Cisco MDS 9000 Family NX-OS Fabric Configuration Guide
Cisco MDS 9000 Family NX-OS Fabric Configuration Guide
Cisco MDS 9000 Family NX-OS Fabric Configuration Guide
Configuration Guide
Cisco MDS NX-OS Release 6.2(9)
July 2014
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display
output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in
illustrative content is unintentional and coincidental.
Preface 1
Audience 1
Organization 1
Document Conventions 2
Related Documentation 3
Release Notes 3
Regulatory Compliance and Safety Information 3
Compatibility Information 3
Hardware Installation 3
Software Installation and Upgrade 4
Cisco NX-OS 4
Command-Line Interface 4
Intelligent Storage Networking Services Configuration Guides 4
Troubleshooting and Reference 4
Obtaining Documentation and Submitting a Service Request 5
Zoning 1-2
CHAPTER 8 Managing FLOGI, Name Server, FDMI, and RSCN Databases 8-1
RSCN 8-9
About RSCN Information 8-10
Displaying RSCN Information 8-10
multi-pid Option 8-11
Configuring the multi-pid Option 8-12
Suppressing Domain Format SW-RSCNs 8-12
Coalesced SW-RSCN 8-12
Enabling Coalesced SW-RSCNs 8-12
Disabling Coalesced SW-RSCNs 8-13
Clearing RSCN Statistics 8-13
RSCN Timer Configuration Distribution Using CFS 8-14
Configuring the RSCN Timer 8-14
Verifying the RSCN Timer Configuration 8-15
RSCN Timer Configuration Distribution 8-15
Default Settings 8-18
As of Cisco MDS NX-OS Release 5.2, software configuration information is available in new
feature-specific configuration guides for the following information:
• System management
• Interfaces
• Fabric
• Quality of service
• Security
• IP services
• High availability and redundancy
The information in these new guides previously existed in the Cisco MDS 9000 Family CLI
Configuration Guide and in the Cisco MDS 9000 Family Fabric Manager Configuration Guide. Those
configuration guides remain available on Cisco.com and should be used for all software releases prior
to MDS NX-OS Release 4.2(1). Each guide addresses the features introduced in or available in a
particular release. Select and view the configuration guide that pertains to the software installed in your
switch.
For a complete list of document titles, see the list of Related Documentation in the “Preface.”
To find additional information about Cisco MDS NX-OS Release 6.2(1), see the Cisco MDS 9000 Family
Release Notes available at the following Cisco Systems website:
http://www.cisco.com/en/US/products/ps5989/prod_release_notes_list.htm
Changed
in
Feature New and Change Topics Release Where Documented
Organizationally Unique This feature introduces a new command which 6.2(29) Chapter 11, “Advanced Features
Identifiers enables dynamic addition of Organizationally and Concepts”
Unique Identifiers (OUIs) to the system OUI
database.
Confirm commit Added pending-diff display on commit for zone 6.2(9) Chapter 5, “Distributing Device
device-alias and device-alias. Alias Services”
Confirm commit zone Chapter 2, “Configuring and
Managing Zones”
FC and FCOE Scale – Added “Device Alias Configuration Best 6.2(9) Chapter 5, “Distributing Device
Device Alias Practices” section. Alias Services”
Fibre Channel Common Configuring Fibre Channel Common Transport 6.2(9) Chapter 12, “Configuring Fibre
Transport Management Management Server Query Channel Common Transport
Server Query Management Security”
FCNS, RSCN Added bulk notification feature to improve the 6.2(7) Chapter 8, “Managing FLOGI,
performance of all the components listening to Name Server, FDMI, and RSCN
FCNS database changes. Databases”
Added coalesced SWRSCN to improve RSCN
performance.
Added “Displaying Fabric Switch Information” 6.2(7) Chapter 2, “Configuring and
section. Managing VSANs”
Smart Zoning Added the command output. 6.2(7) Chapter 2, “Configuring and
Managing Zones”
Smart Zoning Added the Smart Zoning section. 5.2.6 Chapter 2, “Configuring and
Managing Zones”
FICON Tape Read Added “FICON Tape Acceleration” section. 5.0(1a) Chapter 10, “Configuring FICON”
Acceleration
This preface describes the audience, organization, and conventions of the Cisco MDS 9000 Family
NX-OS Fabric Configuration Guide. It also provides information on how to obtain related
documentation.
Audience
This guide is for experienced network administrators who are responsible for configuring and
maintaining the Cisco MDS 9000 Family of multilayer directors and fabric switches.
Organization
The Cisco MDS 9000 Family NX-OS Fabric Configuration Guide is organized as follows:
Chapter Title Description
Chapter 1 Fabric Overview Provides an overview of features described in
this guide.
Chapter 2 Configuring and Managing VSANs Describes how virtual SANs (VSANs) work,
explains the concept of default VSANs, isolated
VSANs, VSAN IDs, and attributes, and provides
details on how to create, delete, and view
VSANs.
Chapter 3 Creating Dynamic VSANs Defines the Dynamic Port VSAN Membership
(DPVM) feature that is used to maintain fabric
topology when a host or storage device
connection is moved between two Cisco MDS
switches.
Chapter 2 Configuring and Managing Zones Defines various zoning concepts and provides
details on configuring a zone set and zone
management features.
Chapter 5 Distributing Device Alias Services Describes the use of the Distributed Device
Alias Services (device alias) to distribute device
alias names on a fabric-wide basis.
Chapter 6 Configuring Fibre Channel Routing Provides details and configuration information
Services and Protocols on Fibre Channel routing services and protocols.
Document Conventions
Command descriptions use these conventions:
Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the
manual.
Related Documentation
The documentation set for the Cisco MDS 9000 Family includes the following documents. To find a
document online, use the Cisco MDS NX-OS Documentation Locator at:
http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/roadmaps/doclocater.htm
Release Notes
• Cisco MDS 9000 Family Release Notes for Cisco MDS NX-OS Releases
• Cisco MDS 9000 Family Release Notes for MDS SAN-OS Releases
• Cisco MDS 9000 Family Release Notes for Storage Services Interface Images
• Cisco MDS 9000 Family Release Notes for Cisco MDS 9000 EPLD Images
Compatibility Information
• Cisco Data Center Interoperability Support Matrix
• Cisco MDS 9000 NX-OS Hardware and Software Compatibility Information and Feature Lists
• Cisco MDS NX-OS Release Compatibility Matrix for Storage Service Interface Images
• Cisco MDS 9000 Family Switch-to-Switch Interoperability Configuration Guide
• Cisco MDS NX-OS Release Compatibility Matrix for IBM SAN Volume Controller Software for
Cisco MDS 9000
• Cisco MDS SAN-OS Release Compatibility Matrix for VERITAS Storage Foundation for Networks
Software
Hardware Installation
• Cisco MDS 9500 Series Hardware Installation Guide
• Cisco MDS 9200 Series Hardware Installation Guide
• Cisco MDS 9100 Series Hardware Installation Guide
• Cisco MDS 9124 and Cisco MDS 9134 Multilayer Fabric Switch Quick Start Guide
Cisco NX-OS
• Cisco MDS 9000 Family NX-OS Fundamentals Configuration Guide
• Cisco MDS 9000 Family NX-OS Licensing Guide
• Cisco MDS 9000 Family NX-OS System Management Configuration Guide
• Cisco MDS 9000 Family NX-OS Interfaces Configuration Guide
• Cisco MDS 9000 Family NX-OS Fabric Configuration Guide
• Cisco MDS 9000 Family NX-OS Quality of Service Configuration Guide
• Cisco MDS 9000 Family NX-OS Security Configuration Guide
• Cisco MDS 9000 Family NX-OS IP Services Configuration Guide
• Cisco MDS 9000 Family NX-OS Intelligent Storage Services Configuration Guide
• Cisco MDS 9000 Family NX-OS High Availability and Redundancy Configuration Guide
• Cisco MDS 9000 Family NX-OS Inter-VSAN Routing Configuration Guide
Command-Line Interface
• Cisco MDS 9000 Family Command Reference
The Cisco MDS 9000 Family NX-OS command-line interface (CLI) can configure and manage features
such as VSANs, SAN device virtualization, dynamic VSANs, zones, distributed device alias services,
Fibre Channel routing services and protocols, FLOGI, name server, FDMI, RSCN database, SCSI
targets, FICON, and other advanced features.
This chapter describes some of these features and includes the following topics:
• Virtual SANs, page 1-1
• Dynamic Port VSAN Membership, page 1-2
• SAN Device Virtualization, page 1-2
• Zoning, page 1-2
• Distributed Device Alias Services, page 1-3
• Fibre Channel Routing Services and Protocols, page 1-3
• Multiprotocol Support, page 1-3
Virtual SANs
Virtual SAN (VSAN) technology partitions a single physical SAN into multiple VSANs. VSAN
capabilities allow Cisco NX-OS software to logically divide a large physical fabric into separate,
isolated environments to improve Fibre Channel SAN scalability, availability, manageability, and
network security. For FICON, VSANs facilitate hardware-based separation of FICON and open systems.
Each VSAN is a logically and functionally separate SAN with its own set of Fibre Channel fabric
services. This partitioning of fabric services greatly reduces network instability by containing fabric
reconfigurations and error conditions within an individual VSAN. The strict traffic segregation provided
by VSANs helps ensure that the control and data traffic of a specified VSAN are confined within the
VSAN’s own domain, increasing SAN security. VSANs help reduce costs by facilitating consolidation
of isolated SAN islands into a common infrastructure without compromising availability.
Users can create administrator roles that are limited in scope to certain VSANs. For example, a network
administrator role can be set up to allow configuration of all platform-specific capabilities, while other
roles can be set up to allow configuration and management only within specific VSANs. This approach
improves the manageability of large SANs and reduces disruptions due to human error by isolating the
effect of a user action to a specific VSAN whose membership can be assigned based on switch ports or
the worldwide name (WWN) of attached devices.
VSANs are supported across FCIP links between SANs, which extends VSANs to include devices at a
remote location. The Cisco MDS 9000 Family switches also implement trunking for VSANs. Trunking
allows Inter-Switch Links (ISLs) to carry traffic for multiple VSANs on the same physical link.
Note SDV is not supported from Cisco MDS NX-OS Release 4.x and later.
Zoning
Zoning provides access control for devices within a SAN. Cisco NX-OS software supports the following
types of zoning:
• N port zoning—Defines zone members based on the end-device (host and storage) port.
– WWN
– Fibre Channel identifier (FC-ID)
• Fx port zoning—Defines zone members based on the switch port.
– WWN
– WWN plus interface index, or domain ID plus interface index
• Domain ID and port number (for Brocade interoperability)
• iSCSI zoning—Defines zone members based on the host zone.
– iSCSI name
– IP address
• LUN zoning—When combined with N port zoning, LUN zoning helps ensure that LUNs are
accessible only by specific hosts, providing a single point of control for managing heterogeneous
storage-subsystem access.
• Read-only zones—An attribute can be set to restrict I/O operations in any zone type to SCSI
read-only commands. This feature is especially useful for sharing volumes across servers for
backup, data warehousing, etc.
Note LUN zoning and read-only zones are not supported from Cisco MDS NX-OS Release 5.x and later.
• Broadcast zones—An attribute can be set for any zone type to restrict broadcast frames to members
of the specific zone.
To provide strict network security, zoning is always enforced per frame using access control lists (ACLs)
that are applied at the ingress switch. All zoning polices are enforced in hardware, and none of them
cause performance degradation. Enhanced zoning session-management capabilities further enhance
security by allowing only one user at a time to modify zones.
Multiprotocol Support
In addition to supporting Fibre Channel Protocol (FCP), Cisco NX-OS software supports IBM Fibre
Connection (FICON), Small Computer System Interface over IP (iSCSI), and Fibre Channel over IP
(FCIP) in a single platform. Native iSCSI support in the Cisco MDS 9000 Family switches helps
customers consolidate storage for a wide range of servers into a common pool on the SAN.
You can achieve higher security and greater stability in Fibre Channel fabrics by using virtual SANs
(VSANs) on Cisco MDS 9000 Family switches and Cisco Nexus 5000 Series switches. VSANs provide
isolation among devices that are physically connected to the same fabric. With VSANs you can create
multiple logical SANs over a common physical infrastructure. Each VSAN can contain up to 239
switches and has an independent address space that allows identical Fibre Channel IDs (FC IDs) to be
used simultaneously in different VSANs. This chapter includes the following sections:
• About VSANs, page 2-1
• VSAN Configuration, page 2-5
• Displaying Static VSAN Configuration, page 2-11
• Default Settings, page 2-12
• Displaying Fabric Switch Information, page 2-13
About VSANs
A VSAN is a virtual storage area network (SAN). A SAN is a dedicated network that interconnects hosts
and storage devices primarily to exchange SCSI traffic. In SANs, you use the physical links to make
these interconnections. A set of protocols run over the SAN to handle routing, naming, and zoning. You
can design multiple SANs with different topologies.
With the introduction of VSANs, the network administrator can build a single topology containing
switches, links, and one or more VSANs. Each VSAN in this topology has the same behavior and
property of a SAN. A VSAN has the following additional features:
• Multiple VSANs can share the same physical topology.
• The same Fibre Channel IDs (FC IDs) can be assigned to a host in another VSAN, thus increasing
VSAN scalability.
• Every instance of a VSAN runs all required protocols such as FSPF, domain manager, and zoning.
• Fabric-related configurations in one VSAN do not affect the associated traffic in another VSAN.
• Events causing traffic disruptions in one VSAN are contained within that VSAN and are not
propagated to other VSANs.
This section describes VSANs and includes the following topics:
• VSANs Topologies, page 2-2
• VSAN Advantages, page 2-3
VSANs Topologies
The switch icons shown in both Figure 2-1 and Figure 2-2 indicate that these features apply to any switch
in the Cisco MDS 9000 Family.
Figure 2-1 shows a fabric with three switches, one on each floor. The geographic location of the switches
and the attached devices is independent of their segmentation into logical VSANs. No communication
between VSANs is possible. Within each VSAN, all members can talk to one another.
Switch 1
Floor 3
Switch 2
Floor 2
Switch 3 79532
Floor 1
Figure 2-2 shows a physical Fibre Channel switching infrastructure with two defined VSANs: VSAN 2
(dashed) and VSAN 7 (solid). VSAN 2 includes hosts H1 and H2, application servers AS2 and AS3, and
storage arrays SA1 and SA4. VSAN 7 connects H3, AS1, SA2, and SA3.
H1
FC FC FC FC
Link in VSAN 2
Link in VSAN 7 79533
Trunk link
The four switches in this network are interconnected by trunk links that carry both VSAN 2 and
VSAN 7 traffic. The inter-switch topology of both VSAN 2 and VSAN 7 are identical. This is not a
requirement and a network administrator can enable certain VSANs on certain links to create different
VSAN topologies.
Without VSANs, a network administrator would need separate switches and links for separate SANs. By
enabling VSANs, the same switches and links may be shared by multiple VSANs. VSANs allow SANs
to be built on port granularity instead of switch granularity. Figure 2-2 illustrates that a VSAN is a group
of hosts or storage devices that communicate with each other using a virtual topology defined on the
physical SAN.
The criteria for creating such groups differ based on the VSAN topology:
• VSANs can separate traffic based on the following requirements:
– Different customers in storage provider data centers
– Production or test in an enterprise network
– Low and high security requirements
– Backup traffic on separate VSANs
– Replicating data from user traffic
• VSANs can meet the needs of a particular department or application.
VSAN Advantages
VSANs offer the following advantages:
• Traffic isolation—Traffic is contained within VSAN boundaries and devices reside only in one
VSAN ensuring absolute separation between user groups, if desired.
• Scalability—VSANs are overlaid on top of a single physical fabric. The ability to create several
logical VSAN layers increases the scalability of the SAN.
• Per VSAN fabric services—Replication of fabric services on a per VSAN basis provides increased
scalability and availability.
• Redundancy—Several VSANs created on the same physical SAN ensure redundancy. If one VSAN
fails, redundant protection (to another VSAN in the same physical SAN) is configured using a
backup path between the host and the device.
• Ease of configuration—Users can be added, moved, or changed between VSANs without changing
the physical structure of a SAN. Moving a device from one VSAN to another only requires
configuration at the port level, not at a physical level.
Up to 256 VSANs can be configured in a switch. Of these, one is a default VSAN (VSAN 1), and another
is an isolated VSAN (VSAN 4094). User-specified VSAN IDs range from 2 to 4093.
Figure 2-3 shows the possible relationships between VSANs and zones. In VSAN 2, three zones are
defined: zone A, zone B, and zone C. Zone C overlaps both zone A and zone B as permitted by Fibre
Channel standards. In VSAN 7, two zones are defined: zone A and zone D. No zone crosses the VSAN
boundary—they are completely contained within the VSAN. Zone A defined in VSAN 2 is different and
separate from zone A defined in VSAN 7.
Physical Topology
AS2 AS3
Zone A
H2 SA1
VSAN 2
Zone C
H1 SA4
Zone B
H3
Zone D
VSAN 7
Zone A
AS1 SA2 SA3
79534
VSAN Configuration
VSANs have the following attributes:
• VSAN ID—The VSAN ID identifies the VSAN as the default VSAN (VSAN 1), user-defined
VSANs (VSAN 2 to 4093), and the isolated VSAN (VSAN 4094).
• State—The administrative state of a VSAN can be configured to an active (default) or suspended
state. Once VSANs are created, they may exist in various conditions or states.
– The active state of a VSAN indicates that the VSAN is configured and enabled. By enabling a
VSAN, you activate the services for that VSAN.
– The suspended state of a VSAN indicates that the VSAN is configured but not enabled. If a port
is configured in this VSAN, it is disabled. Use this state to deactivate a VSAN without losing
the VSAN’s configuration. All ports in a suspended VSAN are disabled. By suspending a
VSAN, you can preconfigure all the VSAN parameters for the whole fabric and activate the
VSAN immediately.
• VSAN name—This text string identifies the VSAN for management purposes. The name can be
from 1 to 32 characters long and it must be unique across all VSANs. By default, the VSAN name
is a concatenation of VSAN and a four-digit string representing the VSAN ID. For example, the
default name for VSAN 3 is VSAN0003.
• Load balancing attributes—These attributes indicate the use of the source-destination ID (src-dst-id)
or the originator exchange OX ID (src-dst-ox-id, the default) for load balancing path selection.
Note OX ID based load balancing of IVR traffic from IVR- enabled switches is not supported on
Generation 1 switching modules. OX ID based load balancing of IVR traffic from a non-IVR
MDS switch should work. Generation 2 switching modules support OX ID based load
balancing of IVR traffic from IVR-enabled switches.
This section describes how to create and configure VSANs and includes the following topics:
• Reserved VSAN Range and Isolated VSAN Range Guidelines, page 2-6
• Creating VSANs Statically, page 2-6
• Port VSAN Membership, page 2-7
• Assigning Static Port VSAN Membership, page 2-7
• Displaying VSAN Static Membership, page 2-8
• Default VSAN, page 2-9
• Isolated VSAN, page 2-9
• Displaying Isolated VSAN Membership, page 2-9
• Operational State of a VSAN, page 2-9
• Static VSAN Deletion, page 2-9
• Deleting Static VSANs, page 2-10
• Load Balancing, page 2-11
• Configuring Load Balancing, page 2-11
• Interop Mode, page 2-11
• FICON VSANs, page 2-11
VSAN Creation
A VSAN is in the operational state if the VSAN is active and at least one port is up. This state indicates
that traffic can pass through this VSAN. This state cannot be configured.
Creating VSANs
To create VSANs, follow these steps:
Command Purpose
Step 1 switch# config t Enters configuration mode.
Step 2 switch(config)# vsan database Configures the database for a VSAN. Application
switch(config-vsan-db)# specific VSAN parameters cannot be configured
from this prompt.
Step 3 switch(config-vsan-db)# vsan 2 Creates a VSAN with the specified ID (2) if that
VSAN does not exist already.
Step 4 switch(config-vsan-db)# vsan 2 name TechDoc Updates the VSAN with the assigned name
updated vsan 2 (TechDoc).
Step 5 switch(config-vsan-db)# vsan 2 suspend Suspends the selected VSAN.
Step 6 switch(config-vsan-db)# no vsan 2 suspend Negates the suspend command issued in the
previous step.
Step 7 switch(config-vsan-db)# end Returns you to EXEC mode.
switch#
Command Purpose
Step 1 switch# config t Enters configuration mode.
Step 2 switch(config)# vsan database Configures the database for a VSAN.
switch(config-vsan-db)#
Step 3 switch(config-vsan-db)# vsan 2 Creates a VSAN with the specified ID (2) if
that VSAN does not exist already.
Step 4 switch(config-vsan-db)# vsan 2 interface fc1/8 Assigns the membership of the fc1/8 interface
to the specified VSAN (VSAN 2).
Command Purpose
Step 5 switch(config-vsan-db)# vsan 7 Creates another VSAN with the specified ID
(7) if that VSAN does not exist already.
Step 6 switch(config-vsan-db)# vsan 7 interface fc1/8 Updates the membership information of the
interface to reflect the changed VSAN.
switch(config-vsan-db)# vsan 1 interface fc1/8 Removes the interface fc1/8 from VSAN 7 to
VSAN 1( the default VSAN).
To remove the VSAN membership of interface
fc1/8 from VSAN 7, you should define the
VSAN membership of fc1/8 to another VSAN.
The best practice is to assign it back to VSAN
1.
Note Interface information is not displayed if interfaces are not configured on this VSAN.
Default VSAN
The factory settings for switches in the Cisco MDS 9000 Family have only the default VSAN 1 enabled.
We recommend that you do not use VSAN 1 as your production environment VSAN. If no VSANs are
configured, all devices in the fabric are considered part of the default VSAN. By default, all ports are
assigned to the default VSAN.
Note Up to 256 VSANs can be configured in a switch. Of these, one is a default VSAN (VSAN 1), and another
is an isolated VSAN (VSAN 4094). User-specified VSAN IDs range from 2 to 4093.
Isolated VSAN
VSAN 4094 is an isolated VSAN. All non-trunking ports are transferred to this VSAN when the VSAN
to which they belong is deleted. This avoids an implicit transfer of ports to the default VSAN or to
another configured VSAN. All ports in the deleted VSAN are isolated (disabled).
Note When you configure a port in VSAN 4094 or move a port to VSAN 4094, that port is immediately
isolated.
Note Up to 256 VSANs can be configured in a switch. Of these, one is a default VSAN (VSAN 1), and another
is an isolated VSAN (VSAN 4094). User-specified VSAN IDs range from 2 to 4093.
• VSAN attributes and port membership details are maintained by the VSAN manager. This feature is
affected when you delete a VSAN from the configuration. When a VSAN is deleted, all the ports in
that VSAN are made inactive and the ports are moved to the isolated VSAN. If the same VSAN is
recreated, the ports do not automatically get assigned to that VSAN. You must explicitly reconfigure
the port VSAN membership (see Figure 2-4)
Before After
Default VSAN 7 Default VSAN 7
VSAN VSAN
fc1/1 fc1/3 fc1/1 fc1/3
fc1/2 fc1/4 fc1/2 fc1/4
79947
Switch 1 Switch 1
• VSAN-based runtime (name server), zoning, and configuration (static routes) information is
removed when the VSAN is deleted.
• Configured VSAN interface information is removed when the VSAN is deleted.
Note The allowed VSAN list is not affected when a VSAN is deleted (refer to the Cisco MDS 9000 Family
NX-OS Interfaces Configuration Guide).
Any commands for a nonconfigured VSAN are rejected. For example, if VSAN 10 is not configured in
the system, then a command request to move a port to VSAN 10 is rejected.
Command Purpose
Step 1 switch# config t Enters configuration mode.
Step 2 switch(config)# vsan database Configures the VSAN database.
switch(config-db)#
Step 3 switch-config-db# vsan 2 Places you in VSAN configuration mode.
switch(config-vsan-db)#
Step 4 switch(config-vsan-db)# no vsan 5 Deletes VSAN 5 from the database and switch.
switch(config-vsan-db)#
Step 5 switch(config-vsan-db)# end Places you in EXEC mode.
switch#
Load Balancing
Load balancing attributes indicate the use of the source-destination ID (src-dst-id) or the originator
exchange OX ID (src-dst-ox-id, the default) for load balancing path selection.
Command Purpose
Step 1 switch# config t Enters configuration mode.
Step 2 switch(config)# vsan database Enters VSAN database configuration submode
switch(config-vsan-db)#
Step 3 switch(config-vsan-db)# vsan 2 Specifies an existing VSAN.
Step 4 switch(config-vsan-db)# vsan 2 Enables the load balancing guarantee for the
loadbalancing src-dst-id selected VSAN and directs the switch to use the
source and destination ID for its path selection
process.
switch(config-vsan-db)# no vsan 2 Negates the command issued in the previous step
loadbalancing src-dst-id and reverts to the default values of the load
balancing parameters.
switch(config-vsan-db)# vsan 2 Changes the path selection setting to use the source
loadbalancing src-dst-ox-id ID, the destination ID, and the OX ID (default).
Step 5 switch(config-vsan-db)# vsan 2 suspend Suspends the selected VSAN.
Step 6 switch(config-vsan-db)# no vsan 2 suspend Negates the suspend command issued in the
previous step.
Step 7 switch(config-vsan-db)# end Returns you to EXEC mode.
switch#
Interop Mode
Interoperability enables the products of multiple vendors to come into contact with each other. Fibre
Channel standards guide vendors towards common external Fibre Channel interfaces. See the “Switch
Interoperability” section on page 11-11.
FICON VSANs
You can enable FICON in up to eight VSANs. See the “FICON VSAN Prerequisites” section on
page 10-7.
Default Settings
Table 2-2 lists the default settings for all configured VSANs.
Parameters Default
Default VSAN VSAN 1.
State Active state.
Name Concatenation of VSAN and a four-digit string representing the
VSAN ID. For example, VSAN 3 is VSAN0003.
Load-balancing attribute OX ID (src-dst-ox-id).
Example 2-7 Displays Information about All the Switches in the Fabric
VSAN 1:
----------------------------------------------------------------------------
SwitchName Model Version SupMemory
----------------------------------------------------------------------------
huashan12 DS-C9148-48P-K9 5.2(2d) n/a
alishan-bgl-25 DS-C9250I-K9 6.2(5a) n/a
Hac18 DS-C9506 6.2(7) 2 GB
Hac17 DS-C9506 6.2(5) n/a
Coco1 DS-C9222I-K9 6.2(7) 1 GB
switch#
Note This command is not supported prior to Cisco NX-OS Release 6.2(7).
Note SUP memory is not displayed for the switches that are running Cisco NX-OS Release prior to 6.2(7).
Note Without the VSAN option, this command displays information about switches in all the VSANs.
About DPVM
Port VSAN membership on the switch is assigned on a port-by-port basis. By default each port belongs
to the default VSAN.
You can dynamically assign VSAN membership to ports by assigning VSANs based on the device
WWN. This method is referred to as Dynamic Port VSAN Membership (DPVM). DPVM offers
flexibility and eliminates the need to reconfigure the port VSAN membership to maintain fabric
topology when a host or storage device connection is moved between two Cisco MDS switches or two
ports within a switch. It retains the configured VSAN regardless of where a device is connected or
moved. To assign VSANs statically, see Chapter 2, “Configuring and Managing VSANs.”
DPVM configurations are based on port world wide name (pWWN) and node world wide name (nWWN)
assignments. A DPVM database contains mapping information for each device pWWN/nWWN
assignment and the corresponding VSAN. The Cisco NX-OS software checks the database during a
device FLOGI and obtains the required VSAN details.
The pWWN identifies the host or device and the nWWN identifies a node consisting of multiple devices.
You can assign any one of these identifiers or any combination of these identifiers to configure DPVM
mapping. If you assign a combination, then preference is given to the pWWN.
DPVM uses the Cisco Fabric Services (CFS) infrastructure to allow efficient database management and
distribution. DPVM uses the application driven, coordinated distribution mode and the fabric-wide
distribution scope (for information about CFS, refer to the Cisco MDS 9000 Family NX-OS System
Management Configuration Guide.
Note DPVM does not cause any changes to device addressing. DPVM only pertains to the VSAN membership
of the device, ensuring that the host gets the same VSAN membership on any port on the switch. For
example, if a port on the switch has a hardware failure, you can move the host connection to another port
on the switch and you do not need to update the VSAN membership manually.
Note The DPVM feature overrides any existing static port VSAN membership configuration. If the VSAN
corresponding to the dynamic port is deleted or suspended, the port is shut down.
Enabling DPVM
To begin configuring DPVM, you must explicitly enable DPVM on the required switches in the fabric.
By default, this feature is disabled in all switches in the Cisco MDS 9000 Family.
The configuration and verification commands for DPVM are only available when DPVM is enabled on
a switch. When you disable this feature, all related configurations are automatically discarded.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# feature dpvm Enables DPVM on that switch.
switch(config)# no feature dpvm Disables (default) DPVM on that switch.
Note To overwrite the login information with the duplicate pWWN login, enter the dpvm
overwrite-duplicate-pwwn command.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# device-alias mode Enables enhanced device alias mode. This is required
enhanced for device-alias configuration in the DPVM database.
switch(config)# device-alias commit
Step 3 switch(config)# dpvm database Creates the DPVM config database.
switch(config-dpvm-db)#
switch(config)# no dpvm database Deletes the DPVM config database.
Command Purpose
Step 4 switch(config-dpvm-db)# pwwn Maps the specified device pWWN to VSAN 100.
12:33:56:78:90:12:34:56 vsan 100
switch(config-dpvm-db)# no pwwn Removes the specified device pWWN mapping from
12:33:56:78:90:12:34:56 vsan 101 the DPVM config database.
Step 5 switch(config-dpvm-db)# nwwn Maps the specified device nWWN to VSAN 101.
14:21:30:12:63:39:72:81 vsan 101
switch(config-dpvm-db)# no nwwn Removes the specified device nWWN mapping from
14:21:30:12:63:39:72:80 vsan 101 the DPVM config database.
Step 6 switch(config-dpvm-db)# device-alias Maps the specified device-alias to VSAN 102.
device1 vsan 102
switch(config-dpvm-db)# no device-alias Removes the specified device-alias mapping from the
device1 vsan 102 DPVM config database.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# dpvm activate Activates the DPVM config database.
switch(config)# no dpvm activate Deactivates the currently active DPVM database.
switch(config)# dpvm activate force Forcefully activates the DPVM config database to
override conflicting entries.
Note Autolearning is only supported for devices connected to F ports. Devices connected to FL ports are not
entered into the DPVM database because DPVM is not supported on FL ports.
• If a device logs out while autolearn is enabled, that entry is automatically deleted from the active
DPVM database.
• If the same device logs multiple times into the switch through different ports, then the VSAN
corresponding to last login is remembered.
• Learned entries do not override previously configured and activated entries.
• Learning is a two-part process—Enabling autolearning followed by disabling autolearning. When
the auto-learn option is enabled, the following applies:
– Learning currently logged-in devices—Occurs from the time learning is enabled.
– Learning new device logins— Occurs as and when new devices log in to the switch.
Enabling Autolearning
To enable autolearning, follow these steps:
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# dpvm auto-learn Enables learning on this switch.
switch(config)# no dpvm auto-learn Disables (default) learning on this switch.
switch(config)# clear dpvm auto-learn Clears the list of auto-learned entries.
switch(config)# clear dpvm auto-learn Clears the list of auto-learned pWWN entries in the
pwwn pwwn distributed DPVM database.
• To clear all autolearn entries, use the clear dpvm auto-learn command.
switch# clear dpvm auto-learn
Note These two commands do not start a session and can only be issued in the local switch.
Tip You can view the contents of the DPVM pending database by issuing the show dpvm pending command.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# no dpvm distribute Disables DPVM distribution to the neighboring switches.
switch(config)# dpvm distribute Enables (default) DPVM distribution to the neighboring
switches.
• A copy of the configuration database becomes the DPVM pending database. Modifications from this
point on are made to the DPVM pending database. The DPVM pending database remains in effect
until you commit the modifications to the DPVM pending database or discard (abort) the changes
to the DPVM pending database.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# dpvm database Accesses the DPVM config database.
switch(config-dpvm-db)#
Step 3 switch(config-dpvm-db)# pwwn Adds one entry to the DPVM config database.
11:22:33:44:55:66:77:88 vsan 11
Step 4 switch(config-dpvm-db)# exit Exits to configuration mode.
switch(config)#
Step 5 switch(config)# dpvm activate Activates the DPVM config database.
Committing Changes
If you commit the changes made to the configuration, the configuration in the DPVM pending database
are distributed to other switches. On a successful commit, the configuration change is applied throughout
the fabric and the lock is released.
To commit the DPVM pending database, follow these steps:
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# dpvm commit Commits the database entries that are currently in the DPVM
pending database.
Discarding Changes
If you discard (abort) the changes made to the DPVM pending database, the configurations remain
unaffected and the lock is released.
To discard the DPVM pending database, follow these steps:
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# dpvm abort Discards the database entries that are currently in the DPVM
pending database.
Tip The DPVM pending database is only available in the volatile directory and is subject to being discarded
if the switch is restarted.
To use administrative privileges and release a locked DPVM session, use the clear dpvm session
command in EXEC mode.
switch# clear dpvm session
Caution If you do not follow these two conditions, the merge will fail. The next distribution will forcefully
synchronize the databases and the activation states in the fabric.
This section describes how to merge DPVM databases and includes the following topics:
• About Copying DPVM Databases, page 3-9
• Copying DPVM Databases, page 3-9
• Comparing Database Differences, page 3-9
• Displaying DPVM Merge Status and Statistics, page 3-10
Note If you copy the DPVM database and fabric distribution is enabled, you must commit the changes.
• Use the dpvm database diff config command to compare the DPVM config database with the active
DPVM database.
switch# dpvm database diff config
Legend: “+” New Entry, “-” Missing Entry, “*” Possible Conflict Entry
---------------------------------------------------------------------
+ pwwn 44:22:33:44:55:66:77:88 vsan 44
* pwwn 11:22:33:44:55:66:77:88 vsan 22
• Use the show dpvm pending-diff command (when CFS distribution is enabled) to compare the
DPVM pending database with the DPVM config database.
To add pending database entries to the DPVM config database, follow these steps:
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# dpvm distribute Enables CFS distribution.
Command Purpose
Step 3 switch(config)# dpvm database Accesses the DPVM config database.
Step 4 switch(config-dpvm-db)# pwwn 44:22:33:44:55:66:77:88 Adds two entries to the DPVM config
vsan 55 database.
switch(config-dpvm-db)# pwwn 55:22:33:44:55:66:77:88
vsan 55
Command Purpose
switch# show dpvm merge statistics Displays the DPVM databases merge statistics.
switch(config)#
switch(config)# clear dpvm merge statistics Clears the DPVM databases merge statistics.
switch(config)#
--------------------------------------------------------------------------
Conflicting DPVM member(s) Loc VSAN Rem VSAN
--------------------------------------------------------------------------
dev-alias dpvm_dev_alias_1 [21:00:00:04:cf:cf:45:ba] 1313 1414
dev-alias dpvm_dev_alias_2 [21:00:00:04:cf:cf:45:bb] 1313 1414
dev-alias dpvm_dev_alias_3 [21:00:00:04:cf:cf:45:bc] 1313 1414
[Total 3 conflict(s)]
rbadri-excal13#
Example 3-2 Displays the DPVM Current Dynamic Ports for the Specified VSAN
Example 3-6 Compares Pending Database with the DPVM Config Database
At this stage, the configuration does not have an active DPVM database and the auto-learn option is
disabled.
Step 2 Activate a null (empty) database so it can be populated with autolearned entries.
switch1# config
Enter configuration commands, one per line. End with CNTL/Z.
switch1(config)# dpvm activate
switch1(config)# dpvm commit
switch1(config)# end
switch1# show dpvm database
switch1# show dpvm database active
switch1# show dpvm status
At this stage, the database is successfully activated and the auto-learn option continues to be disabled.
Step 3 Enable the auto-learn option and commit the configuration changes.
switch1# config
Enter configuration commands, one per line. End with CNTL/Z.
switch1(config)# dpvm auto-learn
switch1(config)# dpvm commit
switch1(config)# end
switch1# show dpvm database active
pwwn 21:00:00:e0:8b:0e:74:8a vsan 4(*)
pwwn 21:01:00:e0:8b:2e:87:8a vsan 5(*)
[Total 2 entries]
* is auto-learnt entry
switch1# show dpvm ports
--------------------------------------------------------------
Interface Vsan Device pWWN Device nWWN
--------------------------------------------------------------
fc1/24 4 21:00:00:e0:8b:0e:74:8a 20:00:00:e0:8b:0e:74:8a
fc1/27 5 21:01:00:e0:8b:2e:87:8a 20:01:00:e0:8b:2e:87:8a
switch1# show flogi database
---------------------------------------------------------------------------
INTERFACE VSAN FCID PORT NAME NODE NAME
---------------------------------------------------------------------------
fc1/24 4 0xe70100 21:00:00:e0:8b:0e:74:8a 20:00:00:e0:8b:0e:74:8a
fc1/27 5 0xe80100 21:01:00:e0:8b:2e:87:8a 20:01:00:e0:8b:2e:87:8a
At this stage, the currently logged in devices (and their current VSAN assignment) populate the active
DPVM database. However the entries are not yet permanent in the active DPVM database.
The output of the show dpvm ports and the show flogi database commands displays two other devices
that have logged in (referred to as switch9 and switch3 in this sample configuration).
Step 4 Access switch9 and issue the following commands:
switch9# show dpvm database active
pwwn 21:00:00:e0:8b:0e:87:8a vsan 1(*)
pwwn 21:01:00:e0:8b:2e:74:8a vsan 1(*)
[Total 2 entries]
* is auto-learnt entry
At this stage, the autolearned entries are made permanent in the active DPVM database.
Step 7 Access switch9 and issue the following commands:
switch9# show dpvm database active
pwwn 21:00:00:e0:8b:0e:87:8a vsan 1
pwwn 21:01:00:e0:8b:2e:74:8a vsan 1
pwwn 21:00:00:e0:8b:0e:76:8a vsan 1
pwwn 21:01:00:e0:8b:2e:76:8a vsan 1
pwwn 21:00:00:e0:8b:0e:74:8a vsan 4
pwwn 21:01:00:e0:8b:2e:87:8a vsan 5
[Total 6 entries]
* is auto-learnt entry
switch9# show dpvm status
DB is activated successfully, auto-learn is off
Note These basic steps help you determine that the information is identical in all the switches in the fabric.
You have now configured a basic DPVM scenario in a Cisco MDS 9000 Family switch.
Default Settings
Table 3-1 lists the default settings for DPVM parameters.
Parameters Default
DPVM Disabled.
DPVM distribution Enabled.
Autolearning Disabled.
Zoning enables you to set up access control between storage devices or user groups. If you have
administrator privileges in your fabric, you can create zones to increase network security and to prevent
data loss or corruption. Zoning is enforced by examining the source-destination ID field.
Advanced zoning capabilities specified in the FC-GS-4 and FC-SW-3 standards are provided. You can
use either the existing basic zoning capabilities or the advanced, standards-compliant zoning
capabilities.
This chapter includes the following sections:
• About Zoning, page 2-1
• Zone Configuration, page 2-6
• Zone Sets, page 2-8
• ZoneSet Distribution, page 2-16
• Zoneset Duplication, page 2-19
• Advanced Zone Attributes, page 2-24
• Displaying Zone Information, page 2-35
• Enhanced Zoning, page 2-44
• Compacting the Zone Database for Downgrading, page 2-64
• Zone and ZoneSet Analysis, page 2-65
• Zoning Best Practice, page 2-67
• Default Settings, page 2-77
Note Table 2-1 on page 2-4 lists the differences between zones and VSANs.
About Zoning
Zoning has the following features:
• A zone consists of multiple zone members.
– Members in a zone can access each other; members in different zones cannot access each other.
– If zoning is not activated, all devices are members of the default zone.
– If zoning is activated, any device that is not in an active zone (a zone that is part of an active
zoneset) is a member of the default zone.
– Zones can vary in size.
– Devices can belong to more than one zone.
• A zoneset consists of one or more zones.
– A zoneset can be activated or deactivated as a single entity across all switches in the fabric.
– Only one zoneset can be activated at any time.
– A zone can be a member of more than one zoneset.
– An MDS switch can have a maximum of 1000 zonesets.
• Zoning can be administered from any switch in the fabric.
– When you activate a zone (from any switch), all switches in the fabric receive the active zoneset.
Additionally, full zone sets are distributed to all switches in the fabric, if this feature is enabled
in the source switch.
– If a new switch is added to an existing fabric, zone sets are acquired by the new switch.
• Zone changes can be configured nondisruptively. New zones and zone sets can be activated without
interrupting traffic on unaffected ports or devices.
• Zone membership criteria is based mainly on WWNs or FC IDs.
– Port world wide name (pWWN)—Specifies the pWWN of an N port attached to the switch as a
member of the zone.
– Fabric pWWN—Specifies the WWN of the fabric port (switch port’s WWN). This membership
is also referred to as port-based zoning.
– FC ID—Specifies the FC ID of an N port attached to the switch as a member of the zone.
– Interface and switch WWN (sWWN)—Specifies the interface of a switch identified by the
sWWN. This membership is also referred to as interface-based zoning.
– Interface and domain ID—Specifies the interface of a switch identified by the domain ID.
– Domain ID and port number—Specifies the domain ID of an MDS domain and additionally
specifies a port belonging to a non-Cisco switch.
– IPv4 address—Specifies the IPv4 address (and optionally the subnet mask) of an attached
device.
– IPv6 address—The IPv6 address of an attached device in 128 bits in colon(:)-separated
hexadecimal format.
– symbolic-nodename —Specifies the member symbolic node name. The maximum length is 240
characters.
• Default zone membership includes all ports or WWNs that do not have a specific membership
association. Access between default zone members is controlled by the default zone policy.
Note For configuration limits on configuring the number of zones, zone members and zone sets, refer to the
Cisco MDS NX-OS Configuration Limits.
Zoning Example
Figure 2-1 illustrates a zoneset with two zones, zone 1 and zone 2, in a fabric. Zone 1 provides access
from all three hosts (H1, H2, H3) to the data residing on storage systems S1 and S2. Zone 2 restricts the
data on S3 to access only by H3. Note that H3 resides in both zones.
Zone 1
H1 S1
Fabric
H2 S2
Zone 2
79535
H3 S3
There are other ways to partition this fabric into zones. Figure 2-2 illustrates another possibility. Assume
that there is a need to isolate storage system S2 for the purpose of testing new software. To achieve this,
zone 3 is configured, which contains only host H2 and storage S2. You can restrict access to just H2 and
S2 in zone 3, and to H1 and S1 in zone 1.
Zone 1
H1 S1
Fabric
H2 Zone 3 S2
79536
H3 Zone 2 S3
Zone Implementation
All switches in the Cisco MDS 9000 Series automatically support the following basic zone features (no
additional configuration is required):
• Zones are contained in a VSAN.
• The administrator can modify the full zoneset even if a zoneset with the same name is active.
However, the modification will be enforced only upon reactivation.
• When the activation is done, the active zoneset is automatically stored in persistent configuration.
This enables the switch to preserve the active zoneset information across switch resets.
• All other switches in the fabric receive the active zoneset so they can enforce zoning in their
respective switches.
• Hard and soft zoning are implemented using the active zoneset. Modifications take effect during
zoneset activation.
• An FC ID or Nx port that is not part of the active zoneset belongs to the default zone and the default
zone information is not distributed to other switches.
Note If one zoneset is active and you activate another zoneset, the currently active zoneset is automatically
deactivated. You do not need to explicitly deactivate the currently active zoneset before activating a new
zoneset.
Active
Zone set Z1
zone set
Zone A
Zone B
Zone C
Active
Zone set Z1
zone set
Zone A
Zone B
Zone C
Active
Zone set Z1
zone set
Zone A
Zone B
Zone C
Zone D
79948
Zone Configuration
This section describes how to configure zones and includes the following topic:
Configuring a Zone
To configure a zone and assign a zone name, follow these steps:
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
Step 2 switch(config)# zone name Zone1 vsan 3 Configures a zone called Zone1
switch(config-zone)# for the VSAN called vsan3.
Note All alphanumeric
characters or one of the
following symbols ($, -,
^, _) are supported.
Step 3 switch(config-zone)# member type value Configures a member for the
pWWN example: specified zone (Zone1) based on
switch(config-zone)# member pwwn 10:00:00:23:45:67:89:ab
Fabric pWWN example:
the type (pWWN, fabric
switch(config-zone)# member fwwn 10:01:10:01:10:ab:cd:ef pWWN, FC ID, fcalias, domain
FC ID example: ID, IPv4 address, IPv6 address,
switch(config-zone)# member fcid 0xce00d1 or interface) and value specified.
FC alias example:
switch(config-zone)# member fcalias Payroll
Domain ID example:
switch(config-zone)# member domain-id 2 portnumber 23 Caution You must only
IPv4 address example: configure
switch(config-zone)# member ip-address 10.15.0.0 pWWN-type zoning
255.255.0.0 on all MDS switches
IPv6 address example:
running Cisco
switch(config-zone)# member ipv6-address
2001::db8:800:200c:417a/64 SAN-OS if there is a
Local sWWN interface example: Cisco MDS 9020
switch(config-zone)# member interface fc 2/1 switch running
Remote sWWN interface example: FabricWare in the
switch(config-zone)# member interface fc2/1 swwn
same fabric.
20:00:00:05:30:00:4a:de
Domain ID interface example:
switch(config-zone)# member interface fc2/1 domain-id 25
switch(config-zone)# member symbolic-nodename iqn.test
Tip Use a relevant display command (for example, show interface or show flogi database) to obtain the
required value in hex format.
Tip Use the show wwn switch command to retrieve the sWWN. If you do not provide a sWWN, the software
automatically uses the local sWWN.
Note Interface-based zoning only works with Cisco MDS 9000 Series switches. Interface-based zoning does
not work if interop mode is configured in that VSAN.
When the number of zones configured has exceeded the maximum number of zones allowed across all
VSANs, this message is displayed:
switch(config)# zone name temp_zone1 vsan 300
cannot create the zone; maximum possible number of zones is already configured
Note For configuration limits on configuring the number of zones, zone members and zone sets, refer to the
Cisco MDS NX-OS Configuration Limits.
Zone Sets
Zones provide a method for specifying access control, while zone sets are a grouping of zones to enforce
access control in the fabric.
This section describes zone sets and includes the following topics:
• Configuring the Default Zone Access Permission, page 2-13
• About FC Alias Creation, page 2-13
• Creating FC Aliases, page 2-13
• Creating Zone Sets and Adding Member Zones, page 2-14
• Zone Enforcement, page 2-16
Zone sets are configured with the names of the member zones and the VSAN (if the zoneset is in a
configured VSAN).
Zoneset Distribution—You can distribute full zone sets using one of two methods: one-time
distribution or full zoneset distribution.
Zoneset Duplication—You can make a copy of a zoneset and then edit it without altering the original
zoneset. You can copy an active zoneset from the bootflash: directory, volatile: directory, or slot0, to one
of the following areas:
• To the full zoneset
• To a remote location (using FTP, SCP, SFTP, or TFTP)
The active zoneset is not part of the full zoneset. You cannot make changes to an existing zoneset and
activate it, if the full zoneset is lost or is not propagated.
ZoneSet Creation
In Figure 2-4, two separate sets are created, each with its own membership hierarchy and zone members.
79537
H1 H2 H3 S1 S2
Tip Zonesets are configured with the names of the member zones and the VSAN (if the zoneset is in a
configured VSAN).
Activating a Zoneset
Changes to a zoneset do not take effect in a full zoneset until you activate it.
Command Purpose
Step 1 switch# config terminal Enters configuration mode.
switch(config)#
Step 2 switch(config)# zoneset activate name Activates the specified zoneset.
Zoneset1 vsan 3
If full zoneset distribution is configured for a
VSAN, the zoneset activation also distributes the
full zoning database to the other switches in the
fabric.
If enhanced zoning is configured for a VSAN
then the zoneset activation is held pending until
the zone commit vsan vsan-id command is
enabled. The show zone pending-diff vsan
vsan-id displays the pending changes.
Note While activating a zoneset, if the zoneset
overwrite-control vsan id command is
enabled and the zoneset name is different
from the current active zoneset, the
activation will fail with an error message.
For more information see Overwrite
Control for an Active Zoneset.
Tip You do not have to issue the copy running-config startup-config command to store the active zoneset.
However, you need to issue the copy running-config startup-config command to explicitly store full
zone sets. If there is more than one switch in a fabric, the copy running-config startup-config fabric
command should be issued. The fabric keyword causes the copy running-config startup-config
command to be issued on all the switches in the fabric, and also saves the full zone information to the
startup-config on all the switches in the fabric. This is important in the event of a switch reload or power
cycle.
Note The overwrite control for an active zoneset feature is available only in enhanced zone mode.
When activating a new zoneset, if users make a mistake while entering the zoneset name, and if this name
already exists on the switch, it results in activation of the wrong zoneset and traffic loss. To avoid
activating a wrong zoneset, the zoneset overwrite-control vsan id command is introduced.
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
switch(config)#
Step 2 switch(config)# zoneset overwrite-control vsan 3 Enables overwrite-control for the
specified VSAN.
switch(config)# zoneset
overwrite-control vsan 1
WARNING: This will enable
Activation Overwrite control. Do
you want to continue?
(y/n) [n]
Note Even when the zoneset overwrite-control vsan id command is enabled, the user can override it and
continue with the activation of a new zoneset using the zoneset activate name zoneset name vsan
vsan-id force command.
Default Zone
Each member of a fabric (in effect a device attached to an Nx port) can belong to any zone. If a member
is not part of any active zone, it is considered to be part of the default zone. Therefore, if no zoneset is
active in the fabric, all devices are considered to be in the default zone. Even though a member can
belong to multiple zones, a member that is part of the default zone cannot be part of any other zone. The
switch determines whether a port is a member of the default zone when the attached port comes up.
Note Unlike configured zones, default zone information is not distributed to the other switches in the fabric.
Traffic can either be permitted or denied among members of the default zone. This information is not
distributed to all switches; it must be configured in each switch.
Note When the switch is initialized for the first time, no zones are configured and all members are considered
to be part of the default zone. Members are not permitted to talk to each other.
Configure the default zone policy on each switch in the fabric. If you change the default zone policy on
one switch in a fabric, be sure to change it on all the other switches in the fabric.
Note The default settings for default zone configurations can be changed.
The default zone members are explicitly listed when the default policy is configured as permit or when
a zoneset is active. When the default policy is configured as deny, the members of this zone are not
explicitly enumerated when you issue the show zoneset active command.
Note The current default zoning policy is deny. The hidden active zoneset is d__efault__cfg in MDS. When
there is a mismatch in default-zoning policies between two switches (permit on one side and deny on the
other), zone merge will fail. The behavior is the same between two Brocade switches as well. The error
messages will be as shown below.
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
Step 2 switch(config)# zone default-zone permit vsan 1 Permits traffic flow to default zone
members.
switch(config)# no zone default-zone permit vsan 1 Denies (default) traffic flow to default
zone members.
Tip The Cisco NX-OS software supports a maximum of 2048 aliases per VSAN.
Creating FC Aliases
To create an alias, follow these steps:
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
Step 2 switch(config)# fcalias name AliasSample vsan 3 Configures an alias name (AliasSample).
switch(config-fcalias)#
Command Purpose
Step 3 switch(config-fcalias)# member type value Configures a member for the specified fcalias
pWWN example: (AliasSample) based on the type (pWWN,
switch(config-fcalias)# member pwwn
10:00:00:23:45:67:89:ab
fabric pWWN, FC ID, domain ID, IPv4
fWWN example: address, IPv6 address, or interface) and value
switch(config-fcalias)# member fwwn specified.
10:01:10:01:10:ab:cd:ef
FC ID example:
switch(config-fcalias)# member fcid 0x222222
Domain ID example:
switch(config-fcalias)# member domain-id 2
portnumber 23
IPv4 address example:
switch(config-fcalias)# member ip-address
10.15.0.0 255.255.0.0
IPv6 address example:
switch(config-fcalias)# member ipv6-address
2001::db8:800:200c:417a/64
Local sWWN interface example:
switch(config-fcalias)# member interface fc 2/1
Remote sWWN interface example:
switch(config-fcalias)# member interface fc2/1
swwn 20:00:00:05:30:00:4a:de
Domain ID interface example:
switch(config-fcalias)# member interface fc2/1
domain-id 25
Step 4 Note Multiple members can be specified on multiple lines.
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
Step 2 switch(config)# zoneset name Zoneset1 vsan 3 Configures a zoneset called Zoneset1.
switch(config-zoneset)#
Tip To activate a zoneset, you must first
create the zone and a zoneset.
Step 3 switch(config-zoneset)# member Zone1 Adds Zone1 as a member of the specified zoneset
(Zoneset1).
Tip If the specified zone name was not
previously configured, this command will
return the Zone not present error
message.
Command Purpose
Step 4 switch(config-zoneset)# zone name Adds a zone (InlineZone1) to the specified
InlineZone1 zoneset (Zoneset1).
switch(config-zoneset-zone)#
Tip Execute this step only if you need to
create a zone from a zoneset prompt.
Step 5 switch(config-zoneset-zone)# member fcid Adds a new member (FC ID 0x111112) to the
0x111112 new zone (InlineZone1).
switch(config-zoneset-zone)#
Tip Execute this step only if you need to add
a member to a zone from a zoneset
prompt.
Tip You do not have to issue the copy running-config startup-config command to store the active zoneset.
However, you need to issue the copy running-config startup-config command to explicitly store full
zone sets. If there is more than one switch in a fabric, the copy running-config startup-config fabric
command should be issued. The fabric keyword causes the copy running-config startup-config
command to be issued on all the switches in the fabric, and also saves the full zone information to the
startup-config on all the switches in the fabric. This is important in the event of a switch reload or power
cycle.
Caution If you deactivate the active zoneset in a VSAN that is also configured for IVR, the active IVR zoneset
(IVZS) is also deactivated and all IVR traffic to and from the switch is stopped. This deactivation can
disrupt traffic in more than one VSAN. Before deactivating the active zoneset, check the active zone
analysis for the VSAN (see the “Zone and ZoneSet Analysis” section on page 2-65). To reactivate the
IVZS, you must reactivate the regular zoneset (refer to the Cisco MDS 9000 Series NX-OS Inter-VSAN
Routing Configuration Guide).
Caution If the currently active zoneset contains IVR zones, activating the zoneset from a switch where IVR is not
enabled disrupts IVR traffic to and from that VSAN. We strongly recommend that you always activate
the zoneset from an IVR-enabled switch to avoid disrupting IVR traffic.
Note Set the device alias mode to enhanced when using SDV (because the pWWN of a virtual device could
change).
For example, SDV is enabled on a switch and a virtual device is defined. SDV assigns a pWWN for the
virtual device, and it is zoned based on the pWWN in a zone. If you later disable SDV, this configuration
is lost. If you reenable SDV and create the virtual device using the same name, there is no guarantee that
it will get the same pWWN again. You will have to rezone the pWWN-based zone. However, if you
perform zoning based on the device-alias name, there are no configuration changes required if or when
the pWWN changes.
Be sure you understand how device alias modes work before enabling them. Refer to Chapter 5,
“Distributing Device Alias Services” for details and requirements about device alias modes.
Zone Enforcement
Zoning can be enforced in two ways: soft and hard. Each end device (N port or NL port) discovers other
devices in the fabric by querying the name server. When a device logs in to the name server, the name
server returns the list of other devices that can be accessed by the querying device. If an Nx port does
not know about the FCIDs of other devices outside its zone, it cannot access those devices.
In soft zoning, zoning restrictions are applied only during interaction between the name server and the
end device. If an end device somehow knows the FCID of a device outside its zone, it can access that
device.
Hard zoning is enforced by the hardware on each frame sent by an Nx port. As frames enter the switch,
source-destination IDs are compared with permitted combinations to allow the frame at wirespeed. Hard
zoning is applied to all forms of zoning.
Note Hard zoning enforces zoning restrictions on every frame, and prevents unauthorized access.
Switches in the Cisco MDS 9000 Series support both hard and soft zoning.
ZoneSet Distribution
You can distribute full zone sets using one of two methods: one-time distribution at the EXEC mode level
or full zoneset distribution at the configuration mode level.
Table 2-1 lists the differences between these distribution methods.
Tip You do not have to issue the copy running-config startup-config command to store the active zoneset.
However, you need to issue the copy running-config startup-config command to explicitly store full
zone sets. If there is more than one switch in a fabric, the copy running-config startup-config fabric
command should be issued. The fabric keyword causes the copy running-config startup-config
command to be issued on all the switches in the fabric, and also saves the full zone information to the
startup-config on all the switches in the fabric. This is important in the event of a switch reload or power
cycle.
This section describes zoneset distribution and includes the following topics:
• Enabling Full Zoneset Distribution, page 2-17
• Enabling a One-Time Distribution, page 2-17
• About Recovering from Link Isolation, page 2-18
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
Step 2 switch(config)# zoneset distribute full vsan 33 Enables sending a full zoneset along with an
active zoneset.
This command only distributes the full zoneset information; it does not save the information to the
startup configuration. You must explicitly issue the copy running-config startup-config command to
save the full zoneset information to the startup configuration.
Note The zoneset distribute vsan vsan-id command is supported in interop 2 and interop 3 modes, not in
interop 1 mode.
Use the show zone status vsan vsan-id command to check the status of the one-time zoneset distribution
request.
switch# show zone status vsan 9
VSAN: 9 default-zone: deny distribute: full Interop: default
mode: enhanced merge-control: allow
session: none
hard-zoning: enabled broadcast: enabled
smart-zoning: disabled
rscn-format: fabric-address
activation overwrite control:disabled
Default zone:
qos: none broadcast: disabled ronly: disabled
Full Zoning Database :
DB size: 2002584 bytes
Zonesets:4 Zones:7004 Aliases: 0 Attribute-groups: 1
Active Zoning Database :
DB size: 94340 bytes
Name: zoneset-hac13-200 Zonesets:1 Zones:176
Current Total Zone DB Usage: 2096924 / 2097152 bytes (99 % used)
Pending (Session) DB size:
Full DB Copy size: 0 bytes
Active DB Copy size: 0 bytes
SFC size: 0 / 2097152 bytes (0 % used)
Switch 1 Switch 2
configured in Switch 1
Command Purpose
Step 1 switch# zoneset import interface fc1/3 Imports the zoneset from the adjacent switch connected
vsan 2 through the fc 1/3 interface for VSAN 2.
switch# zoneset import interface fc1/3 Imports the zoneset from the adjacent switch connected
vsan 2-5 through the fc 1/3 interface for VSANs ranging from 2
through 5.
Step 2 switch# zoneset export vsan 5 Exports the zoneset to the adjacent switch connected
through VSAN 5.
switch# zoneset export vsan 5-8 Exports the zoneset to the adjacent switch connected
through the range of VSANs 5 through 8.
Note Issue the import and export commands from a single switch. Importing from one switch and exporting
from another switch can lead to isolation again.
Zoneset Duplication
You can make a copy and then edit it without altering the existing active zoneset. You can copy an active
zoneset from the bootflash: directory, volatile: directory, or slot0, to one of the following areas:
• To the full zoneset
• To a remote location (using FTP, SCP, SFTP, or TFTP)
The active zoneset is not part of the full zoneset. You cannot make changes to an existing zoneset and
activate it, if the full zoneset is lost or is not propagated.
Caution Copying an active zoneset to a full zoneset may overwrite a zone with the same name, if it already exists
in the full zoneset database.
Command Purpose
Step 1 switch# zone copy active-zoneset full-zoneset Makes a copy of the active zoneset in VSAN 2
vsan 2 to the full zoneset.
Please enter yes to proceed.(y/n) [n]? y
switch# zone copy vsan 3 active-zoneset Copies the active zone in VSAN 3 to a remote
scp://guest@myserver/tmp/active_zoneset.txt location using SCP.
Caution If the Inter-VSAN Routing (IVR) feature is enabled and if IVR zones exist in the active zoneset, then a
zoneset copy operation copies all the IVR zones to the full zone database. To prevent copying to the IVR
zones, you must explicitly remove them from the full zoneset database before performing the copy
operation. For more information on the IVR feature see the Cisco MDS 9000 Series NX-OS Inter-VSAN
Routing Configuration Guide.
Backing Up Zones
To back up the full zone configuration using DCNM, follow these steps:
Step 1 Choose Zone > Edit Local Full Zone Database. You see the Select VSAN dialog box.
Step 2 Select a VSAN and click OK. You see the Edit Local Full Zone Database dialog box for the selected
VSAN as shown in Figure 2-6.
Step 3 Choose File > Backup > This VSAN Zones to back up the existing zone configuration to a workstation
using TFTP, SFTP, SCP, or FTP. You see the Backup Zone Configuration dialog box shown in Figure 2-7.
You can edit this configuration before backing up the data to a remote server.
Step 4 Provide the following Remote Options information to back up data onto a remote server:
a. Using—Select the protocol.
b. Server IP Address—Enter the IP adress of the server.
c. UserName—Enter the name of the user.
d. Password—Enter the password for the user.
e. File Name(Root Path)—Enter the path and the filename.
Step 5 Click Backup or click Cancel to close the dialog box without backing up.
Restoring Zones
To restore the full zone configuration using DCNM, follow these steps:
Step 1 Choose Zone > Edit Local Full Zone Database. You see the Select VSAN dialog box.
Step 2 Select a VSAN and click OK. You see the Edit Local Full Zone Database dialog box for the selected
VSAN as shown in Figure 2-8.
Step 3 Choose File > Restore to restore a saved zone configuration using TFTP, SFTP, SCP or FTP. You see
the Restore Zone Configuration dialog box shown in Figure 2-9.
Note Click View Config to see information on how the zone configuration file from a remote server will be
restored. When you click Yes in this dialog box, you will be presented with the CLI commands that are
executed. To close the dialog box, click Close.
Note Backup and Restore options are available to switches that run Cisco NX-OS Release 4.1(3a) or later.
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
Step 2 switch(config)# zoneset rename oldname newname Renames a zone set in the specified
vsan 2 VSAN.
switch(config)# zone rename oldname newname vsan 2 Renames a zone in the specified VSAN.
switch(config)# fcalias rename oldname newname Renames a fcalias in the specified VSAN.
vsan 2
switch(config)# zone-attribute-group rename Renames a zone attribute group in the
oldname newname vsan 2 specified VSAN.
Step 3 switch(config)# zoneset activate name newname Activates the zone set and updates the new
vsan 2 zone name in the active zone set.
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
Step 2 switch(config)# zoneset rename oldname newname Renames a zoneset in the specified VSAN.
vsan 2
switch(config)# zone rename oldname newname vsan 2 Renames a zone in the specified VSAN.
switch(config)# fcalias rename oldname newname Renames a fcalias in the specified VSAN.
vsan 2
switch(config)# zone-attribute-group rename Renames a zone attribute group in the
oldname newname vsan 2 specified VSAN.
Step 3 switch(config)# zoneset activate name newname Activates the zoneset and updates the new
vsan 2 zone name in the active zoneset.
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
Step 2 switch(config)# zoneset clone oldname newname Clones a zoneset in the specified VSAN.
vsan 2
switch(config)# zone clone oldname newname vsan 2 Clones a zone in the specified VSAN.
switch(config)# fcalias clone oldname newname Clones a fcalias in the specified VSAN.
vsan 2
switch(config)# zone-attribute-group clone Clones a zone attribute group in the
oldname newname vsan 2 specified VSAN.
Step 3 switch(config)# zoneset activate name newname Activates the zoneset and updates the new
vsan 2 zone name in the active zoneset.
Note After issuing a clear zone database command, you must explicitly issue the copy running-config
startup-config to ensure that the running configuration is used when the switch reboots.
Note Clearing a zoneset only erases the full zone database, not the active zone database.
Caution If zone-based QoS is implemented in a switch, you cannot configure the interop mode in that VSAN.
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
Step 2 switch(config)# zone name QosZone vsan 2 Configures an alias name (QosZone) and
switch(config-zone)# enters zone configuration submode.
Step 3 switch(config-zone)# attribute-group qos Configures this zone to assign high priority
priority high QoS traffic to each frame matching this zone
in enhanced mode.
Step 4 switch(config-zone)# attribute qos priority Configures this zone to assign high priority
high QoS traffic to each frame matching this zone.
switch(config-zone)# attribute qos priority Configures this zone to assign medium
medium priority QoS traffic to each frame matching
this zone.
switch(config-zone)# attribute qos priority low Configures this zone to assign low priority
QoS traffic to each frame matching this zone.
switch(config-zone)# no attribute qos priority Reverts to using the default low priority for
high this zone.
Step 5 switch(config-zone)# exit Returns to configuration mode.
switch(config)#
Command Purpose
Step 6 switch(config)# zoneset name QosZoneset vsan 2 Configures a zoneset called QosZoneset for
switch(config-zoneset)# the specified VSAN (vsan 2) and enters
zoneset configuration submode.
Tip To activate a zoneset, you must first
create the zone and a zoneset.
Step 7 switch(config-zoneset)# member QosZone Adds QosZone as a member of the specified
zoneset (QosZoneset).
Tip If the specified zone name was not
previously configured, this command
will return the Zone not present
error message.
Step 8 switch(config-zoneset)# exit Returns to configuration mode.
switch(config)#
Step 9 switch(config)# zoneset activate name Activates the specified zoneset.
QosZoneset vsan 2
Note If a member is part of two zones with two different QoS priority attributes, the higher QoS value is
implemented. This situation does not arise in the VSAN-based QoS as the first matching entry is
implemented.
To configure the QoS priority attributes for a default zone, follow these steps:
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
switch(config)#
Step 2 switch(config)# zone default-zone vsan 1 Enters the default zone configuration submode.
switch(config-default-zone)#
Step 3 switch(config-default-zone)# attribute qos Sets the QoS priority attribute for frames matching
priority high these zones.
switch(config-default-zone)# no attribute Removes the QoS priority attribute for the default
qos priority high zone and reverts to default low priority.
Note Broadcast zoning is not supported on the Cisco Fabric Switch for HP c-Class BladeSystem and the Cisco
Fabric Switch for IBM BladeCenter.
You can configure broadcast frames in the basic zoning mode. By default, broadcast zoning is disabled
and broadcast frames are sent to all Nx ports in the VSAN. When enabled, broadcast frames are only
sent to Nx ports in the same zone, or zones, as the sender. Enable broadcast zoning when a host or storage
device uses this feature.
Table 2-2 identifies the rules for the delivery of broadcast frames.
Tip If any NL port attached to an FL port shares a broadcast zone with the source of the broadcast frame,
then the frames are broadcast to all devices in the loop.
Caution If broadcast zoning is enabled on a switch, you cannot configure the interop mode in that VSAN.
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
switch(config)#
Step 2 switch(config)# zone broadcast enable vsan 2 Broadcasts frames for the specified VSAN.
switch(config)# no zone broadcast enable vsan 3 Disables (default) broadcasting for the
specified VSAN.
Step 3 switch(config)# zone name BcastZone vsan 2 Creates a broadcast zone in the specified
switch(config-zone)# VSAN and enters zone configuration
submode.
Step 4 switch(config-zone)# member pwwn Adds the specified member to this zone.
21:00:00:20:37:f0:2e:4d
Step 5 switch(config-zone)# attribute broadcast Specifies this zone to be broadcast to other
devices.
Step 6 switch(config-zone)# end Displays the broadcast configuration.
switch# show zone vsan 2
zone name bcast-zone vsan 2
attribute broadcast
pwwn 21:00:00:e0:8b:0b:66:56
pwwn 21:00:00:20:37:f0:2e:4d
Note Zone broadcast is not supported from Cisco NX-OS Release 5.x and later.
To configure the broadcast attribute for a default zone, follow these steps:
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
switch(config)#
Step 2 switch(config)# zone default-zone vsan 1 Enters the default zone configuration submode.
switch(config-default-zone)#
Step 3 switch(config-default-zone)# attribute Sets broadcast attributes for the default zone.
broadcast
switch(config-default-zone)# no attribute Reverts the default zone attributes to read-write
broadcast (default).
Note • Smart Zoning can be enabled at VSAN level but can also be disabled at zone level.
• Smart zoning is not supported on VSANs that have DMM, IOA, or SME applications enabled on
them.
• Zones must have 50 members or less.
Feature Supported
PWWN Yes
FCID Yes
FCalias Yes
Device-alias Yes
Interface No
IP address No
Symbolic nodename No
FWWN No
Domain ID No
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
switch(config)#
Step 2 switch(config)# zone smart-zoning enable Enables smart zoning on a VSAN.
vsan 1
switch(config)#
switch(config)# no zone smart-zoning Disables smart zoning on a VSAN.
enable vsan 1
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
switch(config)#
Step 2 switch(config)# system default zone Enables smart zoning on a VSAN that are created
smart-zone enable based on the specified default value.
switch(config)#
Step 3 switch(config)# no system default zone Disables smart zoning on a VSAN.
smart-zone enable
switch(config)#
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
switch(config)#
Step 2 switch(config)# zone convert smart-zoning Fetches the device type information from the
fcalias name <alias-name> vsan <vsan no> nameserver for the fcalias members.
Use the show fcns database command to check if the device is initiator, target or both:
switch# show fcns database
VSAN 1:
--------------------------------------------------------------------------
FCID TYPE PWWN (VENDOR) FC4-TYPE:FEATURE
--------------------------------------------------------------------------
0x9c0000 N 21:00:00:e0:8b:08:96:22 (Company 1) scsi-fcp:init
0x9c0100 N 10:00:00:05:30:00:59:1f (Company 2) ipfc
0x9c0200 N 21:00:00:e0:8b:07:91:36 (Company 3) scsi-fcp:init
0x9c03d6 NL 21:00:00:20:37:46:78:97 (Company 4) scsi-fcp:target
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
switch(config)#
Step 2 switch(config-zoneset-zone)# member Configures the device type for the device-alias
device-alias <name> both member as both. For every supported member-type,
init, target, and both are supported.
Step 3 switch(config-zoneset-zone)# member pwwn Configures the device type for the pwwn member
<number> target as target. For every supported member-type, init,
target, and both are supported.
Step 4 switch(config-zoneset-zone)# member fcid Configures the device type for the FCID member.
<number> There is no specific device type that is configured.
For every supported member-type, init, target, and
both are supported.
Command Purpose
Step 1 switch(config)# clear zone smart-zoning Removes the device type configuration for all the
fcalias name <alias-name> vsan <vsan no> members of the specified fcalias.
Step 2 switch(config)# clear zone smart-zoning Removes the device type configuration for all the
zone name <zone name> vsan <vsan no> members of the specified zone.
Step 3 switch(config)# clear zone smart-zoning Removes the device type configuration for all the
zoneset name <zoneset name> vsan <vsan no> members of the zone and fcalias for the specified
zoneset.
Step 4 switch(config)# clear zone smart-zoning Removes the device type configuration for all the
vsan <vsan no> members of the zone and fcalias of all the specified
zonesets in the VSAN.
Disabling Smart Zoning at Zone Level for a VSAN in the Basic Zoning Mode
To disable smart zoning at the zone level for a VSAN in basic zoning mode, follow these steps:
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
switch(config)#
Step 2 switch(config)# zone name zone1 vsan 1 Configures a zone name.
Step 3 switch(config-zone)# attribute Disables Smart Zoning for the selected zone.
disable-smart-zoning
Disabling Smart Zoning at Zone Level for a VSAN in the Enhanced Zoning Mode
To disable smart zoning at the zone level for a VSAN in enhanced zoning mode, follow these steps:
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
switch(config)#
Step 2 switch(config)# zone-attribute-group name Creates an enhanced zone session.
disable-sz vsan 1
Enhanced zone session has been created.
Please 'commit' the changes when done.
Step 3 switch(config-attribute-group)# Disables Smart Zoning for the selected zone.
disable-smart-zoning
Caution LUN zoning can only be implemented in Cisco MDS 9000 Series switches. If LUN zoning is
implemented in a switch, you cannot configure the interop mode in that switch.
A storage device can have multiple LUNs behind it. If the device port is part of a zone, a member of the
zone can access any LUN in the device. With LUN zoning, you can restrict access to specific LUNs
associated with a device.
Note When LUN 0 is not included within a zone, then, as per standards requirements, control traffic to LUN
0 (for example, REPORT_LUNS, INQUIRY) is supported, but data traffic to LUN 0 (for example,
READ, WRITE) is denied.
• Host H1 can access LUN 2 in S1 and LUN 0 in S2. It cannot access any other LUNs in S1 or S2.
• Host H2 can access LUNs 1 and 3 in S1 and only LUN 1 in S2. It cannot access any other LUNs in
S1 or S2.
Note LUN zoning is not supported from Cisco MDS NX-OS Release 5.x and later.
H1 S1
Zone 1 LUN 0
LUN 1
LUN 2
Zone 2 S1 LUN 3
Fabric
LUN 0
LUN 1
Zone 2 LUN 2
79540
H2 S2 LUN 3
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
switch(config)#
Step 2 switch(config)# zone name LunSample vsan 2 Configures a zone called LunSample for the
switch(config-zone)# specified VSAN (vsan 2) and enters zone
configuration submode.
Command Purpose
Step 3 switch(config-zone)# member pwwn Configures a zone member based on the specified
10:00:00:23:45:67:89:ab lun 0x64 pWWN and LUN value.
Note The CLI interprets the LUN identifier value
as a hexadecimal value whether or not the
0x prefix is included. LUN 0x64 in hex
format corresponds to 100 in decimal
format.
switch(config-zone)# member fcid 0x12465 Configures a zone member based on the FC ID and
lun 0x64 LUN value.
Note Refer to the relevant user manuals to obtain the LUN number for each HBA.
Caution If you make any errors when assigning LUNs, you might lose data.
Note Read-only zones are not supported from Cisco MDS NX-OS Release 5.x and later.
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
switch(config)#
Step 2 switch(config)# zone name Sample2 vsan 2 Configures a zone called Sample2 for the specified
switch(config-zone)# VSAN (vsan 2) and enters zone configuration
submode.
Step 3 switch(config-zone)# attribute read-only Sets read-only attributes for the Sample2 zone.
Note The default is read-write for all zones.
switch(config-zone)# no attribute Reverts the Sample2 zone attributes to read-write.
read-only
To configure the read-only option for a default zone, follow these steps:
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
switch(config)#
Step 2 switch(config)# zone default-zone vsan 1 Enters the default zone configuration submode.
switch(config-default-zone)#
Step 3 switch(config-default-zone)# attribute Sets read-only attributes for the default zone.
read-only
switch(config-default-zone)# no attribute Reverts the default zone attributes to read-write
read-only (default).
fwwn 20:50:00:05:30:00:2a:1e
fwwn 20:51:00:05:30:00:2a:1e
fwwn 20:52:00:05:30:00:2a:1e
Use the show zone name command to display members of a specific zone.
pwwn 21:00:00:20:37:9c:48:e5
Use the show zone member command to display all zones to which a member belongs using the FC ID.
Use the show zone statistics command to display the number of control frames exchanged with other
switches.
Use the show zone command to display the zone attributes for all configured zones.
Use the show running and show zone active commands to display the configured interface-based zones
(see Example 2-18 and Example 2-19).
A similar output is also available on the remote switch (see Example 2-20).
Example 2-20 Displays the Local Interface Active Zone Details for a Remote Switch
Example 2-23 Displays How to Create a Zone Attribute-Group to for a VSAN in the Enhanced Mode to
Disable Smart Zoning at an Individual Zone Level
Note After the attribute-group is created, it needs to be applied to any zones requiring smart zoning
to be disabled.
Example 2-25 Displays how to Clear Device type Configuration for Members
Enhanced Zoning
The zoning feature complies with the FC-GS-4 and FC-SW-3 standards. Both standards support the basic
zoning functionalities explained in the previous section and the enhanced zoning functionalities
described in this section.
This section includes the following topics:
• About Enhanced Zoning, page 2-45
• Changing from Basic Zoning to Enhanced Zoning, page 2-46
• Changing from Enhanced Zoning to Basic Zoning, page 2-46
• Enabling Enhanced Zoning, page 2-46
• Modifying the Zone Database, page 2-47
• Enabling Automatic Zone Pending Diff Display, page 2-48
• Creating Attribute Groups, page 2-48
• Merging the Database, page 2-49
• Configuring Zone Merge Control Policies, page 2-59
• Permitting or Denying Traffic in the Default Zone, page 2-59
• Broadcasting a Zone, page 2-60
• Configuring System Default Zoning Settings, page 2-61
• Displaying Enhanced Zone Information, page 2-62
Enhanced Zoning
Basic Zoning Enhanced Zoning Advantages
Administrators can make Performs all configurations within One configuration session
simultaneous configuration a single configuration session. for the entire fabric to ensure
changes. Upon activation, one When you begin a session, the consistency within the fabric.
administrator can overwrite switch locks the entire fabric to
another administrator’s changes. implement the change.
If a zone is part of multiple References to the zone are used by Reduced payload size as the
zonesets, you create an instance of the zonesets as required once you zone is referenced. The size
this zone in each zoneset. define the zone. is more pronounced with
bigger databases.
The default zone policy is defined Enforces and exchanges the Fabric-wide policy
per switch. To ensure smooth default zone setting throughout enforcement reduces
fabric operation, all switches in the the fabric. troubleshooting time.
fabric must have the same default
zone setting.
To retrieve the results of the Retrieves the activation results and Enhanced error reporting
activation on a per switch basis, the the nature of the problem from eases the troubleshooting
managing switch provides a each remote switch. process.
combined status about the
activation. It does not identify the
failure switch.
To distribute the zoning database, Implements changes to the zoning Distribution of zone sets
you must reactivate the same database and distributes it without without activation avoids
zoneset. The reactivation may reactivation. hardware changes for hard
affect hardware changes for hard zoning in the switches.
zoning on the local switch and on
remote switches.
The MDS-specific zone member Provides a vendor ID along with a Unique vendor type.
types (IPv4 address, IPv6 address, vendor-specific type value to
symbolic node name, and other uniquely identify a member type.
types) may be used by other
non-Cisco switches. During a
merge, the MDS-specific types can
be misunderstood by the non-Cisco
switches.
The fWWN-based zone Supports fWWN-based The fWWN-based member
membership is only supported in membership in the standard type is standardized.
Cisco interop mode. interop mode (interop mode 1).
Step 1 Verify that all switches in the fabric are capable of working in the enhanced mode.
If one or more switches are not capable of working in enhanced mode, then your request to move to
enhanced mode is rejected.
Step 2 Set the operation mode to enhanced zoning mode. By doing so, you will automatically start a session,
acquire a fabric wide lock, distribute the active and full zoning database using the enhanced zoning data
structures, distribute zoning policies and then release the lock. All switches in the fabric then move to
the enhanced zoning mode.
Tip After moving from basic zoning to enhanced zoning, we recommend that you save the running
configuration.
Step 1 Verify that the active and full zoneset do not contain any configuration that is specific to the enhanced
zoning mode.
If such configurations exist, delete them before proceeding with this procedure. If you do not delete the
existing configuration, the Cisco NX-OS software automatically removes them.
Step 2 Set the operation mode to basic zoning mode. By doing so, you will automatically start a session, acquire
a fabric wide lock, distribute the zoning information using the basic zoning data structure, apply the
configuration changes and release the lock from all switches in the fabric. All switches in the fabric then
move to basic zoning mode.
Note If a switch running Cisco SAN-OS Release 2.0(1b) and NX-OS 4(1b) or later, with enhanced
zoning enabled is downgraded to Cisco SAN-OS Release 1.3(4), or earlier, the switch comes up
in basic zoning mode and cannot join the fabric because all the other switches in the fabric are
still in enhanced zoning mode.
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
switch(config)#
Step 2 switch(config)# zone mode enhanced vsan 3000 Enables enhanced zoning in the
Set zoning mode command initiated. Check zone status specified VSAN.
switch(config)# no zone mode enhanced vsan 150 Disables enhanced zoning in the
Set zoning mode command initiated. Check zone status specified VSAN.
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
switch(config)#
Step 2 switch(config)# zone commit vsan 2 Applies the changes to the enhanced zone database
No pending info found and closes the session.
switch(config)# zone commit vsan 3 force Forcefully applies the changes to the enhanced
zone database and closes the session created by
another user.
switch(config)# no zone commit vsan 2 Discards the changes to the enhanced zone
database and closes the session.
switch(config)# no zone commit vsan 3 force Forcefully discards the changes to the enhanced
zone database and closes the session created by
another user.
Tip You do not have to issue the copy running-config startup-config command to store the active zoneset.
However, you need to issue the copy running-config startup-config command to explicitly store full
zone sets. If there is more than one switch in a fabric, the copy running-config startup-config fabric
command should be issued. The fabric keyword causes the copy running-config startup-config
command to be issued on all the switches in the fabric, and also saves the full zone information to the
startup-config on all the switches in the fabric. This is important in the event of a switch reload or power
cycle.
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
switch(config)#
Step 2 switch(config)# zone confirm-commit enable Enables the confirm-commit option for zone
vsan vsan-id database for a given VSAN.
Step 3 switch(config-zone)# zone commit vsan 12 If the zone confirm-commit command is enabled
The following zoning changes are about to for a VSAN, on committing the pending database,
be committed
+zone name zone-1 vsan 12
the pending-diff is displayed on the console and the
Do you want to continue? (y/n) [n] user is prompted for Yes or No. If the zone
confirm-commit command is disabled, the
pending-diff is not displayed and the user is not
prompted for Yes or No.
Step 4 switch(config)# no zone commit vsan 12 If the zone confirm-commit command is enabled
The following zoning changes are about to for a VSAN, on discarding the pending database,
be discarded
+zone name zone-1 vsan 12
the pending-diff is displayed on the console and the
Do you want to continue? (y/n) [n] user is prompted for Yes or No. If the zone
switch(config)# confirm-commit command is disabled, the
pending-diff is not displayed and the user is not
prompted for Yes or No.
If session locks remain on remote switches after using the no zone commit vsan command, you can use
the clear zone lock vsan command on the remote switches.
switch# clear zone lock vsan 2
Note We recommend using the no zone commit vsan command first to release the session lock in the fabric.
If that fails, use the clear zone lock vsan command on the remote switches where the session is still
locked.
switch# conf t
switch(config)# zone-attribute-group name SampleAttributeGroup vsan 2
switch(config-attribute-group)#
The attribute-groups are expanded and only the configured attributes are present in the active zoneset.
Note In the enhanced zoning mode, the active zoneset does not have a name in interop mode 1. The zoneset
names are only present for full zone sets.
Caution Remove all non-PWWN-type zone entries on all MDS switches running Cisco SAN-OS prior to merging
fabrics if there is a Cisco MDS 9020 switch running FabricWare in the adjacent fabric.
Merge Process
When two Fibre Channel (FC) switches that have already been configured with active zonesets and are
not yet connected are brought together with an Extended ISL (EISL) link, the zonesets merge. However,
steps must be taken to ensure zone consistency before configuring and activating new zones.
Best Practices
When a zone merge occurs, as long as there is not competing information, each switch learns the others
zones. Each switch then has three configuration entities. The switches have:
• The saved configuration in NVRAM. This is the configuration as it was the last time the copy
running-configuration startup-configuration command was issued.
• The running configuration. This represents the configuration brought into memory upon the last
time the MDS was brought up, plus any changes that have been made to the configuration. With
reference to the zoning information, the running configuration represents the configurable database,
known as the full database.
• The configured zoning information from the running configuration plus the zoning information
learned from the zone merge. This combination of configured and learned zone information is the
active zoneset.
The merge process operates as follows:
1. The software compares the protocol versions. If the protocol versions differ, then the ISL is isolated.
2. If the protocol versions are the same, then the zone policies are compared. If the zone policies differ,
then the ISL is isolated.
3. If the zone merge options are the same, then the comparison is implemented based on the merge
control setting.
a. If the setting is restrict, the active zoneset and the full zoneset should be identical. Otherwise
the link is isolated.
b. If the setting is allow, then the merge rules are used to perform the merge.
When an MDS is booted, it comes up with the configuration previously saved in NVRAM. If you
configured the switch after loading the configuration from NVRAM, there is a difference between the
bootup and running configuration until the running configuration is saved to the startup configuration.
This can be likened to having a file on the local hard drive of your PC. The file is saved and static, but
if you open the file and edit, there exists a difference between the changed file and the file that still exists
on saved storage. Only when you save the changes, does the saved entity look represent the changes
made to the file.
When zoning information is learned from a zone merge, this learned information is not part of the
running configuration. Only when the zone copy active-zoneset full-zoneset vsan X command is issued,
the learned information becomes incorporated into the running configuration. This is key because when
a zone merge is initiated by a new EISL link or activating a zoneset, the zoneset part is ignored by the
other switch and the member zone information is considered topical.
Caution The zone copy command will delete all fcalias configuration.
Example
For example, you have two standalone MDS switches, already in place and each with their own
configured zone and zoneset information. Switch 1 has an active zoneset known as set A, and Switch 2
has an active zoneset known as set B. Within set A on Switch 1 is zone 1, and on Switch 2, set B has
member zone 2. When an ISL link is created between these two switches, each sends their zoneset
including their zone information to the other switch. On a merge, the switch will select zoneset name
with the higher ASCII value and then merge their zone member. After the merge, both switches will have
a zoneset name set B with zone member zone 1 and zone 2.
Everything should be still working for all of the devices in zone 1 and zone 2. To add a new zone, you
have to create a new zone, add the new zone to the zoneset, and then activate the zoneset.
Step-by-step, the switches are booted up and have no zoning information. You need to create the zones
on the switches and add them to the zonesets.
Basic mode: When zones are in basic mode, refer to the sample command outputs below.
1. Create zone and zoneset. Activate on Switch 1.
Switch1# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Note The name of the newly merged zoneset will be the name of the zoneset with alphabetically higher value.
In the given example, the active zoneset is setB. To avoid future zoneset activation problems, the zone
copy active-zoneset full-zoneset vsan 100 command should be given, at this point on the switch.
Examine if the command is given, and how the new zoning information is handled.
When the zone copy command is issued, it adds the learned zone information, zone 2 in this case, to the
running configuration. If zone 2 has not been copied from residing in memory to copied into the running
configuration, zone 2 information is not pushed back out.
Caution The zone copy command will delete all fcalias configuration.
Running-Configuration of Switch1 (before issuing the "zone copy active-zoneset full-zoneset vsan
100" command)
Switch1# sh run | b "Active Zone Database Section for vsan 100"
!Active Zone Database Section for vsan 100
zone name zone1 vsan 100
pwwn 11:11:11:11:11:11:11:1a
pwwn 11:11:11:11:11:11:11:1b
Running-Configuration of Switch1 (after issuing the "zone copy active-zoneset full-zoneset vsan 100"
command)
Switch1# zone copy active-zoneset full-zoneset vsan 100
WARNING: This command may overwrite common zones in the full zoneset. Do you want to
continue? (y/n) [n] y
Running-Configuration of Switch2 (before issuing the "zone copy active-zoneset full-zoneset vsan
100" command)
Switch2# sh run | b "Active Zone Database Section for vsan 100"
!Active Zone Database Section for vsan 100
zone name zone2 vsan 100
pwwn 22:22:22:22:22:22:22:2a
pwwn 22:22:22:22:22:22:22:2b
Running-Configuration of Switch2 (after issuing the "zone copy active-zoneset full-zoneset vsan 100"
command)
Switch2# zone copy active-zoneset full-zoneset vsan 100
WARNING: This command may overwrite common zones in the full zoneset. Do you want to
continue? (y/n) [n] y
pwwn 22:22:22:22:22:22:22:2a
pwwn 22:22:22:22:22:22:22:2b
Referring back to the three entities of configuration, they are as follows on zone 1 before the zone merge:
• Saved configuration: nothing since zone information has not been saved by issuing the copy run start
command.
• Running configuration: consists of zone 1.
• Configured and learned information: consists of zone 1.
After the zone merge, the entities are:
• Saved configuration: nothing has been saved.
• Running configuration: consists of zone 1.
• Configured and learned information: consists of zone 1 and zone 2.
Zone 2 has not become part of the running configuration. Zone 2 has been learned, and is in the active
zoneset. Only when the zone copy active-zoneset full-zoneset vsan 100 command is issued, zone 2
becomes copied from being learned to added to the running configuration. The configuration looks as
follows after the command is issued:
Caution The zone copy command will delete all fcalias configuration.
If the zone update or zoneset activation is going on, the above command must be explicitly enabled on
each VSAN on every switch.
Enhanced mode: When zones are in enhanced mode, refer to the sample command outputs below.
1. Create zones and zoneset. Activate on Switch1.
Switch1# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch1(config)# vsan database
Switch1(config-vsan-db)# vsan 200
Switch1(config-vsan-db)# zone mode enhanced vsan 200
WARNING: This command would distribute the zoning database of this switch throughout the
fabric. Do you want to continue? (y/n) [n] y
Set zoning mode command initiated. Check zone status
Switch1(config-vsan-db)# zone name zone1 vsan 200
Enhanced zone session has been created. Please 'commit' the changes when done.
Switch1(config-zone)# member pwwn 11:11:11:11:11:11:11:1a
Switch1(config-zone)# member pwwn 11:11:11:11:11:11:11:1b
Switch1(config-zone)# zoneset name SetA vsan 200
Switch1(config-zoneset)# member zone1
Switch1(config-zoneset)# zoneset activate name SetA vsan 200
Switch1(config)# zone commit vsan 200
Commit operation initiated. Check zone status
Switch1(config)# exit
Switch1# show zoneset activate vsan 200
zoneset name SetA vsan 200
zone name zone1 vsan 200
pwwn 11:11:11:11:11:11:11:1a
pwwn 11:11:11:11:11:11:11:1b
Switch1# show zoneset vsan 200
zoneset name SetA vsan 200
zone name zone1 vsan 200
pwwn 11:11:11:11:11:11:11:1a
pwwn 11:11:11:11:11:11:11:1b
Note Unlike basic mode, the entire zone database is merged in the case of enhanced mode, wherein Switch1
has the information of zonesets originally configured in Switch2 and vice versa.
pwwn 22:22:22:22:22:22:22:2b
Switch1
Switch1# zone copy active-zoneset full-zoneset vsan 200
WARNING: This command may overwrite common zones in the full zoneset. Do you want to
continue? (y/n) [n] y
Switch1(config-if)# show zoneset activate vsan 200
zoneset name SetB vsan 200
zone name zone1 vsan 200
pwwn 11:11:11:11:11:11:11:1a
pwwn 11:11:11:11:11:11:11:1b
Switch2
Switch2# zone copy active-zoneset full-zoneset vsan 200
WARNING: This command may overwrite common zones in the full zoneset. Do you want to
continue? (y/n) [n] y
Switch2(config-zoneset)# show zoneset activate vsan 200
zoneset name SetB vsan 200
zone name zone2 vsan 200
pwwn 22:22:22:22:22:22:22:2a
pwwn 22:22:22:22:22:22:22:2b
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
switch(config)#
Step 2 switch(config)# zone merge-control restrict Configures a restricted merge control setting for
vsan 4 this VSAN.
switch(config)# no zone merge-control Defaults to using the allow merge control setting
restrict vsan 2 for this VSAN.
switch(config)# zone commit vsan 4 Commits the changes made to VSAN 4.
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
Step 2 switch(config)# zone default-zone permit vsan 5 Permits traffic flow to default zone
members.
switch(config)# no zone default-zone permit vsan 3 Denies traffic flow to default zone
members and reverts to factory default.
Step 3 switch(config)# zone commit vsan 5 Commits the changes made to VSAN 5.
Broadcasting a Zone
You can specify an enhanced zone to restrict broadcast frames generated by a member in this zone to
members within that zone. Use this feature when the host or storage devices support broadcasting.
Note The broadcast command is not supported from 5.x release onwards.
Table 2-6 identifies the rules for the delivery of broadcast frames.
Tip If any NL port attached to an FL port shares a broadcast zone with the source of the broadcast frame,
then the frames are broadcast to all devices in the loop.
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
switch(config)#
Step 2 switch(config)# zone-attribute-group name Configures the zone attribute group for the
BroadcastAttr vsan 2 required VSAN.
switch(config)# no zone-attribute-group name Removes the zone attribute group for the
BroadAttr vsan 1 required VSAN.
Step 3 switch(config-attribute-group)# broadcast Creates a broadcast attribute for this group
switch(config-attribute-group)# exit and exits this submode.
switch(config)#
switch(config-attribute-group)# no broadcast Removes broadcast attribute for this group
and exits this submode.
Step 4 switch(config)# zone name BroadcastAttr vsan 2 Configures a zone named BroadcastAttr in
switch(config-zone)# VSAN 2.
Step 5 switch(config-zone)# member pwwn Adds the specified members to this zone and
21:00:00:e0:8b:0b:66:56 exits this submode.
switch(config-zone)# member pwwn
21:01:00:e0:8b:2e:80:93
switch(config-zone)# attribute-group name
BroadcastAttr
switch(config-zone)# exit
switch(config)#
Command Purpose
Step 6 switch(config)# zone commit vsan 1 Applies the changes to the enhanced zone
Commit operation initiated configuration and exits this submode.
switch(config)# end
Step 7 switch# show zone vsan 1 Displays the broadcast configuration
zone name BroadcastAttr vsan 1
zone-attribute-group name BroadcastAttr vsan 1
broadcast
pwwn 21:00:00:e0:8b:0b:66:56
pwwn 21:01:00:e0:8b:2e:80:93
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
Step 2 switch(config)# system default zone default-zone Configures permit as the default zoning
permit policy for new VSANs on the switch.
switch(config)# no system default zone Configures deny (default) as the default
default-zone permit zoning policy for new VSANs on the
switch.
Step 3 switch(config)# system default zone distribute Enables full zone database distribution as
full the default for new VSANs on the switch.
switch(config)# no system default zone distribute Disables (default) full zone database
full distribution as the default for new VSANs
on the switch. Only the active zone
database is distributed.
Step 4 switch(config)# system default zone gs read Configures read only as the default generic
service permission for new VSANs on the
switch.
switch(config)# system default zone gs read-write Configures (default) read-write as the
default generic service permission for new
VSANs on the switch.
switch(config)# no system default zone gs Configures none(deny) as the default
read-write generic service permission for new
VSANs on the switch.
Note Since VSAN 1 is the default VSAN and is always present on the switch, the system default zone
commands have no effect on VSAN 1.
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
Step 2 switch(config)# zone gs read vsan 3000 Configures gs permission value as read
only in the specified VSAN.
switch(config)# zone gs read-write vsan 3000 Configures gs permission value as
read-write in the specified VSAN.
switch(config)# no zone gs read-write vsan 3000 Configures gs permission value as
none(deny) in the specified VSAN.
Example 2-26 Displays the Active Zoneset Information for a Specified VSAN
Example 2-28 Displays the Zone Attribute Group Information for a Specified VSAN
Example 2-29 Displays the fcalias Information for the Specified VSAN
Example 2-30 Displays the Zone Status for the Specified VSAN
Example 2-31 Displays the Pending ZoneSet Information for the VSAN to be Committed
Example 2-32 Displays the Pending Zone Information for the VSAN to be Committed
Example 2-33 Displays the Pending Zone Information for the VSAN to be Committed
Example 2-34 Displays the Pending Active ZoneSet Information for the VSAN to be Committed
Example 2-35 Displays the Difference Between the Pending and Effective Zone Information for the
Specified VSAN
Exchange Switch Support (ESS) defines a mechanism for two switches to exchange various supported
features (see Example 2-36).
Example 2-36 Displays the ESS Information for All Switches in the Specified VSAN
Example 2-37 Displays the Pending fcalias Information for the VSAN to be Committed
Note A merge failure occurs when a switch supports more than 8000 zones per VSAN but its neighbor does
not. Also, zoneset activation can fail if the switch has more than 8000 zones per VSAN and not all
switches in the fabric support more than 8000 zones per VSAN.
To delete zones and compact the zone database for a VSAN, follow these steps:
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
switch(config)#
Step 2 switch(config)# no zone name ExtraZone vsan 10 Deletes a zone to reduce the number of zones
to 8000 or fewer.
Step 3 switch(config)# zone compact vsan 10 Compacts the zone database for VSAN 10 to
recover the zone ID released when a zone was
deleted.
Unassigned Zones: 1
zone name z1 vsan 1
Note The maximum size of the full zone database per VSAN is 4096 KB.
Note The maximum size of the zone database per VSAN is 4096 KB.
rscn-format: fabric-address
Default zone:
qos: none broadcast: disabled ronly: disabled
Full Zoning Database :
DB size: 2002584 bytes
Zonesets:4 Zones:7004 Aliases: 0 Attribute-groups: 1
Active Zoning Database :
DB size: 94340 bytes
Name: zoneset-hac13-200 Zonesets:1 Zones:176
Current Total Zone DB Usage: 2096924 / 2097152 bytes (99 % used)
Pending (Session) DB size:
Full DB Copy size: 0 bytes
Active DB Copy size: 0 bytes
SFC size: 0 / 2097152 bytes (0 % used)
Status: Activation completed at 17:28:04 UTC Jun 16 2014
See the Cisco MDS 9000 Series Command Reference for the description of the information displayed in
the command output.
TCAM Regions
TCAM is divided into several regions of various sizes. The main regions and the type of programming
contained in each region are described in Table 2-7:
Table 2-7 TCAM Regions
Zoning Types
The Cisco MDS platform uses two types of zoning - 'Hard' and 'Soft' zoning.
Soft zoning - In this mode only control plane traffic is policed by the switch supervisor services. In
particular, the Fibre Channel Name Server (FCNS) will limit the list of permitted devices in an FCNS
reply to only those that are in the zone configuration. However, the end device data plane traffic is
unpoliced. This means a rogue end device may connect to other devices it is not zoned with.
Hard zoning - In this mode both control plane and data plane traffic are policed. Control plane traffic is
policed by the switch supervisor and data plane traffic is policed on each ingress port with hardware
assistance. The policing rules are set by the zoneset which programmed into each linecard. The
destination of each frame is checked by hardware and, if it is not permitted by zoning, it is dropped. In
this mode any device can only communicate with end devices it is authorized to.
By default, both types of zoning are enabled, with hard zoning used in priority over soft zoning. In the
event that the user disables hard zoning or the system is unable to use hard zoning due to hardware
resource exhaustion it will be disabled and the system will fall back to use soft zoning. When a TCAM
programming failure occurs (usually due to TCAM being full) the system programs each FLOGI Source
ID (SID) to be able to communicate with all destinations. These are referred to as the "SID -> Any"
entries and are generated in the Bottom region. When these are generated, traffic flow continues
non-disruptively as log as the Bottom region can contain all of these “SID -> Any” entries. If the Bottom
region itself is exhausted then traffic disruption will occur.
The following example shows how Cisco MDS programs TCAM on a port:
The following example shows a zone in the active zone set for a VSAN. This is the basic programming
that exists on an interface because of Hard zoning.
zone1
member host (FCID 0x010001)
member target1 (FCID 0x010002)
The mask indicates which parts of the FCIDs are matched with the input frame. So, when there is a mask
0xffffff, the entire FCID is considered when matching it to the ACL entry. If the mask is 0x000000, none
of it is considered because, by default, it will match all the FCIDs.
In the above programming example, note that when a frame is received on fc1/1, and if it has a source
ID(FCID) of 0x010001(the host) and a destination ID(FCID) of 0x010002(Target1), it will be permitted
and routed to the destination. If it is any other end-to-end communication, it will be dropped.
The following example shows another scenario where zoning is changed:
zone1
member host (FCID 010001)
member target1 (FCID 010002)
member target2 (FCID 010003)
member target3 (FCID 010004)
The above example demonstrates that the number of TCAM entries consumed by a zone (N) is equal to
N*(N-1). So, a zone with four members would have used a total of 12 TCAM entries (4*3 = 12).
The above example shows two entries in each of the target interfaces (fc1/2-fc1/4) that are probably not
needed since it is usually not advantageous to zone multiple targets together. For example, in fc1/2, there
is an entry that permits Target1 to communicate with Target2, and an entry that permits Target1 to
communicate with Target3.
As these entries are not needed and could even be detrimental, they should be avoided. You can avoid
the addition of such entries by using single-initiator or single-target zones (or use Smart Zoning).
Note If the same two devices are present in more than one zone in a zone set, TCAM programming will not
be repeated.
The following example shows a zone that is changed to three separate zones:
zone1
member host (FCID 010001)
member target1 (FCID 010002)
zone2
member host (FCID 010001)
member target2 (FCID 010003)
zone3
member host (FCID 010001)
member target3 (FCID 010004)
Note that in the above example, the target-to-target entries are not found, and that six of the 12 entries
are no longer programmed. This results in less use of TCAM and better security (only the host can
communicate with the three targets, and the targets themselves can communicate only with one host, and
not with each other).
Forwarding Engines
TCAM is allocated to individual forwarding engines. Director-class FC linecards have more TCAM
space than fabric switches. The number of forwarding engines and the amount of TCAMs allocated to
each engine is hardware dependent.
The following example shows the output from Cisco MDS 9710 switch with a 2/4/8/10/16 Gbps
Advanced FC Module (DS-X9448-768K9):
F241-15-09-9710-2# show system internal acl tcam-usage
TCAM Entries:
=============
Region1 Region2 Region3 Region4 Region5 Region6
Mod Fwd Dir TOP SYS SECURITY ZONING BOTTOM FCC DIS FCC ENA
Eng Use/Total Use/Total Use/Total Use/Total Use/Total Use/Total
--- --- ------ ---------- --------- ------------ --------- --------- ---------
1 0 INPUT 55/19664 0/9840 0/49136* 17/19664 0/0 0/0
1 0 OUTPUT 13/4075 0/1643 0/11467 0/4075 6/1649 21/1664
1 1 INPUT 52/19664 0/9840 2/49136* 14/19664 0/0 0/0
1 1 OUTPUT 7/4078 0/1646 0/11470 0/4078 6/1652 5/1651
1 2 INPUT 34/19664 0/9840 0/49136* 10/19664 0/0 0/0
1 2 OUTPUT 5/4078 0/1646 0/11470 0/4078 6/1652 1/1647
1 3 INPUT 34/19664 0/9840 0/49136* 10/19664 0/0 0/0
1 3 OUTPUT 5/4078 0/1646 0/11470 0/4078 6/1652 1/1647
1 4 INPUT 34/19664 0/9840 0/49136* 10/19664 0/0 0/0
1 4 OUTPUT 5/4078 0/1646 0/11470 0/4078 6/1652 1/1647
1 5 INPUT 34/19664 0/9840 0/49136* 10/19664 0/0 0/0
1 5 OUTPUT 5/4078 0/1646 0/11470 0/4078 6/1652 1/1647
...
Note The commands that are used to view TCAM usage on fabric switches are different from the ones used
for director-class switches. For fabric switches, use the show system internal acl tcam-soc command,
and for director-class switches, use the acltcam-soc tcam-usage command.
Zoning Bottom
Fwd Fwd-Eng Region Region
Switch/Module Engines Port Range Number Entries Entries
MDS 9148 3 fc1/25-36 & fc1/45-48 1 2852 407
fc1/5-12 & fc1/37-44 2 2852 407
fc1/1-4 & fc1/13-24 3 2852 407
MDS 9250i 4 fc1/5-12 & eth1/1-8 1 2852 407
fc1/1-4 & fc1/13-20 & fc1/37-40 2 2852 407
fc1/21-36 3 2852 407
ips1/1-2 4 2852 407
MDS 9148S 3 fc1/1-16 1 2852 407
fc1/17-32 2 2852 407
fc1/33-48 3 2852 407
MDS 9396S 12 fc1/1-8 0 49136 19664
fc1/9-16 1 49136 19664
fc1/17-24 2 49136 19664
fc1/25-32 3 49136 19664
fc1/33-40 4 49136 19664
fc1/41-48 5 49136 19664
fc1/49-56 6 49136 19664
fc1/57-64 7 49136 19664
fc1/65-72 8 49136 19664
fc1/73-80 9 49136 19664
fc1/81-88 10 49136 19664
fc1/89-96 11 49136 19664
DS-X9248-48K9 1 fc1/1-48 0 27168 2680
DS-X9248-96K9 2 fc1/1-24 0 27168 2680
fc1/25-48 1 27168 2680
DS-X9224-96K9 2 fc1/1-12 0 27168 2680
fc1/13-24 1 27168 2680
DS-X9232-256K9 4 fc1/1-8 0 49136 19664
fc1/9-16 1 49136 19664
fc1/17-24 2 49136 19664
fc1/25-32 3 49136 19664
Zoning Bottom
Fwd Fwd-Eng Region Region
Switch/Module Engines Port Range Number Entries Entries
DS-X9248-256K9 4 fc1/1-12 0 49136 19664
fc1/13-24 1 49136 19664
fc1/25-36 2 49136 19664
fc1/37-48 3 49136 19664
DS-X9448-768K9 6 fc1/1-8 0 49136 19664
fc1/9-16 1 49136 19664
fc1/17-24 2 49136 19664
fc1/25-32 3 49136 19664
fc1/33-40 4 49136 19664
fc1/41-48 5 49136 19664
Note We do not recommend using interface, fWWN, or domain-ID based zoning for devices that are
connected to the edge Cisco N-Port Virtualization (NPV) switches.
F port channels provide fault tolerance and performance benefits on connections to Cisco NPV switches,
including Cisco UCS Fabric Interconnects (FIs). F port channels present unique challenges to ACL
TCAM programming. When F ports are aggregated into a port channel, ACL TCAM programming is
repeated on each member interface. Consequently, these types of port channels multiply the amount of
TCAM entries needed. Because of this, it is imperative that the member interfaces are allocated as
optimally as possible, and that zoning best practices are also followed. If you also consider the fact that
these F port channels can contain 100+ host logins, TCAM can easily be exceeded, especially for fabric
switches if best practices are not followed.
The following is a sample topology:
zone2
member host (host 0x010001)
member target2 (target2 0x010003)
The above example shows the ACL TCAM programming that will be duplicated on each member of the
F port-channel. Consequently, if a lot of programming is required because of a large number of FLOGIs
on the F port channel, or a large number of devices are zoned with the devices on the F port channel,
TCAM can be exhausted on a forwarding engine. The following are the best practices for efficient use
of TCAM with respect to F ports and F port-channels:
• Distribute port-channel member interfaces into different forwarding engines, especially on fabric
switches.
• If TCAM usage is still too high in the case of port-channel with a large number of interfaces, then
split the port-channel into two separate port-channels each with half the interfaces. This will still
provide redundancy but will reduces the number of FLOGIs per individual port-channel and thus
reduce TCAM usage.
• Distribute member interfaces into different modules on director-class switches.
• Distribute member interfaces into forwarding engines with lower TCAM zoning region usage.
• Use single-initiator zones, single-target zones, or Smart Zoning.
E port channels provide Inter Switch Links (ISLs) between fabric switches. Typically, there is minimal
TCAM programming on these types of interfaces. Therefore, besides placing them into different
linecards, and perhaps port groups on director-class switches, there is a little more to be done. However,
when the Inter VSAN Routing (IVR) feature is being deployed, extensive TCAM programming can exist
on ISLs because the IVR topology transitions from one VSAN to another. Consequently, most of the
considerations that apply on F/TF port channels will be applicable here too.
In this topology:
• Both Cisco MDS 9148S-1 and MDS 9148S-2 are in the IVR VSAN topology:
MDS9148S-1 vsan 1 and vsan 2
MDS9148S-2 vsan 2 and vsan 3
Note Domains 0x44 in VSAN 1, 0x21 and 0x36 in VSAN 2, and 0x55 in VSAN 3 are virtual domains
created by IVR NAT.
• The following is the ACL TCAM programming for the IVR zoning topology:
MDS9148S-1 fc1/1(Host) - VSAN 1
Entry# Source ID Mask Destination ID Mask Action
1 010001(host) ffffff 440002(target1) ffffff Permit
- Forward to fc1/2
- Rewrite the following information:
VSAN to 2
Source ID to 210001
Destination ID to 360002
2 000000 000000 000000 000000 Drop
Note Besides the entries in this example, there are other entries that IVR adds to capture important frames
such as PLOGIs, PRILIs, and ABTS.
The programming on the host and target1 ports is similar to the way it is without IVR, except that the
FCIDs and VSANs are explicitly forwarded to an egress port and are rewritten to values that are
appropriate for the transit VSAN (VSAN 2). These forwarding and rewrite entries are separate and are
not included in the TCAM-usage values.
However, now, on the ISLs in both the switches, programming that did not exist earlier is present. When
frames from Host to Target1 are received by Cisco MDS 9148S-2 fc1/2, they are rewritten to the values
in VSAN 3 where the target resides. In the reverse direction, when frames from Target1 to the Host are
received by Cisco MDS 9148S-1 fc1/2, they are rewritten to the values in VSAN 1 where the Host
resides. Thus, for each VSAN transition on an ISL (that typically occurs across a transit VSAN) there
will be TCAM programming for each device in the IVR zone set.
Consequently, most of the best practices followed for the F and TF port channels should be followed to
ensure that TCAM is utilized as efficiently as possible for the following purposes:
Note Unlike F and TF port-channels, the ACLTCAM programming on ISLs will be the same quantity
regardless if the ISLs are part of a port-channel or not. If there are "n" ISLs between two MDS switches,
then it doesn't matter if they are in one port-channel, two port-channels or just individual links. The
ACLTCAM programming will be the same.
• Distribute port-channel member interfaces into different forwarding engines, especially on fabric
switches.
• Distribute member interfaces into different linecards on director-class switches.
• Distribute member interfaces into forwarding engines with lower TCAM zoning region usage.
• Use single-initiator zones, single-target zones, or Smart Zoning.
Default Settings
Table 2-9 lists the default settings for basic zone parameters.
Parameter Default
Default zone policy Denied to all members.
Full zone set distribute The full zone set is not distributed.
Zone-based traffic priority Low.
Broadcast frames Unsupported.
Enhanced zoning Disabled.
Smart zoning Disabled.
All switches in the Cisco MDS 9000 Family support Distributed Device Alias Services (device alias) on
a per-VSAN basis and on a fabric-wide basis. Device alias distribution allows you to move host bus
adapters (HBAs) between VSANs without manually reentering alias names.
This chapter includes the following sections:
• About Device Aliases, page 5-79
• About Device Alias Modes, page 5-79
• Device Alias Databases, page 5-83
• About Legacy Zone Alias Configuration Conversion, page 5-88
• Device Alias Statistics Cleanup, page 5-90
• Device Alias Configuration Verification, page 5-90
• Default Settings, page 5-92
• Resolving Device Alias Merge Failures, page 5-93
• When device alias runs in the enhanced mode, all applications accept the device-alias configuration
in the native format. The applications store the device alias name in the configuration and distribute
it in the device alias format instead of expanding to pWWN. The applications track the device alias
database changes and take actions to enforce it.
A native device-alias configuration is not accepted in the interop mode VSAN. IVR zoneset activation
will fail in interop mode VSANs if the corresponding twilight zones being injected are native device
alias members.
• When the device-alias is in basic mode, when you try to add a device-alias member to a zone, it will
be added as a PWWN member and not as a device-alias member.Hence when you change the PWWN
for device-alias entry it will not get updated. You have to manually edit the zones containing that
device alias by removing the old entry and reconfiguring the zones with the same device alias and
then activating it.The update happen in Enhanced device-alias mode. In this mode, since the
configuration is accepted in the native form, When the pwwn for the device-alias is changed, the
zones containing that device-alias are automatically updated with the new pwwn.
Note Because the device alias was previously running in the basic mode, the applications do not have any prior
native device alias configuration.
The applications check for an exisiting device alias cofiguration in the native format. If the device alias
is in the native format, the applications reject the request and device alias mode cannot be changed to
basic.
All native device alias configurations (both on local and remote switches) must be explicitly removed,
or all device alias members must be replaced with the corresponding pWWN before changing the mode
back to basic.
Note When all the switches are upgraded to Release 3.1, you cannot automatically convert to enhanced mode.
You do not need to change to enhanced mode, you can continue working in the basic mode.
At the application level, a merger takes place between the applications and the fabric. For example, zone
merge occurs when the E port is up and the IVR/PSM/DPVM merge occurs due to CFS. This merge is
completely independent of the device alias merge.
If the application running on an enhanced fabric has a native device alias configuration, the application
must fail the merge. The application has to fail the merge even though the other fabric is can support the
native device alias-based configuration, but is running in the basic mode. You will need to resolve the
issue. Once the device alias merge issue is resolved, each application must be fixed accordingly.
The following issue occurs when there is a device-alias database mismatch in the switches that are part
of the same fabric.
The device-alias associated to PWWN is present in the port security/DPVM database even if the
respective device-alias member is not present in the switch. The device-alias associated to PWWN is
missing in the port security/DPVM database even if device-alias member is present in the switch.
Note The applications should not accept any native device alias configuration over SNMP if the device alias
is running in the basic mode on that particular switch.
Note Confcheck will be added when the enhanced mode is turned on and removed when it is turned off.
Applications have to add confcheck if they have a device alias configuration in the native format. They
have to remove confcheck once the configuration is removed.
• The device alias application uses the Cisco Fabric Services (CFS) infrastructure to enable efficient
database management and distribution. Device aliases use the coordinated distribution mode and the
fabric-wide distribution scope (refer to the Cisco MDS 9000 Family NX-OS System Management
Configuration Guide).
• When you configure zones, IVR zones, or QoS features using device aliases, and if you display these
configurations, you will automatically see that the device aliases are displayed along with their
respective pWWNs.
Note If the device-alias name is 64 characters in length, the DPVM and other application databases do not
update properly. Restrict the number of characters in the device-alias name to 63.
Table 5-1 Comparison Between Zone Aliases and Device Aliases (continued)
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# device-alias database Enters the pending database configuration
switch(config-device-alias-db)# submode.
Command Purpose
Step 3 switch(config-device-alias-db)# device-alias Specifies a device name (Device1) for the
name Device1 pwwn 21:01:00:e0:8b:2e:80:93 device that is identified by its pWWN. Starts
writing to the pending database and
simultaneously locks the fabric as this is the
first-issued device alias configuration
command.
switch(config-device-alias-db)# no device-alias Removes the device name (Device1) for the
name Device1 device that is identified by its pWWN.
switch(config-device-alias-db)# device-alias Renames an existing device alias (Device1)
rename Device1 Device2 with a new name (Device2).
To display the device alias configuration, use the show device-alias name command.
switch# show device-alias name x
device-alias name x pwwn 21:01:00:e0:8b:2e:80:93
Note From the Cisco MDS NX-OS Release 6.2.9 onwards, the ASCII configuration replay takes longer time
for DDAS (Distributing Device Alias Services) without the write erase command.
If a PWWN is reused while configuring an add or delete command, then the command fails and gets
moved to the rejected list.
If a device-alias name is reused in an add command which was earlier being renamed in a rename
command, the command fails and gets moved to the rejected list.
switch(config-device-alias-db)# device-alias rename da3 new-da3
switch(config-device-alias-db)# device-alias name da3 pwwn 2:2:2:2:3:3:3:3
Command rejected. Device-alias name reused in current session: da3
Please use 'show device-alias session rejected' to display the rejected set of commands
and for the device-alias best-practices recommendation.
switch(config-device-alias-db)#
The rejected set of commands can be displayed using the show device-alias session rejected command.
switch(config-device-alias-db)# show device-alias session rejected
To avoid command rejections, within a device alias session
Do not reuse:
a) a device alias name while configuring a rename command
b) a PWWN while configuring an add or delete command
c) a device alias name already renamed while configuring add command
Committing Changes
If you commit the changes made to the pending database, the following events occur:
1. The pending database contents overwrites the effective database contents.
2. The pending database is emptied of its contents.
3. The fabric lock is released for this feature.
To commit the changes, follow these steps:
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# device-alias commit Commits the changes made to the currently
active session.
Whenever a switch in the fabric attains a lock and goes for a blank commit, the following warning is
thrown out:
WARNING: Device-alias DB is empty in this switch.
Initiating a commit from this switch will clear [wipe out] Device-alias DB across all the
switches in the fabric, losing Device-alias full DB config permanently.
Do you want to continue? (y/n) [n]
Note Once the "device-alias commit" is done the running configuration has been modified on all switches
participating in device-alias distribution. You can then use the "copy running-config startup-config
fabric" command to save the running-config to the startup-config on all the switches in the fabric.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# device-alias confirm-commit Enables the confirm commit option for device-
alias.
Step 3 switch(config)# device-alias commit If the device-alias confirm-commit command
The following device-alias changes are about is enabled, on committing the pending
to be committed
+ device-alias name Device1 pwwn
database, the pending-diff is displayed on the
21:01:00:e0:8b:2e:80:93 console and user is prompted for Yes or No. If
Do you want to continue? (y/n) [n] y the device -alias confirm-commit command
is disabled, the pending-diff is not displayed
and the user is not prompted for Yes or No.
Discarding Changes
If you discard the changes made to the pending database, the following events occur:
1. The effective database contents remain unaffected.
2. The pending database is emptied of its contents.
3. The fabric lock is released for this feature.
To discard the device alias session, perform this task:
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# device-alias abort Discards the currently active session.
To display the status of the discard operation, use the show device alias status command.
switch# show device-alias status
Fabric Distribution: Enabled
Database:- Device Aliases 24
Status of the last CFS operation issued from this switch:
==========================================================
Operation: Abort
Status: Success
Tip The changes are only available in the volatile directory and are subject to being discarded if the switch
is restarted.
To clear device-alias session, use the clear device-alias session command in CONFIGURATION mode.
switch(config)# clear device-alias session
To verify the status of the clear operation, use the show device-alias session status command.
switch(config)# show device-alias session status
Last Action Time Stamp : None
Last Action : None
Last Action Result : None
Last Action Failure Reason : none
To verify the status of the clear device-alias database command, use the show device-alias database
command.
switch(config)# show device-alias database
Clearing Statistics
To clear all the statistics, use the clear device-alias statistics command in CONFIGURATION mode.
switch# clear device-alias statistics
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# no device-alias distribute Disables the distribution.
switch(config)# device-alias distribute Enables the distribution (default).
To display the status of device alias distribution, use the show device-alias status command (see
Example 5-5 and Example 5-6).
Tip Ensure to copy any required zone aliases to the device alias database as required by your configuration.
When an import operation is complete, the modified alias database is distributed to all other switches in
the physical fabric when you perform the commit operation. At this time if you do not want to distribute
the configuration to other switches in the fabric, you can perform the abort operation and the merge
changes are completely discarded.
This section includes the following topics:
• Importing a Zone Alias, page 5-89
• Device Alias Statistics Cleanup, page 5-90
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# device-alias import fcalias Imports the fcalias information for the specified
vsan 3 VSAN.
To display device alias information in zone sets, use the show zoneset command (see Example 5-7 and
Example 5-8).
Example 5-7 Displays the Device Aliases in the Zone Set Information
Example 5-8 Displays the Device Aliases in the Active Zone Set
Example 5-9 Displays All Configured Device Aliases from the Effective Database
Example 5-12 Displays the Specified Device Name in the Pending Database
Example 5-14 Displays the Difference Between the Pending and Effective Databases
VSAN 1:
--------------------------------------------------------------------------
FCID TYPE PWWN (VENDOR) FC4-TYPE:FEATURE
--------------------------------------------------------------------------
0x670100 N 21:01:00:e0:8b:2e:80:93 (Qlogic) scsi-fcp:init
[x]
0x670200 N 21:00:00:e0:8b:0b:66:56 (Qlogic) scsi-fcp:init
[SampleName]
Example 5-18 Displays the fcping Statistics for the Specified Device Alias
Example 5-19 Displays the fctrace Information for the Specified Device Alias
Where available, device aliases are displayed regardless of a member being configured using a
device-alias command or a zone-specific member pwwn command (see Example 5-7 and
Example 5-8).
Default Settings
Table 5-2 lists the default settings for device alias parameters.
Parameters Default
Database in use Effective database.
Database to accept changes Pending database.
Device alias fabric lock state Locked with the first device alias task.
Note Use the device-alias distribute command to initiate a merge or remerge of device-alias databases. Use
the device-alias commit command to push a switch's device-alias database to all the other switches in a
fabric. If the switches whose device-alias databases are not merged (more than one merge master is
shown in the output of the show cfs merge status name device-alias command), then the device-alias
commit command causes the device-alias databases that are not merged to be overwritten.
Caution Avoid performing a blank commit to resolve Cisco Fabric Services (CFS) merge failures. A
blank commit overwrites the device-alias databases on all the switches with the device-alias
database on the local switch.
Note A blank commit is a device-alias commit that is used when there are no changes (including
mode changes), or when it is okay to overwrite the device-alias databases on the remote
switches with the local switch's device-alias database.
Note Each time device-alias changes are committed, the running configuration should be copied to the
startup configuration on all the switches that were updated. Use the copy running-config
startup-config fabric command to copy the running configuration to the startup configuration
for all the switches in the fabric. If you do not copy the running configuration to the startup
configuration after the device-alias changes are committed, and if the switch reloads, or loses
power and restarts, the startup configuration will not have the correct device-alias database and
merge failure will occur.
Step 1 Run the show cfs merge status name device-alias command to review the CFS or device-alias merge
failure syslogs to confirm that the merge failed:
switch-1# show cfs merge status name device-alias
Physical-fc Merge Status: Failed
Failure Reason: Another device-alias already present with the same pwwn
Local Fabric
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
[switch-1]
Remote Fabric
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Note A properly merged device-alias application should only show a single merge master. If there is
more than one merge master, as shown in the above example, it indicates that the device-alias
databases are not merged.
Step 2 Use the no device-alias distribute command on the switch in which the merge failure occurred in order
to disable the device-alias distribution:
switch-1(config)# no device-alias distribute
Step 3 Resolve merge failure on the switch. See “Resolving Merge Failures, page 5-95" section.
Resolving Duplicate Device Alias Names (Same Device Alias Name, Different pWWNs)
Note A device-alias name is considered to be duplicate when the same device-alias name is used to
point to different pWWNs.
Step 1 Run the show device-alias merge status command to identify if the reason for the merge failure is a
database mismatch:
switch# show device-alias merge status
Result: Failure
Reason: Another device-alias already present with the same name
Step 2 Review the CFS or the device-alias merge failure syslog to confirm that the merge failed. Alternatively,
run the show cfs merge status name device-alias command to view the status of the merge.
switch# show cfs merge status name device-alias
Physical-fc Merge Status: Failed [ Mon Apr 9 15:57:58 2007 ] <===Merge status
Local Fabric
-------------------------------------------------------------------------
Switch WWN IP Address
-------------------------------------------------------------------------
20:00:00:0d:ec:2f:c1:40 172.20.150.38 [Merge Master] <<< Merge Master#1
switch-1
Total number of switches = 1
Remote Fabric
-------------------------------------------------------------------------
Switch WWN IP Address
-------------------------------------------------------------------------
20:00:00:0d:ec:04:99:40 172.20.150.30 [Merge Master] <<< Merge Master#2
switch-2
Total number of switches = 1
Step 3 Compare the device-alias databases manually to identify the duplicate device-alias names.
In the following example, the same device-alias name, A1, is assigned to two different pWWNs-a
pWWN on a local switch and a pWWN on a peer switch.
From merge master#1:
switch-1# show device-alias database
...output trimmed to show only mismatched device-alias
device-alias name A1 pwwn 21:01:01:01:01:01:01:02
Note Perform this step after device-alias distribution is disabled by running the no device-alias
distribute command.
In the following example, the pWWN 21:01:01:01:01:01:01:02 on switch-1 is changed to match the
pWWN 21:01:01:01:01:01:01:03 on switch-2:
switch-1# configure
Enter configuration commands, one per line. End with CNTL/Z.
Step 1 Run the show device-alias merge status command to identify the reason for the merge failure:
switch# show device-alias merge status
Result: Failure
Reason: Another device-alias already present with the same pwwn.
Step 2 Review the CFS or device-alias merge failure syslog to confirm that the merge failed. Alternatively, run
the show cfs merge status name device-alias command to view the status of the merge.
switch# show cfs merge status name device-alias
Physical-fc Merge Status: Failed [ Mon Apr 9 15:57:58 2007 ] <===Merge status
Local Fabric
-------------------------------------------------------------------------
Switch WWN IP Address
-------------------------------------------------------------------------
20:00:00:0d:ec:2f:c1:40 172.20.150.38 [Merge Master] <<< Merge Master#1
switch-1
Total number of switches = 1
Remote Fabric
-------------------------------------------------------------------------
Switch WWN IP Address
-------------------------------------------------------------------------
20:00:00:0d:ec:04:99:40 172.20.150.30 [Merge Master] <<< Merge Master#2
switch-2
Total number of switches = 1
Step 3 Compare the device-alias databases manually to identify the duplicate pWWNs. On the switches where
the merge failed in step 1, use the show device-alias database command to identify if a pWWN that is
mapped to two different device-alias names exists.
In this example, the pWWN 21:01:01:01:01:01:01:02 is mapped to the device-alias A3 on switch-1
and to the device-alias A1 on switch-2:
switch-1# show device-alias database
device-alias name A3 pwwn 21:01:01:01:01:01:01:02
Total number of entries = 1
switch-2# show device-alias database
device-alias name A1 pwwn 21:01:01:01:01:01:01:02
Step 4 Use the device-alias name name pwwn id command to change the device-alias name on one of the
switches to match the device-alias name on the other switch.
Note Perform this step after device-alias distribution is disabled by using the no device-alias
distribute command.
In the following example, the device-alias name A3 on switch-1 is changed to match the device-alias
name A1 on switch-2:
switch-1# configure
Enter configuration commands, one per line. End with CNTL/Z.
switch-1(config)# device-alias database
switch-1(config-device-alias-db)# no device-alias name A3
switch-1(config-device-alias-db)# device-alias name A1 pwwn 21:01:01:01:01:01:01:02
Step 5 If there are more duplicate device-alias names, perform step 3 and step 4 to resolve the device-alias
names.
Step 6 Use the device-alias distribute command to enable the device-alias distribution and initiate a merge:
switch-1(config)# device-alias distribute
Step 7 Use the show cfs merge status name device-alias command to verify in the output if the merge was
successful.
Step 1 Review the CFS or device-alias merge failure syslog to confirm that the merge failed. Alternatively, run
the show cfs merge status name device-alias command to view the status of the merge.
switch# show cfs merge status name device-alias
Physical-fc Merge Status: Failed [ Mon Apr 9 15:57:58 2007 ] <===Merge status
Local Fabric
-------------------------------------------------------------------------
Switch WWN IP Address
-------------------------------------------------------------------------
20:00:00:0d:ec:2f:c1:40 172.20.150.38 [Merge Master] <<< Merge Master#1
switch-1
Total number of switches = 1
Remote Fabric
-------------------------------------------------------------------------
Switch WWN IP Address
-------------------------------------------------------------------------
20:00:00:0d:ec:04:99:40 172.20.150.30 [Merge Master] <<< Merge Master#2
switch-2
Total number of switches = 1
Step 2 Use the show device-alias merge status command to verify that the reason for the merge failure is a
mode mismatch. If there is a mode mismatch, the reason that is displayed in the output is either
"Databases could not be merged due to mode mismatch" or "One of the merging fabrics cannot
support device-alias Enhanced mode."
switch# show device-alias merge status
Result: Failure
Reason: Databases could not be merged due to mode mismatch.
Step 3 Use the show device-alias status command to verify the device-alias mode for each of the fabric.
In this example, switch-1 is running in Enhanced mode, while switch-2 is running in Basic mode:
switch-1# show device-alias status
Fabric Distribution: Enabled
Database:- Device Aliases 2 Mode: Enhanced
switch-2# show device-alias status
Fabric Distribution: Enabled
Database:- Device Aliases 2 Mode: Basic
Step 4 Use the no device-alias distribute command to disable device-alias distribution after you detect
mismatched device-alias modes.
Step 5 Depending on the mode you want to change in the switch, use either the device-alias mode enhanced
command to change the switch mode to Enhanced, or use the no device-alias mode enhanced command
to change the switch mode to Basic mode (default mode).
Note If you want to change the device-alias mode from Enhanced to Basic, but an application contains
a device-alias configuration in the native format, the device-alias mode cannot be changed until
you explicitly remove all the native device-alias configurations or replace all the device-alias
members with the corresponding pWWNs.
Step 6 Use the device-alias distribute command to enable the device-alias distribution and initiate a merge.
Step 1 Review the CFS or device-alias merge failure syslog to confirm that the merge failed. Alternatively, use
the show cfs merge status name device-alias command to view the status of the merge.
Step 2 Use the show device-alias merge status command to verify that the reason for the merge failure is an
application-validation failure:
switch# show device-alias merge status
Result: Failure
Reason: This is a non device-alias error.
Step 3 Examine the syslog messages. The syslog for the switch in which the validation is rejected and the syslog
for the switch managing the merge show relevant error messages.
This example shows a sample message on a switch in which the validation is rejected:
2007 Apr 10 00:00:06 switch-2 %DEVICE-ALIAS-3-MERGE_VALIDATION_REJECTED:
Failed SAP: 110 Reason: inter-VSAN zone member cannot be in more than one
VSAN Expln:
This example shows the syslog message on a switch that is managing the merge, and in which the
validation is rejected:
2007 Apr 9 16:41:22 switch-1 %DEVICE-ALIAS-3-MERGE_VALIDATION_FAILED: Failed
SWWN: 20:00:00:0d:ec:04:99:40 Failed SAP: 110 Reason: inter-VSAN zone member cannot
be in more than one VSAN Expln:
Step 4 Use the show device-alias internal validation-info command on the switch managing the merge, and
examine the output.
This example shows that SAP 110 on switch 20:00:00:0d:ec:04:99:40 (switch-2) rejected the
validation. The status message shows the reason for the failure along with the system application
number:
switch# show device-alias internal validation-info
Validation timer: 0s
Per SAP Info Table:
===================
SAPS: 0
MTS Buffer Array Details:
=========================
Buffers: 0
Local Status:
=============
Num Reqs Sent: 0 20:00:00:0d:ec:04:99:40
Num SAPs Done: 0
Failed SAP : 0 Status: success Expln:
Remote Status:
==============
CFS Resp Rcvd: TRUE
Failed SWWN : 20:00:00:0d:ec:04:99:40
SAP : 110 Status: inter-VSAN zone member cannot be in more than one VSAN <=== Status
Expln:
Step 5 Use the show system internal mts sup sap number description command to find the application that
rejected the configuration on the switch that rejected the validation.
In this example, the application that rejected the device-alias validation was the IVR process.
switch# show system internal mts sup sap 110 description
IVR-SAP
Step 6 Analyze the device-alias validation failure. This analysis is dependent on the application that failed the
validation as well as the device-alias database configuration.
In this example, IVR is failing the validation. To troubleshoot this problem, begin by reviewing the
device-alias databases that are being merged. Use the show device-alias database command from
the switch managing the merge for each fabric.
switch# show device-alias database
device-alias name A1 pwwn 21:01:01:01:01:01:01:01
device-alias name A2 pwwn 21:01:01:01:01:01:01:02 => Pre-merge: A2 defined on switch-1
Total number of entries = 2
switch# show device-alias database
device-alias name A1 pwwn 21:01:01:01:01:01:01:01 => Pre-merge: A2 not defined on
switch-2
Total number of entries = 1
Because IVR is enabled on switch-2, review the IVR zone set.
switch# show ivr zoneset
zoneset name s1
zone name z1
pwwn 21:01:01:01:01:01:01:02 vsan 1 autonomous-fabric-id 1
device-alias A2 vsan 2 autonomous-fabric-id 1
Prior to the database merge, device-alias A2 is not defined on switch-2. Because of the merge between
switch-1 and switch-2, device-alias A2 becomes available on switch-2, and A2 is mapped to pWWN
21:01:01:01:01:01:01:02.
The device alias-based member A2 in the IVR zone z1 is resolved and mapped to pWWN
21:01:01:01:01:01:01:02, and is a member of VSAN 2. However, pWWN 21:01:01:01:01:01:01:02 is
already a member of VSAN 1. The mapping that occurs because of the device-alias merge makes the
IVR configuration illegal. The same pWWN cannot be a member of multiple VSANs.
In the case when IVR configuration is illegal, the pWWN in VSAN 2 is defined using the device alias
(A2), while the member in VSAN 1 is defined using the actual pWWN. The IVR detects this situation
and rejects the device-alias validation. As a result, the device-alias merge fails.
SWWN: 20:00:00:0d:ec:04:99:40 Failed SAP: 110 Reason: inter-VSAN zone ==>Switch and
SAP member cannot be in more than one VSAN Expln: ==>Reason
Step 3 Review the syslog on the switch in which the validation is rejected.
This example shows that the following syslog is printed on switch-2:
2007 Apr 10 19:13:08 switch-2 %DEVICE-ALIAS-3-VALIDATION_REJECTED: Failed
SAP: 110 Reason: inter-VSAN zone member cannot be in more than one VSAN ==>SAP and
reason
Step 4 Compare the existing device-alias database (including the desired changes) and the application
configuration to find the conflict.
This example uses the show device-alias database and show ivr zoneset commands along with the
console logs of the device-alias database changes made prior to the commit. The comparison shows
that the definition of the new device-alias A2 results in the resolution of the enhanced device-alias
member A2 in the IVR zone z1 to pWWN 21:01:01:01:01:01:01:02, which is already a member of
zone z1. The pWWN is directly defined as a member of VSAN 1, while the enhanced device-alias
A2 is defined as a member of VSAN 2. This configuration is not allowed in the IVR. The IVR detects
the configuration problem and rejects the device-alias database validation.
switch# show device-alias database ===> existing device alias database
device-alias name A1 pwwn 21:01:01:01:01:01:01:01
Total number of entries = 1
switch# show ivr zoneset ===> display existing IVR zone set
zoneset name s1
zone name z1
pwwn 21:01:01:01:01:01:01:02 vsan 1 autonomous-fabric-id 1
device-alias A2 vsan 2 autonomous-fabric-id 1
switch# configure
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# device-alias database
switch(config-device-alias-db)# device-alias name A2 pwwn 21:01:01:01:01:01:01:02
switch(config-device-alias-db)# exit
switch(config)# device-alias commit
inter-VSAN zone member cannot be in more than one VSAN
Step 5 Correct the conflict by making adjustments to the application configuration, or by making changes to
the device-alias database, and running the device-alias commit command again.
Fabric Shortest Path First (FSPF) is the standard path selection protocol used by Fibre Channel fabrics.
The FSPF feature is enabled by default on all Fibre Channel switches. Except in configurations that
require special consideration, you do not need to configure any FSPF services. FSPF automatically
calculates the best path between any two switches in a fabric. Specifically, FSPF is used to:
• Dynamically compute routes throughout a fabric by establishing the shortest and quickest path
between any two switches.
• Select an alternative path in the event of the failure of a given path. FSPF supports multiple paths
and automatically computes an alternative path around a failed link. It provides a preferred route
when two equal paths are available.
This chapter provides details on Fibre Channel routing services and protocols. It includes the following
sections:
• About FSPF, page 6-2
• FSPF Global Configuration, page 6-4
• FSPF Interface Configuration, page 6-6
• FSPF Routes, page 6-10
• In-Order Delivery, page 6-12
• Flow Statistics Configuration, page 6-16
• Default Settings, page 6-20
About FSPF
FSPF is the protocol currently standardized by the T11 committee for routing in Fibre Channel networks.
The FSPF protocol has the following characteristics and features:
• Supports multipath routing.
• Bases path status on a link state protocol.
• Routes hop by hop, based only on the domain ID.
• Runs only on E ports or TE ports and provides a loop free topology.
• Runs on a per VSAN basis. Connectivity in a given VSAN in a fabric is guaranteed only for the
switches configured in that VSAN.
• Uses a topology database to keep track of the state of the links on all switches in the fabric and
associates a cost with each link.
• Guarantees a fast reconvergence time in case of a topology change. Uses the standard Dijkstra
algorithm, but there is a static dynamic option for a more robust, efficient, and incremental Dijkstra
algorithm. The reconvergence time is fast and efficient as the route computation is done on a per
VSAN basis.
FSPF Examples
This section provides examples of topologies and applications that demonstrate the benefits of FSPF.
A B C
79541
D E
For example, if all links are of equal speed, the FSPF calculates two equal paths from A to C: A-D-C
(green) and A-E-C (blue).
Redundant Links
To further improve on the topology in Figure 6-1, each connection between any pair of switches can be
replicated; two or more links can be present between a pair of switches. Figure 6-2 shows this
arrangement. Because switches in the Cisco MDS 9000 Family support PortChanneling, each pair of
physical links can appear to the FSPF protocol as one single logical link.
By bundling pairs of physical links, FSPF efficiency is considerably improved by the reduced database
size and the frequency of link updates. Once physical links are aggregated, failures are not attached to a
single link but to the entire PortChannel. This configuration also improves the resiliency of the network.
The failure of a link in a PortChannel does not trigger a route change, thereby reducing the risks of
routing loops, traffic loss, or fabric downtime for route reconfiguration.
A B C
1
2
4 3
79542
D E
For example, if all links are of equal speed and no PortChannels exist, the FSPF calculates four equal
paths from A to C: A1-E-C, A2-E-C, A3-D-C, and A4-D-C. If PortChannels exist, these paths are
reduced to two.
Switch 1 Switch 2
Table 6-1 Physically Removing the Cable for the SmartBits Scenario
Table 6-2 Shutting Down the Switch for the SmartBits Scenario
Note FSPF is enabled by default. Generally, you do not need to configure these advanced features.
Caution The default for the backbone region is 0 (zero). You do not need to change this setting unless your region
is different from the default. If you are operating with other vendors using the backbone region, you can
change this default to be compatible with those settings.
The LSR minimum arrival time is the period between receiving LSR updates on this VSAN. Any LSR
updates that arrive before the LSR minimum arrival time are discarded.
The LSR minimum interval time is the frequency at which this switch sends LSR updates on a VSAN.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# fspf config vsan 1 Enters FSPF global configuration mode for the
specified VSAN.
Step 3 switch-config-(fspf-config)# spf static Forces static SPF computation for the dynamic
(default) incremental VSAN.
Step 4 switch-config-(fspf-config)# spf hold-time 10 Configures the hold time between two route
computations in milliseconds (msec) for the
entire VSAN. The default value is 0.
Note If the specified time is shorter, the
routing is faster. However, the processor
consumption increases accordingly.
Step 5 switch-config-(fspf-config)# region 7 Configures the autonomous region for this
VSAN and specifies the region ID (7).
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# no fspf config vsan 3 Deletes the FSPF configuration for VSAN 3.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# fspf enable vsan 7 Enables the FSPF routing protocol in VSAN 7.
switch(config)# no fspf enable vsan 5 Disables the FSPF routing protocol in VSAN 5.
Command Purpose
Step 1 switch# clear fspf counters vsan 1 Clears the FSPF statistics counters for
the specified VSAN. If an interface
reference is not specified, all counters
are cleared.
• 1 Gbps - 1000
• 2 Gbps - 500
• 4 Gbps - 250
• 8 Gbps - 125
• 10 Gbps - 100
• 16 Gbps - 62
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# interface fc1/4 Configures the specified interface, or if already
switch(config-if)# configured, enters configuration mode for the
specified interface.
Step 3 switch(config-if)# fspf cost 5 vsan 90 Configures the cost for the selected interface in
VSAN 90.
Note This value must be the same in the ports at both ends of the ISL.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# interface fc1/4 Configures the specified interface, or if
switch(config-if)# already configured, enters configuration
mode for the specified interface.
Step 3 switch(config-if)# fspf hello-interval 15 vsan 175 Specifies the hello message interval (15
switch(config-if)# seconds) to verify the health of the link in
VSAN 175. The default is 20 seconds.
Note • This value must be the same in the ports at both ends of the ISL.
• An error is reported at the command prompt if the configured dead time interval is less than the hello
time interval
• During a software upgrade, ensure that the fspf dead-interval is greater than the ISSU downtime (80
seconds). If the fspf dead-interval is lesser than the ISSU downtime, the software upgrade fails and
the following error is displayed:
Error Message Service "fspf" returned error: Dead interval for interface is less than
ISSU upgrade time.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# interface fc1/4 Configures the specified interface, or if already
switch(config-if)# configured, enters configuration mode for the
specified interface.
Step 3 switch(config-if)# fspf dead-interval 25 Specifies the maximum interval for VSAN 7 before
vsan 7 which a hello message must be received on the
switch(config-if)#
selected interface before the neighbor is considered
lost. The default is 80 seconds.
Note This value must be the same on the switches on both ends of the interface.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# interface fc1/4 Configures the specified interface, or if already
switch(config-if)# configured, enters configuration mode for the
specified interface.
Step 3 switch(config-if)# fspf retransmit-interval Specifies the retransmit time interval for
15 vsan 12 unacknowledged link state updates in VSAN
switch(config-if)#
12. The default is 5 seconds.
Note FSPF must be enabled at both ends of the interface for the protocol to work.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# interface fc1/4 Configures a specified interface, or if already
switch(config-if)# configured, enters configuration mode for the
specified interface.
Step 3 switch(config-if)# fspf passive vsan 1 Disables the FSPF protocol for the specified interface
switch(config-if)# in the specified VSAN.
switch(config-if)# no fspf passive vsan 1 Reenables the FSPF protocol for the specified
switch(config-if)# interface in the specified VSAN.
You can disable the FSPF protocol for selected interfaces. By default, FSPF is enabled on all E ports and
TE ports. This default can be disabled by setting the interface as passive.
Command Purpose
Step 1 switch# clear fspf counters vsan 200 interface fc1/1 Clears the FSPF statistics counters for
the specified interface in VSAN 200.
FSPF Routes
FSPF routes traffic across the fabric, based on entries in the FSPF database. These routes can be learned
dynamically, or configured statically.
This section includes the following topics:
• About Fibre Channel Routes, page 6-10
• About Broadcast and Multicast Routing, page 6-11
• About Broadcast and Multicast Routing, page 6-11
• About Multicast Root Switch, page 6-11
• Setting the Multicast Root Switch, page 6-11
Domain ID 7
fc1/1
Domain ID 1 Domain ID 3
79944
FC ID 111211
Note Other than in VSANs, runtime checks are not performed on configured and suspended static routes.
Caution All switches in the fabric should run the same multicast and broadcast distribution tree algorithm to
ensure the same distribution tree.
To interoperate with other vendor switches (following FC-SW3 guidelines), the SAN-OS and NX-OS
4.1(1b) and later software uses the lowest domain switch as the root to compute the multicast tree in
interop mode.
Note The operational mode can be different from the configured interop mode. The interop mode always uses
the lowest domain switch as the root.
Use the mcast root lowest vsan command to change the multicast root from the principal switch to
lowest domain switch.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# mcast root lowest vsan 1 Uses the lowest domain switch to compute
the multicast tree.
switch(config)# mcast root principal vsan 1 Defaults to using the principal switch to
compute the multicast tree.
To display the configured and operational multicast mode and the selected root domain, use the show
mcast command.
switch# show mcast vsan 1
Multicast root for VSAN 1
Configured root mode : Principal switch
Operational root mode : Principal switch
Root Domain ID : 0xef(239)
In-Order Delivery
In-Order Delivery (IOD) of data frames guarantees frame delivery to a destination in the same order that
they were sent by the originator.
Some Fibre Channel protocols or applications cannot handle out-of-order frame delivery. In these cases,
switches in the Cisco MDS 9000 Family preserve frame ordering in the frame flow. The source ID (SID),
destination ID (DID), and optionally the originator exchange ID (OX ID) identify the flow of the frame.
On any given switch with IOD enabled, all frames received by a specific ingress port and destined to a
certain egress port are always delivered in the same order in which they were received.
Use IOD only if your environment cannot support out-of-order frame delivery.
Tip If you enable the in-order delivery feature, the graceful shutdown feature is not implemented.
Old path
Switch 1 Switch 2 Switch 3
Frame 2 Frame 1 New path
Frame 4 Frame 3
85474
Switch 4
In Figure 6-5, the new path from Switch 1 to Switch 4 is faster. In this scenario, Frame 3 and Frame 4
may be delivered before Frame 1 and Frame 2.
If the in-order guarantee feature is enabled, the frames within the network are treated as follows:
• Frames in the network are delivered in the order in which they are transmitted.
• Frames that cannot be delivered in order within the network latency drop period are dropped inside
the network.
99278
Switch 1 Switch 2
In Figure 6-6, the port of the old path (red dot) is congested. In this scenario, Frame 3 and Frame 4 can
be delivered before Frame 1 and Frame 2.
The in-order delivery feature attempts to minimize the number of frames dropped during PortChannel
link changes when the in-order delivery is enabled by sending a request to the remote switch on the
PortChannel to flush all frames for this PortChannel.
Note Both switches on the PortChannel must be running Cisco SAN-OS Release 3.0(1) for this IOD
enhancement. For earlier releases, IOD waits for the switch latency period before sending new frames.
When the in-order delivery guarantee feature is enabled and a PortChannel link change occurs, the
frames crossing the PortChannel are treated as follows:
• Frames using the old path are delivered before new frames are accepted.
• The new frames are delivered through the new path after the switch latency drop period has elapsed
and all old frames are flushed.
Frames that cannot be delivered in order through the old path within the switch latency drop period are
dropped. See the “Configuring the Drop Latency Time” section on page 6-15.
Tip We recommend that you only enable this feature when devices that cannot handle any out-of-order
frames are present in the switch. Load-balancing algorithms within the Cisco MDS 9000 Family ensure
that frames are delivered in order during normal fabric operation. The load-balancing algorithms based
on source FC ID, destination FC ID, and exchange ID are enforced in hardware without any performance
degradation. However, if the fabric encounters a failure and this feature is enabled, the recovery will be
delayed because of an intentional pausing of fabric forwarding to purge the fabric of resident frames that
could potentially be forwarded out-of-order.
Note Enable in-order delivery on the entire switch before performing a downgrade to Cisco MDS SAN-OS
Release 1.3(3) or earlier.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# in-order-guarantee Enables in-order delivery in the switch.
switch(config)# no in-order-guarantee Reverts the switch to the factory defaults
and disables the in-order delivery feature.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# in-order-guarantee vsan 3452 Enables in-order delivery in VSAN 3452.
switch(config)# no in-order-guarantee vsan 101 Reverts the switch to the factory defaults
and disables the in-order delivery feature in
VSAN 101.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# fcdroplatency network 5000 Configures network drop latency time to be 5000
msec for the network. The valid range is 0 to 60000
msec. The default is 2000 msec.
Note The network drop latency must be
computed as the sum of all switch latencies
of the longest path in the network.
switch(config)# fcdroplatency network 6000 Configures network drop latency time to be 6000
vsan 3 msec for VSAN 3.
switch(config)# no fcdroplatency network Removes the current fcdroplatecy network
4500 configuration (4500) and reverts the switch to the
factory defaults.
Note For each session, fcflow counter will increment only on locally connected devices and should be
configured on the switch where the initiator is connected.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# fcflow stats aggregated module 1 Enables the aggregated flow counter.
index 1005 vsan 1
switch(config)#
switch(config)# no fcflow stats aggregated module Disables the aggregated flow counter.
1 index 1005 vsan 1
switch(config)#
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# fcflow stats module 1 index 1 Enables the flow counter.
0x145601 0x5601ff 0xffffff vsan 1
switch(config)# Note The source ID and the destination
ID are specified in FC ID hex
format (for example, 0x123aff).
The mask can be one of 0xff0000 or
0xffffff.
switch(config)# no fcflow stats aggregated module Disables the flow counter.
2 index 1001 vsan 2
switch(config)#
Example 6-3 Clears Flow Counters for Source and Destination FC IDs
Example 6-4 Displays Aggregated Flow Details for the Specified Module
Example 6-6 Displays Flow Index Usage for the Specified Module
Tip If the Min_LS_interval is higher than 10 seconds, the graceful shutdown feature is not
implemented.
Protocol constants :
LS_REFRESH_TIME = 1800 sec
MAX_AGE = 3600 sec
Statistics counters :
Number of LSR that reached MaxAge = 0
Number of SPF computations = 7
Number of Checksum Errors = 0
Number of Transmitted packets : LSU 65 LSA 55 Hello 474 Retranmsitted LSU 0
Number of received packets : LSU 55 LSA 60 Hello 464 Error packets 10
Default Settings
Table 6-4 lists the default settings for FSPF features.
Parameters Default
FSPF Enabled on all E ports and TE ports.
SPF computation Dynamic.
SPF hold time 0.
Backbone region 0.
Acknowledgment interval (RxmtInterval) 5 seconds.
Refresh time (LSRefreshTime) 30 minutes.
Maximum age (MaxAge) 60 minutes.
Hello interval 20 seconds.
Dead interval 80 seconds.
Distribution tree information Derived from the principal switch (root node).
Routing table FSPF stores up to 16 equal cost paths to a given
destination.
Parameters Default
Load balancing Based on destination ID and source ID on different, equal
cost paths.
In-order delivery Disabled.
Drop latency Disabled.
Static route cost If the cost (metric) of the route is not specified, the
default is 10.
Remote destination switch If the remote destination switch is not specified, the
default is direct.
Multicast routing Uses the principal switch to compute the multicast tree.
About DWDM
Dense Wavelength-Division Multiplexing (DWDM) multiplexes multiple optical carrier signals on a
single optical fiber. DWDM uses different wavelengths to carry various signals.
To establish a DWDM link, both ends of an Inter Switch Link (ISL) need to be connected with DWDM
SFPs (small form-factor pluggable) at each end of the link. To identify a DWDM link, Fabric Manager
discovers the connector type on the Fiber Channel (FC) ports. If the ISL link is associated with the FC
ports at each end, then the FC port uses DWDM SFP to connect the links.
Fabric Manager Server discovers FC ports with DWDM SFPs and the ISLs associated with the FC ports.
The Fabric Manager Client displays ISL with DWDM attribute on the topology map.
Note The Fabric Shortest Path First (FSPF) database only displays an ISL link, which is connected with
DWDM SFPs at both ends.
Command Purpose
Step 1 switch# config t Enters configuration mode.
Step 2 switch(config)# module 1 Configures the link to fuction as X2 Ethernet.
transceiver-frequency x2-eth
switch(config)# module 1 Configures (default) the link to function as X2
transceiver-frequency x2-fc FC.
Note This feature is not supported in other than MDS 9134 modules. In MDS 9134 modules, the 10-Gigabit
Ethernet ports must be in down state when you configure the X2 transceiver frequency.
This chapter describes the fabric login (FLOGI) database, the name server features, the Fabric-Device
Management Interface, and Registered State Change Notification (RSCN) information provided in the
Cisco MDS 9000 Family. It includes the following sections:
• About FLOGI, page 8-1
• Displaying FLOGI Details, page 8-1
• Name Server, page 8-3
• FDMI, page 8-8
• Displaying FDMI, page 8-8
• RSCN, page 8-10
• Default Settings, page 8-18
• Enabling Port Pacing, page 8-19
About FLOGI
In a Fibre Channel fabric, each host or disk requires an Fibre Channel ID. Use the show flogi command
to verify if a storage device is displayed in the FLOGI table as in the next section. If the required device
is displayed in the FLOGI table, the fabric login is successful. Examine the FLOGI database on a switch
that is directly connected to the host HBA and connected ports.
For more information, see the “Default Company ID List” section on page 11-9 and refer to the “Loop
Monitoring” section in the Cisco MDS 9000 Family Troubleshooting Guide.
Name Server
The name server functionality maintains a database containing the attributes for all hosts and storage
devices in each VSAN. Name servers allow a database entry to be modified by a device that originally
registered the information.
The proxy feature is useful when you want to modify (update or delete) the contents of a database entry
that was previously registered by a different device.
This section includes the following topics:
• Bulk Notification Sent from the Name Server, page 8-3
• Enabling Name Server Bulk Notification, page 8-3
• Disabling Name Server Bulk Notification, page 8-4
• Registering Name Server Proxies, page 8-5
• About Rejecting Duplicate pWWN, page 8-5
• Rejecting Duplicate pWWNs, page 8-5
• Name Server Database Entries, page 8-5
• Optimizing Name Server Database Sync, page 8-6
• Verifying the Number of Name Server Database Entries, page 8-6
• Displaying Name Server Database Entries, page 8-6
Note From NX-OS Release 6.2(9) onwards, bulk notification is enabled by default.
Restrictions
• Whenever the intelligent applications such as the DMM, IOA, and SME are enabled, the bulk
notification feature is not supported.
• Any configuration present in the FC-Redirect, conflicts with the bulk notification feature.
Detailed Steps
To enable the name server bulk notification, follow these steps for NX-OS Release 6.2(1) to 6.2(7):
Command Purpose
Step 1 switch# config t Enters configuration mode.
Step 2 switch(config)# fcns bulk-notify Enables the transmission of multiple name server entry
switch(config)# change notification in one Messaging and Transaction
Services (MTS) payload.
To disable the name server bulk notification, follow these steps for NX-OS Release 6.2(1) to 6.2(7):
Command Purpose
Step 1 switch# config t Enters configuration mode.
Step 2 switch(config)# no fcns bulk-notify Disables the transmission of multiple name server entry
switch(config)# change notification in one Messaging and Transaction
Services (MTS) payload.
To disable the name server bulk notification, follow these steps for NX-OS Release 6.2(9) and later:
Command Purpose
Step 1 switch# config t Enters configuration mode.
Step 2 switch(config)# fcns no-bulk-notify Disables the transmission of multiple name server entry
switch(config)# change notification in one Messaging and Transaction
Services (MTS) payload.
To re-enable once it is disabled already for NX-OS Release 6.2(9) and later, follow these steps:
Command Purpose
Step 1 switch# config t Enters configuration mode.
Step 2 switch(config)# no fcns no-bulk-notify Re-enables the transmission of multiple name server entry
switch(config)# change notification in one Messaging and Transaction
Services (MTS) payload.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# fcns proxy-port Configures a proxy port for the specified
21:00:00:e0:8b:00:26:d0 vsan 2 VSAN.
Command Purpose
Step 1 switch# configure terminal Enters configuration mode.
switch(config)#
Step 2 switch(config)# fcns reject-duplicate-pwwn vsan 1 Any future flogi (with duplicate pwwn) on
different switch, will be rejected and earlier
FLOGI retained (default).
switch(config)# no fcns reject-duplicate-pwwn Any future flogi (with duplicate pwwn) on
vsan 1 different switch, will be allowed to succeed
by deleting earlier FCNS entry.
But you can still see the earlier entry in
FLOGI database in the other switch.
Command Purpose
Step 1 switch(config)# scsi-target discovery Enables a switch to discover fc4-feature for
remote devices also. But this would not be
the default behavior if the users reload or
switchover the switch.
Step 2 switch(config)# scsi-target discovery local-only Switches back to the default behavior.
Command Purpose
Step 1 switch# show fcns internal info global Displays the number of device entries in the
name server database.
Step 2 switch# show fcns internal info Displays the number of devices in the name
server database at the end of the output.
Example 8-6 Displays the Name Server Database for the Specified VSAN
VSAN 1:
--------------------------------------------------------------------------
FCID TYPE PWWN (VENDOR) FC4-TYPE:FEATURE
--------------------------------------------------------------------------
0x030001 N 10:00:00:05:30:00:25:a3 (Cisco) ipfc
0x030101 NL 10:00:00:00:77:99:60:2c (Interphase)
0x030200 N 10:00:00:49:c9:28:c7:01
0xec0001 NL 21:00:00:20:37:a6:be:14 (Seagate) scsi-fcp
FDMI
Cisco MDS 9000 Family switches provide support for the Fabric-Device Management Interface (FDMI)
functionality, as described in the FC-GS-4 standard. FDMI enables management of devices such as Fibre
Channel host bus adapters (HBAs) through in-band communications. This addition complements the
existing Fibre Channel name server and management server functions.
Using the FDMI functionality, the Cisco NX-OS software can extract the following management
information about attached HBAs and host operating systems without installing proprietary host agents:
• Manufacturer, model, and serial number
• Node name and node symbolic name
• Hardware, driver, and firmware versions
• Host operating system (OS) name and version number
All FDMI entries are stored in persistent storage and are retrieved when the FDMI process is started.
Displaying FDMI
Use the show fdmi command to display the FDMI database information (see Examples 8-9 to 8-11).
RSCN
The Registered State Change Notification (RSCN) is a Fibre Channel service that informs hosts about
changes in the fabric. Hosts can receive this information by registering with the fabric controller
(through SCR). These notifications provide a timely indication of one or more of the following events:
• Disks joining or leaving the fabric.
• A name server registration change.
• A new zone enforcement.
• IP address change.
• Any other similar event that affects the operation of the host.
This section includes the following topics:
• About RSCN Information, page 8-10
• Displaying RSCN Information, page 8-10
• multi-pid Option, page 8-11
• Suppressing Domain Format SW-RSCNs, page 8-12
• Coalesced SW-RSCN, page 8-12
• Enabling Coalesced SW-RSCNs, page 8-12
• Disabling Coalesced SW-RSCNs, page 8-13
• Clearing RSCN Statistics, page 8-13
• RSCN Timer Configuration Distribution Using CFS, page 8-14
• Verifying the RSCN Timer Configuration, page 8-15
• RSCN Timer Configuration Distribution, page 8-15
Note The switch sends an RSCN to notify registered nodes that a change has occurred. It is up to the nodes to
query the name server again to obtain the new information. The details of the changed information are
not delivered by the switch in the RSCN sent to the nodes.
---------------------------------------------
0x1b0300 fabric detected rscns
Total number of entries = 1
Note The SCR table is not configurable. It is populated when hosts send SCR frames with RSCN information.
If hosts do not receive RSCN information, then the show rscn scr-table command will not return entries.
multi-pid Option
If the RSCN multi-pid option is enabled, then RSCNs generated to the registered Nx ports may contain
more than one affected port IDs. In this case, zoning rules are applied before putting the multiple affected
port IDs together in a single RSCN. By enabling this option, you can reduce the number of RSCNs. For
example: Suppose you have two disks (D1, D2) and a host (H) connected to switch 1. Host H is registered
to receive RSCNs. D1, D2 and H belong to the same zone. If disks D1 and D2 are online at the same
time, then one of the following applies:
• The multi-pid option is disabled on switch 1: two RSCNs are generated to host H—one for the disk
D1 and another for disk D2.
• The multi-pid option is enabled on switch 1: a single RSCN is generated to host H, and the RSCN
payload lists the affected port IDs (in this case, both D1 and D2).
Note Some Nx ports may not understand multi-pid RSCN payloads. If not, disable the RSCN multi-pid
option.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# rscn multi-pid vsan 105 Sends RSCNs in a multi-pid format for VSAN 105.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# rscn suppress Suppresses transmission of domain format SW-RSCNs
domain-swrscn vsan 105 for VSAN 105.
Note You cannot suppress transmission of port address or area address format RSCNs.
Coalesced SW-RSCN
In order to improve the performance of the Fibre Channel protocols on the Cisco MDS 9000 switch,
SW-RSCNs are delayed, collected and sent as a single coalesced SW-RSCN to all the switches in the
fabric in a single Fibre Channel exchange.
• All the switches in the fabric should be running Cisco MDS 6.2(7) and above.
• This feature does not have interoperability with non-Cisco MDS switches.
Detailed Steps
Command Purpose
Step 1 switch# config t Enters configuration mode.
Step 2 switch(config)# rscn coalesce swrscn Enables coalescing of Switch Registered State Change
vsan 1 Notification (SWRSCN) in VSAN 1. The default delay is
switch(config)#
500 milliseconds.
Step 3 switch(config)# rscn coalesce swrscn Enables coalescing of Switch Registered State Change
vsan 1 delay 800 Notification (SWRSCN) in VSAN 1. Delays the
switch(config)#
SW-RSCNs maximum by 800 milliseconds.
Note All the switches running 6.2(7) and above are capable of processing coalesced SW-RSCN by default, but
they are capable of sending coalesced SW-RSCN only after enabling through CLI.
Command Purpose
Step 1 switch# config t Enters configuration mode.
Step 2 switch(config)# no rscn coalesce Disables coalescing of Switch Registered State Change
swrscn vsan 1 Notification (SWRSCN) in VSAN 1.
switch(config)#
After clearing the RSCN statistics, you can view the cleared counters by issuing the show rscn
command.
switch# show rscn statistics vsan 1
Statistics for VSAN: 1
-------------------------
Number of SCR received = 0
Number of SCR ACC sent = 0
Number of SCR RJT sent = 0
Number of RSCN received = 0
Number of RSCN sent = 0
Number of RSCN ACC received = 0
Number of RSCN ACC sent = 0
Note All configuration commands are not distributed. Only the rscn event-tov tov vsan vsan command is
distributed.
The RSCN timer is registered with CFS during initialization and switchover. For high availability, if the
RSCN timer distribution crashes and restarts or a switchover occurs, it resumes normal functionality
from the state prior to the crash or switchover.
Note Before performing a downgrade, make sure that you revert the RCSN timer value in your network to the
default value. Failure to do so will disable the links across your VSANs and other devices.
Compatibility across various Cisco MDS NX-OS releases during an upgrade or downgrade is supported
by conf-check provided by CFS. If you attempt to downgrade from Cisco MDS SAN-OS Release 3.0,
you are prompted with a conf-check warning. You are required to disable RSCN timer distribution
support before you downgrade.
By default, the RSCN timer distribution capability is disabled and is therefore compatible when
upgrading from any Cisco MDS SAN-OS release earlier than Release 3.0.
Note The RSCN timer value must be the same on all switches in the VSAN. See the “RSCN Timer
Configuration Distribution” section on page 8-15.
Note Before performing a downgrade, make sure that you revert the RCSN timer value in your network to the
default value. Failure to do so will disable the links across your VSANs and other devices.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# rscn distribute Enables RSCN timer configuration distribution.
Step 3 switch(config)# rscn event-tov 300 vsan 10 Sets the event time-out value in milliseconds for
the selected VSAN. In this example, the event
time-out value is set to 300 milliseconds for
VSAN 12. The range is 0 to 2000 milliseconds.
Setting a zero (0) value disables the timer.
switch(config)# no rscn event-tov 300 vsan 10 Reverts to the default value (2000 milliseconds
for Fibre Channel VSANs or 1000 milliseconds
for FICON VSANs).
Step 4 switch(config)# rscn commit vsan 10 Commits the RSCN timer configuration to be
distributed to the switches in VSAN 10.
RSCN supports two modes, distributed and nondistributed. In distributed mode, RSCN uses CFS to
distribute configuration to all switches in the fabric. In nondistributed mode, only the configuration
commands on the local switch are affected.
Note All configuration commands are not distributed. Only the rscn event-tov tov vsan vsan command is
distributed.
The RSCN timer is registered with CFS during initialization and switchover. For high availability, if the
RSCN timer distribution crashes and restarts or a switchover occurs, it resumes normal functionality
from the state prior to the crash or switchover.
Note You can determine the compatibility when downgrading to an earlier Cisco MDS NX-OS release using
show incompatibility system command. You must disable RSCN timer distribution support before
downgrading to an earlier release.
Note By default, the RSCN timer distribution capability is disabled and is compatible when upgrading from
any Cisco MDS SAN-OS release earlier than 3.0.
Note For CFS distribution to operate correctly for the RSCN timer configuration, all switches in the fabric
must be running Cisco SAN-OS Release 3.0(1) or later, or Cisco NX-OS 4.1(1b).
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# rscn distribute Enables RSCN timer distribution.
switch(config)# no rscn distribute Disables (default) RSCN timer distribution.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# rscn commit vsan 10 Commits the RSCN timer changes.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# rscn abort vsan 10 Discards the RSCN timer changes and clears the
pending configuration database.
Tip The pending database is only available in the volatile directory and are subject to being discarded if the
switch is restarted.
To use administrative privileges and release a locked DPVM session, use the clear rscn session vsan
command in EXEC mode.
switch# clear rscn session vsan 10
Enabled : Yes
Timeout : 5s
Merge Capable : Yes
Scope : Logical
Use the show rscn session status vsan command to display session status information for RSCN
configuration distribution.
Note A merge failure results when the RSCN timer values are different on the merging fabrics.
Use the show rscn pending command to display the set of configuration commands that would take
effect when you commit the configuration.
Note The pending database includes both existing and modified configuration.
Use the show rscn pending-diff command to display the difference between pending and active
configurations. The following example shows the time-out value for VSAN 10 was changed from 2000
milliseconds (default) to 300 milliseconds.
switch# show rscn pending-diff
- rscn event-tov 2000 ms vsan 10
+ rscn event-tov 300 ms vsan 10
Default Settings
Table 8-1 lists the default settings for RSCN.
Parameters Default
RSCN timer value 2000 milliseconds for Fibre Channel VSANs
1000 milliseconds for FICON VSANs
RSCN timer configuration distribution Disabled
This chapter describes the SCSI LUN discovery feature provided in switches in the Cisco MDS 9000
Family. It includes the following sections:
• About SCSI LUN Discovery, page 9-1
• Displaying SCSI LUN Information, page 9-2
Command Purpose
Step 1 switch# discover scsi-target local os all Discovers local SCSI targets for all
discovery started operating systems (OS). The operating
system options are aix, all, hpux, linux,
solaris, or windows
switch# discover scsi-target remote os aix Discovers remote SCSI targets assigned
discovery started to the AIX OS.
switch# discover scsi-target vsan 1 fcid 0x9c03d6 Discovers SCSI targets for the specified
discover scsi-target vsan 1 fcid 0x9c03d6 VSAN (1) and FC ID (0x9c03d6).
VSAN: 1 FCID: 0x9c03d6 PWWN:
00:00:00:00:00:00:00:00
PRLI RSP: 0x01 SPARM: 0x0012
SCSI TYPE: 0 NLUNS: 1
Vendor: Company 4 Model: ST318203FC Rev: 0004
Other: 00:00:02:32:8b:00:50:0a
switch# discover scsi-target custom-list os linux Discovers SCSI targets from the
discovery started customized list assigned to the Linux OS.
Command Purpose
Step 1 switch# discover custom-list add vsan 1 domain 0X123456 Adds the specified entry to the
custom list.
switch# discover custom-list delete vsan 1 domain 0X123456 Deletes the specified domain ID
from the custom list.
Note This command takes several minutes to complete, especially if the fabric is large or if several devices
are slow to respond.
VSAN 1:
--------------------------------------------------------------------------
FCID TYPE PWWN (VENDOR) FC4-TYPE:FEATURE
--------------------------------------------------------------------------
0xeb0000 N 21:01:00:e0:8b:2a:f6:54 (Qlogic) scsi-fcp:init
0xeb0201 NL 10:00:00:00:c9:32:8d:76 (Emulex) scsi-fcp:init
VSAN 7:
--------------------------------------------------------------------------
FCID TYPE PWWN (VENDOR) FC4-TYPE:FEATURE
--------------------------------------------------------------------------
0xed0001 NL 21:00:00:04:cf:fb:42:f8 (Seagate) scsi-fcp:target
VSAN 2002:
--------------------------------------------------------------------------
FCID TYPE PWWN (VENDOR) FC4-TYPE:FEATURE
--------------------------------------------------------------------------
0xcafe00 N 20:03:00:05:30:00:2a:20 (Cisco) FICON:CUP
Example 9-4 Displays the Discovered LUNs for All Operating Systems
--------------------------------------------------------------------------------
WIN 0x0 36704 Online 3JA1B9QA00007338 C:1 A:0 T:3 20:00:00:04:cf:fb:42:f8
AIX 0x0 36704 Online 3JA1B9QA00007338 C:1 A:0 T:3 20:00:00:04:cf:fb:42:f8
SOL 0x0 36704 Online 3JA1B9QA00007338 C:1 A:0 T:3 20:00:00:04:cf:fb:42:f8
LIN 0x0 36704 Online 3JA1B9QA00007338 C:1 A:0 T:3 20:00:00:04:cf:fb:42:f8
HP 0x0 36704 Online 3JA1B9QA00007338 C:1 A:0 T:3 20:00:00:04:cf:fb:42:f8
The following command displays the port WWN that is assigned to each OS (Windows, AIX, Solaris,
Linux, or HPUX)
Use the show scsi-target auto-poll command to verify automatic discovery of SCSI targets that come
online. The internal uuid number indicates that a CSM or an IPS module is in the chassis.
Fibre Connection (FICON) interface capabilities enhance the Cisco MDS 9000 Family by supporting
both open systems and mainframe storage network environments. The control unit port (CUP) also is
supportedy which allows in-band management of the switch from FICON processors.
This chapter includes the following sections:
• About FICON, page 10-1
• FICON Port Numbering, page 10-7
• Configuring FICON, page 10-15
• Configuring FICON Ports, page 10-24
• FICON Configuration Files, page 10-32
• Port Swapping, page 10-36
• FICON Tape Acceleration, page 10-38
• Configuring XRC Acceleration, page 10-42
• Moving a FICON VSAN to an Offline State, page 10-42
• CUP In-Band Management, page 10-42
• Displaying FICON Information, page 10-44
• Default Settings, page 10-51
About FICON
The Cisco MDS 9000 Family supports the Fibre Channel Protocol (FCP), FICON, iSCSI, and FCIP
capabilities within a single, high-availability platform (see Figure 10-1).
The FICON feature is not supported on:
• Cisco MDS 9120 switches
• Cisco MDS 9124 switches
• Cisco MDS 9140 switches
• The 32-port Fibre Channel switching module
• Cisco Fabric Switch for HP c-Class BladeSystem
• Cisco Fabric Switch for IBM BladeSystem
FCP and FICON are different FC4 protocols and their traffic is independent of each other. Devices using
these protocols should be isolated using VSANs.
The fabric binding feature helps prevent unauthorized switches from joining the fabric or disrupting
current fabric operations (refer to the Cisco MDS 9000 Family NX-OS Security Configuration Guide).
The Registered Link Incident Report (RLIR) application provides a method for a switch port to send an
LIR to a registered Nx port.
FICON VSAN
Mainframe Control
systems unit
Open Open
systems storage
105211
This section includes the following topics:
• FICON Requirements, page 10-2
• MDS-Specific FICON Advantages, page 10-3
• FICON Cascading, page 10-7
• FICON VSAN Prerequisites, page 10-7
FICON Requirements
The FICON feature has the following requirements:
• You can implement FICON features in the following switches:
– Any switch in the Cisco MDS 9500 Series
– Any switch in the Cisco MDS 9200 Series (including the Cisco MDS 9222i Multiservice
Modular Switch)
– Cisco MDS 9134 Multilayer Fabric Switch
– MDS 9000 Family 18/4-Port Multiservice Module
• You need the MAINFRAME_PKG license to configure FICON parameters.
• To extend your FICON configuration over a WAN link using FCIP, you need the appropriate
SAN_EXTN_OVER_IP license for the module you are using. For more information, refer to the
Cisco NX-OS Family Licensing Guide.
VSANs enable global SAN consolidation by allowing you to convert existing SAN islands into virtual
SAN islands on a single physical network. It provides hardware-enforced security and separation
between applications or departments to allow coexistence on a single network. It also allows virtual
rewiring to consolidate your storage infrastructure. You can move assets between departments or
applications without the expense and disruption of physical relocation of equipment.
Note While you can configure VSANs in any Cisco MDS switch, you only can enable FICON inupto eight of
these VSANs. The number of VSANs configured depends on the platform.
Mainframe users can think of VSANs as being like FICON LPARs in the MDS SAN fabric. You can
partition switch resources into FICON LPARs (VSANs) that are isolated from each other, in much the
same way that you can partition resources on a zSeries or DS8000. Each VSAN has its own set of fabric
services (such as fabric server and name server), FICON CUP, domain ID, Fabric Shortest Path First
(FSPF) routing, operating mode, IP address, and security profile.
FICON LPARs can span line cards and are dynamic in size. For example, one FICON LPAR with 10
ports can span 10 different line cards. FICON LPARs can also include ports on more than one switch in
a cascaded configuration. The consistent fairness of the Cisco MDS 9000 switching architecture means
that “all ports are created equal,” simplifying provisioning by eliminating the “local switching” issues
seen on other vendors’ platforms.
Addition of ports to a FICON LPAR is a nondisruptive process. The maximum number of ports for a
FICON LPAR is 255 due to FICON addressing limitations.
FCIP Support
The multilayer architecture of the Cisco MDS 9000 Family enables a consistent feature set over a
protocol-agnostic switch fabric. Cisco MDS 9500 Series and 9200 Series switches transparently
integrate Fibre Channel, FICON, and Fibre Channel over IP (FCIP) in one system. The FICON over
FCIP feature enables cost-effective access to remotely located mainframe resources. With the Cisco
MDS 9000 Family platform, storage replication services such as IBM PPRC and XRC can be extended
over metro to global distances using ubiquitous IP infrastructure which simplifies business continuance
strategies.
Refer to the Cisco MDS 9000 Family NX-OS IP Services Configuration Guide.
PortChannel Support
The Cisco MDS implementation of FICON provides support for efficient utilization and increased
availability of Inter-Switch Links (ISLs) necessary to build stable large-scale SAN environments.
PortChannels ensure an enhanced ISL availability and performance in Cisco MDS switches.
Refer to the Cisco MDS 9000 Family NX-OS Interfaces Configuration Guide for more information on
PortChannels.
Tip When creating a mixed environment, place all FICON devices in one VSAN (other than the default
VSAN) and segregate the FCP switch ports in a separate VSAN (other than the default VSAN). This
isolation ensures proper communication for all connected devices.
zoning, read-only zones, and VSAN-based access control. Refer to the Cisco MDS 9000 Family
NX-OS Security Configuration Guide for information about RADIUS, TACACS+, FC-SP, and
DHCHAP.
Note LUN zoning and read-only zones are not supported from Cisco MDS NX-OS Release 5.x and later.
• Traffic encryption—IPSec is supported over FCIP. You can encrypt FICON and Fibre Channel
traffic that is carried over FCIP. Refer to the Cisco MDS 9000 Family NX-OS Security Configuration
Guide.
• Local accounting log—View the local accounting log to locate FICON events. For more information
about MSCHAP authentication, and local AAA services, refer to the Cisco MDS 9000 Family
NX-OS Security Configuration Guide.
• Unified storage management—Cisco MDS 9000 FICON-enabled switches are fully IBM CUP
standard compliant for in-band management using the IBM S/A OS/390 I/O operations console. See
the “CUP In-Band Management” section on page 10-42.
• Port address-based configurations—Configure port name, blocked or unblocked state, and the
prohibit connectivity attributes can be configured on the ports. See the “Configuring FICON Ports”
section on page 10-24.
• You can display the following information:
– Individual Fibre Channel ports, such as the port name, port number, Fibre Channel address,
operational state, type of port, and login data.
– Nodes attached to ports.
– Port performance and statistics.
• Configuration files—Store and apply configuration files. See the “FICON Configuration Files”
section on page 10-32.
• FICON and Open Systems Management Server features if installed. —See the “VSANs for FICON
and FCP Mixing” section on page 10-5.
• Enhanced cascading support—See the “CUP In-Band Management” section on page 10-42.
• Date and time—Set the date and time on the switch. See the “Allowing the Host to Control the
Timestamp” section on page 10-21.
• Configure SNMP trap recipients and community names—See the “Configuring SNMP Control of
FICON Parameters” section on page 10-22.
• Call Home configurations—Configure the director name, location, description, and contact person.
Refer to the Cisco MDS 9000 Family NX-OS System Management Configuration Guide.
• Configure preferred domain ID, FC ID persistence, and principal switch priority—For information
about configuring domain parameters, refer to the Cisco MDS 9000 Family NX-OS System
Management Configuration Guide.
• Sophisticated SPAN diagnostics—The Cisco MDS 9000 Family provides industry-first intelligent
diagnostics, protocol decoding, and network analysis tools as well as integrated Call Home
capability for added reliability, faster problem resolution, and reduced service costs. For information
about monitoring network traffic using SPAN, refer to the Cisco MDS 9000 Family NX-OS System
Management Configuration Guide.
• Configure R_A_TOV, E_D_TOV—— See the “Fibre Channel Time-Out Values” section on
page 11-1.
FICON Cascading
The Cisco MDS NX-OS software allows multiple switches in a FICON network. To configure multiple
switches, you must enable and configure fabric binding in that switch and refer to the Cisco MDS 9000
Family NX-OS Security Configuration Guide).
Tip You do not have to issue the copy running-config startup-config command to store the active zoneset.
However, you need to issue the copy running-config startup-config command to explicitly store full
zone sets. If there is more than one switch in a fabric, the copy running-config startup-config fabric
command should be issued. The fabric keyword causes the copy running-config startup-config
command to be issued on all the switches in the fabric, and also saves the full zone information to the
startup-config on all the switches in the fabric. This is important in the event of a switch reload or power
cycle.
• Enable in-order delivery on the VSAN. See Chapter 6, “Configuring Fibre Channel Routing
Services and Protocols.”
• Enable (and if required, configure) fabric binding on the VSAN. For more information about Fabric
Binding, refer to the Cisco MDS 9000 Family NX-OS Security Configuration Guide.
• Verify that conflicting persistent FC IDs do not exist in the switch. For information about
configuring domain parameters, refer to the Cisco MDS 9000 Family NX-OS System Management
Configuration Guide.
• Verify that the configured domain ID and requested domain ID match. For information about
configuring domain parameters, refer to the Cisco MDS 9000 Family NX-OS System Management
Configuration Guide.
• Add the CUP (area FE) to the zone, if you are using zoning. See the “CUP In-Band Management”
section on page 10-42.
If any of these requirements are not met, the FICON feature cannot be enabled.
Note You must enable FICON on the switch before reserving FICON port number (see the “About Enabling
FICON on a VSAN” section on page 10-15).
Figure 10-3 Default FICON Port Number in Numbering on the Cisco MDS 9000 Family Switch
The default FICON port number is assigned based on the front panel location of the port and is specific
to the slot in which the module resides. Thirty-two (32) port numbers are assigned to each slot on all
Cisco MDS 9000 Family switches except for the Cisco MDS 9513 Director, which has 16 port numbers
assigned for each slot. These default numbers are assigned regardless of the module’s physical presence
in the chassis, the port status (up or down), or the number of ports on the module (4, 12, 16, 24, or 48).
If a module has fewer ports than the number of port numbers assigned to the slot, then the excess port
numbers are unused. If a module has more ports than the number of port numbers assigned to the slot,
the excess ports cannot be used for FICON traffic unless you manually assign the port numbers.
Note You can use the ficon slot assign port-numbers command to make use of any excess ports by manually
assigning more port numbers to the slots. Before doing this, however, we recommend that you review
the default port number assignments for Cisco MDS 9000 switches shown in Table 10-3 on page 10-52
Table 10-1, and that you read the following sections to gain a complete understanding of FICON port
numbering: “About the Reserved FICON Port Numbering Scheme” section on page 10-11, “FICON Port
Numbering Guidelines” section on page 10-12, and “Assigning FICON Port Numbers to Slots” section
on page 10-12.
Note Only Fibre Channel, PortChannel, and FCIP ports are mapped to FICON port numbers. Other types of
interfaces do not have a corresponding port number.
Table 10-3 lists the default port number assignment for the Cisco MDS 9000 Family of switches and
directors.
Table 10-1 Default FICON Port Numbering in the Cisco MDS 9000 Family
Cisco MDS Slot 1 0 through 31 64 through 89 90 through 253 The first 4, 12, 16, or 24 port
9222i Series Slot 2 32 through 63 and port 255 numbers in a 4-port, 12-port,
16-port, or 24-port module are
used and the rest remain
unused. Extra 16 ports on
48-port modules are not
allocated numbers.
Cisco MDS Slot 1 0 through 31 128 through 153 154 through 253 Supervisor modules are not
9506 Director Slot 2 32 through 63 and port 255 allocated port numbers.
Slot 3 64 through 95
Slot 4 96 through 127
Slot 5 None
Slot 6 None
Cisco MDS Slot 1 0 through 33 34 through 59 60 through 253
9134 Director and port 255
Table 10-1 Default FICON Port Numbering in the Cisco MDS 9000 Family (continued)
Port Addresses
By default, port numbers are the same as port addresses. You can swap the port addresses (see the “Port
Swapping” section on page 10-36).
You can swap the port addresses by issuing the ficon swap portnumber command.
Note FICON port numbers are not changed for ports that are active. You must first disable the interfaces using
the shutdown command.
Note You can configure port numbers even when no module is installed in the slot.
Caution When you assign, change, or release a port number, the port reloads.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# ficon slot 3 assign Reserves FICON port numbers 0 through 15 and 48
port-numbers 0-15, 48-63 through 63 for up to 32 interfaces in slot 3.
switch(config)# ficon slot 3 assign Reserves FICON port numbers 0 through 15 for the
port-numbers 0-15, 17-32 first 16 interfaces and 17 through 32 for the next 16
interfaces in slot 3.
switch(config)# ficon slot 3 assign Reserves FICON port numbers 0 through 63 for up
port-numbers 0-63 to 64 interfaces in slot 3.
switch(config)# ficon slot 3 assign Changes the reserved FICON port numbers for up to
port-numbers 0-15, 56-63 24 interfaces in slot 3.
switch(config)# no ficon slot 3 assign Releases the FICON port numbers.
port-numbers 0-15, 56-63
Use the show ficon port-numbers assign slot command to display the port numbers assigned to a
specific slot.
switch# show ficon port-numbers assign slot 2
ficon slot 2 assign port-numbers 32-63
Use the show ficon port-numbers assign command to display the port numbers reserved for logical
ports.
switch# show ficon port-numbers assign logical-port
ficon logical-port assign port-numbers 128-153
Tip The show ficon vsan portaddress brief command displays the port number to interface mapping. You
can assign port numbers in the PortChannel/FCIP range that are not already assigned to a PortChannel
or FCIP interface (see Example 10-13 on page 10-45).
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# ficon logical-port assign Reserves port numbers 230 through 249 for FCIP
port-numbers 230-249 and PortChannel interfaces.
Command Purpose
Step 3 switch(config)# ficon logical-port assign Reserves port numbers 0xe6 through 0xf9 for FCIP
port-numbers 0xe6-0xf9 and PortChannel interfaces.
Note You cannot change port numbers that are
active. You must disable the interfaces using
the shutdown command and unbind port
numbers using the no ficon portnumber
command. See the “Configuring FICON
Ports” section on page 10-24.
Step 4 switch(config)# no ficon logical-port Releases the port numbers.
assign port-numbers 230-249
Note You cannot release port numbers for
interfaces that are active.You must disable
the interfaces using the shutdown command
and unbind port numbers using the no ficon
portnumber command. See the
“Configuring FICON Ports” section on
page 10-24.
FC ID Allocation
FICON requires a predictable and static FC ID allocation scheme. When FICON is enabled, the FC ID
allocated to a device is based on the port address of the port to which it is attached. The port address
forms the middle byte of the fabric address. Additionally, the last byte of the fabric address should be
the same for all devices in the fabric. By default, the last byte value is 0 and can be configured.
Cisco MDS switches have a dynamic FC ID allocation scheme. When FICON is enabled or disabled on
a VSAN, all the ports are shut down and restarted to switch from the dynamic to static FC IDs and vice
versa (see Figure 10-4).
5 0x44 0
113134
Configuring FICON
By default FICON is disabled in all switches in the Cisco MDS 9000 Family. You can enable FICON on
a per VSAN basis by using the Device Manager.
This section includes the following topics:
• About Enabling FICON on a VSAN, page 10-15
• Enabling FICON on the Switch, page 10-16
• Manually Enabling FICON on a VSAN, page 10-19
• Configuring the code-page Option, page 10-20
• Allowing the Host to Move the Switch Offline, page 10-20
• Allowing the Host to Change FICON Port Parameters, page 10-21
• Allowing the Host to Control the Timestamp, page 10-21
• Clearing the Time Stamp, page 10-21
• Configuring SNMP Control of FICON Parameters, page 10-22
• About FICON Device Allegiance, page 10-22
• Clearing FICON Device Allegiance, page 10-22
• Automatically Saving the Running Configuration, page 10-22
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# feature ficon Enables FICON globally on the switch.
Step 3 switch(config)# no feature ficon Disables FICON globally on the switch and
removes all FICON configuration.
Note Press Ctrl-C at any prompt to skip the remaining configuration options and proceed with what is
configured until that point.
Tip If you do not want to answer a previously configured question, or if you want to skip answers to any
questions, press Enter. If a default answer is not available (for example, switch name), the switch uses
what was previously configured and skips to the next question.
Step 1 Enter the setup ficon command at the EXEC command mode.
switch# setup ficon
--- Ficon Configuration Dialog ---
This setup utility will guide you through basic Ficon Configuration
on the system.
Press Enter if you want to skip any dialog. Use ctrl-c at anytime
to skip all remaining dialogs.
Step 2 Enter yes (the default is yes) to enter the basic FICON configuration setup.
Would you like to enter the basic configuration dialog (yes/no) [yes]: yes
The FICON setup utility guides you through the basic configuration process. Press Ctrl-C at any prompt
to end the configuration process.
Step 3 Enter the VSAN number for which FICON should be enabled.
Enter vsan [1-4093]:2
Step 5 Enter yes (the default is yes) to confirm your VSAN choice:
Enable ficon on this vsan? (yes/no) [yes]: yes
Note At this point, the software creates the VSAN if it does not already exist.
Step 6 Enter the domain ID number for the specified FICON VSAN.
Configure domain-id for this ficon vsan (1-239):2
Step 7 Enter yes (the default is no) to set up FICON in cascaded mode. If you enter no, skip to Step 8 (see the
“CUP In-Band Management” section on page 10-42).
Would you like to configure ficon in cascaded mode: (yes/no) [no]: yes
c. Enter yes if you wish to configure additional peers (and repeat Steps 7a and 7b). Enter no, if you do
wish to configure additional peers.
Would you like to configure additional peers: (yes/no) [no]: no
Step 8 Enter yes (the default is yes) to allow SNMP permission to modify existing port connectivity parameters
(see the “Configuring SNMP Control of FICON Parameters” section on page 10-22).
Enable SNMP to modify port connectivity parameters? (yes/no) [yes]: yes
Step 9 Enter no (the default is no) to allow the host (mainframe) to modify the port connectivity parameters, if
required (see the “Allowing the Host to Change FICON Port Parameters” section on page 10-21).
Disable Host from modifying port connectivity parameters? (yes/no) [no]: no
Step 10 Enter yes (the default is yes) to enable the active equals saved feature (see the “Automatically Saving
the Running Configuration” section on page 10-22).
Enable active=saved? (yes/no) [yes]: yes
Step 11 Enter yes (the default is yes) if you wish to configure additional FICON VSANs.
Would you like to configure additional ficon vsans (yes/no) [yes]: yes
Step 12 Review and edit the configuration that you have just entered.
Step 13 Enter no (the default is no) if you are satisfied with the configuration.
Note For documentation purposes, the following configurations shows three VSANs with different
FICON settings. These settings provide a sample output for different FICON scenarios.
vsan database
vsan 3
fcdomain domain 5 static vsan 3
fcdomain restart disruptive vsan 3
fabric-binding activate vsan 3 force
zone default-zone permit vsan 3
ficon vsan 3
no snmp port control
no active equals saved
Step 14 Enter yes (the default is yes) to use and save this configuration. The implemented commands are
displayed. After FICON is enabled for the specified VSAN, you are returned to the EXEC mode switch
prompt.
Use this configuration and apply it? (yes/no) [yes]: yes
Note If a new VSAN is created, two additional commands are displayed— vsan database and vsan
number.
`vsan database`
`vsan 3`
`in-order-guarantee vsan 3`
`fcdomain domain 2 static vsan 3`
`fcdomain restart disruptive vsan 3`
`fabric-binding activate vsan 3 force`
`zone default-zone permit vsan 3`
`ficon vsan 3`
`no snmp port control`
Note This section describes the procedure to manually enable FICON on a VSAN. If you have already enabled
FICON on the required VSAN using the automated setup (recommended), skip to the “Automatically
Saving the Running Configuration” section on page 10-22.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# vsan database Enables VSAN 5.
switch(config-vsan-db)# vsan 5
switch(config-vsan-db)# do show vsan usage
4 vsan configured
configured vsans:1-2,5,26
vsans available for configuration:3-4,6-25,27-4093
switch(config-vsan-db)# exit
Step 3 switch(config)# in-order-guarantee vsan 5 Activates in-order delivery for VSAN 5.
See Chapter 6, “Configuring Fibre
Channel Routing Services and
Protocols.”
Step 4 switch(config)# fcdomain domain 2 static vsan 2 Configures the domain ID for VSAN 2.
For information about configuring
domain parameters, refer to the Cisco
MDS 9000 Family NX-OS System
Management Configuration Guide.
Step 5 switch(config)# fabric-binding activate vsan 2 force Activates fabric binding on VSAN 2.
Refer to the Cisco MDS 9000 Family
NX-OS Security Configuration Guide
Step 6 switch(config)# zone default-zone permit vsan 2 Sets the default zone to permit for VSAN
2.
See the “CUP In-Band Management”
section on page 10-42.
Command Purpose
Step 7 switch(config)# ficon vsan 2 Enables FICON on VSAN 2.
switch(config-ficon)#
switch(config)# no ficon vsan 6 Disables the FICON feature on VSAN 6.
Step 8 switch(config-ficon)# no host port control Prohibits mainframe users from moving
the switch to an offline state.
See the “Allowing the Host to Move the
Switch Offline” section on page 10-20.
Tip This is an optional configuration. If you are not sure of the EBCDIC format to be used, we recommend
retaining the us-canada (default) option.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# ficon vsan 2 Enables FICON on VSAN 2.
switch(config-ficon)#
Step 3 switch(config-ficon)# code-page italy Configures the italy EBCDIC format.
switch(config-ficon)# no code-page Reverts to the factory default of using the us-canada
EBCDIC format.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# ficon vsan 2 Enables FICON on VSAN 2.
switch(config-ficon)#
Step 3 switch(config-ficon)# no host control Prohibits mainframe users from moving the switch to
switch offline an offline state.
switch(config-ficon)# host control Allows the host to move the switch to an offline state
switch offline (default) and shuts down the ports.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# ficon vsan 2 Enables FICON on VSAN 2.
switch(config-ficon)#
Step 3 switch(config-ficon)# no host port control Prohibits mainframe users from configuring FICON
parameters on the Cisco MDS switch.
switch(config-ficon)# host port control Allows mainframe users to configure FICON
parameters on the Cisco MDS switch (default).
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# ficon vsan 2 Enables FICON on VSAN 2.
switch(config-ficon)#
Step 3 switch(config-ficon)# no host Prohibits mainframe users from changing the
set-timestamp VSAN-specific clock.
switch(config-ficon)# host set-timestamp Allows the host to set the clock on this switch
(default).
Note You can clear time stamps only from the Cisco MDS switch—not the mainframe.
Use the clear ficon vsan vsan-id timestamp command in EXEC mode to clear the VSAN clock.
switch# clear ficon vsan 20 timestamp
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# ficon vsan 2 Enables FICON on VSAN 2.
switch(config-ficon)#
Step 3 switch(config-ficon)# no snmp port Prohibits SNMP users from configuring FICON
control parameters.
switch(config-ficon)# snmp port control Allows SNMP users to configure FICON parameters
(default).
• All configuration changes (FICON-specific or not) are automatically saved to persistent storage
(implicit copy running start) and stored in the startup configuration.
• FICON-specific configuration changes are immediately saved to the IPL file (see the “FICON
Configuration Files” section on page 10-32).
If the active equals saved command is not enabled in any FICON-enabled VSAN in the fabric, then
FICON-specific configuration changes are not saved in the IPL file and an implicit copy running
startup command is not issued, you must issue the copy running start command explicitly (see number
3 in Table 10-2).
FICON- Implicit1
enabled active equals saved copy running start
Number VSAN? Enabled? Issued? Notes
1 Yes Yes (in all FICON Implicit FICON changes written to the IPL file.
VSANs) Non-FICON changes saved to startup configuration and
persistent storage.
2 Yes Yes (even in one Implicit FICON changes written to IPL file for only the VSAN that
FICON VSAN) has active equals saved option enabled.
Non-FICON changes saved to startup configuration and
persistent storage.
3 Yes Not in any FICON Not implicit FICON changes are not written to the IPL file.
VSAN
Non-FICON changes are saved in persistent storage—only
if you explicitly issue the copy running start command.
4 No Not applicable
1. When the Cisco NX-OS software implicitly issues a copy running-config startup-config command in the Cisco MDS switch, only a binary
configuration is generated—an ASCII configuration is not generated (see Example 10-24 on page 10-51). If you wish to generate an additional ASCII
configuration at this stage, you must explicitly issue the copy running-config startup-config command again.
Note If active equals saved is enabled, the Cisco NX-OS software ensures that you do not have to perform
the copy running startup command for the FICON configuration as well. If your switch or fabric
consists of multiple FICON-enabled VSANs, and one of these VSANs have active equals saved
enabled, changes made to the non-FICON configuration results in all configurations being saved to the
startup configuration.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# ficon vsan 2 Enables FICON on VSAN 2.
switch(config-ficon)#
Step 3 switch(config-ficon)# active equals saved Enables the automatic save feature for all VSANs
in the switch or fabric.
switch(config-ficon)# no active equals saved Disables automatic save for this VSAN.
Caution All port number assignments to PortChannels or FCIP interfaces are lost (cannot be retrieved) when
FICON is disabled on all VSANs.
You can bind (or associate) a PortChannel with a FICON port number to bring up that interface.
To bind a PortChannel with a FICON port number, follow these steps:
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# interface Port-channel 1 Enters the PortChannel interface configuration mode.
switch(config-if)#
Step 3 switch(config-if)# ficon portnumber 234 Assigns the FICON port number to the selected
PortChannel port.
To bind an FCIP interface with a FICON port number, follow these steps:
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch1(config)# interface fcip 51 Creates an FCIP interface (51).
switch1(config-if)#
Step 3 switch(config-if)# ficon portnumber 208 Assigns the FICON port number to the selected FCIP
interface.
Note The zoning devices within a FICON VSAN can conflict with currently prohibited FICON ports and
should not be used. IBM does not recommend using zoning and port prohibition within the same VSAN.
If a port is shut down, unblocking that port does not initialize the port.
Note The shutdown/no shutdown port state is independent of the block/no block port state.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# ficon vsan 2 Enables FICON on VSAN 2.
switch(config-ficon)#
Step 3 switch(config-ficon)# portaddress 1 - 5 Selects port address 1 to 5 for further configuration.
switch(config-ficon-portaddr)#
Step 4 switch(config-ficon-portaddr)# block Disables a range of port addresses and retains it in the
operationally down state.
switch(config-ficon-portaddr)# no block Enables the selected port address and reverts to the
factory default of the port address not being blocked.
Port Prohibiting
To prevent implemented ports from talking to each other, configure prohibits between two or more ports.
If you prohibit ports, the specified ports are prevented from communicating with each other.
Unimplemented ports are always prohibited. In addition, prohibit configurations are always
symmetrically applied—if you prohibit port 0 from talking to port 15, port 15 is automatically prohibited
from talking to port 0.
Note If an interface is already configured in E or TE mode and you try to prohibit that port, your prohibit
configuration is rejected. Similarly, if a port is not up and you prohibit that port, the port is not allowed
to come up in E mode or in TE mode.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# ficon port default-state prohibit-all Enables port prohibiting as the
default for all implemented
interfaces on the switch.
switch(config)# no ficon port default-state prohibit-all Disables (default) port prohibiting
as the default for all implemented
interfaces on the switch.
Use the show ficon port default-state command to display the port prohibiting default state
configuration.
switch# show ficon port default-state
Port default state is prohibit-all
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# ficon vsan 2 Enables FICON on VSAN 2.
switch(config-ficon)#
Step 3 switch(config-ficon)# portaddress 7 Selects port address 7 for further
switch(config-ficon-portaddr)# configuration.
Command Purpose
Step 4 switch(config-ficon-portaddr)# prohibit portaddress 3-5 Prohibits port address 7 in VSAN 2
from talking to ports 3, 4, and 5.
switch(config-ficon-portaddr)# no prohibit portaddress 5 Removes port address 5 from a
previously prohibited state.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# ficon vsan 2 Enables FICON on VSAN 2.
switch(config-ficon)#
Step 3 switch(config-ficon)# portaddress 7 Selects port address 7 for further
switch(config-ficon-portaddr)# configuration.
Step 4 switch(config-ficon-portaddr)# name SampleName Assigns a name to the port address.
Note The port address name is restricted
to 24 alphanumeric characters.
switch(config-ficon-portaddr)# no name SampleName Deletes a previously configured port
address name.
About RLIR
The Registered Link Incident Report (RLIR) application provides a method for a switch port to send an
Link Incident Record (LIR) to a registered Nx port.
When an LIR is detected in FICON-enabled switches in the Cisco MDS 9000 Family from a RLIR
Extended Link Service (ELS), the switch sends that record to the members in its Established Registration
List (ERL).
In case of multiswitch topology, a Distribute Registered Link Incident Record (DRLIR) Inter-Link
Service (ILS) is sent to all reachable remote domains along with the RLIR ELS. On receiving the DRLIR
ILS, the switch extracts the RLIR ELS and sends it to the members of the ERL.
The Nx ports interested in receiving the RLIR ELS send the Link Incident Record Registration (LIRR)
ELS request to the management server on the switch. The RLIRs are processed on a per-VSAN basis.
The RLIR data is written to persistent storage when you enter the copy running-config startup-config
command.
• The preferred host is registered with the registration function set to “conditionally receive.”
Note If all registered hosts have the registration function set to “conditionally receive,” then the
preferred host receives the RLIR frames.
You can specify only one RLIR preferred host per VSAN. By default, the switch sends RLIR frames to
one of the hosts in the VSAN with the register function set to “conditionally receive” if no hosts have
the register function set to “always receive.”
To specify the RLIR preferred host for a VSAN, follow these steps:
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# rlir preferred-cond fcid 0x772c00 Specifies FC ID 0x772c00 as the RLIR
vsan 5 preferred host in VSAN 5. (FC ID
0x772c00 is used here as an example.)
switch(config)# no rlir preferred-cond fcid Removes FC ID 0x772c00 as the RLIR
0x654321 vsan 2 preferred host for VSAN 5.
To display the RLIR preferred host configuration, use the show rlir erl command.
switch# show rlir erl
Established Registration List for VSAN: 5
----------------------------------------------
FC-ID LIRR FORMAT REGISTERED FOR
----------------------------------------------
0x772c00 0x18 conditional receive(*)
0x779600 0x18 conditional receive
0x779700 0x18 conditional receive
0x779800 0x18 conditional receive
Total number of entries = 4
(*) - Denotes the preferred host
The show rlir erl command shows the list of Nx ports that are registered to receive the RLIRs with the
switch. If the VSAN ID is not specified, the details are shown for all active VSANs (see Examples 10-3
and 10-4).
In Example 10-3, if the Registered For column states that an FC ID is conditional receive, the source
port is registered as a valid recipient of subsequent RLIRs. This source port is selected as an RLIR
recipient only if no other ERL recipient is selected.
In Example 10-3, if the Registered For column states that an FC ID is always receive, the source port is
registered as a valid recipient of subsequent RLIRs. This source port is always selected as an LIR
recipient.
Note If an always receive RLIR is not registered for any N port or if the delivery of an RLIR fails for one of
those ports, then the RLIR is sent to a port registered to conditional receive RLIRs.
Note In Example 10-5, through Example 10-7, if the host time stamp (marked by the *) is available, it is
printed along with the switch time stamp. If the host time stamp is not available, only the switch time
stamp is printed.
As of Cisco SAN-OS Release 3.0(3), the show rlir history command output includes remote link
incidents that are received as DRLIRs from other switches. RLIRs are generated as a result of DRLIRs
as in previous Cisco NX-OS releases (see Example 10-8).
Example 10-8 Displays the LIR History as of Cisco SAN-OS Release 3.0(3)
Sep 20 12:52:45 2006 Sep 20 12:52:45 2006 **** **** 0x0b fc1/12 Loss of sig/sync LOC
Reported Successfully to: None [No Registrations]
Use the clear rlir history command to clear the RLIR history where all link incident records are logged
for all interfaces.
switch# clear rlir history
Use the clear rlir recent interface command to clear the most recent RLIR information for a specified
interface.
switch# clear rlir recent interface fc 1/2
Use the clear rlir recent portnumber command to clear the most recent RLIR information for a
specified port number.
switch# clear rlir recent portnumber 16
Note Multiple FICON configuration files with the same name can exist in the same switch, provided they
reside in different VSANs. For example, you can create a configuration file named XYZ in both VSAN
1 and VSAN 3.
When you enable the FICON feature in a VSAN, the switches always use the startup FICON
configuration file, called IPL. This file is created with a default configuration as soon as FICON is
enabled in a VSAN.
Caution When FICON is disabled on a VSAN, all the FICON configuration files are irretrievably lost.
FICON configuration files contain the following configuration for each implemented port address:
• Block
• Prohibit mask
• Port address name
Note Normal configuration files used by Cisco MDS switches include FICON-enabled attributes for a VSAN,
port number mapping for PortChannels and FCIP interfaces, port number to port address mapping, port
and trunk allowed VSAN configuration for ports, in-order guarantee, static domain ID configuration, and
fabric binding configuration.
Refer to the Cisco MDS 9000 Family NX-OS Fundamentals Configuration Guide for details on the
normal configuration files used by Cisco MDS switches.
This section includes the following topics:
• About FICON Configuration Files, page 10-33
• Applying the Saved Configuration Files to the Running Configuration, page 10-33
• Editing FICON Configuration Files, page 10-33
• Displaying FICON Configuration Files, page 10-34
• Copying FICON Configuration Files, page 10-35
To edit the contents of a specified FICON configuration file, follow these steps:
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# ficon vsan 2 Enables FICON on VSAN 2.
switch(config-ficon)#
Step 3 switch(config-ficon)# file IplFile1 Accesses the FICON configuration file called
switch(config-ficon-file)# IplFile1 for VSAN 2. If this file does not exist, it
is created.
Note All FICON file names are restricted to
eight alphanumeric characters.
switch(config-ficon)# no file IplFileA Deletes a previously created FICON
configuration file.
Step 4 switch(config-ficon-file)# portaddress 3 Enters the submode for port address 3 to edit the
switch(config-ficon-file-portaddr)# contents of the configuration file named IplFile1.
Note The running configuration is not applied
to the current configuration. The
configuration is only applied when the
ficon vsan number apply file filename
command is issued.
Step 5 switch(config-ficon-file-portaddr)# prohibit Edits the content of the configuration file named
portaddress 5 IplFile1 by prohibiting port address 5 from
accessing port address 3.
Step 6 switch(config-ficon-file-portaddr)# block Edits the content of the configuration file named
IplFile1 by blocking a range of port addresses and
retaining them in the operationally down state.
Step 7 switch(config-ficon-file-portaddr)# name P3 Edits the content of the configuration file named
IplFile1 by assigning the name P3 to port address
3. If the name did not exist, it is created. If it
existed, it is overwritten.
Use the show ficon vsan vsan-id file name command to display the contents of a specific FICON
configuration file.
switch# show ficon vsan 2 file name IPLfilea
FICON configuration file IPLFILEA in vsan 2
Description:
Port address 0(0)
Port name is
Port is not blocked
Prohibited port addresses are 250-253,255(0xfa-0xfd,0xff)
Use the show ficon vsan vsan-id file name filename portaddress command to display the FICON
configuration file information for a specific FICON port.
switch# show ficon vsan 2 file name IPLfilea portaddress 3
FICON configuration file IPLFILEA in vsan 2
Description:
Port address 3(0x3)
Port name is P3
Port is blocked
Prohibited port addresses are 5,250-253,255(0x5,0xfa-0xfd,0xff)
You can see the list of existing configuration files by issuing the show ficon vsan vsan-id command.
switch# show ficon vsan 20
Ficon information for VSAN 20
Ficon is online
VSAN is active
Host port control is Enabled
Port Swapping
The FICON port-swapping feature is only provided for maintenance purposes.
The FICON port-swapping feature causes all configurations associated with old-port-number and new
port-number to be swapped, including VSAN configurations.
Cisco MDS switches allow port swapping for nonexistent ports as follows:
• Only FICON-specific configurations (prohibit, block, and port address mapping) are swapped.
• No other system configuration is swapped.
• All other system configurations are only maintained for existing ports.
• If you swap a port in a module that has unlimited oversubscription ratios enabled with a port in a
module that has limited oversubscription ratios, then you may experience a degradation in
bandwidth.
Tip If you check the Active=Saved check box active equals saved is enabled on any FICON VSAN, then
the swapped configuration is automatically saved to startup. Otherwise, you must explicitly save the
running configuration immediately after swapping the ports.
Once you swap ports, the switch automatically performs the following actions:
• Shuts down both the old and new ports.
• Swaps the port configuration.
If you attempt to bring the port up, you must explicitly shut down the port to resume traffic.
The ficon swap portnumber command is only associated with the two ports concerned. You must issue
this VSAN-independent command from EXEC mode. Cisco MDS NX-OS checks for duplicate port
numbers in a VSAN before performing the port swap.
If you attempt to bring the port up by specifying the ficon swap portnumber old-port-number
new-port-number after swap noshut command, you must explicitly issue the no shutdown command
to resume traffic.
This section includes the following topics:
Note The 32-port module guidelines also apply for port swapping configurations (Refer to the Cisco MDS
9000 Family NX-OS Interfaces Configuration Guide).
Swapping Ports
If there are no duplicate port numbers on the switch, you can swap physical Fibre Channel ports, except
the port numbers, by following these steps:
Step 1 Issue the ficon swap portnumber old-port-number new-port-number command in EXEC mode.
Note The ficon swap portnumber command might fail if more than one interface on the MDS switch
has the same port number as the old-port-number or new-port-number specified in the command.
Note If you specify the ficon swap portnumber old-port-number new-port-number after swap
noshut command, the ports are automatically initialized.
If there are duplicate port numbers on the switch, you can swap physical Fibre Channel ports, including
the port numbers, by following these steps:
Step 1 Issue the ficon swap interface old-interface new-interface command in EXEC mode.
The specified interfaces are operationally shut down.
Step 2 Physically swap the front panel port cables between the two ports.
Step 3 Issue the no shutdown command on each port to enable traffic flow.
Note If you specify the ficon swap interface old-interface new-interface after swap noshut
command, the ports are automatically initialized.
Note FICON tape read acceleration over FCIP is supported from Cisco MDS NX-OS Release 5.0(1). For more
information refer to the “Configuring FICON Tape Read Acceleration” section on page 10-41.
144880
IBM Cisco MDS Cisco MDS Tape library
OS/390
Figure 10-6 Host Accessing Standalone IBM-VTS (Virtual Tape Server) /STK-VSM (Virtual Shared
Memory)
144881
VSM Cisco MDS Tape library
4 VTCs
Master + I/O
OS/390 VTC VTS 0 Distribution library
VTC 349x
VTC Tape Lib
< 14m
VTC
FICON FICON
Over FCIP Over FCIP
144882
4 VTCs
OS/390 VTSS
349x
Tape Lib
VTCS
FICON FICON
Over FCIP Over FCIP
349x
Tape Lib
144883
VTSS
Note For information about FCIP tape acceleration, refer to the Cisco MDS 9000 Family NX-OS IP Services
Configuration Guide.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# interface fcip 2 Specifies an FCIP interface and enters
switch(config-if)# interface configuration submode.
Command Purpose
Step 3 switch(config-if)# ficon-tape-accelerator vsan Enables FICON tape acceleration over an
100 FCIP interface.
This configuration change will disrupt all
traffic on the FCIP interface in all
VSANs. Do you wish to continue? [no] y
switch(config-if)# no ficon-tape-accelerator Disables (default) FICON tape acceleration
vsan 100 over an FCIP interface.
This configuration change will disrupt all
traffic on the FCIP interface in all
VSANs. Do you wish to continue? [no] y
Use the show running-config command to verify the FICON tape acceleration over FCIP configuration.
switch# show running-config | begin "interface fcip"
interface fcip2
ficon-tape-accelerator vsan 100
no shutdown
...
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# interface fcip 2 Specifies an FCIP interface and enters
switch(config-if)# interface configuration submode.
Step 3 switch(config-if)# ficon-tape-read-accelerator Enables FICON tape read acceleration over an
This configuration change will disrupt all FCIP interface.
traffic on the FCIP interface in all
VSANs. Do you wish to continue? [no] y
switch(config-if)# no Disables (default) FICON tape read
ficon-tape-read-accelerator acceleration over an FCIP interface.
This configuration change will disrupt all
traffic on the FCIP interface in all
VSANs. Do you wish to continue? [no] y
Command Purpose
Step 1 switch# config t Enters the configuration mode.
switch(config)#
Step 2 switch(config)# interface fcip 2 Specifies an FCIP tunnel interface and enters
switch(config)# interface configuration submode.
Step 3 switch(config-if)# ficon-xrc-emulator Enables XRC acceleration over the FCIP
switch(config)# interface.
switch(config-if)# no ficon-xrc-emulator Disables (default) XRC acceleration over the
switch(config)# FCIP tunnel interface.
Note XRC acceleration and FICON tape acceleration cannot be enabled on the same FCIP tunnel interface
and cannot exist in the same VSAN.
Note This command can be issued by the host if the host is allowed to do so (see the “Allowing the Host to
Move the Switch Offline” section on page 10-20).
CUP is supported by switches and directors in the Cisco MDS 9000 Family. The CUP function allows
the mainframe to manage the Cisco MDS switches.
Host communication includes control functions such as blocking and unblocking ports, as well as
monitoring and error reporting functions.
Step 1 Set the default zone to permit for the required VSAN.
switch# config t
switch(config)# zone default-zone permit vsan 20
Step 2 Issue the show fcns database command for the required VSAN and obtain the required FICON CUP
WWN.
switch# show fcns database vsan 20
VSAN 20:
--------------------------------------------------------------------------
FCID TYPE PWWN (VENDOR) FC4-TYPE:FEATURE
--------------------------------------------------------------------------
0x0d0d00 N 50:06:04:88:00:1d:60:83 (EMC) FICON:CU
0x0dfe00 N 25:00:00:0c:ce:5c:5e:c2 (Cisco) FICON:CUP
0x200400 N 50:05:07:63:00:c2:82:d3 (IBM) scsi-fcp FICON:CU f..
0x200800 N 50:05:07:64:01:40:15:0f (IBM) FICON:CH
0x20fe00 N 20:00:00:0c:30:ac:9e:82 (Cisco) FICON:CUP
Note If more than one FICON:CUP WWN exists in this fabric, be sure to add all the FICON:CUP
WWN PWWNs to the required zone. The previous sample output displays multiple
FICON:CUP occurrences to indicate a cascade configuration.
Logical Path:0x80b9fb4
VSAN:20 CH:0x200600 CHI:15 CU:0x20fe00 CUI:0 STATE:1 FLAGS:0x1
LINK: OH:0x0 OC:0x0 IH:0x0 IC:0x0
DEV: OH:0x0 OC:0x0 IH:0x0 IC:0x0
SENSE: 00 00 00 00 00 00 00 46
30 20 00 00 00 00 00 00
00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00
IUI:0x0 DHF:0x0 CCW:0x0 TOKEN:0x0 PCCW:0x0 FCCW:0x0 PTOKEN:0x0 FTOKEN:0x0
CMD:0x0 CCW_FLAGS:0x0 CCW_COUNT:0 CMD_FLAGS:0x0 PRIO:0x0 DATA_COUNT:0
STATUS:0x0 FLAGS:0x0 PARAM:0x0 QTP:0x0 DTP:0x0
CQ LEN:0 MAX:0 DESTATUS:0x0
IPL
_TSIRN00
In Example 10-13, the interface column is populated with the corresponding interface if the port number
is installed. If the port number is uninstalled, this space remains blank and indicates an unbound port
number. For example, 56 is an unbound port number in Example 10-13.
Example 10-14 displays the counters in FICON version format 1 (32-bit format)
Example 10-15 Displays the Contents of the Specified FICON Configuration File
Port address 2
Port name is
Port is not blocked
Prohibited port addresses are 0,81-253,255
Port address 3
Port name is
Port is not blocked
Prohibited port addresses are 0,81-253,255
Port address 4
Port name is
Port is not blocked
Prohibited port addresses are 0,81-253,255
...
Port address 80
Port name is
Port is not blocked
Prohibited port addresses are 0,81-253,255
Example 10-17 Displays the Specified Port Addresses for a FICON Configuration File
Port address 2
Port name is
Port is not blocked
Prohibited port addresses are 0,241-253,255
Port address 3
Port name is P3
Port is not blocked
Prohibited port addresses are 0,241-253,255
...
Port address 7
Port name is
Port is not blocked
Prohibited port addresses are 0,241-253,255
Example 10-18 Displays the Specified Port Address When FICON Is Enabled
Example 10-21 Displays the History Buffer for the Specified VSAN
feature fabric-binding
fabric-binding database vsan 11
swwn 20:00:00:0d:ec:01:20:c0 domain 10
fabric-binding database vsan 75
swwn 20:00:00:0d:ec:00:d6:40 domain 117
fabric-binding activate vsan 11
fabric-binding activate vsan 75
ficon vsan 75
interface port-channel 1
ficon portnumber 0x80
switchport mode E
vsan database
vsan 75 interface fc1/1
...
interface mgmt0
ip address 172.18.47.39 255.255.255.128
switchport speed 100
switchport duplex full
no system health
ficon vsan 75
file IPL
Example 10-24 displays the switch response to an implicitly-issued copy running start command. In this
case, only a binary configuration is saved until you explicitly issue the copy running start command
again (see Table 10-2)
Default Settings
Table 10-3 lists the default settings for FICON features.
Parameters Default
FICON feature Disabled.
Port numbers Same as port addresses.
FC ID last byte value 0 (zero).
EBCDIC format option US-Canada.
Switch offline state Hosts are allowed to move the switch to an offline state.
Mainframe users Allowed to configure FICON parameters on Cisco MDS
switches.
Clock in each VSAN Same as the switch hardware clock.
Host clock control Allows host to set the clock on this switch.
SNMP users Configure FICON parameters.
Port address Not blocked
Prohibited ports Ports90–253 and 255 for the Cisco MDS 9200 Series
switches.
Ports250–253 and 255 for the Cisco MDS 9500 Series
switches.
This chapter describes the advanced features provided in switches in the Cisco MDS 9000 Family. It
includes the following sections:
• Common Information Model, page 11-1
• Fibre Channel Time-Out Values, page 11-1
• Organizationally Unique Identifiers, page 11-6
• World Wide Names, page 11-7
• FC ID Allocation for HBAs, page 11-9
• Switch Interoperability, page 11-11
• Default Settings, page 11-18
Note The CIM Functionality and SMI-S is now supported with Cisco Prime Data Center Network Manager
(DCNM). Please refer to “Cisco Prime DCNM Installation Guide” and “SMI-S and Web Services
Programming Guide, Cisco DCNM for SAN.
• Distributed services TOV (D_S_TOV)—The valid range is from 5,000 to 10,000 milliseconds. The
default is 5,000 milliseconds.
• Error detect TOV (E_D_TOV)—The valid range is from 1,000 to 4,000 milliseconds. The default is
2,000 milliseconds. This value is matched with the other end during port initialization.
• Resource allocation TOV (R_A_TOV)—The valid range is from 5,000 to 10,000 milliseconds. The
default is 10,000 milliseconds. This value is matched with the other end during port initialization.
Caution The D_S_TOV, E_D_TOV, and R_A_ TOV values cannot be globally changed unless all VSANs in the
switch are suspended.
Note If a VSAN is not specified when you change the timer value, the changed value is applied to all VSANs
in the switch.
To configure Fibre Channel timers across all VSANs, follow these steps:
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)
Step 2 switch(config)# fctimer R_A_TOV 6000 Configures the R_A_TOV value for all VSANs to be 6000
msec. This type of configuration is not permitted unless all
VSANs are suspended.
Caution You cannot perform a nondisruptive downgrade to any earlier version that does not support per-VSAN
FC timers.
Note This configuration must be propagated to all switches in the fabric—be sure to configure the same value
in all switches in the fabric.
If a switch is downgraded to Cisco MDS SAN-OS Release 1.2 or 1.1 after the timer is configured for a
VSAN, an error message is issued to warn against strict incompatibilities. Refer to the Cisco MDS 9000
Family Troubleshooting Guide.
To configure per-VSAN Fiber Channel timers, follow these steps:
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)
Step 2 switch(config#)# fctimer D_S_TOV 6000 vsan 2 Configures the D_S_TOV value
Warning: The vsan will be temporarily suspended when to be 6000 msec for VSAN 2.
updating the timer value This configuration would impact
whole fabric. Do you want to continue? (y/n) y
Suspends the VSAN temporarily.
Since this configuration is not propagated to other You have the option to end this
switches, please configure the same value in all the command, if required.
switches
Command Purpose
Step 1 switch# config t Enters configuration mode.
Step 2 switch(config)# fctimer distribute Enables fctimer configuration distribution to all
switches in the fabric. Acquires a fabric lock and
stores all future configuration changes in the pending
database.
switch(config)# no fctimer distribute Disables (default) fctimer configuration distribution to
all switches in the fabric.
Command Purpose
Step 1 switch# config t Enters configuration mode.
Step 2 switch(config)# fctimer commit Distributes the fctimer configuration changes to all
switches in the fabric and releases the lock. Overwrites
the effective database with the changes made to the
pending database.
Command Purpose
Step 1 switch# config t Enters configuration mode.
Step 2 switch(config)# fctimer abort Discards the fctimer configuration changes in the
pending database and releases the fabric lock.
Tip The changes are only available in the volatile directory and are subject to being discarded if the switch
is restarted.
To use administrative privileges and release a locked fctimer session, use the clear fctimer session
command.
switch# clear fctimer session
Note The number of pending fctimer configuration operations cannot be more than 15. At that point, you must
commit or abort the pending configurations before performing any more operations.
Note The F_S_TOV constant, though not configured, is displayed in the output of the show fctimer command.
Caution Changes to the world-wide names should be made by an administrator or individual who is completely
familiar with switch operations.
Note As of Cisco SAN-OS Release 2.0(2b), the ELP is enhanced to be compliant with FC-SW-3.
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# wwn secondary-mac 00:99:55:77:55:55 range 64 Configures the secondary MAC
This command CANNOT be undone. address. This command cannot
Please enter the BASE MAC ADDRESS again: 00:99:55:77:55:55
Please enter the mac address RANGE again: 64
be undone.
From now on WWN allocation would be based on new MACs.
Are you sure? (yes/no) no
You entered: no. Secondary MAC NOT programmed
Caution Persistent entries take precedence over company ID configuration. If the HBA fails to discover
a target, verify that the HBA and the target are connected to the same switch and have the same
area in their FC IDs, then perform the following procedure:
• The list of company IDs is used only when the fcinterop FC ID allocation scheme is in auto mode.
By default, the interop FC ID allocation is set to auto, unless changed.
Tip We recommend that you set the fcinterop FC ID allocation scheme to auto and use the company
ID list and persistent FC ID configuration to manipulate the FC ID device allocation.
Use the fcinterop FCID allocation auto command to change the FC ID allocation and the show
running-config command to view the currently allocated mode.
• When you issue a write erase, the list inherits the default list of company IDs shipped with a
relevant release.
To allocate company IDs, follow these steps:
Command Purpose
Step 1 switch# config t Enters configuration mode.
switch(config)#
Step 2 switch(config)# fcid-allocation area Adds a new company ID to the default list.
company-id 0x003223
switch(config)# no fcid-allocation area Deletes a company ID from the default list.
company-id 0x00E069
switch(config)# fcid-allocation area Adds a new company ID to the default list.
company-id 0x003223
Example 11-6 Displays the List of Default and Configured Company IDs
00:E0:8B * <------------- Explicitly deleted entry (from the original default list)
Total company ids: 7
+ - Additional user configured company ids.
* - Explicitly deleted company ids from default list.
You can implicitly derive the default entries shipped with a specific release by combining the list of
Company IDs displayed without any identification with the list of deleted entries.
You can also view or obtain the company IDs in a specific WWN by issuing the show fcid-allocation
company-id-from-wwn command (see Example 11-7). Some WWN formats do not support company
IDs. In these cases, you many need to configure the FC ID persistent entry.
Switch Interoperability
Interoperability enables the products of multiple vendors to interact with each other. Fibre Channel
standards guide vendors towards common external Fibre Channel interfaces.
If all vendors followed the standards in the same manner, then interconnecting different products would
become a trivial exercise. However, not all vendors follow the standards in the same way, thus resulting
in interoperability modes. This section briefly explains the basic concepts of these modes.
Each vendor has a regular mode and an equivalent interoperability mode, which specifically turns off
advanced or proprietary features and provides the product with a more amiable standards-compliant
implementation.
Note For more information on configuring interoperability for the Cisco MDS 9000 Family switches, refer to
the Cisco MDS 9000 Family Switch-to-Switch Interoperability Configuration Guide.
Note Brocade’s msplmgmtdeactivate command must explicitly be run prior to connecting from a Brocade
switch to either Cisco MDS 9000 Family switches or to McData switches. This command uses Brocade
proprietary frames to exchange platform information, which Cisco MDS 9000 Family switches or
McData switches do not understand. Rejecting these frames causes the common E ports to become
isolated.
To configure interop mode 1 in any switch in the Cisco MDS 9000 Family, follow these steps:
Step 1 Place the VSAN of the E ports that connect to the OEM switch in interoperability mode.
switch# config t
switch(config)# vsan database
switch(config-vsan-db)# vsan 1 interop 1
switch(config-vsan-db)# exit
switch(config)#
In Cisco MDS 9000 switches, the default is to request an ID from the principal switch. If the preferred
option is used, Cisco MDS 9000 switches request a specific ID, but still join the fabric if the principal
switch assigns a different ID. If the static option is used, the Cisco MDS 9000 switches do not join the
fabric unless the principal switch agrees and assigns the requested ID.
Note When changing the domain ID, the FC IDs assigned to N ports also change.
Step 3 Change the Fibre Channel timers (if they have been changed from the system defaults).
Note The Cisco MDS 9000, Brocade, and McData FC Error Detect (ED_TOV) and Resource
Allocation (RA_TOV) timers default to the same values. They can be changed if needed. The
RA_TOV default is 10 seconds, and the ED_TOV default is 2 seconds. Per the FC-SW2 standard,
these values must be the same on each switch within the fabric.
Step 4 When making changes to the domain, you may or may not need to restart the Cisco MDS domain
manager function for the altered VSAN.
or
• Do not force a fabric reconfiguration.
switch(config# fcdomain restart vsan 1
commandsTo verify the resulting status of issuing the interoperability command in any switch in the
Cisco MDS 9000 Family, follow these steps:
Software
BIOS: version 1.0.8
loader: version 1.1(2)
kickstart: version 2.0(1) [build 2.0(0.6)] [gdb]
system: version 2.0(1) [build 2.0(0.6)] [gdb]
Hardware
RAM 1024584 kB
Step 2 Use the show interface brief command to verify if the interface states are as required by your
configuration.
switch# show int brief
Interface Vsan Admin Admin Status Oper Oper Port-channel
Mode Trunk Mode Speed
Mode (Gbps)
--------------------------------------------------------------------
fc2/1 1 auto on up E 2 --
fc2/2 1 auto on up E 2 --
Step 3 Use the show run command to verify if you are running the desired configuration.
switch# show run
Building Configuration...
interface fc2/1
no shutdown
interface fc2/2
no shutdown
interface fc2/3
interface fc2/4
interface fc2/5
interface fc2/6
interface fc2/7
no shutdown
interface fc2/8
interface fc2/9
interface fc2/10
<snip>
interface fc2/32
interface mgmt0
ip address 6.1.1.96 255.255.255.0
switchport encap default
no shutdown
vsan database
vsan 1 interop
Step 4 Use the show vsan command to verify if the interoperability mode is active.
Step 5 Use the show fcdomain vsan command to verify the domain ID.
switch# show fcdomain vsan 1
The local switch is a Subordinated Switch.
Step 6 Use the show fcdomain domain-list vsan command to verify the local principal switch status.
switch# show fcdomain domain-list vsan 1
Number of domains: 5
Domain ID WWN
--------- -----------------------
0x61(97) 10:00:00:60:69:50:0c:fe
0x62(98) 20:01:00:05:30:00:47:9f
0x63(99) 10:00:00:60:69:c0:0c:1d
0x64(100) 20:01:00:05:30:00:51:1f [Local]
0x65(101) 10:00:00:60:69:22:32:91 [Principal]
--------- -----------------------
Step 7 Use the show fspf internal route vsan command to verify the next hop and destination for the switch.
switch# show fspf internal route vsan 1
Step 8 Use the show fcns data vsan command to verify the name server information.
switch# show fcns data vsan 1
VSAN 1:
------------------------------------------------------------------
FCID TYPE PWWN (VENDOR) FC4-TYPE:FEATURE
------------------------------------------------------------------
0x610400 N 10:00:00:00:c9:24:3d:90 (Emulex) scsi-fcp
0x6105dc NL 21:00:00:20:37:28:31:6d (Seagate) scsi-fcp
0x6105e0 NL 21:00:00:20:37:28:24:7b (Seagate) scsi-fcp
0x6105e1 NL 21:00:00:20:37:28:22:ea (Seagate) scsi-fcp
0x6105e2 NL 21:00:00:20:37:28:2e:65 (Seagate) scsi-fcp
0x6105e4 NL 21:00:00:20:37:28:26:0d (Seagate) scsi-fcp
0x630400 N 10:00:00:00:c9:24:3f:75 (Emulex) scsi-fcp
0x630500 N 50:06:01:60:88:02:90:cb scsi-fcp
0x6514e2 NL 21:00:00:20:37:a7:ca:b7 (Seagate) scsi-fcp
0x6514e4 NL 21:00:00:20:37:a7:c7:e0 (Seagate) scsi-fcp
0x6514e8 NL 21:00:00:20:37:a7:c7:df (Seagate) scsi-fcp
0x651500 N 10:00:00:e0:69:f0:43:9f (JNI)
Default Settings
Table 11-3 lists the default settings for the features included in this chapter.
Parameters Default
CIM server Disabled
CIM server security protocol HTTP
D_S_TOV 5,000 milliseconds.
E_D_TOV 2,000 milliseconds.
R_A_TOV 10,000 milliseconds.
Timeout period to invoke fctrace 5 seconds.
Number of frame sent by the fcping feature 5 frames.
Remote capture connection protocol TCP.
Remote capture connection mode Passive.
Local capture frame limit s 10 frames.
FC ID allocation mode Auto mode.
Loop monitoring Disabled.
D_S_TOV 5,000 msec
E_D_TOV 2,000 msec
R_A_TOV 10,000 msec
Interop mode Disabled
This chapter describes the Fibre Channel Common Transport (FC-CT) Management Security feature for
Cisco MDS 9000 Series switches.
Note In Cisco MDS NX-OS Release 6.2(9), the FC management feature is disabled by default. To enable FC
management feature, use the fc-management enable command.
You can configure which pWWNs can send FC-CT management query and modify request to the
management server. When any of the modules, such as a zone server, unzoned Fibre Channel name
server (FCNS), or Fabric Configuration Server (FCS) receives an FC-CT management query, they
perform a read operation on the FC-management database. If device is found in FC-management
database, a reply is sent according to the permissions granted. If the device is not found in the
FC-management database, each module sends a reject. If FC-management is disabled, each module
processes each management query.
Configuration Guidelines
The FC-management security feature has the following configuration guidelines:
• When the FC-management security feature is enabled on a Cisco MDS switch, all management
queries to the server are rejected unless the port world-wide name (pWWN) of the device that is
sending management queries is added to FC-management database.
• When you enable FC Management, FC-CT management server queries from N_Port Virtualization
(NPV) switches to N_Port Identifier Virtualization (NPIV) switches are rejected. We recommend
that you add the switch world-wide name (sWWN) of the NPV switch to the FC management
database of the NPIV switch after enabling the FC-management security feature.
Command Purpose
Step 1 switch# config terminal Enters configuration mode.
Step 2 switch(config)# fc-management enable Enables the FC-CT management security.
switch(config)#
Step 3 switch(config)# fc-management Configures the FC-CT management Security database.
database vsan 1
Step 4 switch(config-fc-mgmt)# pwwn Adds the pWWN to the FC management database. You
1:1:1:1:1:1:1:1 feature all operation also can use these optional keywords when configuring
both
the pwwn command:
• fcs— Enables or disables FC-CT query for fabric
conf-server.
• fdmi—Enables or disables FC-CT query for FDMI.
• unzoned-ns—Enables or disables FC-CT query for
unzoned name-server.
• zone—Enables or disables FC-CT query for
zone-server.
Step 5 switch# show fc-managment database Displays the configured FC-CT management information.
Example 12-1 Displays the Contents of the Fibre Channel Common Transport Query
To verify the if the FC-management security feature is enabled or not, use the show fc-management
status command:
Default Settings
Table 12-1 lists the default settings for the FC management security feature in a Cisco MDS 9000 Family
switch.
Parameters Default
FC-management Disabled