDS 9000 Family switches support SNMP version 1 2 and 3 and RMON V1 and V...

Page 57: ...ement tools to perform tasks on one device at a time such as initial device configuration setting and monitoring thresholds and managing device system images or firmware Fabric management provides a system oriented view of a fabric and its devices Fabric management applications provide fabric discovery fabric monitoring reporting and fabric configuration Resource management provides tools for mana...

Page 58: ...an be connected to a management network to access the switch through IP over Ethernet You must connect to at least one Cisco MDS 9000 Family switch in the fabric through its Ethernet management port You can then use this connection to manage the other switches using in band Fibre Channel connectivity Otherwise you need to connect the mgmt0 port on each switch to your Ethernet network Each supervis...

Page 59: ... version of Fabric Manager and Device Manager and provides the option to upgrade or downgrade The default is to upgrade to the latest version of Fabric Manager or Device Manager Autoupgrade If you always want to run the latest version of Fabric Manager and Device Manager select Always autoupgrade don t ask me again Subsequent upgrades will happen automatically without prompting Uninstall Before up...

Page 60: ...r On a Windows machine you install the FMServer as a service This service can then be administered using the Service Panel in the Control Panel The default setting for the FMServer service is that the server is automatically started when the machine is rebooted You can change this behavior by modifying the properties in the Service panel Launching the Applications To launch the Fabric Manager Serv...

Page 61: ...at panel The exception to this is that a Role can only be created if a user is created at the same time If you want to change information on a previous page use the Back button You can also view and change information you have entered at any time by clicking on the Review category title To edit an existing script file you must open the script file with a text editor select it and copy it In the Ma...

Page 62: ...2 8 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL 7753 01 Chapter 2 Getting Started with Cisco Fabric Manager A Note on Ports ...

Page 63: ...g Data Collection to XML Files page 3 19 Removing Data Collection Files from the List page 3 19 Launching Cisco Fabric Manager When you click on the Fabric Manager icon the dialog box allows you to enter the IP address of a computer running the FMServer component If the server component is running on your local machine leave localhost in that field If you try to run Fabric Manager without specifyi...

Page 64: ...w shows the Fabric Manager main window Note Changes made using Fabric Manager are applied to the running configuration of the switches you are managing and the changes may not be saved when the switch restarts After you make a change to the configuration or perform an operation such as activating zones Fabric Manager prompts you to save your changes before you exit Figure 3 1 Fabric Manager Main W...

Page 65: ...uration as described in the Analyzing Switch Fabric Configuration section Performance Run and configure Performance Manager and Cisco Traffic Analyzer and generate reports Server Run administrative tasks on clients and fabrics Help Display online help topics for specific dialog boxes in the Information pane The Fabric Manager main toolbar provides buttons for accessing the most commonly used menu ...

Page 66: ...th the option selected from the menu tree The Information pane toolbar provides buttons for performing one or more of the following operations Apply Change Apply configuration changes Refresh Value Refresh table values Copy Ctrl C Copy data from one row to another Paste Ctrl V Paste the data from one row to another Undo Changes Ctrl Z Undo the most recent change Export Export and save information ...

Page 67: ...S 9000 Non director Class MDS 9000 Generic FC Switch Cisco SN5428 A line through a device indicates that the device is not manageable An X through a device or link indicates that the device is down or that the connection is down FC HBA or enclosure FC Target or enclosure iSCSI Host Fibre Channel ISL and Edge connection Fibre Channel Port Channel IP ISL and Edge connection IP Port Channel FC Loop S...

Page 68: ...the following Open an instance of Device Manager for the selected switch Open a CLI session for the selected switch Copy the display name of the selected object Execute a ping or traceroute command for the device Show or hide end devices View attributes Quiesce and Disable Members for PortChannels Set the trunking mode for an ISL Create or add to a PortChannel for selected ISLs The Map pane has it...

Page 69: ...gement access After completing the setup routine a single role user name and password are established The role assigned to this user allows the highest level of privileges which includes creating new users and roles Use the Cisco Fabric Manager to create roles and users and to assign passwords as required for secure management access in your network Modifying Device Grouping Because of not all the...

Page 70: ...Format The other option is to export with XML format The default SNMP preferences for Fabric Manager are Retry request 1 time s after 5 sec timeout You can set the retry value to 0 5 and the timeout value to 3 30 Trace SNMP packets in Log The default setting for this value is OFF Enable Audible Alert when Event Received The default setting for this value is OFF Discover LUN by Host OS The default ...

Page 71: ...low describes the reports provided by each option Table 3 2 Fabric Manager Reports Reports Description ISL Statistics Click on Connectivity ISLs Statistics in the Physical tab of the Fabric Manager Logical Physical pane to display information about the Inter Switch Links in the currently discovered fabric You can use the controls at the top of the table to change the Poll Interval and Scale parame...

Page 72: ...ching Device Manager from Fabric Manager Device Manager gives a graphic representation of a Cisco MDS 9000 Family switch including the installed switching modules the supervisor modules the power supplies and the status of each port within each module To launch the Device Manager from your desktop double click the Device Manager icon and follow the instructions described in the Launching the Appli...

Page 73: ...p of the Summary view The Summary View displays attributes for a single switch such as port speed link utilization and other traffic statistics It has the same menu bar and toolbar buttons as the Device View To monitor traffic for selected objects click the Monitor icon To display detailed statistics for selected objects click the Detailed Statistics icon The Summary View provides the same menus a...

Page 74: ...ore switches The toolbar on the Device Manager dialog box provides the same options as the toolbar on the Information pane in Fabric Manager as summarized here Create Insert a new row into a table if applicable Delete Row Delete the selected row from a table if applicable Copy Ctrl C Copy data from one row to another Paste Ctrl V Paste the data from one row to another Apply Changes Apply configura...

Page 75: ...y of monitoring all of the ports on the switch categorized by operative modes Fx Ports and E Ports When you click the Summary tab on the Device Manager window you see the Summary View which provides summary information about the interfaces on a single switch Managing Ports Tip You can select multiple ports in Device Manager and apply options to all the selected ports at one time Either select the ...

Page 76: ...iguration wizard to create a configuration file Collection Performance Manager reads the configuration file and collects the desired information Presentation Performance Manager generates web pages to present the collected data Performance Manager can collect a variety of data about these fabric components ISLs host ports storage ports route flows and site specific statistical collection areas Cre...

Page 77: ...ent every 5 minutes for a total of about 100 total request response SNMP packets required to monitor the data Flows because of their variable counter requests are more difficult to predict But as a rule of thumb each extra variable adds another 38K The Performance Manager collector is designed to run as a background process on the various supported OSs On Microsoft Windows it runs as a service Pre...

Page 78: ...SI commands In order to view this detailed information it is necessary to look at the data on a SPAN destination port with the help of the Cisco Traffic Analyzer which uses the Cisco Port Adapter Analyzer Cisco Traffic Analyzer must be downloaded and installed separately Caution The Cisco Traffic Analyzer for Fibre Channel throughput values are not accurate when used with the original Cisco Port A...

Page 79: ... Cisco Traffic Analyzer perform these steps Step 1 Set up the Cisco Traffic Analyzer according to the instructions in the Cisco MDS 9000 Family Port Analyzer Adapter 2 Installation and Configuration Note Step 2 You will need three pieces of information The IP address of the management workstation on which you are running Performance Manager and Cisco Traffic Analyzer The path to the directory wher...

Page 80: ...osts ISLs Storage devices and Flows 3 Enter the URL for the Cisco Traffic Analyzer in the format http ip address directory where ip address is the address of the management workstation on which you have installed the Cisco Traffic Analyzer and directory is the path to the directory where the Cisco Traffic Analyzer is installed 4 Click Next 5 Review the Data Collection to make sure this is the data...

Page 81: ...ur Performance Manager data see the Using Performance Manager section on page 3 14 For information on viewing and interpreting your Cisco Traffic Analyzer data refer to the Cisco MDS 9000 Family Port Analyzer Adapter 2 Installation and Configuration Note Stopping Data Collection You can stop a data collection process in Windows using the services panel Right click on the Cisco Performance Manager ...

Page 82: ...3 20 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL 7753 01 Chapter 3 Overview of Fabric Manager Removing Data Collection Files from the List ...

Page 83: ...tch Roles page 4 2 Using Valid Formats and Ranges page 4 2 About Flash Devices Every switch in the Cisco MDS 9000 Family contains one internal bootflash The Cisco MDS 9500 Series additionally contains one external CompactFlash called slot0 See Figure 4 1 and Figure 4 2 Figure 4 1 Flash Devices in the Cisco MDS 9000 Supervisor Module Figure 4 2 External CompactFlash in the Cisco MDS 9000 Supervisor...

Page 84: ...tFlash an optional device for MDS 9500 Series directors can be used for storing software images logs and core dumps Switch Roles By default two roles exist in all switches Network operator Has permission to view the configuration Network administrator Has permission to execute all commands and to set up to 64 permission levels based on user roles and groups When you execute a command perform comma...

Page 85: ...ht hexadecimal numbers separated by colons not case sensitive 12 34 56 78 9A BC dE F1 LUN 8 bytes in hexadecimal format separated by colons A minimum of two hex characters are acceptable The valid format is hhhh hhhh hhhh hhh h 64 100d 64h F C ID Six character hexadecimal value prepended by 0x 0xabc123 Domain ID Integer that specifies the domain 7 1 to 239 Timers Integer that specifies timers in m...

Page 86: ... retransmit time for the TCP connection in milliseconds 300 250 to 5000 Keepalive timeout Integer that specifies the TCP connection s keepalive timeout in seconds 60 1 to 7200 TCP retransmissions Integer that specifies the maximum number of TCP transmissions 6 1 to 8 PMTU Integer that specifies the path MTU reset time in seconds 90 60 to 3600 TCP buffer size Integer that specifies the advertised T...

Page 87: ...ats and Ranges iSCSI pWWN allocation Integer that specifies the number of pWWNs that must be allocated to an iSCSI initiator 2 1 to 64 CDP refresh and hold time Integer that specifies the refresh time interval and the hold time in seconds for the CDP protocol 60 5 to 255 Table 4 1 Valid Formats and Ranges continued ...

Page 88: ...4 6 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL 7753 01 Chapter 4 Before You Begin Using Valid Formats and Ranges ...

Page 89: ...Obtaining a Factory Installed License page 5 4 Performing a Manual Installation page 5 5 Obtaining License Key Files page 5 5 Installing Licenses page 5 6 Viewing License Information in Fabric Manager page 5 8 Viewing License Information in Device Manager page 5 9 Removing Licenses page 5 9 Updating Licenses page 5 10 License Expiry Alerts page 5 10 Moving Licenses Between Switches page 5 11 Licen...

Page 90: ...e future Incremental licenses Incremental refers to adding other licensed features not in the initial license file License keys are incremental if you purchase some features now and others later the license file and the software detect the sum of all features for the specified switch Evaluation license An evaluation license is a temporary license Evaluation licenses are time bound valid for a spec...

Page 91: ... RSPAN and FC Analyzer SNMP v3 Role based access control RADIUS Call Home and Interoperability modes IP access control lists ACLs Terminal Access Controller Access Control System TACACS Fabric Device Management Interface FDMI Internet Storage Name Service iSNS client Enterprise package ENTERPRISE_PKG Enhanced security features LUN zoning Read only zones Port security VSAN based access control Fibr...

Page 92: ...e license software runs on both supervisor modules and provides failover protection The license key file is mirrored on both supervisor modules Even if both supervisor modules fail the license file continues to function from the version that is available on the chassis Options to Install a License If you have purchased a new switch through either your reseller or through Cisco you have two options...

Page 93: ...he switch and the installed licenses features Performing a Manual Installation If you have existing switches or if you wish to install the licenses on your own you must first obtain the license key file and then install that file in the switch Figure 5 1 maps out ways to obtain license key files Figure 5 1 Obtaining a License Key File Obtaining License Key Files To obtain new or updated license ke...

Page 94: ...d by that license Installing Licenses Note If you need to install multiple licenses in any switch in the Cisco MDS 9000 Family be sure to provide unique file names for each license key file If you have purchased a new switch through either your reseller or through Cisco you can have the licenses pre installed in the factory or you can install the licenses yourself If you already have an existing s...

Page 95: ... Choose the switches for which you have PAKs When you check the check box for a switch the PAK field for that switch becomes editable The VDH serial number for each switch is shown in the HostId column Step 7 Enter the PAK for each switch you have selected Step 8 Click Finish to transfer the licenses from the host to the switches Fabric Manager accesses the appropriate license site and installs th...

Page 96: ...ss corruptedLicenseFile License file content is Invalid Corrupted targetLicenseFileAlreadyExist Target license file name already exists invalidLicenseFileName License file does not exist duplicateLicense License file is already installed generalLicensingFailure General error from license Manager none No install operation is performed licenseExpiryConflict License exist with a different expiration ...

Page 97: ... uninstall a permanent license that is not in use If you try to delete a permanent license that is currently being used the software rejects the request and issues an error message Features turned on by a permanent license must be disabled before the license in uninstalled Uninstalling an unused license causes the grace period to come into effect The grace period is counted from the first use of t...

Page 98: ...ps track of all licenses on a switch Once an expiry period has started you will receive CLI console messages SNMP traps syslog error messages and Call Home messages on a daily basis Beyond that the frequency of these message will increase to an hourly basis during the last seven days of the expiry time span For example Your FICON license feature is scheduled to expire in 60 days If today is Decemb...

Page 99: ... the switch for which it is issued and is not valid on any other switch If you need to transfer a license from one switch to another contact your customer service representative If you purchased Cisco support through a Cisco reseller contact the reseller directly If you purchased support directly from Cisco contact Cisco Technical Support at this URL http www cisco com warp public 687 Directory Di...

Page 100: ...5 12 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL 7753 01 Chapter 5 Obtaining and Installing Licenses Moving Licenses Between Switches ...

Page 101: ...P distributes this time across the network In a large enterprise network having one time standard for all network devices is critical for management reporting and event logging functions when trying to correlate interacting events logged across multiple devices Many enterprise customers with extremely mission critical networks maintain their own stratum 1 NTP source Time synchronization happens wh...

Page 102: ...switches point to one server and the remaining to the another server and then configure peer association between these two sets This forces the clock more reliable If you only have one server it s better for all the switches have a client association with that server If the network is configured robustly even a server down time will not affect well configured switches in the network displays a net...

Page 103: ...r or Peer To create an NTP server or peer perform the following steps Step 1 From the Fabric Manager Physical pane of the menu tree choose Switches System or from Device Manager choose Admin NTP In Fabric Manager you see the System information pane In Device Manager you see the NTP dialog box Step 2 Click the NTP Peer tab You see a list of NTP peers and servers for that switch Step 3 Click Create ...

Page 104: ...t to the address of the switch You see a drop down list the options peer or server Select the mode you want for the switch Step 5 To change the peer status of the switch to Preferred Peer check the PrefPeer check box next to the address of the switch To remove this status uncheck the check box Step 6 Click Apply to apply your changes to the switch or click Close to close the dialog box without sav...

Page 105: ...sor modules Performs nondisruptive restarts of a failed process on the same supervisor module A service running on the supervisor modules and on the switching module tracks the HA policy defined in the configuration and takes action based on this policy This feature is also available in Cisco MDS 9216 switches and in the Cisco MDS 9100 Series Protects against link failure using the PortChannel por...

Page 106: ...When a standby supervisor module is in the HA standby state an HA switchover is possible An HA switchover has the following characteristics Is stateful nondisruptive since control traffic is not impacted Does not impact data traffic since the switching modules are not impacted Switching modules are not reset Process Restartability Process restartability provides the high availability functionality...

Page 107: ...tics have passed and the configuration is being downloaded Active This module is the active supervisor module and the switch is ready to be configured Standby This state indicate that a switchover is possible Failed The switch detects a supervisor module failure on initialization and automatically attempts to power cycle the module three 3 times After the third attempt it continues to display a fa...

Page 108: ...gured The standby module is in the HA standby state Shutting down The switch is being shut down HA switchover in progress The switch is in the process of changing over to the HA switchover mechanism Offline The switch is intentionally shut down for debugging purposes HA synchronization in progress The standby supervisor module is in the process of synchronizing its supervisor modules Standby faile...

Page 109: ...ware Images page 8 1 Essential Upgrade Prerequisites page 8 2 Using the Software Install Wizard page 8 3 Maintaining Supervisor Modules page 8 4 Replacing Modules page 8 5 Recovering a Corrupted Bootflash page 8 5 Default Factory Settings page 8 5 About Software Images Each switch is shipped with a Cisco MDS SAN OS operating system for Cisco MDS 9000 Family switches The SAN OS consists of two imag...

Page 110: ...or the image files to be copied Hardware Avoid power interruption during any install procedure These kinds of problems can corrupt the software image Connectivity to retrieve images from remote servers Configure the IP address for the 10 100 BASE T Ethernet port connection interface mgmt0 Ensure that the switch has a route to the remote server If you do not have a router to route traffic between s...

Page 111: ...h Space column To use images that are already downloaded the file is already on the bootflash check the Skip Image Download check box When you check this check box you are prompted to choose an image from the bootflash for each switch being upgraded Step 4 Check the active and standby if applicable bootflash on each switch to see if there is enough space for the new images The table shows the acti...

Page 112: ...nnot transfer files from the local host to the switch Note Before exiting the session be sure the upgrade process is complete The wizard displays a status during processing Check the lower left hand corner of the wizard for the status message Upgrade Finished First the wizard displays the message Success 1 2 2 followed a few seconds later by InProgress Polling Then the wizard displays a second mes...

Page 113: ... same software version as the rest of the switch Refer to the Cisco MDS 9000 Family San Volume Controller Configuration Guide for configuration details on replacing the Caching Services Module CSM When a spare standby supervisor module is inserted it uses the same image as the active supervisor module The SAN OS software image is not copied to the standby flash until you issue an install all comma...

Page 114: ...8 6 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL 7753 01 Chapter 8 Software Images Default Factory Settings ...

Page 115: ...tions for switches in the Cisco MDS 9000 Family Supervisor Modules Supervisor modules are automatically powered up and started with the switch Cisco MDS 9200 Series switches have one supervisor module that includes an integrated 16 port switching module Table 9 1 Supervisor Module Options Product No of Supervisor Modules Supervisor Module Slot Switching Module Features Cisco MDS 9216 One module in...

Page 116: ...ssible states in which a module can exist To view the state of a module from Device Manager choose Physical Modules The dialog box displays the status of every module Table 9 2 Module States show module Output Description powered up The hardware has electrical power When the hardware is powered up the software begins booting testing The module has established connection with the supervisor and the...

Page 117: ...ntal monitors power supply fan temperature sensor clock and chassis failed Sufficient power is not available for all modules Incompatible power supplies are installed The redundant clock failed Red The diagnostic test failed The module is not operational because a fault occurred during the initialization sequence A temperature condition occurred A major threshold was exceeded during environmental ...

Page 118: ...e condition has occurred A major threshold has been exceeded during environmental monitoring System Green All chassis environmental monitors power supply fan temperature sensor clock and chassis are reporting OK Orange Any one of the environmental monitors power supply fan temperature sensor clock and chassis has failed Incompatible power supplies are installed The redundant clock has failed Red T...

Page 119: ... being used Table 9 6 Switching Module LEDs LED Type Status Description Status Green All diagnostics pass The module is operational normal initialization sequence Orange The module is booting or running diagnostics normal initialization sequence An over temperature condition occurred A minor threshold was exceeded during environmental monitoring Red The diagnostic test failed The module is not ope...

Page 120: ...16 Switches do not support EPLD upgrades Caution Do not insert or remove any modules while an EPLD upgrade or downgrade is in progress Note Switches in the Cisco MDS 9100 Series do not support a forced EPLD upgrade When you upgrade the EPLD module on these switches you receive the following message Data traffic on the switch will stop now Do you want to continue y n Refer to the Cisco MDS 9000 Fam...

Page 121: ...er supplies can be configured in either redundant or combined mode Redundant mode Uses the capacity of one power supply only This is the default mode In case of power supply failure the entire switch has sufficient power available in the system Combined mode Uses the combined capacity of both power supplies In case of power supply failure the entire switch can be shut down depends on the power use...

Page 122: ... value remains at 2500 Watts Reason 2500 Watts is the lesser of the two power supplies Table 10 1 lists redundant mode power supply scenarios In combined mode the total power is twice the lesser of the two power supply capacities For example if you have the following usage figures configured Power supply 1 2500 Watts Additional Power supply 2 not used Current Usage 2000 Watts Current capacity 2500...

Page 123: ...Watts Current Usage 2000 Watts Current mode combined mode so current capacity is 3600Watts You decide to change the switch to redundant mode Then power supply 2 is shut down Reason 1800Watts is the lesser of the two power supplies and it is less than the system usage Scenario 2 You have the following usage figures configured Power supply 1 2500 Watts Additional Power supply 2 2200 Watts Current Us...

Page 124: ... Manager displays power supply power attributes for multiple switches The dialog box from the Device Manager displays power supply power attributes for a single switch Step 2 Configure the power attributes for the power supply Table 10 3 Summary of Configuration Scenarios for Power Supplies with Different Capacities Scenario Power Supply 1 W Current Mode Current Usage W Power Supply 2 W New Mode N...

Page 125: ...sor If the threshold is exceeded in a switching module the module is shut down If the threshold is exceeded in a supervisor module with HA standby or standby present the supervisor module is shut down If the standby supervisor is not present the entire switch is shut down Note Switch shut down only happens after a two minute interval During this interval the software monitors the temperature every...

Page 126: ... Each switch has two clock modules for redundancy Clock A primary and Clock B The redundant clock module Clock B takes over if the primary clock module fails If Clock A is available at startup the switch uses Clock A otherwise it uses Clock B If Clock A fails the switch is reset and Clock B automatically takes over Clock modules cannot be configured If both modules fail the switch shuts down The p...

Page 127: ...e Inventory tab or from Device Manager choose Physical Inventory The Fabric Manager Information pane displays system attributes for multiple switches The dialog box from the Device Manager displays system attributes for a single switch Step 2 Configure the inventory attributes for the module Managing Module Attributes To manage module status attributes perform the following steps Step 1 From the F...

Page 128: ...10 8 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL 7753 01 Chapter 10 Managing System Hardware ...

Page 129: ...verlaid on top of a single physical fabric The ability to create several logical VSAN layers increases the scalability of the SAN Per VSAN fabric services Replication of fabric services on a per VSAN basis provides increased scalability and availability Redundancy Several VSANs created on the same physical SAN ensure redundancy If one VSAN fails redundant protection is provided to another VSAN in ...

Page 130: ...ed to a host in another VSAN thus increasing VSAN scalability Every instance of a VSAN runs all required protocols such as FSPF domain manager and zoning Fabric related configurations in one VSAN do not affect the associated traffic in another VSAN Events causing traffic disruptions in one VSAN are contained within that VSAN and are not propagated to other VSANs Figure 11 1 shows a fabric with thr...

Page 131: ...arate switches and links for separate SANs By enabling VSANs the same switches and links may be shared by multiple VSANs VSANs allow SANs to be built on port granularity instead of switch granularity illustrates that a VSAN is a group of hosts or storage devices that communicate with each other using a virtual topology defined on the physical SAN The criteria for creating such groups differ based ...

Page 132: ...e from zone A defined in VSAN 7 Table 11 1 VSAN and Zone Comparison VSANs Zones VSANs equal SANs with routing naming and zoning protocols These protocols are not available on a per zone basis Zones are always contained within a VSAN Zones never span two VSANs VSANs limit unicast multicast and broadcast traffic Zones limit unicast traffic Membership is typically defined using the VSAN ID to Fx port...

Page 133: ... need more than one VSAN for a switch use this default VSAN as the implicit parameter during configuration If no VSANs are configured all devices in the fabric are considered part of the default VSAN By default all ports are assigned to the default VSAN Note VSAN 1 cannot be deleted It can be suspended Isolated VSANs VSAN 4094 is an isolated VSAN All non trunking ports are transferred to this VSAN...

Page 134: ...AN you activate the services for that VSAN The suspended state of a VSAN indicates that the VSAN is configured but not enabled If a port is configured in this VSAN it is disabled Use this state to deactivate a VSAN without losing the VSAN s configuration All ports in a suspended VSAN are disabled By suspending a VSAN you can preconfigure all the VSAN parameters for the whole fabric and activate th...

Page 135: ...tive VSAN is deleted all of its attributes are removed from the running configuration VSAN related information is maintained by the system software VSAN attributes and port membership details are maintained by VSAN manager This feature is affected when you delete a VSAN from the configuration When a VSAN is deleted all the ports in that VSAN are made inactive and the ports are moved to the isolate...

Page 136: ...ted when a VSAN is deleted Default Settings The table below lists the default settings for all configured VSANs Table 11 2 Default VSAN Parameters Parameters Default State Active state Name Concatenation of VSAN and a four digit string representing the VSAN ID For example VSAN 3 is VSAN0003 Load balancing attribute OX ID src dst ox id Port membership Default VSAN VSAN 1 ...

Page 137: ...ntains the following topics Configuring Fibre Channel Interfaces page 12 1 Default Settings page 12 10 Configuring VSAN Interfaces page 12 10 Configuring Gigabit Ethernet Interfaces page 12 11 Enabling or Disabling Ports page 12 11 Managing Interface Attributes for Ports page 12 11 Configuring Fibre Channel Interfaces This section describes Fibre Channel interface characteristics including but are...

Page 138: ...atus of a specified attribute like the interface speed This status cannot be changed and is read only Some values may not be valid when the interface is down for example the operational speed E Port In expansion port E port mode an interface functions as a fabric expansion port This port may be connected to another E port to create an Inter Switch Link ISL between two switches E ports carry frames...

Page 139: ...itch fabric because they only communicate with devices on the same physical loop Note We recommend configuring devices attached to TL ports in zones which have up to 64 zone members TE Port In trunking E port TE port mode an interface functions as a trunking expansion port It may be connected to another TE port to create an Extended ISL EISL between two switches TE ports are specific to Cisco MDS ...

Page 140: ...hically dispersed fabrics This model uses B ports as described in the T11 Standard FC BB 2 When an FCIP peer is a SAN extender device that only support Fibre Channel B ports you need to enable the B port mode for the FCIP link When a B port is enabled the E port functionality is also enabled and they coexist If the B port is disabled the E port functionality remains enabled Auto Mode Interfaces co...

Page 141: ...es Administrative State Description Up Enables an interface Down Disables an interface When an interface is administratively disabled the physical link layer state change is ignored Table 12 2 Operational States Operational State Description Up Interface is transmitting or receiving traffic as desired To be in this state an interface must be administratively up the interface link layer state must ...

Page 142: ...d state To make the interface operational assign that port to a configured and active VSAN Hardware failure A hardware failure is detected Error disabled Error conditions require administrative attention Interfaces may be error disabled for various reasons For example Configuration failure Incompatible buffer to buffer credit configuration To make the interface operational you must first fix the e...

Page 143: ...The default port mode is Fx Fx negotiates to F or FL for 32 port switching modules and the host optimized ports in the Cisco 9100 Series 16 host optimized ports in the Cisco MDS 9120 switch and 32 host optimized ports in the Cisco MDS 9140 switch Isolation due to invalid fabric reconfiguration The port is isolated due to fabric reconfiguration Isolation due to domain manager disabled The fcdomain ...

Page 144: ...itches do not run out of buffers since switches must not drop frames Buffer Credits are negotiated on a per hop basis The receive BB_credit rxbbcredit value may be configured for each FC interface In most cases you don t need to modify the default configuration The receive BB_credit values depend on the module type and the port mode 16 port switching modules and full rate ports The default value i...

Page 145: ...link and speed LEDs in a 16 port switching module Figure 12 2 Cisco MDS 9000 Family Switch Interface Modes Each port has one link LED on the left and one speed LED on the right The speed LED displays the speed of the port interface Off The interface attached to that port is functioning at 1000 Mbps On solid green The interface attached to that port is functioning at 2000 Mbps for 2 Gbps interfaces...

Page 146: ...can create an IP interface on top of a VSAN and then use this interface to send frames to this VSAN To use this feature you must configure the IP address for this VSAN VSAN interfaces cannot be created for nonexisting VSANs Follow these guidelines when creating or deleting VSAN interfaces Create a VSAN before creating the interface for that VSAN If a VSAN does not exist the interface cannot be cre...

Page 147: ...r Disabling Ports To enable a port right click on a disabled port in Device Manager and choose Enable from the pop up menu To disable a port right click on a enabled port in Device Manager and choose Disable from the pop up menu To enable or disable multiple ports press the Ctrl key and click each port or drag the mouse around a group of ports Then right click any of the chosen ports and choose ei...

Page 148: ...12 12 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL 7753 01 Chapter 12 Configuring Interfaces Managing Interface Attributes for Ports ...

Page 149: ...king enables interconnect ports to transmit and receive frames in more than one VSAN over the same physical link using Extended ISL EISL frame format Figure 13 1 Trunking The trunking feature includes the following restrictions Trunking configurations are only applicable to E ports If trunk mode is enabled in an E port and that port becomes operational as a trunking E port it is referred to as a T...

Page 150: ...es By default the trunk mode is enabled in all Fibre Channel interfaces However the trunk mode configuration takes effect only in E port mode You can configure the trunk mode as on enabled off disabled or auto automatic The default trunk mode is on The trunk mode configuration at the two ends of an ISL between two switches determine the resulting trunking state of the link and the port modes at bo...

Page 151: ...ver only the common set of allowed active VSANs at the ends of the ISL become operational as shown in Figure 13 2 Default Allowed Active VSAN Configuration You can configure a select set of VSANs from the allowed active list to control access to those VSANs in a trunking ISL Using Figure 13 3 as an example you can configure the list of allowed VSANs on a per interface basis VSANs1 2 and 3 are oper...

Page 152: ...across E ports you could face consequences such as merging the traffic in two VSANs thus causing both VSANs to mismatch The trunking protocol validates the VSAN interfaces at both ends of an ISL to avoid VSANs merging See Figure 13 4 Figure 13 4 VSAN Mismatch In Figure 13 4 the trunking protocol detects potential VSAN merging and isolates the ports involved t s i l d e w o l l a e h t n o e r a 3 ...

Page 153: ...erged with overlapping entries in the name server and the zone applications The Cisco MDS 9000 Fabric Manager helps detect such topologies Refer to the Cisco MDS 9000 Family Fabric Manager User Guide for more information Default Settings Table 13 2 lists the default settings for trunking parameters Switch 1 Switch 3 Switch 2 Third party switchs VSAN 2 E port VSAN 3 E port 85472 Table 13 2 Default ...

Page 154: ...13 6 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL 7753 01 Chapter 13 Configuring Trunking Default Settings ...

Page 155: ...is switched to the remaining links If a link goes down in a PortChannel the upper protocol is not aware of it To the upper protocol the link is still there although the bandwidth is diminished The routing tables are not affected by link failure PortChannels may contain up to 16 physical links and may span multiple modules for added high availability Cisco MDS 9000 Family of switches support 128 Po...

Page 156: ...rts 5 8 and so on as an E port If the first port in the group is configured as a PortChannel the other three ports in each group ports 2 4 6 8 and so on are not usable and remain in the shutdown state If any of the other three ports are configured in a no shutdown state you cannot configure the first port as a PortChannel The other three ports continue to remain in a no shutdown state In the Cisco...

Page 157: ...ling and Trunking PortChanneling enables several links to be combined into one aggregated link Trunking enables an ISL to carry trunk multiple VSANs Trunking can only be configured on a TE port A TE port is specific to switches in the Cisco MDS 9000 Family An industry standard E port can link to other vendor switches and is referred to as a nontrunking interface See Figure 14 2 Figure 14 2 PortCha...

Page 158: ...interface attributes from the Device Manager choose Interface PortChannels and click the Interfaces tab The Information pane in Fabric Manager displays attributes for multiple switches The dialog box from Device Manager displays attributes for a single switch Quiescing Disabling Port Channel Members When quiescing the following apply If an ISL is already quiesced the message port already quiesced ...

Page 159: ...the same link However subsequent exchanges can use a different link This provides more granular load balancing while preserving the order of frames for each exchange Figure 14 3 illustrates how source ID 1 SID1 and destination ID1 based DID1 load balancing works When the first frame in a flow is received on an interface for forwarding link 1 is selected Each subsequent frame in that flow is sent o...

Page 160: ... consider the following guidelines Configure the PortChannel across switching modules to prevent redundancy on switching module reboots or upgrades Ensure that one PortChannel is not connected to two switches PortChannels require point to point connections Error Detection If you misconfigure PortChannels you may receive the Error disabled Possible port channel misconfiguration message If you recei...

Page 161: ...ed be sure to reconnect the links to interfaces within the PortChannel and re enable the links and verify that the PortChannel is functioning as required If all three conditions are not met the faulty link is disabled Default Settings Table 14 1 lists the default settings for PortChannels Table 14 1 Default PortChannel Parameters Parameters Default PortChannels FSPF is enabled by default Create Po...

Page 162: ...14 8 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL 7753 01 Chapter 14 Configuring PortChannels Default Settings ...

Page 163: ...ning the source destination ID field This chapter defines various zoning concepts and provides details on zone set and management features in the switch This chapter contains the following topics Zoning Features page 15 2 Zoning Example page 15 3 Configuring a Zone page 15 4 Configuring Aliases page 15 6 Zone Sets page 15 7 Zone Enforcement page 15 14 The Default Zone page 15 14 Recovering from Li...

Page 164: ...bled in the source switch If a new switch is added to an existing fabric zone sets are acquired by the new switch Zone changes can be configured nondisruptively New zones and zone sets can be activated without interrupting traffic on unaffected ports or devices Zone membership criteria is based on WWNs or FC IDs Port world wide name pWWN Specifies the pWWN of an N port attached to the switch as a ...

Page 165: ... by H3 Note that H3 resides in both zones Figure 15 1 Fabric with Two Zones Of course there are other ways to partition this fabric into zones Figure 15 2 illustrates another possibility Assume that there is a need to isolate storage system S2 for the purpose of testing new software To achieve this Zone 3 is configured which contains only host H2 and storage S2 You can restrict access to just H2 a...

Page 166: ...r for both local and remote switches To specify a remote switch enter the remote switch WWN sWWN or the domain ID in the particular VSAN Interface based zoning only works with Cisco MDS 9000 family switches Interface based zoning does not work if interop mode is configured in that VSAN If you do not provide a sWWN the software automatically uses the local sWWN Creating Zones Zones are configured w...

Page 167: ...ou can add members using the following port identification types pWWN The world wide name of the port configured on the end device in hex format Fabric port WWN The world wide name of the physical port on the switch in hex format FC alias The alias name in alphabetic characters for example Payroll LUN The logical unit number of a disk in a disk device For more information about port identification...

Page 168: ... Changing the Default Zone Policy section on page 15 15 Viewing Zone Statistics To monitor zone statistics from the Zone Server choose VSANxxx Domain Manager from the Fabric Manager menu tree You see the zone information in the Information pane Click on the Statistics tab to see the statistics information for the switches in the zone Deleting Zones and Members To delete zones or members follow the...

Page 169: ...Right click on the Zones folder in the left pane and choose Insert Step 8 Name the zone as desired Step 9 Click the Aliases tab above the right window pane Step 10 Click and drag the desired alias members you created in Steps 5 and 6 above from the right window pane to the Zone folder you just created in the left window pane Step 11 Add the zone to a zone set and activate it accordingly Viewing Al...

Page 170: ...e set is used to enforce zoning and is called the active zone set An active zone set cannot be modified A zone that is part of an active zone set is called an active zone The administrator can modify the full zone set even if a zone set with the same name is active The changes do not take effect until the zone set is activated When the activation is done the active zone set is automatically stored...

Page 171: ... C o e Zone E Zone C Zone D Zone set Z1 Zone A Zone B Zone C Zone set Z2 Zone C Zone D Zone E Zone set Z3 Zone A Zone C Zone D Zone set Z1 Zone A Zone B Zone C After activating Zone set Z1 Full zone set e set Zone set Z1 Zone A Zone B Zone C Zone set Z2 Zone C Zone D Zone E Zone set Z3 Zone A Zone C Zone D Zone set Z1 Zone A Zone B Zone C After adding Zone D to Zone set Z1 Full zone set e set Zone...

Page 172: ...e full zone set database Creating Zone Sets To create zone sets perform the following steps Step 1 From the Fabric Manager choose Zone Edit Full Database on Switch You see the Select VSAN dialog box Choose the VSAN and click OK You can also right click a VSAN folder in the Logical tab and choose Edit Local Zone Database from the pop up menu You see the Edit VSANxxx Local Full Zones window Step 2 R...

Page 173: ... the ZoneSets folder and then right click the folder for the zone set to which you want to add a zone and choose Insert from the pop up menu You see the Zone Server Select Zone dialog box Step 2 Select the zone that you want to add to the zone set and click Add The zone is added to the zone set in the zone database Activating or Enforcing Zone Sets Once zones and zone sets have been created and po...

Page 174: ...ch to import the zone set information from the drop down list Step 5 Choose the interface to use for the import process Step 6 Click OK to import the active zone set or click Close to close the dialog without importing the active zone set Exporting Active Zone Sets You can export active zone sets do a Merge Fail Recovery if the cause of an ISL failure is a zone merge fail To export an active zone ...

Page 175: ...ive zone database or the full zone database To recover a zone database follow these steps Step 1 From the Fabric Manager choose Zone Recover Full Zone Database You see the Recover Full Zone Database dialog box Step 2 Click the Copy Active or the Copy Full radio button depending on which type of database you want to copy Step 3 Choose the source VSAN from which to copy the information from the drop...

Page 176: ...d zoning enforces zoning restrictions on every frame and prevents unauthorized access Switches in the Cisco MDS 9000 Family support both hard and soft zoning The Default Zone Each member of a fabric in effect a device attached to an Nx port can belong to any zone If a member is not part of any active zone it is considered to be part of the default zone Therefore if no zone set is active in the fab...

Page 177: ...ne cannot be part of any other zone Traffic can be permitted and denied to members in the default zone This information is not distributed to all switches Permission and denial must be set for each switch in the fabric To permit or deny traffic to members in the default zone from the Zone Server follow these steps Step 1 Choose VSANxxx Default Zone from the Fabric Manager menu tree and click the P...

Page 178: ...e can access any LUN in the device With LUN zoning you can restrict access to specific LUNs associated with a device Figure 15 6 shows a LUN based zone example Host H1 can access LUN 2 in S1 and LUN 0 in S2 It cannot access any other LUN in S1 or S2 Host H2 can access LUNs 1 and 3 in S1 and only LUN 1 in S2 It cannot access any other LUN in S1 or S2 Unzoned LUNs automatically become members of the...

Page 179: ...y default an initiator has both read and write access to the target s media when they are members of the same Fibre Channel zone The read only zone feature allows members to have only read access to the media within a read only Fibre Channel zone You can also configure LUN zones as read only zones Guidelines to Configure Read Only Zones Any zone can be identified as a read only zone By default all...

Page 180: ...izard Step 2 Follow the prompts in the wizard to migrate the database Using the Zone Wizard Use the Zone Wizard to configure zones read only zones and IVR zones Step 1 From the Fabric Manager click the Zone Wizard icon in the Fabric Manager Zone toolbar see Figure 15 7 Figure 15 7 Zone Wizard Icon You see the Zone Wizard Step 2 Follow the prompts in the wizard to migrate the database Table 15 1 De...

Page 181: ...derived from the separation of Fibre Channel services in each VSAN and isolation of traffic between VSANs Data traffic isolation between the VSANs also inherently prevents sharing of resources attached to a VSAN like robotic tape libraries Using IVR resources across VSANs are accessed without compromising other VSAN benefits Data traffic is transported between specific initiators and targets on di...

Page 182: ...mbers on any switch in the Cisco MDS 9000 Family Inter VSAN zone sets IVZS One or more IVZs make up an IVZS You can configure up to 32 IVZSs on any switch in the Cisco MDS 9000 Family Only one IVZS can be active at any time IVR path An IVR path is a set of switches and inter switch links via which a frame from one end device in one VSAN can reach another end device in some other VSAN Multiple path...

Page 183: ... ensures minimum traffic disruption Minimize the coordination between interconnected VSANs when configuring the SAN for the first time as well as when you add each new switch Transit VSANs Guidelines Consider the following guidelines for transit VSANs Besides defining the IVZ membership you can choose to specify a set of transit VSANs to provide connectivity between two edge VSANs If two edge VSAN...

Page 184: ...so that the domains in different VSANs are non overlapping on all participating switches and VSANs Configure static non overlapping domains using the CLI for each participating switch and VSAN Enabling IVR The IVR feature must be enabled in all border switches in the fabric that participate in the IVR By default this feature is disabled in all switches in the Cisco MDS 9000 Family To begin configu...

Page 185: ...ches in the network fabric Note When you confirm the activate operation the current running configuration is saved to the startup configuration This permanently saves any changes made to the running configuration not just zoning changes Note Some time zones beginning with prefix IVRZ and a zone set with name nozoneset appear in logical view The zones with prefix IVRZ are IVR zones which get append...

Page 186: ...mber of this VSAN must be participating in IVR zoning Since the IVR zones get added to active zones the active zone set configuration is always different from local zone set configuration with same name Deactivating IVR Zone Sets To activate a zone set follow these steps Step 1 Right click the zone set in the Zone IVR Inter VSAN Routing Edit Full Database on Switch dialog Step 2 Click Deactivate R...

Page 187: ...rability When using the IVR feature all border switches in a given fabric must be Cisco MDS switches However other switches in the fabric may be non MDS switches For example end devices that are members of the active IVZS may be connected to non MDS switches Non MDS switches may also be present in the transit VSAN s or in the edge VSANs if the interop mode 1 option is enabled IVR Using LUN Zoning ...

Page 188: ... in a full zone set database and are lost when the switch reboots or when a new zone set is activated The IVR feature monitors these events and adds the zones corresponding to the active IVZS configuration when a new zone set is activated Like zone sets IVR zone sets are also activated non disruptively If pwwn1 and pwwn2 are in an IVZ in the current as well as the new IVZS then activation of the n...

Page 189: ...he edge VSANs corresponding to each IVZ traffic may be disrupted in edge VSANs where the default zone policy is permit Be sure to repeat this configuration in all border switches participating in the IVR configuration Using the Cisco MDS Fabric Manager you can distribute IVZ configurations to all IVR capable switches in the interconnected VSAN network Refer to the Cisco MDS 9000 Family Fabric Mana...

Page 190: ...ng the Zone Wizard Using the Zone Wizard Use the Zone Wizard to configure zones read only zones and IVR zones Step 1 From the Fabric Manager click the Zone Wizard icon in the Fabric Manager Zone toolbar Figure 16 2 Zone Wizard icon The Zone Wizard displays Step 2 Follow the prompts in the wizard to migrate the database ...

Page 191: ...er page 17 3 Viewing Advanced Attributes for the Name Server page 17 3 Proxy Ports for the Name Server page 17 3 Viewing Name Server Statistics page 17 4 Viewing RSCN Nx Registrations page 17 4 Viewing RSCN Statistics page 17 4 Viewing FLOGI Attributes page 17 4 Viewing Port ELP Attributes page 17 5 Viewing Trunk Configuration page 17 5 Displaying FLOGI Details In a Fibre Channel fabric each host ...

Page 192: ...guration the name server instances running on each switch shares information in a distributed database One instance of the name server process runs on each switch Displaying FDMI SAN OS 1 3 x provides support for the Fabric Device Management Interface FDMI functionally as described in the FC GS 4 standard FDMI enables management of devices such as Fibre Channel Host Bus Adaptors HBAs through inban...

Page 193: ...d a host Host H connected to switch 1 Host H is registered to receive RSCNs D1 D2 and H belong to the same zone If disks D1 and D2 are online at the same time then one of the following applies If the multi pid option is disabled on switch 1 then two RSCNs is generated to Host H one for the disk D1 and another for disk D2 If the multi pid option is enabled on switch 1 then a single RSCN is generate...

Page 194: ...tab The Information pane from the Fabric Manager displays Nx registrations for RSCN for multiple switches To monitor Nx registrations for RSCN from the Device Manager choose RSCN from the FC menu The RSCN dialog box with the Nx Registrations tab selected displays Nx registrations for RSCN for a single switch Viewing RSCN Statistics To monitor registered state change notification RSCN statistics fr...

Page 195: ...r All Ports from the Interface menu and click the ELP tab The Information pane in Fabric Manager displays attributes for multiple switches The dialog box from Device Manager displays attributes for a single switch Viewing Trunk Configuration To monitor trunking for ports from the Fabric Manager choose FC Physical Interfaces from the menu tree and then click the Trunk Failures tab To view trunking ...

Page 196: ...17 6 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL 7753 01 Chapter 17 Managing FLOGI Name Server FDMI and RSCN Databases Viewing Trunk Configuration ...

Page 197: ...A server s A global preshared secret key authenticates communication between the AAA servers This secret key can be configured for all AAA server groups or for only a specific AAA server This kind of authentication provides a central configuration management capability This chapter contains the following topics Switch Management Security page 18 2 Switch AAA Functionalities page 18 2 Configuring R...

Page 198: ...le serial connection Telnet or Secure Shell SSH For each management path console or Telnet and SSH you can configure one or more of the following security control options local remote RADIUS or TACACS or none Remote security control Using Remote Authentication Dial In User Services RADIUS Using Terminal Access Controller Access Control System plus TACACS Local security control Trivial authenticati...

Page 199: ...te additional roles and configure the following options Assign user roles either locally or using remote AAA servers Configure user profiles on a remote AAA server to contain role information This role information is automatically downloaded and used when that user is authenticated through remote AAA server Accounting Accounting refers to the log that is kept for each management session in a switc...

Page 200: ...ed you can specify multiple server groups If the MDS switch encounters errors from the server s in the first group it tries the servers in next server group AAA Service Configuration Options AAA configuration in Cisco MDS switches is service based You can have separate AAA configurations for following services Telnet or SSH login Choose Switches Security SSH iSCSI authentication Choose End Devices...

Page 201: ...uthentication from the Fabric Manager choose Security Radius from the menu tree To configure RADIUS authentication from the Device Manager choose Security Radius CLI Configuring RADIUS Servers To configure RADIUS servers perform the following steps Step 1 From the Device Manager choose Security Radius and click the Servers tab You see the Radius dialog box with the Servers tab selected To configur...

Page 202: ...fic option using the format recommended in the specification The Cisco vendor ID is 9 and the supported option is vendor type 1 which is named cisco avpair The value is a string with the following format protocol attribute sep value where protocol is a Cisco attribute for a particular type of authorization sep is for mandatory attributes and is for optional attributes When you use RADIUS servers t...

Page 203: ... About TACACS TACACS is a client server protocol which uses TCP TCP port 49 for transport requirements All switches in the Cisco MDS 9000 Family provide centralized authentication using the TACACS protocol The addition of TACACS support in SAN OS 1 3 x enables the following advantages over RADIUS authentication Provides independent modular AAA facilities authorization can be done without authentic...

Page 204: ... Switches Security TACACS Defaults to configure global values for the key for all TACACS servers Secret keys configured for individual servers override the globally configured values Setting the Timeout Value From Fabric Manager choose Switches Security TACACS Defaults to configure global timeout values for all TACACS servers Timeout values configured for individual servers override the globally c...

Page 205: ...or more remote AAA servers to authenticate users using server groups Local AAA The system maintains the user name and password locally and stores the password information in encrypted form You are authenticated based on the locally stored user information Authentication and Authorization Process Authentication is the process of verifying the identity of the person managing the switch This identity...

Page 206: ... next AAA server will be tried and so on until the remote server responds to the authentication request If all AAA servers in the server group fail to respond then the servers in the next server group are tried If all configured methods fails then local database is used for authentication Access permitted Access permitted Start Incoming access request to switch Local user name only Local database ...

Page 207: ...mpletion or obtain context sensitive help the switch software allows the operation to progress if you have permission to access that command Each role can contain multiple users and each user can be part of multiple roles For example if role1 users are only allowed to perform configuration commands and role2 users are only allowed to perform debug commands then if Joe belongs to both role1 and rol...

Page 208: ...fcdomain VSAN properties for their VSANs without affecting other VSANs Also if the role permits operations in multiple VSANs then the VSAN administrators can change VSAN membership of F or FL ports among these VSANs Users belonging to roles in which the VSAN policy is set to deny are referred to as VSAN restricted users These users cannot perform the following functions that require the startup co...

Page 209: ...n is already generated for the required version use the force option to overwrite the previously generated key pair About SNMP Security SNMP is an application layer protocol that facilitates the exchange of management information between network devices In all Cisco MDS 9000 Family switches three SNMP versions are available SNMPv1 SNMPv2c and SNMPv3 See Figure 18 2 Figure 18 2 SNMP Security Users ...

Page 210: ...op down list In Fabric Manager you can enter a new role name in the field if you do not want to choose one from the list If you enter a new role name you must go back and configure this role appropriately see the Configuring Common Roles section on page 18 16 Step 5 Click Create to create the new entry or click Close to create the entry and close the dialog box Deleting a Community String To delet...

Page 211: ...from the drop down list In Fabric Manager you can enter a new role name in the field if you do not want to select one from the list If you enter a new role name you must go back and configure this role appropriately see the Configuring Common Roles section on page 18 16 Step 5 Enter the password for the user twice in the New Password and Confirm Password fields Step 6 To enable encryption of manag...

Page 212: ...ity SNMP from the Physical pane menu tree and click the Users Roles or Communities tab You see the list of SNMP users roles or communities in the Information pane To view this information from the Device Manager choose Security SNMP The SNMP dialog box displays Group Based SNMP Access Because group is a standard SNMP term used industry wide we refer to role s as group s in this SNMP section SNMP a...

Page 213: ...isting user in the vsmUserTable on the switch Once you have created the user change the cloned secret key before activating the user Refer to RFC2574 You must explicitly configure password s for SNMP users The SNMP user passwords are not generated as the part of the configuration file as they are not portable across devices The password is limited to a minimum of 8 characters and a maximum of 64 c...

Page 214: ...ck box your role will have read only permission Step 7 Click Enable to enable the VSAN scope Step 8 Enter the scope in the Scope field Step 9 Click Create to create the Role or click Close to close the Role dialog without creating the common role To create a common role in Device Manager perform the following steps Step 1 Choose Security Common Roles The Common Roles dialog box displays Step 2 Cli...

Page 215: ...pplying the rules Step 6 Click Apply to create the common role or click Close to close the Common Role dialog without creating the common role Deleting Common Roles To delete a common role perform the following steps Step 1 From the Device Manager choose Security Common Roles The Common Roles dialog box displays From Fabric Manager choose Security SNMP from the Physical pane menu tree and click th...

Page 216: ...onfigure it to expire User name admin User password admin Configured RADIUS sever Allows access to all RADIUS severs RADIUS server timeout interval The default time out is one 1 seconds RADIUS preshared key No key is configured RADIUS key encryption clear text 0 Not encrypted RADIUS server connection attempts A switch tries to connect to a RADIUS server once 1 RADIUS Authentication port UDP port 1...

Page 217: ...anager Switch Configuration Guide OL 7753 01 Chapter 18 Configuring Switch Security Restricting Switch Access Restricting Switch Access You can restrict access to a Cisco MDS 9000 Family switch using IP Access Control Lists IP ACLs ...

Page 218: ...18 22 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL 7753 01 Chapter 18 Configuring Switch Security Restricting Switch Access ...

Page 219: ... Configuring the DHCHAP Hash Algorithm page 19 4 Configuring DHCHAP Groups page 19 4 Configuring DHCHAP Passwords page 19 4 Configuring Passwords for Other Devices page 19 5 Configuring the DHCHAP Timeout Value page 19 5 Default Fabric Security Settings page 19 5 About Fabric Authentication All switches in the Cisco MDS 9000 Family enable fabric wide authentication from one switch to another switc...

Page 220: ...d devices from accessing the switch The terms FC SP and DHCHAP are used interchangeably in this chapter DHCHAP is a mandatory password based key exchange authentication protocol that supports both switch to switch and host to switch authentication DHCHAP negotiates hash algorithms and DH groups before performing authentication It supports MD 5 and SHA 1 algorithm based authentication Configuring t...

Page 221: ...iguration Enabling DHCHAP By default the DHCHAP feature is disabled in all switches in the Cisco MDS 9000 Family You must explicitly enable the DHCHAP feature to access the configuration and verification commands for fabric authentication When you disable this feature all related configurations are automatically discarded Configuring DHCHAP Authentication Modes The DHCHAP authentication status for...

Page 222: ...DHCHAP authentication Configuring DHCHAP Groups All switches in the Cisco MDS Family support all DHCHAP groups specified in the standard 0 null DH group which does not perform the Diffie Hellman exchange 1 2 3 or 4 If you change the DH group configuration ensure to change it globally for all switches in the fabric Configuring DHCHAP Passwords DHCHAP authentication in each direction requires a shar...

Page 223: ...restricted to 64 alphanumeric characters and can be changed but not deleted Configuring Passwords for Other Devices You can configure passwords in the local authentication database for other devices in a fabric The other devices are identified by their device name which is also know as the switch WWN or device WWN The password is restricted to 64 characters and can be specified in clear text 0 or ...

Page 224: ...ation Guide OL 7753 01 Chapter 19 Configuring Fabric Security Default Fabric Security Settings DHCHAP group default priority exchange order 0 4 1 2 and 3 respectively DHCHAP timeout value 30 seconds Table 19 2 Default Fabric Security Settings continued ...

Page 225: ...ort Security Settings page 20 9 Port Security Features Typically any Fibre Channel device in a SAN can attach to any SAN switch port and access SAN services based on zone membership Port security features prevent unauthorized access to a switch port in the Cisco MDS 9000 Family Login requests from unauthorized Fibre Channel devices Nx ports and switches xE ports are rejected All intrusion attempts...

Page 226: ...ing dialog box displays Step 4 Choose the switch for which you want to create the port binding from drop down list Step 5 Choose the WWN DEVICE device type for that switch Step 6 Enter the PORT ID of the switch to bind to Step 7 Enter the port type Step 8 Enter the interface e g fc1 1 Step 9 Click Create to creating the port binding or click Close to close the Create Binding dialog box without cre...

Page 227: ...tivate port security feature for the first time as it saves tedious manual configuration for each port Auto learn is configured on a per VSAN basis If enabled devices and switches that are allowed to connect to the switch are automatically learned even if you have not configured any port access Learned entries on a port are cleaned up after a shutdown command is issued on that port Activating Port...

Page 228: ...The Information pane of the Fabric Manager displays port security information for that VSAN Step 2 Click the Active tab You see a list of the port security active port bindings for that VSAN Configuring Auto Learning The state of the auto learning configuration depends on the state of the port security feature If the port security feature is not activated the auto learn option is disabled by defau...

Page 229: ... through interface fc1 11 F11 Table 20 2 summarizes the port security authorization results for this active database Configured or not configured A switch port that allows any device Permitted 5 Configured to login to any switch port Any port on the switch Permitted 6 Not configured A port configured with some other device Denied 7 Table 20 1 Auto learn Device Authorization continued Table 20 2 Au...

Page 230: ...to enable AutoLearning Step 4 Choose on from the drop down menu to turn on AutoLearning choose off to turn off AutoLearning for that switch 11 P4 N4 F5 auto learn on Permitted 3 No conflict 12 P4 N4 F5 auto learn off Denied 4 No match 13 S3 F5 auto learn on Permitted 3 No conflict 14 S3 F5 auto learn off Denied 4 No match 15 P1 N1 F6 auto learn on Denied 2 P1 is bound to F1 16 P5 N5 F1 auto learn ...

Page 231: ...in the allowed VSAN list of the trunk port All PortChannel xE ports must be configured with the same set of WWNs in the same PortChannel E port security is implemented in the port VSAN of the E port In this case the sWWN is used to secure authorization checks Once activated the config database can be modified without any effect on the active database Saving the running configuration saves the conf...

Page 232: ...e If the auto learn option is enabled and you activate the database you will not be allowed to proceed Database Scenarios Table 20 3 lists the differences and interaction between the active and configuration databases Table 20 3 Active and Configuration Port Security Databases Configuration Database Active Database Read write Read only Saving the configuration saves all the entries in the configur...

Page 233: ...lations are invalid login attempts for example login requests from unauthorized Fibre Channel devices You can display a list of these attempts on a per VSAN basis using Fabric Manager To display port security violations perform the following steps Step 1 From the Fabric Manager choose Port Security from one of the VSANs on the menu tree The Information pane of the Fabric Manager displays port secu...

Page 234: ...20 10 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL 7753 01 Chapter 20 Configuring Port Security Default Port Security Settings ...

Page 235: ... a fabric by establishing the shortest and quickest path between any two switches Select an alternative path in the event of the failure of a given path FSPF supports multiple paths FSPF automatically computes an alternative path around a failed link It provides a preferred route when two equal paths are available This chapter provides details on Fibre Channel routing services and protocols This c...

Page 236: ...s a cost with each link Guarantees a fast re convergence time in case of a topology change Uses the standard Dijkstra s algorithm but there is a static dynamic option for a more robust efficient and incremental Dijkstra s algorithm The reconvergence time is fast and efficient as the route computation is done on a per VSAN basis FSPF Examples This section provides examples of topologies and applica...

Page 237: ...configuration Figure 21 2 Fault Tolerant Fabric with Redundant Links For example if all links are of equal speed and no PortChannels exist the FSPF calculates four equal paths from A to C A1 E C A2 E C A3 D C and A4 D C If PortChannels exist these paths are reduced to two Fail over Scenarios for PortChannels and FSPF Links The SmartBits traffic generator was used evaluate the scenarios displayed i...

Page 238: ...h those settings Managing FSPF General Attributes To manage FSPF general attributes perform the following steps Step 1 From the Fabric Manager choose FC FSPF on the menu tree and click the General tab From the Device Manager choose FC FSPF and click the General tab The Information pane from the Fabric Manager displays information for multiple switches The dialog box from the Device Manager display...

Page 239: ...ce in a specific VSAN and are described in this section This section contains the following topics Configuring FSPF Interfaces page 21 6 Computing Route Cost page 21 6 Specifying Hello Time Intervals page 21 6 Specifying Dead Intervals page 21 6 Disabling FSPF for Specific Interfaces page 21 6 Retransmitting Intervals page 21 6 Viewing FSPF Interface Statistics page 21 7 Table 21 3 LSR Default Set...

Page 240: ...interval to specify the interval between the periodic hello messages sent to verify the health of the link The integer value can range from 1 to 65 535 seconds This value must be the same in the ports at both ends of the ISL Specifying Dead Intervals You can set the FSPF dead time interval to specify the maximum interval for which a hello message must be received before the neighbor is considered ...

Page 241: ... specified route for example FC ID 111211 and domain ID 3 in the switch with domain ID 1 Figure 21 4 Fibre Channel Routes Other than in VSANs run time checks are not performed on configured and suspended static routes To configure Fibre Channel routes perform the following steps Step 1 From the Device Manager choose FC Routes The dialog box displays routes for a single switch Step 2 Configure the ...

Page 242: ...annel defines 256 multicast groups and one broadcast address for each VSAN Switches in the Cisco MDS 9000 Family only use broadcast routing By default they use the principal switch as the root node to derive the distribution tree information The protocols create a loop free broadcast distribution tree Caution All switches in the fabric should run the same multicast and broadcast distribution tree ...

Page 243: ... source Reordering PortChannel Frames When a link change occurs in a PortChannel the frames for the same exchange or the same flow can switch from one path to another faster path Figure 21 6 Link Congestion Delivery In Figure 21 6 the port of the old path red dot is congested Hence Frame 3 and Frame 4 can be delivered before Frame 1 and Frame 2 When the in order guarantee feature is enabled the fr...

Page 244: ...iguring Flow Statistics Flow statistics count the ingress traffic in the aggregated statistics table You can collect two kinds of statistics Aggregated flow statistics to count the traffic for a VSAN Flow statistics to count the traffic for a source and destination ID pair in a VSAN If you enable flow counters you can enable a maximum of 1K entries for aggregate flow and flow statistics Be sure to...

Page 245: ...rived from the principal switch root node Routing table FSPF stores up to 16 equal cost paths to a given destination Load balancing Based on destination ID and source ID on different equal cost paths In order delivery Disabled Drop latency Disabled Static route cost If the cost metric of the route is not specified the default is 10 Remote destination switch If the remote destination switch is not ...

Page 246: ...21 12 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL 7753 01 Chapter 21 Configuring Fibre Channel Routing Services and Protocols Default Settings ...

Page 247: ...formation can cross the Fibre Channel network without using an overlay Ethernet network IP routing default routing and static routing If your configuration does not need an external router you can configure a default route using static routing Switches are compliant with RFC 2338 standards for Virtual Router Redundancy Protocol VRRP features VRRP is a restartable application that provides a redund...

Page 248: ...e the supervisor module Ethernet interface and VSAN interfaces as management ports This section focuses on the Ethernet management port mgmt0 You can remotely configure the switch through the management port To configure a connection remotely you must configure the IP parameters IP address and subnet mask from the CLI so that the switch is reachable Before you begin to configure the management int...

Page 249: ...ected to this VSAN should be configured with the VSAN IP address of the gateway switch Figure 22 2 Overlay VSAN Functionality In Figure 22 2 Switch A has the IP address 1 12 11 1 Switch B has the IP address 1 12 11 2 Switch C has the IP address 1 12 11 3 and Switch D has the IP address 1 12 11 4 Switch A is the gateway switch with the Ethernet connection The NMS uses the IP address 1 1 1 10 to con...

Page 250: ...te or identify the default gateway perform the following steps Step 1 From the Device Manager choose IP Routes You see the IP Routes window Step 2 To create a new IP route or identify the default gateway on a switch click Create You see the Create IP Routes window Step 3 Complete the fields in this window and click OK to add an IP route Step 4 To configure a static route enter the destination netw...

Page 251: ...fying a name and access condition All lists use the source and destination address for matching operations You can configure finer granularity using optional keywords Apply the access list to specified interfaces Creating IP ACLs You can specify IP ACLs using a assigned name Each IP ACL can have a maximum of 256 entries Each entry is a unique filter applied to a specified interface Each switch can...

Page 252: ...Numbers Protocol Port Number TCP Note If the TCP connection is already established use the established option to find matches A match occurs if the TCP datagram has the ACK FIN PSH RST or URG control bit set ftp 20 ftp data 21 ssh 22 telnet 23 smtp 25 tasacs ds 65 www 80 sftp 115 http 143 radius 1812 wbem http 5988 wbem https 5989 UDP dns 53 tftp 69 ntp 123 snmp 161 snmp trap 162 syslog 514 Table ...

Page 253: ... out source and destination are used as referenced by the switch In Traffic that is arriving on the interface and which will go through the switch the source would be where it s been and the destination is where it s going on the other side of the router The access group configuration for the ingress traffic applies to both local and remote traffic Out Traffic that has already been through the swi...

Page 254: ...g multiple logical SANs each running its own instance of fabric services on a single large physical network This partitioning of fabric services reduces network instability by containing fabric reconfiguration and error conditions within an individual VSAN VSANs also provide the same isolation between individual VSANs as physically separated SANs Traffic cannot cross VSAN boundaries and devices ma...

Page 255: ...e steps Step 1 Add the VSAN to the VSAN database on any switch in the fabric Step 2 Create a VSAN interface for the appropriate VSAN on any switch in the fabric Step 3 Assign an IP address on every VSAN interface on the same subnet as the corresponding VSAN Step 4 Define the multiple static route on the Fibre Channel switches and the IP cloud Physical Fibre Channel Fabric Int vsan10 10 10 10 88 In...

Page 256: ...rtual Router Redundancy Protocol VRRP features This section provides details on the VRRP feature Physical Fibre Channel Fabric If vsan10 10 10 10 88 If vsan10 10 10 10 124 If vsan10 10 10 10 35 If vsan10 11 11 11 35 If vsan11 11 11 11 34 If vsan11 11 11 11 72 VSAN 11 VSAN 10 IP default gateway 10 10 10 35 next_hop 11 12 12 34 route 0 0 0 0 0 0 0 0 next_hop 10 10 10 35 route 10 10 10 10 0 255 255 2...

Page 257: ...N VRRP security provides three options including no authentication simple text authentication and MD5 authentication VRRP Functionality In Figure 22 6 switch A is the VRRP master and switch B is the VRRP backup switch Both switches have IP address to VRRP mapping configured The other switches set switch A as the default gateway If switch A fails the other switches don t have to change the routing ...

Page 258: ...pting to enable a VR Adding an IP Address for a Virtual Router One primary IP address and multiple secondary addresses can be configured for a switch If the configured IP address is the same as the interface IP address this switch automatically owns the IP address Viewing IP Address Information To view IP addresses of the switches in the current fabric from the Fabric Manager choose Switches from ...

Page 259: ...d Preempting the Master Virtual Router By default the preempt option is enabled An owner with priority 255 cannot be preempted If two priorities match the owner with the highest priority preempts the master virtual router The VRRP preempt option is not supported on IP storage Gigabit Ethernet interfaces However if the virtual IP address is also the IP address for the interface then preemption is i...

Page 260: ...ger follow these steps Step 1 Choose IP VRRP You see the Operations tab of the VRRP dialog box Step 2 Configure operations attributes for the virtual router Step 3 To create a new VRRP entry click Create You see the Create VRRP Entry window Step 4 Complete the fields in this window to create a new VRRP entry and click OK or Apply Default Settings Table 22 3 lists the default settings for IP featur...

Page 261: ...s Viewing VRRP Statistics page 22 15 Viewing TCP Information and Statistics page 22 15 Viewing UDP Information and Statistics page 22 15 Viewing IP Statistics page 22 16 Viewing ICMP Statistics page 22 16 Viewing VRRP Statistics To monitor VRRP statistics click the Statistics tab on the VRRP dialog box The VRRP dialog box with the Statistics tab selected is displayed Viewing TCP Information and St...

Page 262: ...anager Information pane displays IP statistics for multiple switches The Device Manager dialog box displays information for a single switch Viewing ICMP Statistics To monitor statistics for ICMP packets received select IP Mgmt Statistics from the menu tree and click the ICMP In tab To monitor statistics for ICMP packets transmitted from the Fabric Manager select IP Mgmt Statistics from the menu tr...

Page 263: ...bout FICON page 23 2 MDS Specific FICON Advantages page 23 3 FICON Port Numbering page 23 6 MDS FICON Prerequisites page 23 11 Enabling FICON page 23 12 Creating FICON VSANs enabling FICON Using Fabric Manager page 23 12 Creating FICON VSANs enabling FICON Using Device Manager page 23 13 Deleting FICON VSANs Disabling FICON page 23 13 Viewing FICON Director History page 23 14 Configuring Code Page...

Page 264: ...wing Fabric Binding Violations page 23 25 Clearing Fabric Binding Statistics page 23 26 Viewing EFMD Statistics page 23 26 Displaying RLIR Information page 23 26 About FICON The Cisco MDS 9000 Family supports Fibre Channel protocol FCP FICON iSCSI and FCIP capabilities within a single high availability platform This solution simplifies purchasing reduces deployment and management costs and reduces...

Page 265: ...g page 23 5 MDS Supported FICON Features page 23 5 Fabric Optimization with VSANs Generally separate physical fabrics have a high level of switch management and have a higher implementation cost Further the ports in each island may be over provisioned depending on the fabric configuration By using the Cisco MDS specific VSAN technology you can introduce greater efficiency between these physical fa...

Page 266: ...mily enables a consistent feature set over a protocol agnostic switch fabric Cisco MDS 9500 Series and MDS 9216 switches transparently integrate Fibre Channel FICON and Fibre Channel over IP FCIP in one system The FICON over FCIP feature enables cost effective access to remotely located mainframe resources With the MDS 9000 platform storage replication services such as IBM PPRC and XRC can be exte...

Page 267: ...el If these protocols are intermixed in the same switch you can use VSANs to isolate FCP and FICON ports Tip When creating an intermix environment place all FICON devices in one VSAN other than the default VSAN and segregate the FCP switch ports in a separate VSAN other than the default VSAN This isolation ensures proper communication for all connected devices MDS Supported FICON Features The Cisc...

Page 268: ...t name port number Fibre Channel address operational state type of port and login data Nodes attached to ports Port performance and statistics Store and apply configuration files FICON and Open Systems Management Server features if installed Enhanced Cascading Support Set the date and time on the switch Configure SNMP trap recipients and community names Call Home configurations director name locat...

Page 269: ...ent for the Cisco MDS 9000 Family of switches and directors 0 1 2 3 4 5 6 7 8 9 10 11 11 13 14 15 Module 1 16 Port module 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 Module 2 16 Port module 105217 Table 23 1 Cisco MDS 9000 Family Port Number Assignments Product Slot Number Implemented Port Allocation Unimplemented Ports Notes To Ports To PortChannel FCIP Cisco MDS 9120 Switch Not applicable Po...

Page 270: ... Slot 6 None Cisco MDS 9509 Director Slot 1 Ports 0 through 31 Ports 224 through 239 Ports 240 through 253 and Port 255 Slot 2 Ports 32 through 63 Slot 3 Ports 64 through 95 Slot 4 Ports 96 through 127 Slot 5 None Supervisor module are not allocated port numbers Slot 6 None Slot 7 Ports 128 through 159 The first 16 port numbers in a 16 port module are used and the rest remain unused Slot 8 Ports 1...

Page 271: ...they are implemented in VSAN 2 Another scenario is if VSANs 1 through 5 are FICON enabled and trunking enabled interface fc1 1 has VSANs 3 through 10 then port address 0 is uninstalled in VSAN 1 and 2 The port is part of a PortChannel see Implemented Port Allocation To PortChannel FCIP for example if interface fc 1 1 is part of PortChanne1 5 port address 0 is uninstalled in all FICON VSANs For exa...

Page 272: ...Each FCIP tunnel must be explicitly associated with a FICON port number If the port number is not assigned for PortChannels or for FCIP tunnels the associated ports will not come up see the FCIP and PortChannel Port Numbers section on page 23 10 FCIP and PortChannel Port Numbers FCIP and PortChannels cannot be used in a FICON enabled VSAN unless they are explicitly bound to a port number Refer to ...

Page 273: ...tic FC IDs and vice versa Figure 23 5 Static FC ID Allocation for FICON FICON Cascading The SAN OS software allows multiple switches in a FICON network To configure multiple switches you must enabled and configure fabric binding in that switch MDS FICON Prerequisites To ensure that a FICON VSAN is operationally up be sure to verify the following requirements Set the default zone to permit if you a...

Page 274: ...main IDs in order delivery and fabric binding must be enabled so the FICON VSAN can operate When you enable the FICON feature in Cisco MDS switches the following apply The IPL configuration file is automatically created see the FICON Configuration Files section You cannot disable in order delivery fabric binding or static insistent domain ID configurations If you specify an existing VSAN with oper...

Page 275: ...If you specify an existing VSAN with operational traffic to be used for the FICON VSAN the traffic will be disrupted In this case a warning message is displayed before you create the FICON VSAN To create a FICON VSAN follow these steps Step 1 From Device Manager choose FICON VSANs You see the FICON VSANs Files configuration dialog box Step 2 Ensure that the VSANs tab is enabled Step 3 Click Create...

Page 276: ...canada default option Configuring the FC ID Last Byte FICON requires the last byte of the fabric address to be the same for all allocated FC IDs By default this value is set to 0 You can only change the FC ID last byte when the FICON switch is in the offline state Automatically Saving the Running Configuration When active equals saved is enabled in a VSAN any FICON changes to the block prohibit or...

Page 277: ...sh Note When viewing FICON information through the Device Manager dialog boxes you must manually refresh the display by clicking the Refresh button in order to see the latest updates This is true whether you configure FICON through the CLI or through the Device Manager There is no automatic refresh of FICON information This information would be refreshed so often that it would affect performance B...

Page 278: ... try to prohibit that port your prohibit configuration is rejected Similarly if a port is not up and you prohibit that port the port is not allowed to come up in E mode nor in TE mode Entering FICON Port Configuration Information Note To view the latest FICON information you must click the Refresh button See the FICON Information Refresh Note section on page 23 15 for more information To display F...

Page 279: ...use the Cisco MDS CLI or FM applications to operate these FICON configuration files Multiple FICON configuration files with the same name can exist in the same switch provide they reside in different VSANs For example you can create a configuration file named XYZ in both VSAN 1 and VSAN 3 When you enable the FICON feature in a VSAN the switches always uses the startup FICON configuration file call...

Page 280: ... each lock request The key is discarded when the lock timeout of 15 seconds expires The lock timeout value cannot be changed Editing FICON Configuration Files The configuration file submode allows you to create and edit FICON configuration files If a specified file does not exist it is created Up to 16 files can be saved Each file name is restricted to 8 alphanumeric characters Creating FICON File...

Page 281: ...files do not contain the following information that is normally saved with the running configuration Note To view the latest FICON information you must click the Refresh button See the FICON Information Refresh Note section on page 23 15 for more information Port number to port address mapping PortChannel to port number mapping Port swap occurrences FICON enabled VSANs FICON configuration files ar...

Page 282: ... sure to follow these guidelines when using the FICON port swap feature Port swapping is not supported for logical ports PortChannels FCIP links Neither the old port number nor the new port number can be a logical port Port swapping is not supported between physical ports that are part of a PortChannel Neither the old port number nor the new port number can be a physical port that is part of a Por...

Page 283: ...P is supported by switches and directors in the Cisco MDS 9000 Family The CUP function allows the mainframe to manage the MDS switches Host communication includes control functions like blocking unblocking ports as well as monitoring and error reporting functions Configuring Fabric Binding The SAN OS 1 3 x fabric binding feature ensures ISLs are only enabled between specified switches in the fabri...

Page 284: ...he fabric binding active database To configure fabric binding in each switch in the fabric follow these steps Step 1 Enable the fabric configuration feature Step 2 Configure a list of sWWNs and their corresponding domain IDs for devices that are allowed to access the fabric Table 23 2 Port Security and Fabric Binding Descriptions Fabric Binding Port Security Configured using a set of sWWN and a pe...

Page 285: ...WWN Domain ID authorization is required in FICON VSANs where the domains are statically configured and the end devices reject a domain ID change in all switches in the fabric Activating Fabric Binding The fabric binding maintains a configuration database config database and an active database The config database is a read write database which collects the configurations you perform These configura...

Page 286: ...lected VSAN s Deactivating Fabric Binding To deactivate fabric binding follow these steps Step 1 From Device Manager choose FICON Fabric Binding You see the Fabric Binding dialog box Step 2 Ensure that the Actions tab is enabled Step 3 Click in the Actions column for the VSAN s for which you want to deactivate fabric binding Step 4 Choose Deactivate Step 5 Click Apply to deactivate the fabric bind...

Page 287: ...ding configuration follow these steps Step 1 From Device Manager choose FICON Fabric Binding You see the Fabric Binding dialog box Step 2 Click the Config Database tab Step 3 Click in the row for the VSAN for which you want to delete the fabric binding configuration Step 4 Click Delete to delete the fabric binding configuration or click Close to close the dialog box without deleting the fabric bin...

Page 288: ...stered Nx port When a Link Incident Record LIR is detected in FICON enabled switches in the Cisco MDS 9000 Family form a RLIR Extended Link Service ELS and sends it to the members in it s Established Registration List ERL In case of multi switch topology a Distribute Registered Link Incident Record DRLIR Inter Link Service ILS are sent to all reachable remote domains along with the RLIR ELS On rec...

Page 289: ...age Name Services page 24 42 Default IP Storage Settings page 24 44 Using the IP Filter Wizard page 24 45 Creating IP Profiles page 24 45 Adding IP Filters to Profiles page 24 46 Associating IP Profiles to Interfaces page 24 46 Deleting IP Profiles page 24 47 Deleting IP Filters page 24 47 IP Storage Services Module The IPS services module IPS module allows you to use FCIP and iSCSI features It in...

Page 290: ...ted in iSCSI protocol data units PDUs to a MDS 9000 IPS port over a Transmission Control Protocol TCP Internet Protocol IP connection At this point the commands are routed from an IP network into a Fibre Channel network and forwarded to the intended target Figure 24 2 depicts the iSCSI scenarios in which the IPS module is used Figure 24 2 iSCSI Scenarios Configuring Gigabit Ethernet Interfaces Thi...

Page 291: ...domain either by using separate standalone hubs or switches or by using separate VLANs Basic Gigabit Ethernet Configuration Figure 24 3 depicts a basic Gigabit Ethernet configuration Figure 24 3 Gigabit Ethernet Configuration You can configure the switch to receive and transfer large or jumbo frames on a port The default IP MTU frame size is 1500 bytes for all Ethernet ports By configuring jumbo f...

Page 292: ... connectivity on each switch using the ping command Ping the IP host using the IP address of the host to verify that the static IP route is configured correctly If the connection fails verify the following and repeat the ping command The IP address for the destination IP host is correctly configured The host is active powered on The IP route is configured correctly The IP host has a route to get t...

Page 293: ...sical Gigabit Ethernet interfaces into one logical Ethernet interface to provide link redundancy and in some cases higher aggregated bandwidth and load balancing The data traffic from one TCP connection always travels on the same physical links An Ethernet switch connecting to the MDS Gigabit Ethernet port can implement load balancing based on its IP address its source destination MAC address or i...

Page 294: ... of the following cases apply if the interface already has an IP address assigned or if subinterfaces are configured on that interface Configuring CDP The Cisco Discovery Protocol CDP is supported on the management Ethernet interface on the supervisor module and the Gigabit Ethernet interface on the IPS module IPS Core Dumps IPS core dumps are different from the system kernel core dumps for other ...

Page 295: ...el storage area networks SAN islands transparently over IP local area networks LANs metropolitan area networks MANs and wide area networks WANs FCIP uses TCP as a network layer transport To configure the IPS module for FCIP you should have a basic understanding of the following concepts FCIP and VE Ports FCIP Links FCIP Profiles FCIP Interfaces FCIP and VE Ports Figure 24 6 describes the internal ...

Page 296: ... frames all Class F frames This arrangement is used to provide low latency for all control frames To enable FCIP on the IPS module a FCIP profile and FCIP interface interface FCIP must be configured The FCIP link is established between two peers the VE port initialization behavior is identical to a normal E port This behavior is independent of the link being FCIP or pure Fibre Channel and is based...

Page 297: ...ction behavior Peer information Number of TCP connections for the FCIP link E port parameters Trunking mode and trunk allowed VSAN list Enabling FCIP To begin configuring the FCIP feature you must explicitly enable FCIP on the required switches in the fabric By default this feature is disabled in all switches in the Cisco MDS 9000 Family The configuration and verification commands for the F IP fea...

Page 298: ...eate a FCIP link assign a profile to the FCIP interface and configure the peer information The peer IP switch information initiates creates a FCIP link to that peer switch Figure 24 9 Assigning Profiles to Each Gigabit Ethernet Interface Switch 1 Switch 2 IP router IP router 91561 IP Network IP address of Gigabit Ethernet interface 3 1 10 100 1 25 IP address of Gigabit Ethernet interface 3 1 10 1 ...

Page 299: ...llowing EtherChannel Ethernet subinterface slot and port or slot port and VLAN ID To create and bind profiles on a Gigabit Ethernet interface follow these steps Step 1 Be sure you are connected to a switch that contains an IPS module Step 2 Open Device Manager Step 3 Choose IP FCIP Step 4 Click the Profiles tab if it is not already selected You see a list of any profiles that are already bound alo...

Page 300: ...g Interfaces To verify the interfaces follow these steps Step 1 Be sure you are connected to a switch that contains an IPS module Step 2 Open Device Manager Step 3 Choose Interface FCIP Step 4 Click the Interfaces tab if it is not already selected to see the FCIP Interfaces dialog box Verifying Extended Link Protocols ELP To verify the extended link protocol follow these steps Step 1 Be sure you a...

Page 301: ...module is inserted in the required Cisco MDS 9000 Family switches and that the switches Gigabit Ethernet interfaces are connected and the connectivity verified The steps in creating FCIP tunnels using the FCIP Wizard are Select the endpoints Choose the interfaces IP addresses Specify link attributes To create FCIP tunnels using the FCIP Wizard follow these steps Step 1 Open the FCIP Tunnels Wizard...

Page 302: ...ure that the connection is active This command can be used to tune the time taken to detect FCIP link failures The first interval during which the connection is idle is 60 seconds default When the connection is idle for 60 seconds 8 keepalive probes are sent at 1 second intervals If no response is received for these 8 probes and the connection remains idle throughout that FCIP link is automaticall...

Page 303: ...cur If the average rate of the FC traffic is greater than min available bandwidth RTT but less than max bandwidth RTT then if the FC traffic is transmitted in burst sizes smaller than the configured CWM value all the bursts are sent immediately by FCIP at the max bandwidth rate If the average rate of the FC traffic is larger than the min available bandwidth RTT and the burst size is greater than t...

Page 304: ...k with the peer you can use one of two options Used to configure both ends of the FCIP link Optionally you can also use the peer TCP port along with the IP address Used to configure one end of the FCIP link when security gateways are present in the IP network Optionally you can also use the port and profile ID along with the IP address Peer IP Address The basic FCIP configuration uses the peer s I...

Page 305: ...he configuration on the switch using the tcp connection 1 command If the peer initiates one TCP connection and your MDS switch is configured for two TCP connections the software handles it gracefully and moves on with just one connection Enabling Time Stamps Use the time stamp option to enable or disable FCIP time stamps on a packet The time stamp option instructs the switch to discard packets tha...

Page 306: ...erface before exiting the remote B port This bridge results in both E ports exchanging Class F information which ultimately leads to normal ISL behavior such as fabric merging and routing FCIP links between B port SAN extenders do not exchange the same information as FCIP links between E ports and are therefore incompatible This is reflected by the terminology used in FC BB 2 while VE ports establ...

Page 307: ...the need for local bridge devices Configuring B Ports When a FCIP peer is a SAN extender device that only supports Fibre Channel B ports you need to enable the B port mode for the FCIP link When a B port is enabled the E port functionality is also enabled and they coexist If the B port is disabled the E port functionality remains enabled E Port Configurations All configuration commands that apply ...

Page 308: ...tabase from the adjacent switch Configuring FCIP Write Acceleration The FCIP Write Acceleration feature in SAN OS 1 3 3 enables you to significantly improve application performance when storage traffic is routed over wide area networks using FCIP When FCIP Write Acceleration is enabled WAN throughput is maximized by minimizing the impact of WAN latency for the command to transfer ready acknowledge...

Page 309: ...se either SCSI discovery failure or broken write or read operations Enabling FCIP Compression The FCIP compression feature introduced in Release 1 3 x allows IP packets to be compressed on the FCIP link if this feature is enabled on that link By default the FCIP compression is disabled This feature uses the Lempel Zif Stac LZS compression algorithm to compress packets The high throughput mode allo...

Page 310: ... same two switches The Fibre Channel traffic is load balanced across the FCIP links in the PortChannel FSPF Figure 24 15 displays a FPSF based load balancing configuration example This configuration requires two IP addresses on each SAN island and addresses IP and FCIP link failures Figure 24 15 FSPF Based Load Balancing The following characteristics set FSPF solutions apart from other solutions E...

Page 311: ...disconnects and reconnects This configuration has only one FCIP E ISL link Ethernet PortChannels Figure 24 17 displays a Ethernet PortChannel based high availability FCIP example This solution addresses the problem caused by individual Gigabit Ethernet link failures Figure 24 17 Ethernet PortChannel Based High Availability The following characteristics set Ethernet PortChannel solutions apart from...

Page 312: ...thernet Levels Configuring iSCSI This section contains the following topics About iSCSI page 24 25 Enabling iSCSI page 24 26 Routing iSCSI Requests and Responses page 24 27 Presenting Fibre Channel Targets as iSCSI Targets page 24 27 Presenting iSCSI Hosts as Virtual Fibre Channel Hosts page 24 32 Configuring iSCSI Proxy Initiators page 24 34 Access Control in iSCSI page 24 36 iSCSI User Authentic...

Page 313: ...available in the Fibre Channel SAN They present the Fibre Channel targets to IP hosts as if the physical targets were attached to the IP network Figure 24 20 iSCSI View In conjunction with presenting Fibre Channel targets to iSCSI hosts the IPS module presents each iSCSI host as a Fibre Channel host in transparent mode i e Host Bus Adaptor HBA to the Fibre Channel storage device The storage device...

Page 314: ...ll related configurations are automatically discarded To enable iSCSI on a switch using Fabric Manager follow these steps Step 1 Choose End Devices ISCSI from the Physical Attributes pane The ISCSI tables display in the Information pane Step 2 Click the Control tab if it is not already displayed This shows the iSCSI enable status for all switches in the fabric that contain IPS ports Step 3 Choose ...

Page 315: ...m the storage device perspective each IP host appears as a Fibre Channel host Routing SCSI from the IP host to the Fibre Channel storage device consists of the following main actions Transporting iSCSI requests and responses over an IP network between hosts and the IPS module Routing SCSI requests and responses between hosts on an IP network and the Fibre Channel storage device converting iSCSI to...

Page 316: ...tted iSCSI node name using the following conventions IPS ports that are not part of a VRRP group use this format iqn 1987 05 com cisco 05 mgmt ip address slot port sub intf Target pWWN IPS ports that are part of a VRRP group use this format iqn 1987 05 com cisco 05 vrrp vrrp ID vrrp IP addr Target pWWN Ports that are part of a PortChannel use this format iqn 1987 02 com cisco 05 mgmt ip address pc...

Page 317: ...faces configured with iSNS a different static virtual target name has to be created for each interface tagged to an iSNS profile and each static virtual target must be advertised only from one interface Advertising iSCSI Targets You can limit the Gigabit Ethernet interfaces over which static iSCSI targets are advertised By default iSCSI targets are advertised on all Gigabit Ethernet interfaces sub...

Page 318: ...nformation pane or the Device Manager iSCSI dialog box Step 2 Click the Targets tab to display a list of existing iSCSI targets Step 3 Check the RevertToPrimaryPort check box to enable this option Step 4 Set the iSCSI target node name in the iSCSI Name field in IQN format Step 5 Click the Apply Changes icon in Fabric Manager or click Apply in Device Manager to save this change or click Cancel to c...

Page 319: ...e Apply Changes icon in Fabric Manager or click Apply in Device Manager to save this change or click Cancel to close the dialog box without saving any changes iSCSI Virtual Target Configuration Examples This section provides three examples of virtual target configurations Example 1 This example assigns the whole Fibre Channel target as a virtual iSCSI target All LUNs that are part of the Fibre Cha...

Page 320: ...resenting iSCSI Hosts as Virtual Fibre Channel Hosts The iSCSI hosts are mapped to virtual Fibre Channel hosts in one of two ways default Used if no access control is done on the Fibre Channel target An iSCSI host may use different pWWNs each time it connects to a Fibre Channel target Used if an iSCSI host should always have the same pWWN or nWWN each time it connects to a Fibre Channel target 0 i...

Page 321: ...t uses the same iSCSI initiator name to iSCSI targets from all interfaces By IP address A virtual N port is created for each IP address it uses to login to iSCSI targets By default the switch uses the iSCSI node name to identify the initiator Static Mapping With dynamic mapping each time the iSCSI host connects to the IPS module a new Fibre Channel N port is created and the nWWNs and pWWNs allocat...

Page 322: ...itiators The default port VSAN of an iSCSI interface is VSAN 1 but can be changed All dynamic iSCSI initiators are member of the port VSAN of the iSCSI interface Tip This is a 1 3 x feature If you downgrade to an earlier release be sure to delete any assigned VSAN before performing the downgrade procedure To modify the VSANs assigned to an iSCSI interface using Device Manager follow these steps St...

Page 323: ...e iSCSI perspective this configuration is no different from the default mode Figure 24 27 The iSCSI View of a Proxy Initiator From the Fibre Channel perspective only one Fibre Channel initiator is visible per VSAN Figure 24 28 The FC View with a Proxy Initiator Configuring the iSCSI Proxy Initiator To configure the proxy initiator follow these steps iSCSI iSCSI iSCSI iSCSI iSCSI iSCSI FC FC Iqn ho...

Page 324: ...Channel Zoning Based Access Control Zoning is an access control mechanism within a VSAN The switch zoning implementation extends the VSAN and zoning concepts from the Fibre Channel domain to also cover the iSCSI domain This extension includes both iSCSI and Fibre Channel features and provides a uniform flexible access control across a SAN Static and dynamic are the two Fibre Channel zoning access ...

Page 325: ...creates a Fibre Channel virtual N port the N port may already exist for this IP host and does a Fibre Channel name server query for the FCID of the Fibre Channel target pWWN that is being accessed by the IP host It uses the IP host virtual N port s pWWN as the requester of the name server query Thus the name server does a zone enforced query for the pWWN and responds to the query If the FCID is re...

Page 326: ...for iSCSI interfaces on a per IPS port basis These configurations are similar to the advanced FCIP configurations and are already explained in that section Cisco MDS switches support the following advanced features for iSCSI interfaces iSCSI listener port Configure the TCP port number for the iSCSI interface which listens for new TCP connections The default port number is 3260 Following that the i...

Page 327: ...s a suitable maximum size of the data payload in each frame PDU This is done during iSCSI login and FC PLOGI and the value is restricted by the TCP connection s Maximum Segment Size MSS and the maximum Fibre Channel data payload size specified by the FC target This usually results in a smaller maximum payload size than most hosts expect thus comes the second mode of forwarding The store and forwar...

Page 328: ...ides load balancing over both paths If one Gigabit Ethernet interface fails the host multi pathing software is not affected because it can use the second path VRRP Based High Availability Figure 24 30 provides an example of a VRRP based high availability iSCSI configuration IP network 90861 IP 10 1 10 100 IP 10 1 1 1 FC fabric pWWN P1 iqn host 1 iSCSI HBA FC lqn com cisco mds 5 3 gw p1 FC IP netwo...

Page 329: ...RP master and backup can be on different switches If you have a static WWN configuration for iSCSI initiators configure a different WWN for the iSCSI initiator for each switch If you use a proxy initiator be sure to configure a different pWWN on each iSCSI interface for each VRRP port used Ethernet PortChannel Based High Availability All iSCSI data traffic for one iSCSI link is carried on one TCP ...

Page 330: ...figuration mode or any submode Be sure to verify the prompt before issuing any command Configuring Storage Name Services Effective Release 1 3 1 the Internet Storage Name Service iSNS client feature is available in all switches in the Cisco MDS 9000 Family with IPS modules installed iSNS services allow your existing TCP IP networks to function more effectively as storage area networks by automatin...

Page 331: ...S server it retries every minute to re registers all iSNS objects for the affected interface s with the iSNS server Untagging a profile causes the network entity and portal to deregister from that interface Creating an iSNS Profile To create an iSNS profile follow these steps Step 1 Choose End Devices iSCSI from the Fabric Manager Physical Attributes pane or choose IP iSCSI from Device Manager You...

Page 332: ...ort for FCIP 3225 minimum retransmit time 200 milliseconds keepalive timeout 60 seconds max retransmissions 4 retransmissions PMTU discovery Enabled pmtu enable reset timeout 3600 seconds SACK Enabled max bandwidth 1G min available bandwidth 15 Mbps round trip time 1 ms buffer size 0 KB Control TCP and data connection No packets are transmitted TCP congestion window monitoring Enabled Burst size 1...

Page 333: ...ne Step 2 Click the Profiles tab to see a list of profiles Step 3 Click the Create Row icon You see the Create Profile dialog box Step 4 Choose the switches you want to include in the profile by checking the check box next to the switch s address Advertising iSCSI target Advertised on all Gigabit Ethernet interfaces subinterfaces PortChannel interfaces and PortChannel subinterfaces iSCSI hosts map...

Page 334: ...ter Edit dialog box Step 5 Click Create Row You see the Create IP Filter dialog box Step 6 Complete the fields in the Create IP Filter dialog box Step 7 Click Create to create the filter or click Close to close the Create IP Filter dialog box without creating a filter You see the newly created filter in the list of filters Step 8 Repeat Steps 6 and 7 to create additional filters or click Close to ...

Page 335: ...es To delete an IP profile perform the following steps Step 1 Choose Security IP Filter from the Fabric Manager menu tree You see IP Filter information in the Information pane Step 2 Click the Profiles tab to see a list of switches profile names and profile types Step 3 Click the row you want to delete If you want to delete multiple rows hold down the Shift key while clicking rows Step 4 Click the...

Page 336: ...24 48 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL 7753 01 Chapter 24 Configuring IP Storage Deleting IP Filters ...

Page 337: ... and messaging details on the Call Home feature This chapter contains the following topics Call Home Features page 25 2 Call Home Configuration Process page 25 2 Cisco AutoNotify page 25 2 Assigning Contact Information page 25 3 Configuring Destination Profiles page 25 3 Configuring Alert Groups page 25 3 Configuring Message Levels page 25 4 Configuring E Mail Options page 25 4 Enabling or Disabli...

Page 338: ...he Cisco Systems TAC group Multiple concurrent message destinations Up to 50 E mail destination addresses are allowed for each format type Message categories include system environment switching module hardware supervisor module hardware inventory and test Call Home Configuration Process The actual configuration of Call Home depends on how you intend to use the feature Some points to consider incl...

Page 339: ...ing Contact Information It is mandatory for each switch to include e mail phone and street address information It is optional to include the contract ID customer ID site ID and switch priority information Configuring Destination Profiles A destination profile contains the required delivery information for an alert notification Destination profiles are typically configured by the network administra...

Page 340: ...igure the SMTP server address and port number for the Call Home functionality to work Enabling or Disabling Call Home Once you have configured the contact information you must enable the Call Home function Default Settings Table 25 1 lists the default Call Home default settings Event Triggers This section discusses Call Home trigger events Trigger events are divided into categories with each categ...

Page 341: ...ached operating threshold 6 POWER_SUPPLY _FAILURE Power supply failed 6 FAN_FAILURE Cooling fan has failed 5 Switching module and CISCO_TAC LINECARD_FAIL URE Switching module operation failed 7 POWER_UP_DIA GNOSTICS_FAIL URE Switching module failed power up diagnostics 7 Line Card Hardware and CISCO_TAC PORT_FAILURE Hardware failure of interface port s 6 Line Card Hardware Supervisor Hardware and ...

Page 342: ...ece of hardware inserted into the chassis 2 HARDWARE_RE MOVAL Hardware removed from the chassis 2 Test Test and CISCO_TAC TEST User generated test 2 Table 25 3 Event Categories and Command Outputs Event Category Description Executed Commands System Events generated by failure of a software system that is critical to unit operation show tech support show system redundancy status Environmental Event...

Page 343: ...unit is cold booted or when FRUs are inserted or removed This is considered a noncritical event and the information is used for status and entitlement show version Test User generated test message show version Table 25 3 Event Categories and Command Outputs continued Event Category Description Executed Commands Table 25 4 Severity Levels Severity Level Keyword Description 9 Catastrophic Network wi...

Page 344: ...rmatting Option Data Item Description Device identification Configured device name Date time stamp Time stamp of the triggering event Error isolation message Plain English description of triggering event Alarm urgency level Error level such as that applied to syslog message Table 25 6 Plain Text and XML Messages Data Item Plain text and XML Description Plain text and XML XML Tag XML only Time stam...

Page 345: ...erial number Serial number as identified by the Sid field Example DS C9000 C 12345678 mml header deviceId Customer ID Optional user configurable field used for contract info or other ID by any support service mml header customerID Contract ID Optional user configurable field used for contract info or other ID by any support service mml header contractId Site ID Optional user configurable field use...

Page 346: ...ing the event mml body sysContact Contact e mail E mail address of person identified as contact for this unit mml body sysContactEmail Contact phone number Phone number of the person identified as the contact for this unit mml body sysContactPhoneNu mber Street address Optional field containing street address for RMA part shipments associated with this unit mml body sysStreetAddress Model name Mod...

Page 347: ...urce of Call Home notifications Step 2 Configure the destination e mail addresses for Call Home notifications using the Destinations tab see the Configuring Call Home Destination Attributes section on page 25 12 You can identify one more more e mail addresses that will receive Call Home notifications Affected FRU name Name of the affected FRU generating the event message mml body fru name Affected...

Page 348: ...Home attributes for a single switch Configuring Call Home Destination Attributes To configure the destination e mail addresses for Call Home notifications from the Fabric Manager choose Events Call Home on the menu tree and click the Destination tab The Information pane from the Fabric Manager displays Call Home information for multiple switches To configure the destination e mail addresses from t...

Page 349: ... switches To test Call Home from the Device Manager choose Call Home from the Events menu and click the Alerts tab The dialog box with the Alerts tab selected from the Device Manager displays Call Home attributes for a single switch Configure the alert attributes for the Call Home feature Configuring Call Home Profiles To configure Call Home attributes from the Fabric Manager choose Events Call Ho...

Page 350: ...25 14 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL 7753 01 Chapter 25 Configuring Call Home Configuring Call Home Profiles ...

Page 351: ... running configuration The next time you reboot the switch the saved configuration is used If you do not save the configuration the previously saved startup configuration is used This chapter contains the following topics About fcdomain Phases page 26 2 Restarting the Domain page 26 3 Performing a Domain Restart page 26 3 Configuring the Domain page 26 3 Specifying a Preferred or Static Domain ID ...

Page 352: ...al switch selection phase Figure 26 1 Sample fcdomain Configuration Note Domain IDs and VSAN values used in all procedures are only provided as examples Be sure to use IDs and values that apply to your configuration Local WWN 20 02 ab ba cd dc f4 00 Configured domain ID 0 zero preferred Runtime domain ID 7 Configured priority 128 Runtime priority 128 Runtime fabric name 20 01 ab ba cd cd dc f4 Loc...

Page 353: ...estart the fabric disruptively or nondisruptively follow these steps Step 1 Open Device Manager on a switch in the domain you want to restart Step 2 Choose FC Domain Manager You see the Domain Manager dialog box Step 3 Click in the Restart column for the VSAN ID for which you want to restart the domain You see a drop down list of options Step 4 Choose disruptive for a disruptive restart or Non dis...

Page 354: ...ned domain ID becomes the runtime domain ID Caution You must restart the domain if you want to apply the configured domain changes to the runtime domain Configuring Domain Attributes From this dialog box you can specify a fabric name for fabric logins on the VSAN and set the priority for the switch used in the principal switch selection process Configure the principal attributes for the domain Loc...

Page 355: ...attributes for a single switch Viewing Domain Information To view domain information from the Device Manager choose Domain Manager from the FC menu and click the Domains tab The dialog box displays domain information for a single switch Viewing Domain Manager Statistics To monitor domain manager statistics from the Fabric Manager choose FC Domain Manager on the menu tree and click the Statistics t...

Page 356: ...option can be applied to runtime after a disruptive or nondisruptive restart the preferred option is applied to runtime only after a disruptive restart Tip When the FICON feature is enabled in a given VSAN the domain ID for that VSAN will remain in the static state You can change the static ID value but you cannot change it to the preferred option Setting Switch Priority By default the configured ...

Page 357: ... restart the fcdomain If a domain is currently isolated due to domain overlap and you later enable the auto reconfigure option on both switches the fabric continues to be isolated However if you enable the auto reconfigure option on both switches before connecting the fabric a disruptive reconfiguration RCF occurs A disruptive reconfiguration may affect data traffic You can nondiruptively reconfig...

Page 358: ...t basis For example after the disconnection of one N Port from the switch if its FC ID is requested by another device the request is granted and the initial association WWN FC ID is released Also if the 4K entries of the volatile cache used to store the WWN to FC ID binding get completely filled up a new more recent entry will overwrite the oldest one losing the corresponding binding WWN to FC ID ...

Page 359: ... connects these hosts Note Persistent FC IDs with loop attache devices FL ports need to remain connected to the same port in which they were configured Creating a Persistent FC ID To create a new persistent FC ID follow these steps Step 1 Click Create You see the Create Domain Manager Persistent FCIDs dialog box Step 2 Enter the VSAN ID Step 3 Enter the WWN Step 4 Enter the FC ID Step 5 Choose the...

Page 360: ... ID than storage ports when they are both connected to the same switch For example if the storage port FC ID is 0x6f7704 the area for this port is 77 In this case the HBA port area can be anything other than 77 The HBA port FC ID must be manually configured to be different from the storage port FC ID Switches in the Cisco MDS 9000 Family facilitate this requirement with the FC ID persistence featu...

Page 361: ...connected back to the same port on the switch to which it was originally connected The assigned FC IDs in a fcdomain can be enabled to remain persistent even after a reboot This ensures that an attached N port receives the same FC IDs after a reboot If you enable this feature the following consequences apply The currently in use FC IDs in the fcdomain are saved across reboots The fcdomain automati...

Page 362: ...gs for all fcdomain parameters Table 26 2 Default fcdomain Parameters Parameters Default fcdomain feature Enabled Configured domain ID 0 zero Configured domain option Preferred auto reconfigure option Disabled contiguous allocation option Disabled Priority 128 Allowed list 1 to 239 Fabric name 20 01 00 05 30 00 28 df rcf reject Disabled Persistent FC ID Disabled globally configurable ...

Page 363: ...itizes one application over another for example prioritizing transactional traffic over bulk traffic through bandwidth and latency differentiation This chapter provides details on the QoS and FCC features provided in all switches This chapter contains the following topics FCC page 27 1 QoS page 27 2 Control Traffic page 27 3 Data Traffic page 27 3 Ingress Port Rate Limiting page 27 6 Default Setti...

Page 364: ...el DID is directly connected to one of the switch ports the input rate limit is applied to that port If the destination of the edge quest frame is a Cisco domain or the next hop is a Cisco MDS 9000 Family switch the frame is forwarded If neither of these mechanisms is true then the frame is processed in the port going towards the FC DID All switches including the edge switch along the congested pa...

Page 365: ...te priority We do not recommended disabling this feature as all critical control traffic will automatically be assigned the lowest priority once you issue this command You can view the current state of the QoS configuration for critical control traffic using the show qos statistics command Data Traffic Transaction processing a low volume latency sensitive application requires quick access to reque...

Page 366: ...affic treatment in the other direction If the ISL is congested when the OLTP server sends a request the request is queued in the high priority queue and is serviced almost immediately as the high priority queue is not congested The scheduler assigns it priority over the backup traffic in the low priority queue When the high priority queue does not have traffic flowing through the low priority queu...

Page 367: ...lues for mask are FFFFFF The entire FCID is used This is the default FFFF00 Only domain and area FCID is used FF0000 Only domain FCID is used A source address or destination address of 0x000000 is not allowed Source interface Use the input interface option to specify the ingress interface The order of entries to be matched within a class map is not significant Defining Service Policies Service pol...

Page 368: ...e queues in the ratio of the configured weights Higher weights translate to proportionally higher bandwidth and lower latency The default weights are 50 for high queue 30 for the medium queue and 20 for the low queue Decreasing order of queue weights is mandated to ensure the higher priority queues have a higher service level though the ratio of the configured weights can vary for example one can ...

Page 369: ...guration Guide OL 7753 01 Chapter 27 Configuring Traffic Management Default Settings Table 27 1 Default FCC QoS and Rate Limiting Settings Parameters Default FCC protocol Disabled QoS control traffic Enabled QoS data traffic Disabled Rate limit 100 ...

Page 370: ...27 8 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL 7753 01 Chapter 27 Configuring Traffic Management Default Settings ...

Page 371: ... switch logs normal but significant system messages to a log file and sends these messages to the system console You can specify which system messages should be saved based on the type of facility and the severity level Messages are time stamped to enhance real time debugging and management You can access logged system messages using the CLI or by saving them to a properly configured syslog server...

Page 372: ...o MDS 9000 Family specific fspf FSPF Cisco MDS 9000 Family specific ftp File Transfer Protocol Standard ipconf IP configuration Cisco MDS 9000 Family specific ipfc IPFC Cisco MDS 9000 Family specific kernel Kernel Standard local0 to local7 Locally defined messages Standard lpr Line printer system Standard mail Mail system Standard mcast Multicast Cisco MDS 9000 Family specific module Switching mod...

Page 373: ...configuration Cisco MDS 9000 Family specific vrrp_eng VRRP engine Cisco MDS 9000 Family specific vsan VSAN syslog Cisco MDS 9000 Family specific vshd vshd Cisco MDS 9000 Family specific wwn WWN manager Cisco MDS 9000 Family specific xbar Xbar syslog Cisco MDS 9000 Family specific zone Zone server Cisco MDS 9000 Family specific Table 28 1 Facilities Supported by the System Message Logs continued Fa...

Page 374: ... logging level generates an error message T o increase the logging level above critical you must change the console baud speed to 38400 baud Configuring Module Logging By default logging is enabled at Level 7 for all modules You can enable or disable logging for each module at a specified level Configuring Log Files Logging messages may be saved to a log file You can configure the name of this fil...

Page 375: ...ing Syslog Server Logging Facilities All syslog messages have a logging facility and a level The logging facility can be thought of as where and the level can be thought of as what The single syslog daemon syslogd sends the information based on the configured facility option If no facility is specified local7 is the default outgoing facility The internal facilities are listed in Table 28 3 Table 2...

Page 376: ...nfigure syslog attributes follow these steps Step 1 From the Fabric Manager choose Events Syslog on the menu tree and click the General tab The Information pane displays syslog information for multiple switches From the Device Manager choose Events Syslog and click the General tab The General tab of the Syslog dialog box displays syslog information for a single switch Step 2 Configure the general ...

Page 377: ...ble results Configuring Event Destinations To configure event destinations follow these steps Step 1 Choose Events Notifications Traps from the Fabric Manager the menu tree and click the Destinations tab or choose Events Destinations from the Device Manager The Fabric Manager Information pane from the Fabric Manager shows event destination information for multiple switches The Device Manager dialo...

Page 378: ...the Fabric Manager choose Events Filters on the menu tree and click the FC or Other tab To configure event filters from the Device Manager choose Filters from the Events menu The Event Filters dialog box displays event filters for a single switch The Information pane in Fabric Manager displays two different views which list the same event filters for multiple switches in different order To configu...

Page 379: ...er and click the Services tab You see the Threshold Manager dialog box with the Services tab selected To enable an RMON alarm for one or more VSANs follow these steps Step 1 Enter one or more VSANs to monitor in the VSAN Id s field Step 2 Check the check box for each variable that you want to monitor Step 3 Enter the threshold value in the Value column Step 4 Enter the sampling period in seconds S...

Page 380: ...ange the default controls for RMON alarms choose Threshold Manager from the Device Manager menu You see the Threshold Manager window Click More on the Threshold Manager window You see the second Threshold Manager dialog box Managing RMON Alarms To view the alarms that have already been enabled follow these steps Step 1 Choose Events Threshold Manager and then click More in the Threshold Manager di...

Page 381: ...click Create You see the Create Threshold Entry dialog box Step 4 Configure the RMON event threshold attributes Viewing the RMON Log To view the RMON log from the Device Manager follow these steps Step 1 Choose Events Threshold Manager and then click More in the Threshold Manager dialog box Step 2 Click the Log tab on the RMON Thresholds dialog box You see the RMON Log dialog box ...

Page 382: ...28 12 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL 7753 01 Chapter 28 Configuring System Message Logging About RMON Facilities ...

Page 383: ...29 5 About SCSI LUN Discovery Small Computer System Interface SCSI targets include disks tapes and other storage devices These targets do not register logical unit numbers LUNs with the name server The name server requires LUN information for the following reasons To display LUN storage device information so an NMS can access this information To report device capacity serial number and device ID i...

Page 384: ...ors dialog box Step 6 Enter the initiator name in the Name field Step 7 Enter the VSAN membership number in the VSAN Membership field Step 8 Enter all the node and port information Step 9 Click Create to add this initiator to the table Click Close to exit the Create iSCSI Initiators dialog box without adding the initiator Like physical N ports iSCSI Initiators will appear in the Fabric Login table...

Page 385: ...alog box to map Fibre Channel LUNs to iSCSI LUNs Step 6 Enter the iSCSI LUN name in the Name field Step 7 Enter the iSCSI LUN Port WWN and FC LUN information in the appropriate fields Step 8 Click Create to add this LUN to the table Click Close to close the Create iSCSI LUN Mappings dialog box without adding the LUN Viewing iSCSI Statistics To view iSCSI statistics follow these steps Step 1 Be sur...

Page 386: ...nter the IP address or the IQN name created from the iSCSI driver running on the initiator The IQN name must be at least 16 characters Step 5 Assign names for the node WWN and port WWN fields There are three options The Auto option assigns the WWN from a pool of about 440 000 WWNs per switch and is returned to pool when you log out The Persistent option also assigns the WWN from a pool However whe...

Page 387: ... to configure a new or existing initiator on a switch To use the iSCSI Wizard follow these steps Step 1 Double click on the iSCSI Wizard icon on the Fabric Manager toolbar see Figure 29 1 Figure 29 1 iSCSI Wizard Icon Step 2 Choose an existing initiator from the list or enter the iqn name or IP address of the initiator and enter the IP address of the switch on which you want to configure the new i...

Page 388: ...29 6 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL 7753 01 Chapter 29 Discovering SCSI Targets Using the iSCSI Wizard ...

Page 389: ...nel Analyzers page 30 7 Default SPAN Settings page 30 10 Remote SPAN page 30 10 About SPAN The switched port analyzer SPAN feature is specific to switches in the Cisco MDS 9000 Family It monitors network traffic though a Fibre Channel interface Traffic through any Fibre Channel interface can be replicated to a special port called the SPAN destination port SD port Any Fibre Channel port in a switch...

Page 390: ...ngress direction the egress direction or both directions for any source interface Ingress source rx Traffic entering the switch fabric through this source interface is spanned or copied to the SD port Figure 30 2 SPAN Traffic from the Ingress Direction Egress source tx Traffic exiting the switch fabric through this source interface is spanned or copied to the SD port Fibre Channel traffic Fibre Ch...

Page 391: ...e Caching Services Module CSM Refer to the Cisco MDS 9000 Family SAN Volume Controller Configuration Guide for further information Allowed Source Interface Types The SPAN feature is available for the following interface types Physical ports F ports FL ports TE ports E ports and TL ports Interface sup fc0 traffic to and from the supervisor The Fibre Channel traffic from the supervisor module to the...

Page 392: ...ecified as a source you will not be able to perform interface level SPAN configuration on the interfaces that are included in the VSAN Previously configured SPAN specific interface information is discarded If an interface in a VSAN is configured as a SPAN source you will not be able to configure that VSAN as a source You must first remove the existing SPAN configurations on such interfaces before ...

Page 393: ...wo sessions however each session must be in a different direction one ingress and one egress Creating SPAN Sessions To create a SPAN session follow these steps Step 1 From the Device Manager choose Interface SPAN You see the SPAN dialog box Step 2 Click the Sessions tab Step 3 Click Create You see the Create SPAN Session dialog box Step 4 Choose the session ID from 1 16 using the up or down arrows...

Page 394: ...wing steps Step 1 From the Device Manager choose Interface SPAN You see the SPAN dialog box Step 2 Click the Sessions tab Step 3 Click once to select the SPAN session you want to delete Step 4 Click Delete The SPAN session is deleted Specifying Filters You can perform VSAN based filtering to selectively monitor network traffic on specified VSANs You can apply this VSAN filter to all sources in a s...

Page 395: ... Modules ASMs Guidelines to Configure SPAN The following guidelines apply for a SPAN configuration You can configure up to 16 SPAN sessions with multiple ingress rx sources You can configure a maximum of three SPAN sessions with one egress tx port In a 32 port switching module you must configure the same session in all four ports in one port group unit If you wish you can also configure only two o...

Page 396: ...iting interface fc1 1 and port 2 captures ingress traffic into interface fc1 1 Using SPAN Using SPAN you can capture the same traffic scenario shown in Figure 30 5 without any traffic disruption The Fibre Channel analyzer uses the ingress rx link at port 1 to capture all the frames going out of the interface fc1 1 It uses the ingress link at port 2 to capture all the ingress traffic on interface f...

Page 397: ...e Channel analyzer Using a Single SD Port to Monitor Traffic You do not need to use two SD ports to monitor bidirectional traffic on any interface as shown in Figure 30 6 You can use one SD port and one FC analyzer port by monitoring traffic on the interface at the same SD port fc2 1 Figure 30 7shows a SPAN setup where one session with destination port fc2 1 and source interface fc1 1 is used to c...

Page 398: ... in any remote Cisco MDS 9000 Family switch or director just as you would monitor traffic in a MDS source switch The RSPAN feature is nonintrusive and does not affect network traffic switching for any SPAN source ports Traffic captured on the remote switch is tunneled across a Fibre Channel fabric which has trunking enabled on all switches in the path from the source switch to the destination swit...

Page 399: ...o MDS 9000 Port Analyzer adapters Does not affect traffic in the source switch but shares the ISL bandwidth with other ports in the fabric FC and RSPAN Tunnels A FC tunnel is a logical data path between a source switch and a destination switch The FC tunnel originates from the source switch and terminates at the remotely located destination switch RSPAN uses a special Fibre Channel tunnel FC tunne...

Page 400: ...erface must be configured the interface vsan command The Fibre Channel tunnel feature must be enabled the fc tunnel enable command is disabled by default IP routing must be enabled the ip routing command is disabled by default If the IP address is in the same subnet as the VSAN the VSAN interface does not have to be configured for all VSANs on which the traffic is spanned A single Fibre Channel sw...

Page 401: ...nnel in Switch S and map the tunnel to the VSAN interface IP address in Switch D so all RSPAN traffic from the tunnel is directed to the SD port Step 4 Configure SD ports for SPAN monitoring in the destination switch Switch D Step 5 Configure the ST port in the source switch Switch S and bind the ST port to the FC tunnel Step 6 Create a RSPAN session in the source switch in Switch S to monitor net...

Page 402: ... 14 Enabling IP Routing page 30 14 Configuring VSAN Interfaces Figure 30 12 depicts an RSPAN tunnel configuration terminating in the destination switch Switch D This example assumes that VSAN 5 is already configured in the VSAN database Enabling IP Routing The IP routing feature is disabled by default Be sure to enable IP routing in each switch including the source and destination switches in the ...

Page 403: ...uring An Explicit Path You can specify an explicit path through the Cisco MDS Fibre channel fabric source based routing use the explicit path option For example if you have multiple paths to a tunnel destination you can use this option to specify the fc tunnel to always take one path to the destination switch The software then use this specified path even if other paths are available Cisco MDS sou...

Page 404: ...ioning the specified path is used This configuration explicitly specifies Path 1 to be used for the RSPAN traffic Refer to RFC 3209 for further details on explicit paths and source based routing Monitoring RSPAN Traffic Once the session is configured other SPAN sources for this session can also be configured as required shows a RSPAN setup where one session with destination port fc2 1 and source i...

Page 405: ... RSPAN tunnel is configured as a destination interface for SPAN session and the ST port forwards SPAN traffic through the RSPAN tunnel Figure 30 16 RSPAN Scenario with One Source Switch One Destination Switch and One Tunnel Single Source with Multiple RSPAN Tunnels Figure 30 17 displays two separate RSPAN tunnels configured between Switches S and D Each tunnel has an associated ST port in the sour...

Page 406: ... their respective source switch and terminate in the same SD port in the destination switch Figure 30 18 RSPAN Scenario with Two Source Switches a Destination Switch and Multiple Tunnels Cisco MDS source switch S Cisco MDS Switch B Cisco MDS Switch C Cisco MDS destination switch D ST SD SD FC analyzer FC analyzer Cisco MDS Fibre Channel fabric ST 99011 RSPAN tunnels SPAN sources Cisco MDS source s...

Page 407: ...tion Guide OL 7753 01 Chapter 30 Monitoring Network Traffic Using SPAN Remote SPAN This configuration is useful for remote monitoring purposes For example the administrator may be at the destination switch and can remotely monitor the two source switches ...

Page 408: ...30 20 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL 7753 01 Chapter 30 Monitoring Network Traffic Using SPAN Remote SPAN ...

Page 409: ...ames page 31 9 Configuring Timers page 31 9 Configuring FC Timers The fctimer command modifies Fibre Channel protocol related timer values for the switch You can use the fctimer command in configuration mode to configure the following TOVs Distributed services TOV D_S_TOV The valid range is from 5 000 to 10 000 milliseconds The default is 5 000 milliseconds Error detect TOV E_D_TOV The valid range...

Page 410: ...el protocol analyzers capture decode and analyze frames and ordered sets on a link While existing Fibre Channel analyzers can capture traffic at wire rate speed They are expensive and support limited frame decoding Also to snoop traffic the existing analyzers disrupt the traffic on the link while the analyzer is inserted into the link Cisco has brought protocol analysis within a storage network to...

Page 411: ...municates with the remote capture daemon in a Cisco MDS 9000 Family switch Figure 31 1 Cisco Fabric Analyzer Usage Local Text Based Capture This component is a command line driven text based interface that captures traffic to and from the supervisor module in a Cisco MDS 9000 switch It is a fully functional decoder that is useful for quick debug purposes or for use when the remote capture daemon i...

Page 412: ... on Ethereal not on the switch GUI Based Client The Ethereal software runs on a host such as a PC or workstation and communicates with the remote capture daemon This software is available in the public domain from http www ethereal com Since Ethereal has a GUI front end it supports a rich functionality such as colorized display graphical assists in defining filters and searching for specific frame...

Page 413: ...e FC ID to be allocated to a N port attached to a Fx port in any switch To conserve the number of FC IDs used Cisco MDS 9000 Family switches use a special allocation scheme Based on the assigned FC ID some HBAs assume that no other ports have the same area bits and domain When a target is assigned with a FC ID that has the same area bits but different port bits the HBA fails to discover these targ...

Page 414: ...his section briefly explains the basic concepts of these modes Each vendor has a regular mode and an equivalent interoperability mode which specifically turns off advanced or proprietary features and provide the product with a more amiable standards compliant implementation Table 31 2 lists the changes in switch behavior when you enable interoperability mode These changes are specific to switches ...

Page 415: ... VSAN Interop mode only affects the specified VSAN TE ports and PortChannels TE ports and Port Channels cannot be used to connect MDS to non MDS switches Only E ports can be used to connect to non MDS switches TE ports and PortChannels can still be used to connect an MDS to other MDS switches even when in interop mode FSPF The routing of frames within the fabric is not changed by the introduction ...

Page 416: ...figuration Use the show tech support command in EXEC mode to display general information about the switch when reporting a problem You can choose to have detailed information for each command or even specify the output for a particular interface module or VSAN Each command output is separated by line and the command precedes the output Note Explicitly set the terminal length command to 0 zero to d...

Page 417: ... Step 1 From the Fabric Manager choose FC WWN Manager on the menu tree or from the Device Manager choose FC WWN Manager The Information pane of the Fabric Manager displays WWN information for multiple switches The dialog box from the Device Manager displays WWN information for a single switch Step 2 Configure the BaseMacAddress and MacAddressRange attributes for the WWN s Step 3 In the Fabric Mana...

Page 418: ...31 10 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL 7753 01 Chapter 31 Advanced Features and Concepts Configuring Timers ...

Page 419: ...ese nodes are end devices host systems storage subsystems attached to the fabric platform objects reside at the edge switches of the fabric Each object has its own set of attributes and their values A null value may also be defined for some attributes In the Cisco MDS 9000 Family switch environment multiple VSANs constitute a fabric where one instance of the FCS is present per VSAN If you have att...

Page 420: ...topology FCSs supports TE and TL ports in addition to the standard F and E ports FCS can maintain a group of modes with a logical name and management address when a platform registers with it FCSs maintain a backup of all registrations in secondary storage and updates it with every change When a restart or switchover happens FCSs retrieve the secondary storage information and rebuild its database ...

Page 421: ...ends its OS kernel core dump to the Cisco MDS 9000 System Debug Server The Cisco MDS 9000 System Debug Server is a Cisco application that runs on Linux It creates a repository for kernel core dumps You can download the Cisco MDS 9000 System Debug Server from the Cisco com website Kernel core dumps are only useful to your technical support representative The kernel core dump file which is a large b...

Page 422: ...33 2 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL 7753 01 Chapter 33 Monitoring System Processes and Logs Configuring Kernel Core Dumps ...

Page 423: ...er Troubleshooting Tools page 34 4 Locating Other Switches page 34 5 Configuring an OUI page 34 5 Analyzing Switch Device Health The Switch Health option lets you determine the status of the components of a specific switch To use the Switch Health option follow these steps Step 1 Choose Tools Switch Health from the Fabric Manager You see the Switch Health Analysis window Step 2 Click Start to iden...

Page 424: ...een endpoints by clicking Ensure that redundant paths exist between members Step 7 Click Analyze The End to End Connectivity Analysis window displays the selected end points with the switch to which each is attached and the source and target ports used to connect it The output shows all the requests which have failed The possible descriptions are Ignoring empty zone No requests are issued for this...

Page 425: ...he window Analyzing the Results of Merging Zones You can use the Zone Merge option on the Fabric Manager Tools menu to determine if two connected switches have compatible zone configurations To use the Zone Merge option follow these steps Step 1 Choose Tools Zone Merge from the Fabric Manager You see the Zone Merge Analysis window Step 2 Choose a switch from each pull down list Step 3 Identify the...

Page 426: ... to the switches you specified or click Close to close the Show Tech Support dialog box without issuing the show tech support command In the Status column next to each switch a highlighted status is displayed A yellow highlight indicates that the Show Tech Support command is currently running on that switch A red highlight indicates an error A green highlight indicates that the Show Tech Support c...

Page 427: ...2 168 100 1 254 Multiple ranges can be specified separated by commas For example to look for all the devices in the two subnets 192 168 199 0 and 192 169 100 0 use the following string 192 168 100 1 254 192 169 100 1 254 Step 3 Enter the appropriate read community string in the Read Community field The default value for this string is public Step 4 Click Display Cisco MDS 9000 Only to display only...

Page 428: ...9000 Fabric Manager Switch Configuration Guide OL 7753 01 Chapter 34 Troubleshooting the Fabric Configuring an OUI Note This situation does not affect the availability or the functionality of the switch and or fabric ...

Page 429: ...e Switch What s Wrong page 35 2 Can I Upgrade Without Losing My Map Settings page 35 2 Are There Any Restrictions When Using Fabric Manager Across FCIP page 35 2 Running Cisco Fabric Manager with Multiple Interfaces page 35 3 Configuring a Proxy Server page 35 4 Clearing Topology Maps page 35 5 Can I Use Fabric Manager in a Mixed Software Environment page 35 5 Can I Set the Map Layout So It Stays ...

Page 430: ... Hold the mouse over the switch to see the tooltip Can I Upgrade Without Losing My Map Settings When you upgrade from one version of Fabric Manager to another there is a way to prevent the loss of map settings enclosure names placement on the map etc The HOME cisco_mds9000 db directory contains all discovered fabrics dat and maps map These are upgradable between 1 1 and 1 2 If you need to clear th...

Page 431: ...le interfaces Refer to the following sections depending on which application you want to recognize the interface Specifying an Interface for Fabric Manager Server page 35 3 Specifying an Interface for Fabric Manager Client or Device Manager page 35 4 Specifying an Interface for Performance Manager page 35 3 Specifying an Interface for Fabric Manager Server To specify an interface for Fabric Manage...

Page 432: ...IP address or interface name of the NIC you want to use Step 5 Save the file and relaunch Fabric Manager Client or Device Manager Configuring a Proxy Server If your network uses a proxy server for HTTP requests make sure the Java Web Start Application Manager is properly configured with the IP address of your proxy server To configure a proxy server in the Java Web Start Application Manager follow...

Page 433: ...h will clear the information for all clients without having to reboot the switch To clear information from topology maps follow these steps Step 1 In the Map pane click on the Refresh Map icon This clears the information from the client Step 2 Choose Server Purge This clears the information from the server Can I Use Fabric Manager in a Mixed Software Environment You can use Fabric Manager version ...

Page 434: ...35 6 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL 7753 01 Chapter 35 Troubleshooting Fabric Manager Issues Can I Use Fabric Manager in a Mixed Software Environment ...

Page 435: ...Analyzer configuring 31 4 description 31 2 FC IDs allocating 31 5 allocating areas 31 5 FSPF interoperability 31 7 I interoperability configuring 31 6 iSCSI targets secondary access 24 29 L libpcap freeware 31 2 local capture 31 4 loop monitoring 31 6 loop port 31 6 N name server interoperability 31 8 P PortChannels interoperability 31 7 protocol analysis 31 2 R remote capture 31 4 remote capture ...

Page 436: ...onfiguration Guide OL 7753 01 T TE ports interoperability 31 7 TOV interoperability 31 6 ranges 31 1 troubleshooting collecting output 31 8 trunking interoperability 31 7 V VSANs interop mode 31 7 W world wide names See See WWNs WWNs configuring 31 5 ...

Reviews:

No comments

Related manuals for DS-C9216I-K9

4O3A Antenna Genius Quick Start Manual preview
Antenna Genius
Brand: 4O3A Pages: 2
Cabletron Systems SmartCell 6A000 User Manual preview
SmartCell 6A000
Brand: Cabletron Systems Pages: 114
Cabletron Systems MRX Installation Manual preview
MRX
Brand: Cabletron Systems Pages: 62
Cabletron Systems CyberSWITCH CSX150 Quick Start Manual preview
CyberSWITCH CSX150
Brand: Cabletron Systems Pages: 49
Cabletron Systems Cabletron CyberSWITCH CSX5500 User Manual preview
Cabletron CyberSWITCH CSX5500
Brand: Cabletron Systems Pages: 729
Harman Kardon ABH 4000 Owner'S Manual preview
ABH 4000
Brand: Harman Kardon Pages: 2
IBM 8271 Nways Ethernet LAN Switch User Manual preview
8271 Nways Ethernet LAN Switch
Brand: IBM Pages: 210
KCC KTD-600 Series Manual preview
KTD-600 Series
Brand: KCC Pages: 6
Icy Box IB-AC618 Manual preview
IB-AC618
Brand: Icy Box Pages: 6
Leonton ET2-0602-M Series User Manual preview
ET2-0602-M Series
Brand: Leonton Pages: 17
Extron electronics 60-1021-01 User Manual preview
60-1021-01
Brand: Extron electronics Pages: 137
Hamlet XUSB370MS User Manual preview
XUSB370MS
Brand: Hamlet Pages: 2
Vega VEGASWING 53 Operating Instructions Manual preview
VEGASWING 53
Brand: Vega Pages: 36
HDTV Supply HDTVCV0702HDS User Manual preview
HDTVCV0702HDS
Brand: HDTV Supply Pages: 15
Harman AMX PR01-0808 User Manual preview
AMX PR01-0808
Brand: Harman Pages: 50
Tabs TBGW100-915 Reference Manual preview
TBGW100-915
Brand: Tabs Pages: 4
SMC Networks SMC8606SX Specification Sheet preview
SMC8606SX
Brand: SMC Networks Pages: 2
nedis VMAT3482AT Manual preview
VMAT3482AT
Brand: nedis Pages: 24

Brands by name

Popular brands

Load more brands