S e n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide Software Release 4.0(1a)N1 January 2009 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.
S e n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Contents Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Contents Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Contents Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Contents Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Contents Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CHAPTER Configuring MST 9 9-1 Information About MST 9-1 MST Overview 9-2 MST Regions 9-2 MST BPDUs 9-3 MST Configuration Information 9-3 IST, CIST, and CST 9-4 Hop Count 9-7 Boundary Ports 9-7 Detecting Unidirectional Link Failure 9-8 Port Cost and Port Priority 9-8 Interoperability with IEEE 802.
Contents Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Contents Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Understanding Access VLANs 12-3 Understanding the Native VLAN ID for Trunk Ports Understanding Allowed VLANs 12-4 12-3 Configuring Access and Trunk Interfaces 12-4 Configuring a LAN Interface as an Ethernet Access Port 12-4 Configuring Access Host Ports 12-5 Configuring Trunk Ports 12-6 Configuring the Native VLAN for 802.
Contents Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Contents Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Contents Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Contents Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Contents Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Contents Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Contents Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Contents Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Contents Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Contents Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Contents Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Contents Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Contents Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Contents Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Contents Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Contents Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Contents Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Contents Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Contents Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Contents Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Contents Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Contents Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Preface This preface describes the audience, organization, and conventions of the Cisco Nexus 5000 Series Switch CLI Software Configuration Guide. It also provides information on how to obtain related documentation. Audience This guide is for experienced network administrators who are responsible for configuring and maintaining Cisco Nexus 5000 Series switches.
Preface Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Chapter Title Description Part 7 SAN Switching Contains chapters on how to configure Fibre Channel interfaces and Fibre Channel capabilities (such as NPV, SAN Port Channels, zones, DDAS, FSPF, and security features). Part 8 Troubleshooting Contains chapters on how to perform basic troubleshooting.
Preface Obtaining Documentation and Submitting a Service Request Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m The following are related Cisco Nexus 5000 Series documents: Cisco Nexus 5000 Series CLI Software Configuration Guide, Release 4.0 Cisco Nexus 5000 Series Fabric Manager Software Configuration Guide, Release 4.0 Cisco Nexus 5000 Series System Messages Reference Cisco Nexus 5000 Series Release Notes Cisco Nexus 5000 Series Command Reference, Release 4.
Preface Obtaining Documentation and Submitting a Service Request Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 1 Product Overview The Cisco Nexus 5000 Series is a family of top-of-rack switches for the data center. The Cisco Nexus 5000 Series offers high-speed Ethernet switching and supports Fibre Channel over Ethernet (FCoE) to provide data center I/O consolidation (IOC). The Nexus 5010 switch provides 20 fixed Ethernet ports in a 1 RU switch and the Nexus 5020 switch provides 40 fixed Ethernet ports in a 2 RU switch.
Chapter 1 Product Overview New Technologies in the Cisco Nexus 5000 Series Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m IEEE 802.3x link-level flow control allows a congested receiver to signal the far end to pause the data transmission for a short period of time. The pause functionality is applied to all the traffic on the link. The priority flow control (PFC) feature applies pause functionality to specific classes of traffic on the Ethernet link.
Chapter 1 Product Overview Cisco Nexus 5000 Series Switch Hardware Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Virtual Interfaces When FCoE is enabled, a physical Ethernet cable carries traffic for a logical Fibre Channel connection. The Cisco Nexus 5000 Series switch uses virtual interfaces to represent the logical Fibre Channel connections.
Chapter 1 Product Overview Cisco Nexus 5000 Series Switch Software Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m The Nexus 5020 switch has 40 fixed 10-Gigabit Ethernet ports equipped with SFP+ interface adapters. The first 16 ports are switchable 1-Gigabit and 10-Gigabit ports. Up to 12 additional 10-Gigabit Ethernet ports are available on the expansion modules. All of the 10-Gigabit Ethernet ports support FCoE.
Chapter 1 Product Overview Cisco Nexus 5000 Series Switch Software Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m FCoE and Fibre Channel Switching Cisco Nexus 5000 Series switches support data center I/O consolidation (IOC) by providing FCoE interfaces (to the servers) and native Fibre Channel interfaces (to the SAN).
Chapter 1 Product Overview Cisco Nexus 5000 Series Switch Software Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Ethanalyzer Ethanalyzer is a Cisco NX-OS protocol analyzer tool based on the Wireshark (formerly Ethereal) open source code. Ethanalyzer is a command-line version of Wireshark for capturing and decoding packets. You can use Ethanalyzer to troubleshoot your network and analyze the control-plane traffic.
Chapter 1 Product Overview Typical Deployment Topologies Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 1 Product Overview Typical Deployment Topologies Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Ethernet TOR Switch Topology The Cisco Nexus 5000 Series switch can be deployed as a 10-Gigabit Ethernet top-of-rack (TOR) switch, with uplinks to the data center LAN distribution layer switches. An example configuration in shown in Figure 1-2.
Chapter 1 Product Overview Typical Deployment Topologies Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m IOC Topology Figure 1-3 shows a typical I/O consolidation (IOC) scenario for the Cisco Nexus 5000 Series switch. Figure 1-3 SAN-A I/O Consolidation Topology LAN Core SAN-B Distribution layer NX-5000 187214 Access Layer The Cisco Nexus 5000 Series switch connects to the server ports using FCoE. Ports on the server require converged network adapters.
Chapter 1 Product Overview Supported Standards Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Supported Standards Table 1-1 lists the standards supported by the Cisco Nexus 5000 Series switches. Table 1-1 IEEE Compliance Standard Description 802.1D MAC Bridges 802.1s Multiple Spanning Tree Protocol 802.1w Rapid Spanning Tree Protocol 802.3ad Link aggregation with LACP 802.3ae 10-Gigabit Ethernet 802.1Q VLAN Tagging 802.
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 2 Using the Command-Line Interface This chapter describes the command-line interface (CLI) and CLI command modes.
Chapter 2 Using the Command-Line Interface Using the CLI Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Alternatively, to make an SSH connection to the switch, use the following command: Command Purpose ssh {hostname | ip_addr} Makes an SSH connection from your host to the switch that you want to access.
Chapter 2 Using the Command-Line Interface Using the CLI Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m You can abbreviate commands and keywords by entering just enough characters to make the command unique from other commands. For example, you can abbreviate the configure terminal command to conf t. Changing Command Modes Configuration mode, also known as terminal configuration mode, has several submodes.
Chapter 2 Using the Command-Line Interface Using the CLI Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 2 Using the Command-Line Interface Using the CLI Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuration Mode Commands Configuration mode allows you to make changes to the existing configuration. When you save the configuration, these commands are saved across switch reboots. Once you are in configuration mode, you can enter interface configuration mode, zone configuration mode, and a variety of protocol-specific modes.
Chapter 2 Using the Command-Line Interface Using Commands Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 2 Using the Command-Line Interface Using Commands Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Tip If you are having trouble entering a command, check the system prompt and enter the question mark (?) for a list of available commands. You might be in the wrong command mode or using incorrect syntax.
Chapter 2 Using the Command-Line Interface Using Commands Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m switch(config)# do terminal session-timeout 0 switch(config)# In this example, terminal session-timeout is an EXEC mode command. You are entering an EXEC mode command using the configuration mode do command. The do command applies to all EXEC mode commands other than the end and exit commands.
Chapter 2 Using the Command-Line Interface Using CLI Variables Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Table 2-3 Common Configuration Submodes (continued) Submode Name From Configuration Mode, Enter: Submode Prompt Zone zone name string vsan vsan-id switch(config-zone)# Zone set zoneset name name vsan vsan-id switch(config-zoneset)# Using CLI Variables The Cisco Nexus 5000 Series CLI parser supports the definition and use of variables in CLI commands.
Chapter 2 Using the Command-Line Interface Using Command Aliases Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m 0 CRC, 0 unknown class 0 too long, 0 too short 232691 frames output, 7448692 bytes 0 discards, 0 errors 0 input OLS, 0 LRR, 0 NOS, 0 loop inits 1 output OLS, 1 LRR, 0 NOS, 1 loop inits 16 receive B2B credit remaining 7 transmit B2B credit remaining Use the show cli variables command to display user-defined CLI session variables.
Chapter 2 Using the Command-Line Interface Command Scripts Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 2 Using the Command-Line Interface Command Scripts Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 2 Using the Command-Line Interface Command Scripts Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 2 Using the Command-Line Interface Command Scripts Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 3 Configuring the Switch This chapter describes basic switch configuration functions.
Chapter 3 Configuring the Switch Image Files on the Switch Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • Boot Sequence, page 3-2 Starting the Switch A Cisco Nexus 5000 Series switch starts its boot process as soon as its power cord is connected to an A/C source. The switch does not have a power switch. Boot Sequence When the switch boots, the golden BIOS validates the checksum of the upgradeable BIOS.
Chapter 3 Configuring the Switch Image Files on the Switch Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 3 Configuring the Switch Upgrading the Switch Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Upgrading the Switch Note Users with the network-admin role can upgrade the software image on the switch.
Chapter 3 Configuring the Switch Upgrading the Switch Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 3 Configuring the Switch Downgrading from a Higher Release Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Provides a prompt to allow you to continue or abort the installation. • Note • Step 11 A disruptive installation causes traffic disruption while the switch reboots. Updates the boot variables to reference the specified images and saves the configuration to the startup configuration file.
Chapter 3 Configuring the Switch Initial Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Note Prior to downgrading to a specific release, check the release notes for the current release installed on the switch, to ensure that your hardware is compatible with the specific release. To downgrade the software on the switch, follow these steps: Step 1 Locate the image files you will use for the downgrade by entering the dir bootflash: command.
Chapter 3 Configuring the Switch Initial Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Before you can configure a switch, follow these steps: Step 1 Verify the following physical connections for the new Cisco Nexus 5000 Series switch: • The console port is physically connected to a computer terminal (or terminal server). • The management Ethernet port (mgmt0) is connected to an external hub, switch, or router.
Chapter 3 Configuring the Switch Initial Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • SSH service on the switch (optional). To enable this service, select the type of SSH key (dsa/rsa/rsa1) and number of SSH key bits (768 to 2048). • NTP server IPv4 address (optional). • SNMP community string (optional). • Switch name (optional). This is your switch prompt. • Note An additional login account and password (optional).
Chapter 3 Configuring the Switch Initial Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Enter the password for admin: password Tip Step 3 If a password is weak (short, easy-to-decipher), your password configuration is rejected. Be sure to configure a strong password. Passwords are case-sensitive. Enter yes to enter the setup mode. This setup utility will guide you through the basic configuration of the system.
Chapter 3 Configuring the Switch Initial Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Mgmt0 IPv4 address: ip_address Step 9 Enter yes (yes is the default) to configure the IPv4 default gateway (recommended). Configure the default-gateway: (yes/no) [y]: yes a. Enter the default gateway IPv4 address. IPv4 address of the default-gateway: default_gateway Step 10 Enter yes (yes is the default) to enable the Telnet service.
Chapter 3 Configuring the Switch Accessing the Switch Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Step 20 Enter no (no is the default) if you are satisfied with the configuration.
Chapter 3 Configuring the Switch Additional Switch Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • Out-of-band access—You can use Telnet or SSH to access a Cisco Nexus 5000 Series switch or use the Cisco MDS 9000 Fabric Manager application to connect to the switch using SNMP.
Chapter 3 Configuring the Switch Additional Switch Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Note The clock command changes are saved across system resets. You can specify a time zone for the switch. To specify the local time without the daylight saving time feature, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode.
Chapter 3 Configuring the Switch NTP Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# clock summer-time timezone start_week start_day start_month start_time end_week end_day end_month end_time offset Sets the daylight savings time for a specified time zone.
Chapter 3 Configuring the Switch NTP Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Time synchronization happens when several frames are exchanged between clients and servers. The switches in client mode know the address of one or more NTP servers. The servers act as the time source and receive client synchronization requests. By configuring an IP address as a peer, the switch will obtain and provide time as required.
Chapter 3 Configuring the Switch NTP Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m – IPv4 address–10.10.10.10 – Stratum–2 Server-2 – IPv4 address–10.10.10.9 • Switch 1 IPv4 address–10.10.10.1 • Switch 1 NTP configuration commands – ntp server 10.10.10.10 – ntp peer 10.10.10.2 • Switch 2 IPv4 address–10.10.10.2 • Switch 2 NTP configuration commands – ntp server 10.10.10.9 – ntp peer 10.10.10.
Chapter 3 Configuring the Switch NTP Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • Committing NTP Configuration Changes, page 3-18 • NTP Session Status Verification, page 3-19 • Database Merge Guidelines, page 3-19 • NTP Session Status Verification, page 3-19 Enabling NTP Distribution To enable NTP configuration fabric distribution, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode.
Chapter 3 Configuring the Switch Management Interface Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Releasing Fabric Session Lock If you have performed an NTP fabric task and have forgotten to release the lock by either committing or discarding the changes, an administrator can release the lock from any switch in the fabric. If the administrator performs this task, your changes to the pending database are discarded and the fabric lock is released.
Chapter 3 Configuring the Switch Management Interface Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m About the mgmt0 Interface The mgmt0 interface on Cisco NX-OS devices provides out-of-band management, which enables you to manage the device by its IPv4 or IPv6 address. The mgmt0 interface uses 10/100/1000 Ethernet. Note Before you begin to configure the management interface manually, obtain the switch’s IP address and subnet mask.
Chapter 3 Configuring the Switch Managing the Switch Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 3 Configuring the Switch Using Switch File Systems Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Saving a Configuration Use the copy running-config startup-config command to save the new configuration into nonvolatile storage. Once this command is entered, the running and the startup copies of the configuration are identical. Clearing a Configuration Use the write erase command to clear a startup configuration.
Chapter 3 Configuring the Switch Using Switch File Systems Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m This command exchanges the current directory to the root directory on the bootflash: file system: switch# cd bootflash: This example changes the current directory to the mystorage directory that resides in the current directory: switch# cd mystorage Displaying the Current Directory The pwd command displays the current directory location.
Chapter 3 Configuring the Switch Using Switch File Systems Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m switch# rmdir bootflash:test This is a directory. Do you want to continue (y/n)? [y] y The delete command can also delete empty and nonempty directories. When you enter this command, a warning is displayed to confirm your intention to delete the directory.
Chapter 3 Configuring the Switch Using Switch File Systems Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m This example shows how to delete a file from the current working directory: switch# delete dns_config.cfg This example deletes the entire bootflash: directory and all its contents: switch# delete bootflash:my-dir Caution If you specify a directory, the delete command deletes the entire directory and all its contents.
Chapter 3 Configuring the Switch Using Switch File Systems Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Usage for volatile:// 266240 bytes used 20705280 bytes free 20971520 bytes total The gunzip command uncompresses (unzips) LZ77 coded files.
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 4 Managing Licenses This chapter describes how to manage licenses on a Cisco Nexus 5000 Series switch. Licensing allows you to access specified premium features on the switch after you install the appropriate license for that feature. This chapter contains information related to licensing types, options, procedures, installation, and management for the Cisco NX-OS software.
Chapter 4 Managing Licenses Licensing Model Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • Proof of purchase—A document entitling its rightful owner to use licensed features on one switch as described in that document. The proof of purchase document is also known as the claim certificate. • Product Authorization Key (PAK)—The PAK allows you to obtain a license key from one of the sites listed in the proof of purchase document.
Chapter 4 Managing Licenses License Installation Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Table 4-1 Feature-Based Licenses (continued) Feature License Features Storage Services Package • N5020-SS includes the following services for one NX5020 system: • Native Fibre Channel • FCoE • NPV • FC Port Security • Fabric Binding • This package will be available in a future release.
Chapter 4 Managing Licenses Obtaining the License Key File Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Performing a Manual Installation All Cisco Nexus 5000 Series licenses are factory-installed. Manual installation is not required. Obtaining the License Key File To obtain new or updated license key files, perform this task: Step 1 Use the show license host-id command to obtain the serial number for your switch.
Chapter 4 Managing Licenses Installing the License Key File Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To install a license key file in any switch, perform this task: Step 1 Log into the switch through the console port of the active supervisor. Step 2 Perform the installation by entering the install license command on the active supervisor module from the switch console. switch# install license bootflash:license_file.lic Installing license ..
Chapter 4 Managing Licenses Backing Up License Files Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Backing Up License Files All installed license files can be backed up as a .tar file in the user specified location. Use the copy licenses command in EXEC mode to save your license file to one of two locations; bootflash: or volatile:. The following example saves all licenses to a file named Enterprise.tar: switch# copy licenses bootflash:/Enterprise.
Chapter 4 Managing Licenses Uninstalling Licenses Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Tip Caution If you are using an evaluation license and would like to install a new permanent license, you can do so without service disruption and before the evaluation license expires. Removing an evaluation license immediately triggers a grace period without service disruption. Disable related features before uninstalling a license.
Chapter 4 Managing Licenses Updating Licenses Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Updating Licenses If your license is time bound, you must obtain and install an updated license. Contact technical support to request an updated license. Note If you purchased Cisco support through a Cisco reseller, contact the reseller directly. If you purchased support directly from Cisco Systems, contact Cisco Technical Support at this URL: http://www.cisco.
Chapter 4 Managing Licenses License Transfers Between Switches Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m The grace period stops if you disable a feature you are evaluating, but if you enable that feature again without a valid license, the grace period countdown continues from when it had stopped. The grace period operates across all features in a license package. License packages can contain several features.
Chapter 4 Managing Licenses Verifying the License Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Verifying the License Configuration To display the license configuration information, perform one of the following tasks: . Command Purpose switch# show license [brief] Displays information for all installed license files. switch# show license file Displays information for a specific license file.
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 5 Configuring Ethernet Interfaces This section describes the configuration of the Ethernet interfaces on a Cisco Nexus 5000 Series switch.
Chapter 5 Configuring Ethernet Interfaces Information About Ethernet Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m – Slot 3 includes the ports on the lower expansion module (if populated). • Port number – Port number within the group.
Chapter 5 Configuring Ethernet Interfaces Information About Ethernet Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Figure 5-1 Unidirectional Link TX RX TX RX Device B 187781 Device A Default UDLD Configuration Table 5-1 shows the default UDLD configuration.
Chapter 5 Configuring Ethernet Interfaces Information About Ethernet Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m About Interface Speed A Cisco Nexus 5000 Series switch has a number of fixed 10-Gigabit ports, each equipped with SFP+ interface adapters. The Nexus 5010 switch has 20 fixed ports, the first 8 of which are switchable 1-Gigabit and 10-Gigabit ports.
Chapter 5 Configuring Ethernet Interfaces Configuring Ethernet Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Caution When you enable the port debounce timer the link up and link down detections are delayed, resulting in a loss of traffic during the debounce period. This situation might affect the convergence and reconvergence of some protocols. About MTU Configuration A per-physical Ethernet interface maximum transmission unit (MTU) is not supported.
Chapter 5 Configuring Ethernet Interfaces Configuring Ethernet Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Command Purpose Step 3 switch(config)# show udld global Displays the UDLD status for the device. Step 4 switch(config)# interface ethernet slot/port Specifies an interface to configure, and enters interface configuration mode.
Chapter 5 Configuring Ethernet Interfaces Configuring Ethernet Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m The following example shows how to set the speed for a 1-Gigabit Ethernet port: switch# configure terminal switch(config)# interface ethernet 1/4 switch(config-if)# speed 1000 This command can only be applied to a physical Ethernet interface.
Chapter 5 Configuring Ethernet Interfaces Configuring Ethernet Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m This example shows how to configure CDP characteristics: switch# configure terminal switch(config)# cdp timer 50 switch(config)# cdp holdtime 120 switch(config)# cdp advertise v2 Enabling or Disabling CDP You can enable or disable CDP for Ethernet interfaces. This protocol works only when you have it enabled on both interfaces on the same link.
Chapter 5 Configuring Ethernet Interfaces Configuring Ethernet Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 5 Configuring Ethernet Interfaces Displaying Interface Information Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m The following example shows how to disable an Ethernet port: switch# configure terminal switch(config)# interface ethernet 1/4 switch(config-if)# shutdown To restart an interface, perform this task: Command Purpose switch(config-if)# no shutdown Restarts the interface.
Chapter 5 Configuring Ethernet Interfaces Displaying Interface Information Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 5 Configuring Ethernet Interfaces Displaying Interface Information Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 5 Configuring Ethernet Interfaces Displaying Interface Information Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Parameter Default Setting Encapsulation ARPA MTU 1 1500 bytes Port Mode Access Speed Auto (10000) 1. MTU cannot be changed per-physical Ethernet interface. You modify MTU by selecting maps of QoS classes. See Chapter 31, “Configuring QoS,” for additional information.
Chapter 5 Configuring Ethernet Interfaces Displaying Interface Information Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 6 Configuring VLANs You can use virtual LANs (VLANs) to divide the network into separate logical areas. VLANs can also be considered as broadcast domains. Any switch port can belong to a VLAN, and unicast, broadcast, and multicast packets are forwarded and flooded only to end stations in that VLAN.
Chapter 6 Configuring VLANs Information About VLANs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Figure 6-1 shows VLANs as logical networks. In this diagram, the stations in the engineering department are assigned to one VLAN, the stations in the marketing department are assigned to another VLAN, and the stations in the accounting department are assigned to yet another VLAN.
Chapter 6 Configuring VLANs Information About VLANs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Table 6-1 describes the details of the VLAN ranges. Table 6-1 VLAN Ranges VLANs Numbers Range Usage 1 Normal Cisco default. You can use this VLAN, but you cannot modify or delete it. 2—1005 Normal You can create, use, modify, and delete these VLANs. 1006—4094 Extended You can create, name, and use these VLANs.
Chapter 6 Configuring VLANs Configuring a VLAN Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Note Commands entered in the VLAN configuration submode are immediately executed. Note VLANs 3968 to 4047 and 4094 are reserved for internal use; these VLANs cannot be changed or used.
Chapter 6 Configuring VLANs Configuring a VLAN Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Note You can also create and delete VLANs in the VLAN configuration submode. To delete a VLAN, perform this task: Command Purpose switch(config-vlan)# no vlan {vlan-id | vlan-range} Deletes the specified VLAN or range of VLANs and removes you from the VLAN configuration submode. You cannot delete VLAN1 or the internally allocated VLANs.
Chapter 6 Configuring VLANs Verifying VLAN Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Adding Ports to a VLAN After you have completed the configuration of a VLAN, assign ports to it. To add ports, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# interface {type slot/port | port-channel number} Specifies the interface to configure, and enters the interface configuration mode.
Chapter 6 Configuring VLANs Verifying VLAN Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 6 Configuring VLANs Verifying VLAN Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 7 Configuring Private VLANs This chapter shows you how to configure private VLANs. Note You must enable the private VLAN feature before you can perform any of the configurations in this chapter.
Chapter 7 Configuring Private VLANs About Private VLANs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Figure 7-1 Private VLAN Domain Private VLAN domain Subdomain Subdomain Secondary isolated VLAN 116083 Secondary community VLAN Primary VLAN Note You must first create the VLAN before you can convert it to a private VLAN, either primary or secondary. See Chapter 6, “Configuring VLANs” for information on creating VLANs.
Chapter 7 Configuring Private VLANs About Private VLANs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Understanding Private VLAN Ports The types of private VLAN ports are as follows: Note • Promiscuous—A promiscuous port belongs to the primary VLAN. The promiscuous port can communicate with all interfaces, including the community and isolated host ports, that belong to those secondary VLANs associated to the promiscuous port and associated with the primary VLAN.
Chapter 7 Configuring Private VLANs About Private VLANs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Figure 7-2 Private VLAN Traffic Flows Promiscuous port Community A ports Community B ports Primary VLAN Community A VLAN Community B VLAN Isolated VLAN Note 182773 Isolated ports The private VLAN traffic flows are unidirectional from the host ports to the promiscuous ports.
Chapter 7 Configuring Private VLANs Configuring a Private VLAN Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Note Use the show command to verify that the association is operational. The switch does not display an error message when the association is nonoperational. (See the “Verifying Private VLAN Configuration” section on page 7-10 for information on configuration verification.
Chapter 7 Configuring Private VLANs Configuring a Private VLAN Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 7 Configuring Private VLANs Configuring a Private VLAN Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuring a VLAN as a Private VLAN To create a private VLAN, you first create a VLAN, and then configure that VLAN to be a private VLAN. Ensure that the private VLAN feature is enabled. To create a private VLAN, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode.
Chapter 7 Configuring Private VLANs Configuring a Private VLAN Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • Enter a secondary-vlan-list or use the add keyword with a secondary-vlan-list to associate secondary VLANs with a primary VLAN. • Use the remove keyword with a secondary-vlan-list to clear the association between secondary VLANs and a primary VLAN.
Chapter 7 Configuring Private VLANs Configuring a Private VLAN Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Note We recommend that you enable BPDU Guard on all interfaces configured as a host ports. See Chapter 10, “Configuring STP Extensions” for information on configuring BPDU Guard. Ensure that the private VLAN feature is enabled.
Chapter 7 Configuring Private VLANs Verifying Private VLAN Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Command Purpose Step 3 switch(config-if)# switchport mode private-vlan promiscuous Configures the port as a promiscuous port for a private VLAN. You can only enable a physical Ethernet port as the promiscuous port.
Chapter 7 Configuring Private VLANs Verifying Private VLAN Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 7 Configuring Private VLANs Verifying Private VLAN Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 8 Configuring Rapid PVST+ The Spanning Tree Protocol (STP) was implemented to provide a loop-free network. Rapid per VLAN Spanning Tree (Rapid PVST+) is an updated implementation of STP that allows you to create one spanning tree topology for each VLAN. Rapid PVST+ is the default STP mode on the switch.
Chapter 8 Configuring Rapid PVST+ Information About Rapid PVST+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Understanding STP RSTP, Rapid PVST+, and MST are all extensions of the original IEEE 802.1D STP (see Chapter 9, “Configuring MST” for complete information on MST). STP is a Layer 2 loop prevention protocol that provides path redundancy while preventing undesirable loops in the network.
Chapter 8 Configuring Rapid PVST+ Information About Rapid PVST+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • The unique switch identifier Media Access Control (MAC) address of the switch that is associated with each switch • The path cost to the root that is associated with each interface • The port identifier that is associated with each interface In a switched network, the root switch is the logical center of the spanning tree topology.
Chapter 8 Configuring Rapid PVST+ Information About Rapid PVST+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m STP MAC Address Allocation Note Extended system ID and MAC address reduction is always enabled on the software. With MAC address reduction enabled on any switch, you should also enable MAC address reduction on all other connected switches to avoid undesirable root bridge election and spanning tree topology issues.
Chapter 8 Configuring Rapid PVST+ Information About Rapid PVST+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • The identifier of the transmitting port • Values for the hello, forward delay, and max-age protocol timer • Additional information for STP extension protocols When a switch transmits a Rapid PVST+ BPDU frame, all switches connected to the VLAN on which the frame is transmitted receive the BPDU.
Chapter 8 Configuring Rapid PVST+ Information About Rapid PVST+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Figure 8-2 Spanning Tree Topology DP A DP RP DP RP DP RP B D DP DP C RP = Root Port DP = Designated Port 187026 DP When the spanning tree topology is calculated based on default parameters, the path between source and destination end stations in a switched network might not be ideal.
Chapter 8 Configuring Rapid PVST+ Information About Rapid PVST+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Rapid PVST+ uses point-to-point wiring to provide rapid convergence of the spanning tree. The spanning tree reconfiguration can occur in less than 1 second with Rapid PVST+ (in contrast to 50 seconds with the default settings in the 802.1D STP). Note Rapid PVST+ supports one STP instance for each VLAN. Using Rapid PVST+, STP convergence occurs rapidly.
Chapter 8 Configuring Rapid PVST+ Information About Rapid PVST+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Note The TCA flag is used only when the switch is interacting with switches that are running legacy 802.1D STP. See the “Rapid PVST+ Interoperation with Legacy 802.1D STP” section on page 8-16 for information about Rapid PVST+ interaction with 802.1D STP.
Chapter 8 Configuring Rapid PVST+ Information About Rapid PVST+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 8 Configuring Rapid PVST+ Information About Rapid PVST+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Table 8-2 Rapid PVST+ Protocol Timers Variable Description Hello timer Determines how often each switch broadcasts BPDUs to other switches. The default is 2 seconds, and the range is from 1 to 10. Forward delay timer Determines how long each of the listening and learning states last before the port begins forwarding.
Chapter 8 Configuring Rapid PVST+ Information About Rapid PVST+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 8 Configuring Rapid PVST+ Information About Rapid PVST+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m When you enable Rapid PVST+, every port in the software, VLAN, and network goes through the blocking state and the transitory states of learning at power up. If properly configured, each LAN port stabilizes to the forwarding or blocking state. When the STP algorithm places a LAN port in the forwarding state, the following process occurs: 1.
Chapter 8 Configuring Rapid PVST+ Information About Rapid PVST+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • Incorporates the end station location information into its address database. • Receives BPDUs and directs them to the system module. • Processes BPDUs received from the system module. • Receives and responds to network management messages. Disabled State A LAN port in the disabled state does not participate in frame forwarding or STP.
Chapter 8 Configuring Rapid PVST+ Information About Rapid PVST+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m After ensuring that all of the ports are synchronized, the switch sends an agreement message to the designated switch that corresponds to its root port. When the switches connected by a point-to-point link are in agreement about their port roles, Rapid PVST+ immediately transitions the port states to the forwarding state.
Chapter 8 Configuring Rapid PVST+ Information About Rapid PVST+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m When a designated port detects a conflict, it keeps its role, but reverts to a discarding state because disrupting connectivity in case of inconsistency is preferable to opening a bridging loop. Figure 8-7 illustrates a unidirectional link failure that typically creates a bridging loop.
Chapter 8 Configuring Rapid PVST+ Information About Rapid PVST+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Port Priority If a loop occurs and multiple ports have the same path cost, Rapid PVST+ considers the port priority when selecting which LAN port to put into the forwarding state. You can assign lower priority values to LAN ports that you want Rapid PVST+ to select first and higher priority values to LAN ports that you want Rapid PVST+ to select last.
Chapter 8 Configuring Rapid PVST+ Configuring Rapid PVST+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m If the switch receives an 802.1D BPDU after the port migration-delay timer has expired, it assumes that it is connected to an 802.1D switch and starts using only 802.1D BPDUs. However, if the 802.1w switch is using 802.1D BPDUs on a port and receives an 802.1w BPDU after the timer has expired, it restarts the timer and starts using 802.1w BPDUs on that port.
Chapter 8 Configuring Rapid PVST+ Configuring Rapid PVST+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Note Changing the spanning tree mode disrupts traffic because all spanning tree instances are stopped for the previous mode and started for the new mode. To enable Rapid PVST+ on the switch, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode.
Chapter 8 Configuring Rapid PVST+ Configuring Rapid PVST+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To disable Rapid PVST+ per VLAN, perform this task: Caution Command Purpose switch(config)# no spanning-tree vlan-range Disables Rapid PVST+ on the specified VLAN; see the following Caution for information regarding this command. Do not disable spanning tree on a VLAN unless all switches and bridges in the VLAN have spanning tree disabled.
Chapter 8 Configuring Rapid PVST+ Configuring Rapid PVST+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To configure a switch to become the primary root bridge for a VLAN in Rapid PVST+, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# spanning-tree vlan vlan-range root primary [diameter dia [hello-time hello-time]] Configures a software switch as the primary root bridge.
Chapter 8 Configuring Rapid PVST+ Configuring Rapid PVST+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m switch# configure terminal switch(config)# spanning-tree vlan 5 root secondary diameter 4 Configuring the Rapid PVST+ Port Priority You can assign lower priority values to LAN ports that you want Rapid PVST+ to select first and higher priority values to LAN ports that you want Rapid PVST+ to select last.
Chapter 8 Configuring Rapid PVST+ Configuring Rapid PVST+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Command Purpose Step 3 switch(config)# interface type slot/port Specifies the interface to configure, and enters the interface configuration mode. Step 4 switch(config-if)# spanning-tree [vlan vlan-id] cost [value | auto] Configures the port cost for the LAN interface.
Chapter 8 Configuring Rapid PVST+ Configuring Rapid PVST+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuring the Rapid PVST+ Hello Time for a VLAN You can configure the Rapid PVST+ hello time for a VLAN. Note Be careful when using this configuration. For most situations, we recommend that you configure the primary root and secondary root to modify the hello time.
Chapter 8 Configuring Rapid PVST+ Configuring Rapid PVST+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# spanning-tree vlan vlan-range max-age value Configures the maximum aging time of a VLAN. The maximum aging time value can be from 6 to 40 seconds, and the default is 20 seconds.
Chapter 8 Configuring Rapid PVST+ Verifying Rapid PVST+ Configurations Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Restarting the Protocol A bridge running Rapid PVST+ can send 802.1D BPDUs on one of its ports when it is connected to a legacy bridge. However, the STP protocol migration cannot determine whether the legacy switch has been removed from the link unless the legacy switch is the designated switch.
Chapter 8 Configuring Rapid PVST+ Verifying Rapid PVST+ Configurations Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 9 Configuring MST Multiple Spanning Tree (MST), which is the IEEE 802.1s standard, allows you to assign two or more VLANs to a spanning tree instance. MST is not the default spanning tree mode; Rapid per VLAN Spanning Tree (Rapid PVST+) is the default mode. MST instances with the same name, revision number, and VLAN-to-instance mapping combine to form an MST region.
Chapter 9 Configuring MST Information About MST Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • Interoperability with Rapid PVST+: Understanding PVST Simulation, page 9-9 MST Overview Note You must enable MST; Rapid PVST+ is the default spanning tree mode. MST maps multiple VLANs into a spanning tree instance, with each instance having a spanning tree topology independent of other spanning tree instances.
Chapter 9 Configuring MST Information About MST Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Note We do not recommend that you partition the network into a large number of regions. MST BPDUs Each region has only one MST BPDU, and that BPDU carries an M-record for each MSTI within the region (see Figure 9-1).
Chapter 9 Configuring MST Information About MST Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m MST BPDUs contain these three configuration parameters. An MST bridge accepts an MST BPDU into its own region only if these three configuration parameters match exactly. If one configuration attribute differs, the MST bridge considers the BPDU to be from another MST region.
Chapter 9 Configuring MST Information About MST Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Spanning Tree Operation Within an MST Region The IST connects all the MST switches in a region. When the IST converges, the root of the IST becomes the CIST regional root as shown in Figure 9-2 on page 9-6. The CIST regional root is also the CIST root if there is only one region in the network.
Chapter 9 Configuring MST Information About MST Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Figure 9-2 MST Regions, CIST Regional Roots, and CST Root A CIST Regional Root and CST root D Legacy 802.1D MST Region 1 CIST Regional Root MST Region 2 C CIST Regional Root MST Region 3 184441 B Only the CST instance sends and receives BPDUs.
Chapter 9 Configuring MST Information About MST Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • If the CIST root is in the region, the CIST regional root is the CIST root. Otherwise, the CIST regional root is the closest switch to the CIST root in the region. The CIST regional root acts as a root bridge for the IST. • The CIST internal root path cost is the cost to the CIST regional root in a region. This cost is only relevant to the IST, instance 0.
Chapter 9 Configuring MST Information About MST Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m At the boundary, the roles of MST ports do not matter; the system forces their state to be the same as the IST port state. If the boundary flag is set for the port, the MST port-role selection process assigns a port role to the boundary and assigns the same state as the state of the IST port. The IST port at the boundary can take up any port role except a backup port role.
Chapter 9 Configuring MST Configuring MST Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Interoperability with IEEE 802.1D A switch that runs MST supports a built-in protocol migration feature that enables it to interoperate with 802.1D STP switches. If this switch receives an 802.1D configuration BPDU (a BPDU with the protocol version set to 0), it sends only 802.1D BPDUs on that port.
Chapter 9 Configuring MST Configuring MST Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 9 Configuring MST Configuring MST Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To enable MST on the switch, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# spanning-tree mode mst Enables MST on the switch.
Chapter 9 Configuring MST Configuring MST Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To enter MST configuration mode, perform this task (note the difference between exit and abort): Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# spanning-tree mst configuration Enters MST configuration submode on the system.
Chapter 9 Configuring MST Configuring MST Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To specify an MST name, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# spanning-tree mst configuration Enters MST configuration submode. Step 3 switch(config-mst)# name name Specifies the name for MST region. The name string has a maximum length of 32 characters and is case-sensitive.
Chapter 9 Configuring MST Configuring MST Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To specify the configuration on an MST region, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# spanning-tree mst configuration Enters MST configuration submode.
Chapter 9 Configuring MST Configuring MST Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Instances configured 2 Instance Vlans Mapped -------- --------------------0 1-9,21-4094 1 10-20 ------------------------------- Mapping and Unmapping VLANs to MST Instances Caution Note When you change the VLAN-to-MSTI mapping, the system restarts MST. You cannot disable an MSTI.
Chapter 9 Configuring MST Configuring MST Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Mapping Secondary VLANs to Same MSTI as Primary VLANs for Private VLANs When you are working with private VLANs on the system, all secondary VLANs must be in the same MSTI and their associated primary VLAN. To accomplish this synchronization automatically, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode.
Chapter 9 Configuring MST Configuring MST Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To enable the root bridge configuration, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode.
Chapter 9 Configuring MST Configuring MST Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To enable a secondary root bridge, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode.
Chapter 9 Configuring MST Configuring MST Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Command Purpose Step 2 switch(config)# interface {{type slot/port} | {port-channel number}} Specifies an interface to configure, and enters interface configuration mode.
Chapter 9 Configuring MST Configuring MST Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Command Purpose Step 2 switch(config)# interface {{type slot/port} | {port-channel number}} Specifies an interface to configure, and enters interface configuration mode. Step 3 switch(config-if)# spanning-tree mst instance-id cost [cost | auto] Configures the cost. If a loop occurs, MST uses the path cost when selecting an interface to place into the forwarding state.
Chapter 9 Configuring MST Configuring MST Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To configure the switch priority for an MST instance, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode.
Chapter 9 Configuring MST Configuring MST Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuring the Forwarding-Delay Time You can set the forward delay timer for all MST instances on the switch with one command. To configure the forward delay timer, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# spanning-tree mst forward-time seconds Configures the forward time for all MST instances.
Chapter 9 Configuring MST Configuring MST Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To configure the maximum hop count, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# spanning-tree mst max-hops hop-count Specifies the number of hops in a region before the BPDU is discarded, and the information held for a port is aged.
Chapter 9 Configuring MST Configuring MST Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m You can block this automatic feature either globally or per port. To disable PVST simulation, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# interface {{type slot/port} | {port-channel number}} Specifies an interface to configure, and enters interface configuration mode.
Chapter 9 Configuring MST Verifying MST Configurations Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 9 Configuring MST Verifying MST Configurations Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 10 Configuring STP Extensions Cisco has added extensions to the Spanning Tree Protocol (STP) that make convergence more efficient. In some cases, even though similar functionality may be incorporated into the IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) standard, we recommend using these extensions. All of these extensions can be used with both RPVST+ and MST.
Chapter 10 Configuring STP Extensions Information About STP Extensions Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Understanding STP Port Types You can configure a spanning tree port as an edge port, a network port, or a normal port. A port can be in only one of these states at a given time. The default spanning tree port type is normal.
Chapter 10 Configuring STP Extensions Information About STP Extensions Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Bridge Assurance is enabled by default and can only be disabled globally. Also, Bridge Assurance can be enabled only on spanning tree network ports that are point-to-point links. Finally, both ends of the link must have Bridge Assurance enabled.
Chapter 10 Configuring STP Extensions Information About STP Extensions Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 10 Configuring STP Extensions Configuring STP Extensions Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Understanding Root Guard When you enable Root Guard on a port, Root Guard does not allow that port to become a root port. If a received BPDU triggers an STP convergence that makes that designated port become a root port, that port is put into a root-inconsistent (blocked) state. After the port stops send superior BPDUs, the port is unblocked again.
Chapter 10 Configuring STP Extensions Configuring STP Extensions Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuring Spanning Tree Port Types Globally The spanning tree port type designation depends on the type of device the port is connected to, as follows: • Edge—Edge ports are connected to hosts and can be either an access port or a trunk port. • Network—Network ports are connected only to switches or bridges.
Chapter 10 Configuring STP Extensions Configuring STP Extensions Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuring Spanning Tree Edge Ports on Specified Interfaces You can configure spanning tree edge ports on specified interfaces. Interfaces configured as spanning tree edge ports immediately transition to the forwarding state, without passing through the blocking or learning states, on linkup.
Chapter 10 Configuring STP Extensions Configuring STP Extensions Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m This command has three states: Note • spanning-tree port type network—This command explicitly configures the port as a network port. If you enable Bridge Assurance globally, it automatically runs on a spanning tree network port.
Chapter 10 Configuring STP Extensions Configuring STP Extensions Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To enable BPDU Guard globally, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# spanning-tree port type edge bpduguard default Enables BPDU Guard by default on all spanning tree edge ports. By default, global BPDU Guard is disabled.
Chapter 10 Configuring STP Extensions Configuring STP Extensions Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To disable BPDU Guard on an interface, perform this task: Command Purpose switch(config-if)# no spanning-tree bpduguard Enables BPDU Guard on the interface if it is an operational edge port and if you enter the spanning-tree port type edge bpduguard default command.
Chapter 10 Configuring STP Extensions Configuring STP Extensions Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Caution Be careful when you enter the spanning-tree bpdufilter enable command on specified interfaces. Explicitly configuring BPDU Filtering on a port that is not connected to a host can result in bridging loops as the port will ignore any BPDU it receives and go to forwarding.
Chapter 10 Configuring STP Extensions Configuring STP Extensions Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Enabling Loop Guard Globally You can enable Loop Guard globally by default on all point-to-point spanning tree normal and network ports. Loop Guard does not run on edge ports. Loop Guard provides additional security in the bridge network.
Chapter 10 Configuring STP Extensions Verifying STP Extension Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • Ensure that you are configuring Loop Guard on spanning tree normal or network ports. To enable Loop Guard or Root Guard on an interface, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode.
Chapter 10 Configuring STP Extensions Verifying STP Extension Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 11 Configuring Port Channels This chapter describes how to configure port channels and to apply and configure the Link Aggregation Control Protocol (LACP) for more efficient use of port channels in Cisco NX-OS.
Chapter 11 Configuring Port Channels Information About Port Channels Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m You can collect up to eight ports into a static port channel or you can enable the Link Aggregation Control Protocol (LACP). Configuring port channels with LACP requires slightly different steps than configuring static port channels (see the “Configuring Port Channels” section on page 11-7).
Chapter 11 Configuring Port Channels Information About Port Channels Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • Priority-Flow-Control Use the show port-channel compatibility-parameters command to see the full list of compatibility checks that Cisco NX-OS uses. You can only add interfaces configured with the channel mode set to on to static port channels.
Chapter 11 Configuring Port Channels Information About Port Channels Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 11 Configuring Port Channels Information About Port Channels Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m LACP Overview Note You must enable LACP before the feature functions. Figure 11-1 shows how individual links can be combined into LACP port channels and channel groups as well as function as individual links.
Chapter 11 Configuring Port Channels Information About Port Channels Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m higher port priority value means a lower priority for LACP. You can configure the port priority so that specified ports have a lower priority for LACP and are most likely to be chosen as active links, rather than hot-standby links.
Chapter 11 Configuring Port Channels Configuring Port Channels Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • A port in passive mode cannot form a port channel with another port that is also in passive mode because neither port will initiate negotiation. • A port in on mode is not running LACP. LACP Marker Responders Using port channels, data traffic may be dynamically redistributed due to either a link failure or load balancing.
Chapter 11 Configuring Port Channels Configuring Port Channels Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Note If you want LACP-based port channels, you need to enable LACP (see the “Enabling LACP” section on page 11-10). To create a port channel, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode.
Chapter 11 Configuring Port Channels Configuring Port Channels Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Command Purpose Step 4 switch(config-if)# switchport trunk {allowed vlan vlan-id | native vlan vlan-id} (Optional) Configures necessary parameters for a trunk port. Step 5 switch(config-if)# channel-group channel-number Configures the port in a channel group and sets the mode. The channel-number range is from 1 to 4096.
Chapter 11 Configuring Port Channels Configuring Port Channels Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To restore the default load-balancing algorithm of source-dest-mac for non-IP traffic and source-dest-ip for IP traffic, perform this task: Note Command Purpose switch(config)# no port-channel load-balance ethernet Restores the default load-balancing algorithm. Before Release 4.
Chapter 11 Configuring Port Channels Configuring Port Channels Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To configure the LACP link mode, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# interface type slot/port Specifies the interface to configure, and enters the interface configuration mode.
Chapter 11 Configuring Port Channels Verifying Port-Channel Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To configure the LACP link mode and port priority, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# interface type slot/port Specifies the interface to configure, and enters the interface configuration mode.
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 12 Configuring Access and Trunk Interfaces Ethernet interfaces can be configured either as access ports or trunk ports. Trunks carry the traffic of multiple VLANs over a single link and allow you to extend VLANs across the network.
Chapter 12 Configuring Access and Trunk Interfaces Information About Access and Trunk Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Figure 12-1 Devices in a Trunking Environment Switch Trunk port Trunk port Trunk port Trunk port Switch Switch VLAN1 Switch VLAN3 VLAN2 VLAN2 VLAN1 VLAN3 187538 Switch In order to correctly deliver the traffic on a trunk port with several VLANs, the device uses the IEEE 802.
Chapter 12 Configuring Access and Trunk Interfaces Information About Access and Trunk Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Figure 12-2 Header without and with 802.1Q Tag Included Start Preamble (7 - bytes) Frame Delimiter (1 - byte) Dest. Source MAC MAC Address Address (6 - (6 - bytes) bytes) Length / Type MAC Client Data (2 - (0 - n bytes) bytes) Source Dest. Start Length/Type MAC MAC Preamble Frame = 802.
Chapter 12 Configuring Access and Trunk Interfaces Configuring Access and Trunk Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m A trunk port can carry untagged packets simultaneously with the 802.1Q tagged packets. When you assign a default port VLAN ID to the trunk port, all untagged traffic travels on the default port VLAN ID for the trunk port, and all untagged traffic is assumed to belong to this VLAN.
Chapter 12 Configuring Access and Trunk Interfaces Configuring Access and Trunk Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Command Purpose Step 3 switch(config-if)# switchport mode {access | trunk} Sets the interface as a nontrunking nontagged single-VLAN Ethernet interface. An access port can carry traffic in one VLAN only.
Chapter 12 Configuring Access and Trunk Interfaces Configuring Access and Trunk Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 12 Configuring Access and Trunk Interfaces Configuring Access and Trunk Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Command Purpose Step 2 switch(config)# interface {type slot/port | port-channel number} Specifies an interface to configure, and enters interface configuration mode. Step 3 switch(config-if)# switchport trunk native vlan vlan-id Sets the native VLAN for the 802.1Q trunk.
Chapter 12 Configuring Access and Trunk Interfaces Verifying Interface Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Verifying Interface Configuration To display access and trunk interface configuration information, perform one of these tasks: Command Purpose switch# show interface Displays the interface configuration switch# show interface switchport Displays information for all Ethernet interfaces, including access and trunk interfaces.
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 13 Configuring the MAC Address Table All Ethernet switching ports maintain media access control (MAC) address tables.
Chapter 13 Configuring the MAC Address Table Configuring MAC Addresses Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuring a Static MAC Address You can configure MAC addresses for the switch. These addresses are static MAC addresses. Note You can also configure a static MAC address in interface configuration mode or VLAN configuration mode.
Chapter 13 Configuring the MAC Address Table Verifying the MAC Address Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To configure the aging time for all MAC addresses, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# mac-address-table aging-time seconds [vlan vlan_id] Specifies the time before an entry ages out and is discarded from the MAC address table.
Chapter 13 Configuring the MAC Address Table Verifying the MAC Address Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 14 Configuring IGMP Snooping Internet Group Management Protocol (IGMP) snooping streamlines multicast traffic handling for VLANs. By examining (snooping) IGMP membership report messages from interested hosts, multicast traffic is limited to the subset of VLAN interfaces on which the hosts reside.
Chapter 14 Configuring IGMP Snooping Information About IGMP Snooping Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Figure 14-1 IGMP Snooping Switch IGMP Router IGMP Query Messages IGMP Snooping Switch Host Note 240804 IGMP Report and Leave Messages The switch supports IGMPv3 snooping based only on the destination multicast MAC address. It does not support snooping based on the source MAC address or on proxy reports.
Chapter 14 Configuring IGMP Snooping Information About IGMP Snooping Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m IGMPv3 The IGMPv3 snooping implementation on the switch forwards IGMPv3 reports to allow the upstream multicast router do source-based filtering. By default, the software tracks hosts on each VLAN port. The explicit tracking feature provides a fast leave mechanism.
Chapter 14 Configuring IGMP Snooping Configuring IGMP Snooping Parameters Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuring IGMP Snooping Parameters To manage the operation of the IGMP snooping process, you can configure the optional IGMP snooping parameters described in Table 14-1. Table 14-1 IGMP Snooping Parameters Parameter Description IGMP snooping Enables IGMP snooping on a per-VLAN basis. The default is enabled.
Chapter 14 Configuring IGMP Snooping Configuring IGMP Snooping Parameters Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Step 4 Command Purpose switch(config-vlan)# ip igmp snooping Enables IGMP snooping for the current VLAN. The default is enabled. Note If IGMP snooping is enabled globally, this command is not required. switch(config-vlan)# ip igmp snooping explicit-tracking Tracks IGMPv3 membership reports from individual hosts for each port on a per-VLAN basis.
Chapter 14 Configuring IGMP Snooping Verifying IGMP Snooping Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m You can disable IGMP snooping either globally or for a specific VLAN. To disable IGMP snooping globally, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# no ip igmp snooping Globally disables IGMP snooping. The default is enabled.
Chapter 14 Configuring IGMP Snooping Verifying IGMP Snooping Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Number of router-ports: 0 Number of groups: 0 IGMP Snooping information for vlan 5 IGMP snooping enabled IGMP querier present, address: 172.16.24.1, version: 3 Querier interval: 125 secs Querier last member query interval: 10 secs Querier robustness: 2 Switch-querier enabled, address 172.16.24.
Chapter 14 Configuring IGMP Snooping Verifying IGMP Snooping Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 15 Configuring Traffic Storm Control This chapter describes how to configure traffic storm control on the Cisco Nexus 5000 Series switch.
Chapter 15 Configuring Traffic Storm Control Guidelines and Limitations Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Figure 15-1 Broadcast Suppression Total number of broadcast packets or bytes 0 T1 T2 T3 T4 T5 Time S5706 Threshold The traffic storm control threshold numbers and the time interval allow the traffic storm control algorithm to work with different levels of packet granularity. For example, a higher threshold allows more packets to pass through.
Chapter 15 Configuring Traffic Storm Control Configuring Traffic Storm Control Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m – 100 percent means no traffic storm control. – 0.0 percent suppresses all traffic. Because of hardware limitations and the method by which packets of different sizes are counted, the level percentage is an approximation.
Chapter 15 Configuring Traffic Storm Control Traffic Storm Control Example Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Note Traffic storm control uses a 10-microsecond interval that can affect the operation of traffic storm control.
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 16 Configuring AAA This chapter describes how to configure authentication, authorization, and accounting (AAA) on Cisco Nexus 5000 Series switches.
Chapter 16 Configuring AAA Information About AAA Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Based on the user ID and password combination that you provide, the Nexus 5000 Series switches perform local authentication or authorization using the local database or remote authentication or authorization using one or more AAA servers. A preshared secret key provides security for communication between the Nexus 5000 switch and AAA servers.
Chapter 16 Configuring AAA Information About AAA Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • The accounting log for all switches in the fabric can be centrally managed. • User attributes for each switch in the fabric than using the local databases on the switches are easier to manage. AAA Server Groups You can specify remote AAA servers for authentication, authorization, and accounting using server groups.
Chapter 16 Configuring AAA Information About AAA Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 16 Configuring AAA Prerequisites for Remote AAA Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 16 Configuring AAA AAA Guidelines and Limitations Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • The remote server responds to AAA requests from the Nexus 5000 Series switch (see the “Manually Monitoring RADIUS Servers or Groups” section on page 17-13 and the “Manually Monitoring TACACS+ Servers or Groups” section on page 18-12).
Chapter 16 Configuring AAA Configuring AAA Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • Global pool of RADIUS servers • Named subset of RADIUS or TACACS+ servers • Local database on the Nexus 5000 Series switch • Username only (none) The default method is local. Note The group radius and group server-name forms of the aaa authentication command are used for a set of previously defined RADIUS servers.
Chapter 16 Configuring AAA Configuring AAA Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuring Default Login Authentication Methods The authentication methods include the following: • Global pool of RADIUS servers • Named subset of RADIUS or TACACS+ servers • Local database on the Nexus 5000 Series switch • Username only The default method is local.
Chapter 16 Configuring AAA Configuring AAA Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# aaa authentication login error-enable Enables login authentication failure messages. The default is disabled. Step 3 switch(config)# exit Exits configuration mode. Step 4 switch# show aaa authentication (Optional) Displays the login failure message configuration.
Chapter 16 Configuring AAA Configuring AAA Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuring AAA Accounting Default Methods The Nexus 5000 Series switch supports TACACS+ and RADIUS methods for accounting. The switches report user activity to TACACS+ or RADIUS security servers in the form of accounting records. Each accounting record contains accounting attribute-value (AV) pairs and is stored on the AAA server.
Chapter 16 Configuring AAA Configuring AAA Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Using AAA Server VSAs with Nexus 5000 Series Switches You can use vendor-specific attributes (VSAs) to specify the Nexus 5000 Series user roles and SNMPv3 parameters on AAA servers.
Chapter 16 Configuring AAA Displaying and Clearing the Local AAA Accounting Log Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m If you do not specify the role option in the cisco-av-pair attribute, the default user role is network-operator. You can also specify your SNMPv3 authentication and privacy protocol attributes as follows: shell:roles="roleA roleB..." snmpv3:auth=SHA priv=AES-128 The SNMPv3 authentication protocol options are SHA and MD5.
Chapter 16 Configuring AAA Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m aaa accounting default group radius Default Settings Table 16-4 lists the default settings for AAA parameters.
Chapter 16 Configuring AAA Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 17 Configuring RADIUS This chapter describes how to configure Remote Access Dial-In User Service (RADIUS) protocol on the Nexus 5000 Series switch.
Chapter 17 Configuring RADIUS Information About RADIUS Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m You can use RADIUS in the following network environments that require access security: • Networks with multiple-vendor network devices, each supporting RADIUS. For example, network devices from several vendors can use a single RADIUS server-based security database. • Networks already using RADIUS. You can add a Nexus 5000 Series switch with RADIUS to the network.
Chapter 17 Configuring RADIUS Information About RADIUS Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m RADIUS Server Monitoring An unresponsive RADIUS server can cause delay in processing of AAA requests. You can configure the Nexus 5000 Series switch to periodically monitor a RADIUS server to check whether it is responding (or alive) to save time in processing AAA requests.
Chapter 17 Configuring RADIUS Prerequisites for RADIUS Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m The following VSA protocol options are supported by the Nexus 5000 Series switch: • Shell— Used in access-accept packets to provide user profile information. • Accounting— Used in accounting-request packets. If a value contains any white spaces, you should enclose the value within double quotation marks.
Chapter 17 Configuring RADIUS Configuring RADIUS Servers Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • Allow specification of a RADIUS server at login See the “Allowing Users to Specify a RADIUS Server at Login” section on page 17-8). • Transmission retry count and timeout interval See the “Configuring the Global RADIUS Transmission Retry Count and Timeout Interval” section on page 17-9.
Chapter 17 Configuring RADIUS Configuring RADIUS Servers Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m The following example shows how to configure a RADIUS server host: switch# configure terminal switch(config)# radius-server host 10.10.1.1 switch(config)# exit switch# show radius-server switch# copy running-config startup-config Configuring Global Preshared Keys You can configure preshared keys at the global level for all servers used by the Nexus 5000 Series switch.
Chapter 17 Configuring RADIUS Configuring RADIUS Servers Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m : Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# radius-server host {ipv4-address | ipv6-address | host-name} key [0 | 7] key-value Specifies a preshared key for a specific RADIUS server. You can specify a clear text (0) or encrypted (7) preshared key. The default format is clear text.
Chapter 17 Configuring RADIUS Configuring RADIUS Servers Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Step 3 Command Purpose switch(config-radius)# server {ipv4-address |ipv6-address | server-name} Configures the RADIUS server as a member of the RADIUS server group. Tip Step 4 switch(config-radius)# deadtime minutes If the specified RADIUS server is not found, configure it using the radius-server host command and retry this command.
Chapter 17 Configuring RADIUS Configuring RADIUS Servers Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Command Purpose Step 4 switch# show radius-server directed-request (Optional) Displays the directed request configuration. Step 5 switch# copy running-config startup-config (Optional) Copies the running configuration to the startup configuration.
Chapter 17 Configuring RADIUS Configuring RADIUS Servers Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 #switch(config)# radius-server host {ipv4-address |ipv6-address | host-name} retransmit count Specifies the retransmission count for a specific server. The default is the global value.
Chapter 17 Configuring RADIUS Configuring RADIUS Servers Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Command Purpose Step 4 switch(config)# radius-server host {ipv4-address | ipv6-address | host-name} auth-port udp-port (Optional) Specifies a UDP port to use for RADIUS authentication messages. The default UDP port is 1812. The range is from 0 to 65535.
Chapter 17 Configuring RADIUS Configuring RADIUS Servers Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To configure periodic RADIUS server monitoring, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode.
Chapter 17 Configuring RADIUS Verifying RADIUS Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Command Purpose Step 3 switch(config)# exit Exits configuration mode. Step 4 switch# show radius-server (Optional) Displays the RADIUS server configuration. Step 5 switch# copy running-config startup-config (Optional) Copies the running configuration to the startup configuration.
Chapter 17 Configuring RADIUS Example RADIUS Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Command Purpose switch# switch# show radius-server statistics {hostname | ipv4-address | ipv6-address} Displays the RADIUS statistics. The following example shows how to display statistics: switch# show radius-server statistics 10.10.1.
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 18 Configuring TACACS+ This chapter describes how to configure the Terminal Access Controller Access Control System Plus (TACACS+) protocol on Nexus 5000 Series switches.
Chapter 18 Configuring TACACS+ Information About TACACS+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • TACACS+ Server Monitoring, page 18-3 TACACS+ Advantages TACACS+ has the following advantages over RADIUS authentication: • Provides independent AAA facilities. For example, the Nexus 5000 Series switch can authorize access without authenticating.
Chapter 18 Configuring TACACS+ Information About TACACS+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • Connection parameters, including the host or client IP address (IPv4 or IPv6), access list, and user timeouts Default TACACS+ Server Encryption Type and Preshared Key You must configure the TACACS+ preshared key to authenticate the switch to the TACACS+ server.
Chapter 18 Configuring TACACS+ Prerequisites for TACACS+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Prerequisites for TACACS+ TACACS+ has the following prerequisites: • Obtain the IPv4 or IPv6 addresses or host names for the TACACS+ servers. • Obtain the preshared keys from the TACACS+ servers, if any. • Ensure that the Nexus 5000 Series switch is configured as a TACACS+ client of the AAA servers.
Chapter 18 Configuring TACACS+ Configuring TACACS+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Step 3 Configure the preshared secret keys for the TACACS+ servers. See the “Configuring Global Preshared Keys” section on page 18-6 and the “Configuring TACACS+ Server Preshared Keys” section on page 18-7. Step 4 If needed, configure TACACS+ server groups with subsets of the TACACS+ servers for AAA authentication methods.
Chapter 18 Configuring TACACS+ Configuring TACACS+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • Enable TACACS+ (see the “Enabling TACACS+” section on page 18-5). • Obtain the IPv4 or IPv6addresses or the hostnames for the remote TACACS+ servers. To configure TACACS+ server hosts, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode.
Chapter 18 Configuring TACACS+ Configuring TACACS+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m The following example shows how to configure global preshared keys: switch# configure terminal switch(config)# tacacs-server key 0 QsEfThUkO switch(config)# exit switch# show tacacs-server switch# copy running-config startup-config Configuring TACACS+ Server Preshared Keys You can configure preshared keys for a TACACS+ server.
Chapter 18 Configuring TACACS+ Configuring TACACS+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To configure TACACS+ server groups, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# aaa group server tacacs+ group-name Creates a TACACS+ server group and enters the TACACS+ server group configuration mode for that group.
Chapter 18 Configuring TACACS+ Configuring TACACS+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To specify a TACACS+ server at login, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# tacacs-server directed-request Allows users to specify a TACACS+ server to send the authentication request when logging in. The default is disabled. Step 3 switch(config)# exit Exits configuration mode.
Chapter 18 Configuring TACACS+ Configuring TACACS+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To configure the timeout interval for a server, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# switch(config)# tacacs-server host {ipv4-address|ipv6-address|host-name} timeout seconds Specifies the timeout interval for a specific server. The default is the global value.
Chapter 18 Configuring TACACS+ Configuring TACACS+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuring Periodic TACACS+ Server Monitoring You can monitor the availability of TACACS+ servers. These parameters include the username and password to use for the server and an idle timer. The idle timer specifies the interval in which a TACACS+ server receives no requests before the Nexus 5000 Series switch sends out a test packet.
Chapter 18 Configuring TACACS+ Configuring TACACS+ Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuring the Dead-Time Interval You can configure the dead-time interval for all TACACS+ servers. The dead-time interval specifies the time that the Nexus 5000 Series switch waits, after declaring a TACACS+ server is dead, before sending out a test packet to determine if the server is now alive.
Chapter 18 Configuring TACACS+ Displaying TACACS+ Statistics Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To disable TACACS+, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# feature tacacs+ Enables TACACS+. Step 3 switch(config)# exit Exits configuration mode. Step 4 switch# copy running-config startup-config (Optional) Copies the running configuration to the startup configuration.
Chapter 18 Configuring TACACS+ Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Default Settings Table 18-1 lists the default settings for TACACS+ parameters.
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 19 Configuring SSH and Telnet This chapter describes how to configure Secure Shell Protocol (SSH) and Telnet on the Nexus 5000 Series switches.
Chapter 19 Configuring SSH and Telnet Prerequisites for SSH Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m SSH Client The SSH client feature is an application running over the SSH protocol to provide device authentication and encryption. The SSH client enables a Nexus 5000 Series switch to make a secure, encrypted connection to another Nexus 5000 Series switch or to any other device running the SSH server.
Chapter 19 Configuring SSH and Telnet Guidelines and Limitations Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Guidelines and Limitations SSH has the following configuration guidelines and limitations: • The Nexus 5000 Series switch supports only SSH version 2 (SSHv2).
Chapter 19 Configuring SSH and Telnet Configuring SSH Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Specifying the SSH Public Keys for User Accounts You can configure an SSH public key to log in using the SSH client without being prompted for a password.
Chapter 19 Configuring SSH and Telnet Configuring SSH Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Command Purpose Step 3 switch(config)# username username sshkey file filename Configures the SSH public key in SSH format. Step 4 switch(config)# exit Exits global configuration mode. Step 5 switch# show user-account (Optional) Displays the user account configuration.
Chapter 19 Configuring SSH and Telnet Configuring SSH Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Starting SSH Sessions to Remote Devices To start SSH sessions to connect to remote devices from your Nexus 5000 Series switch, perform this task: Command Purpose switch# ssh {hostname | username@hostname} [vrf vrf-name] Creates an SSH session to a remote device. The hostname argument can be an IPv4 address, an IPv6 address, or a device name.
Chapter 19 Configuring SSH and Telnet Configuring Telnet Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To delete the SSH server keys, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# no ssh server enable Disables the SSH server. Step 3 switch(config)# no ssh key [dsa | rsa] Deletes the SSH server key. The default is to delete all the SSH keys.
Chapter 19 Configuring SSH and Telnet Configuring Telnet Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To reenable the Telnet server, perform this task: Command Purpose switch(config)# telnet server enable Reenables the Telnet server. Starting Telnet Sessions to Remote Devices Before you start a Telnet session to connect to remote devices, you should do the following: • Obtain the hostname for the remote device and, if needed, the user name on the remote device.
Chapter 19 Configuring SSH and Telnet Verifying the SSH and Telnet Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Verifying the SSH and Telnet Configuration To display the SSH configuration information, perform one of the following tasks: Command Purpose show ssh key [dsa | rsa] Displays SSH server key-pair information. show running-config security [all] Displays the SSH and user account configuration in the running configuration.
Chapter 19 Configuring SSH and Telnet Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Default Settings Table 19-1 lists the default settings for SSH parameters.
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 20 Configuring ACLs This chapter describes how to configure access control lists (ACLs).
Chapter 20 Configuring ACLs Information About ACLs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Table 20-1 Security ACL Applications Application Supported Interfaces Types of ACLs Supported Port ACL An ACL is considered a port ACL when you apply it to one of the following: IPv4 ACLs • Ethernet interface • Ethernet port-channel interface IPv6 ACLs MAC ACLs When a port ACL is applied to a trunk port, the ACL filters traffic on all VLANs on the trunk port.
Chapter 20 Configuring ACLs Information About ACLs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m You can specify any protocol by number. In IPv4 ACLs, you can specify protocols by the integer that represents the Internet protocol number. For example, you can use 115 to specify Layer 2 Tunneling Protocol (L2TP) traffic.
Chapter 20 Configuring ACLs Configuring IP ACLs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m If you enter a rule without a sequence number, the switch adds the rule to the end of the ACL and assigns a sequence number that is 10 greater than the sequence number of the preceding rule to the rule. For example, if the last rule in an ACL has a sequence number of 225 and you add a rule without a sequence number, the switch assigns the sequence number 235 to the new rule.
Chapter 20 Configuring ACLs Configuring IP ACLs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Creating an IP ACL You can create an IPv4 ACL on the switch and add rules to it. To create an IP ACL, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# ip access-list name Creates the IP ACL and enters IP ACL configuration mode. The name argument can be up to 64 characters.
Chapter 20 Configuring ACLs Configuring IP ACLs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To change an IP ACL, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# ip access-list name Enters IP ACL configuration mode for the ACL that you specify by name. Step 3 switch(config-acl)# [sequence-number] {permit|deny} protocol source destination (Optional) Creates a rule in the IP ACL.
Chapter 20 Configuring ACLs Configuring IP ACLs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To remove an IP ACL from the switch, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# no ip access-list name Removes the IP ACL that you specified by name from the running configuration. Step 3 switch(config)# show running-config (Optional) Displays ACL configuration.
Chapter 20 Configuring ACLs Configuring IP ACLs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Command Purpose Step 3 switch(config-if)# ipv6 port traffic-filter in Applies an IPv6 port access-list. Step 4 switch(config-if)# ip port access-group access-list in Applies an IPv4 ACL to the interface or port channel. Only inbound filtering is supported with port ACLs. You can apply one port ACL to an interface.
Chapter 20 Configuring ACLs Configuring MAC ACLs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Displaying and Clearing IP ACL Statistics Use the show ip access-lists command to display statistics about an IP ACL, including the number of packets that have matched each rule. For detailed information about the fields in the output from this command, refer to the Cisco Nexus 5000 Series Command Reference.
Chapter 20 Configuring ACLs Configuring MAC ACLs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Creating a MAC ACL To create a MAC ACL and add rules to it, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch# mac access-list name Creates the MAC ACL and enters ACL configuration mode. Step 3 switch(config-mac-acl)# {permit | deny} source destination protocol Creates a rule in the MAC ACL.
Chapter 20 Configuring ACLs Configuring MAC ACLs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Step 3 Command Purpose switch(config-mac-acl)# [sequence-number] {permit|deny} source destination protocol (Optional) Creates a rule in the MAC ACL. Using a sequence number allows you to specify a position for the rule in the ACL. Without a sequence number, the rule is added to the end of the rules. The permit and deny commands support many ways of identifying traffic.
Chapter 20 Configuring ACLs Configuring MAC ACLs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To remove a MAC ACL, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# no mac access-list name Removes the MAC ACL that you specify by name from the running configuration. Step 3 switch(config)# show mac access-lists (Optional) Displays the MAC ACL configuration.
Chapter 20 Configuring ACLs Configuring MAC ACLs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To apply a MAC ACL as a port ACL, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# interface ethernetslot/port Enters interface configuration mode for the specified interface. switch(config)# interface port-channel channel-number} Enters interface configuration mode for a port-channel interface.
Chapter 20 Configuring ACLs Information About VLAN ACLs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To display or clear MAC ACL statistics, perform one of the following tasks: Command Purpose show mac access-lists Displays MAC ACL configuration. If the MAC ACL includes the statistics command, the show mac access-lists command output includes the number of packets that have matched each rule.
Chapter 20 Configuring ACLs Configuring VACLs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Statistics The switch can maintain global statistics for each rule in a VACL. If a VACL is applied to multiple VLANs, the maintained rule statistics are the sum of packet matches (hits) on all the interfaces on which that VACL is applied. Note The Cisco Nexus 5000 Series switch does not support interface-level VACL statistics.
Chapter 20 Configuring ACLs Configuring VACLs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Command Purpose Step 4 switch(config-access-map)# action {drop|forward } Specifies the action that the switch applies to traffic that matches the ACL. Step 5 switch(config-access-map)# [no] statistics (Optional) Specifies that the switch maintains global statistics for packets matching the rules in the VACL.
Chapter 20 Configuring ACLs Configuring VACLs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To apply a VACL to a VLAN, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# [no] vlan filter map-name vlan-list list Applies the VACL to the VLANs by the list that you specified. The no option unapplies the VACL.
Chapter 20 Configuring ACLs Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Default Settings Table 20-2 lists the default settings for IP ACLs parameters. Table 20-2 Default IP ACLs Parameters Parameters Default IP ACLs No IP ACLs exist by default. ACL rules Implicit rules apply to all ACLs . See the “Implicit Rules” section on page 20-3. Table 20-3 lists the default settings for MAC ACLs parameters.
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 21 Using Cisco Fabric Services Cisco Nexus 5000 Series switches provide Cisco Fabric Services (CFS) capability, which simplifies provisioning by automatically distributing configuration information to all switches in the network. Switch features can use the CFS infrastructure to distribute feature data or configuration data required by the feature.
Chapter 21 Using Cisco Fabric Services CFS Distribution Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m – Uncoordinated distributions: Multiple parallel distributions are allowed in the network except when a coordinated distribution is in progress. – Unrestricted uncoordinated distributions: Multiple parallel distributions are allowed in the network in the presence of an existing coordinated distribution.
Chapter 21 Using Cisco Fabric Services CFS Distribution Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Uncoordinated Distribution Uncoordinated distributions are used to distribute information that is not expected to conflict with that from a peer. Parallel uncoordinated distributions are allowed for a feature. Coordinated Distribution Coordinated distributions allow only one feature distribution at a given time. CFS uses locks to enforce this.
Chapter 21 Using Cisco Fabric Services CFS Distribution Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Verifying CFS Distribution Status The show cfs status command displays the status of CFS distribution on the switch. switch# show cfs status Distribution : Enabled Distribution over IP : Disabled IPv4 multicast address : 239.255.70.
Chapter 21 Using Cisco Fabric Services CFS Distribution Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Node A Network Example 2 with Fibre Channel and IP Connections Node B Node C FC Node E 144861 Figure 21-2 Node D IP Figure 21-3 is the same as Figure 21-2 except that node D and node E are connected using IP. Both node C and node D forward the event to E because the node E is not in the distribution list from node B.
Chapter 21 Using Cisco Fabric Services CFS Support for Applications Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CFS Merge Support CFS Merge is supported for CFS distribution over Fibre Channel. An application keeps the configuration synchronized in a SAN fabric through CFS. Two such fabrics might merge as a result of an ISL coming up between them.
Chapter 21 Using Cisco Fabric Services CFS Support for Applications Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • CFS distribution enabled or disabled on a per-application basis—The default (enable or disable) for CFS distribution state differs between applications. If CFS distribution is disabled for an application, then that application does not distribute any configuration nor does it accept a distribution from other switches in the network.
Chapter 21 Using Cisco Fabric Services CFS Support for Applications Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Locking the Network When you configure (first time configuration) a feature (or application) that uses the CFS infrastructure, that feature starts a CFS session and locks the network. When a network is locked, the switch software allows configuration changes to this feature only from the switch holding the lock.
Chapter 21 Using Cisco Fabric Services CFS Regions Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m In general, the commit function does not start a session, only a lock function starts a session. However, an empty commit is allowed if configuration changes are not previously made. In this case, a commit operation results in a session that acquires locks and distributes the current database.
Chapter 21 Using Cisco Fabric Services CFS Regions Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • Managing CFS Regions, page 21-10 About CFS Regions A CFS region is a user-defined subset of switches for a given feature or application in its physical distribution scope. When a network spans a vast geography, you may need to localize or restrict the distribution of certain profiles among a set of switches based on their physical proximity.
Chapter 21 Using Cisco Fabric Services CFS Regions Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Creating CFS Regions To create a CFS region, perform this task: Command Purpose Step 1 switch# configure Enters configuration mode. Step 2 switch(config)# cfs region region-id Creates a region.
Chapter 21 Using Cisco Fabric Services Configuring CFS over IP Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Deleting CFS Regions Deleting a region is nullifying the region definition. All the applications bound by the region are released back to the default region by deleting that region. To delete a region, for example, a region numbered 4, perform this task: Command Purpose Step 1 switch# configure Enters configuration mode.
Chapter 21 Using Cisco Fabric Services Configuring CFS over IP Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Verifying the CFS Over IP Configuration To verify the CFS over IP configuration, use the show cfs status command. switch# show cfs status Distribution : Enabled Distribution over IP : Enabled - mode IPv4 IPv4 multicast address : 239.255.70.
Chapter 21 Using Cisco Fabric Services Displaying CFS Distribution Information Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Verifying IP Multicast Address Configuration for CFS over IP To verify the IP multicast address configuration for CFS over IP, use the show cfs status command: switch# show cfs status Fabric distribution Enabled IP distribution Enabled mode ipv4 IPv4 multicast address : 10.1.10.
Chapter 21 Using Cisco Fabric Services Displaying CFS Distribution Information Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Local Fabric --------------------------------------------------------Switch WWN IP Address --------------------------------------------------------20:00:00:05:30:00:6b:9e 10.76.100.
Chapter 21 Using Cisco Fabric Services Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Default Settings Table 21-1 lists the default settings for CFS configurations. Table 21-1 Default CFS Parameters Parameters Default CFS distribution on the switch Enabled. Database changes Implicitly enabled with the first configuration change. Application distribution Differs based on application. Commit Explicit configuration is required.
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 22 Configuring User Accounts and RBAC This chapter describes how to configure user accounts and role-based access control (RBAC) on the Nexus 5000 Series switch.
Chapter 22 Configuring User Accounts and RBAC Information About User Accounts and RBAC Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Note Caution User passwords are not displayed in the configuration files. The Nexus 5000 Series switch does not support all numeric usernames, whether created with TACACS+ or RADIUS, or created locally. Local users with all numeric names cannot be created.
Chapter 22 Configuring User Accounts and RBAC Information About User Accounts and RBAC Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m The Nexus 5000 Series switch provides the following default user roles: Note • network-admin (superuser)—Complete read and write access to the entire Nexus 5000 Series switch. • network-operator—Complete read access to the Nexus 5000 Series switch.
Chapter 22 Configuring User Accounts and RBAC Guidelines and Limitations Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Guidelines and Limitations User account and RBAC have the following configuration guidelines and limitations: Note • You can add up to 256 rules to a user role. • You can assign a maximum of 64 user roles to a user account. A user account must have at least one user role.
Chapter 22 Configuring User Accounts and RBAC Configuring RBAC Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Command Purpose Step 5 switch# show user-account (Optional) Displays the role configuration. Step 6 switch# copy running-config startup-config (Optional) Copies the running configuration to the startup configuration.
Chapter 22 Configuring User Accounts and RBAC Configuring RBAC Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Step 3 Command Purpose switch(config-role)# rule number {deny | permit} command command-string Configures a command rule. The command-string argument can contain spaces and regular expressions. For example, “interface ethernet *” includes all Ethernet interfaces. Repeat this command for as many rules as needed.
Chapter 22 Configuring User Accounts and RBAC Configuring RBAC Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Creating Feature Groups To create feature groups, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# role feature-group group-name Specifies a user role feature group and enters role feature group configuration mode.
Chapter 22 Configuring User Accounts and RBAC Configuring RBAC Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m You can specify a list of interfaces that the role can access.
Chapter 22 Configuring User Accounts and RBAC Verifying User Accounts and RBAC Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Command Purpose Step 7 switch(config-role)# show role (Optional) Displays the role configuration. Step 8 switch(config-role)# copy running-config startup-config (Optional) Copies the running configuration to the startup configuration.
Chapter 22 Configuring User Accounts and RBAC Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Default Settings Table 22-1 lists the default settings for user accounts and RBAC parameters. Table 22-1 Default User Accounts and RBAC Parameters Parameters Default User account password Undefined. User account expiry date. None. Interface policy All interfaces are accessible. VLAN policy All VLANs are accessible.
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 23 Configuring Session Manager This chapter describes how to configure the Session Manager features in Cisco NX-OS.
Chapter 23 Configuring Session Manager Configuring Session Manager Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 23 Configuring Session Manager Configuring Session Manager Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Verifying a Session To verify a session, use the following command in session mode: Command Purpose switch(config-s)# verify [verbose] Verifies the commands in the configuration session.
Chapter 23 Configuring Session Manager Verifying Session Manager Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Verifying Session Manager Configuration To verify Session Manager configuration information, use the following commands: Command Purpose switch# show configuration session [name] Displays the contents of the configuration session. switch# show configuration session status [name] Displays the status of the configuration session.
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 24 Configuring Online Diagnostics This chapter describes how to configure the generic online diagnostics (GOLD) feature.
Chapter 24 Configuring Online Diagnostics Information About Online Diagnostics Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Table 24-1 Bootup Diagnostics Diagnostic Description USB Flash Verifies the integrity of the USB flash device. PCIe Tests PCI express (PCIe) access. OBFL Verifies the integrity of the onboard failure logging flash. NVRAM Verifies the integrity of the NVRAM. Voltage Verifies that the voltage levels are within the correct range.
Chapter 24 Configuring Online Diagnostics Information About Online Diagnostics Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Table 24-3 describes the health monitoring diagnostics that also run during system boot or system reset. Table 24-3 Health Monitoring and Bootup Diagnostics Tests Diagnostic Description SPROM Verifies the integrity of backplane and supervisor SPROMs. Fabric engine Tests the switch fabric ASICs.
Chapter 24 Configuring Online Diagnostics Configuring Online Diagnostics Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuring Online Diagnostics You can configure the bootup diagnostics to run the complete set of tests, or you can bypass all bootup diagnostic tests for a faster module boot up time. Note We recommend that you set the bootup online diagnostics level to complete. We do not recommend bypassing the bootup online diagnostics.
Chapter 24 Configuring Online Diagnostics Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 24 Configuring Online Diagnostics Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 25 Configuring System Message Logging This chapter describes how to configure system message logging on the switch.
Chapter 25 Configuring System Message Logging Configuring System Message Logging Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Table 25-1 System Message Severity Levels (continued) Level Description 6 – informational Informational message only 7 – debugging Appears during debugging only The switch logs the most recent 100 messages of severity 0, 1, or 2 to the NVRAM log. You cannot configure logging to the NVRAM.
Chapter 25 Configuring System Message Logging Configuring System Message Logging Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# logging console [severity-level] Enables the switch to log messages to the console session based on a specified severity level or higher. Severity levels, which can range from 0 to 7, are listed in Table 25-1.
Chapter 25 Configuring System Message Logging Configuring System Message Logging Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# logging logfile logfile-name severity-level [size bytes] Configures the name of the log file used to store system messages and the minimum severity level to log. You can optionally specify a maximum file size.
Chapter 25 Configuring System Message Logging Configuring System Message Logging Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Command Purpose switch(config)# logging level facility severity-level Enables logging messages from the specified facility that have the specified severity level or higher. Severity levels, which range from 0 to 7, are listed in Table 25-1. To apply the same severity level to all facilities, use the all facility.
Chapter 25 Configuring System Message Logging Configuring System Message Logging Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Table 25-2 describes the syslog fields that you can configure. . Table 25-2 syslog Fields in syslog.conf Field Description Facility Creator of the message, which can be auth, authpriv, cron, daemon, kern, lpr, mail, mark, news, syslog, user, local0 through local7, or an asterisk (*) for all.
Chapter 25 Configuring System Message Logging Configuring System Message Logging Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m The following example shows how to configure a syslog server: switch# configure terminal switch(config)# logging server 172.28.254.
Chapter 25 Configuring System Message Logging Configuring System Message Logging Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Command Purpose switch(config)# logging commit Commits the pending changes to the syslog server configuration for distribution to the switches in the fabric. switch(config)# logging abort Cancels the pending changes to the syslog server configuration.
Chapter 25 Configuring System Message Logging Verifying System Message Logging Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Verifying System Message Logging Configuration To display system message logging configuration information, perform one of the following tasks: Command Purpose show logging console Displays the console logging configuration. show logging info Displays the logging configuration.
Chapter 25 Configuring System Message Logging Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Default Settings Table 25-3 lists the default settings for system message logging parameters.
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 26 Configuring Smart Call Home This chapter describes how to configure the Smart Call Home feature.
Chapter 26 Configuring Smart Call Home Information About Call Home Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Call Home includes a fixed set of predefined alerts on your switch. These alerts are grouped into alert groups and CLI commands to are assigned to execute when an alert in an alert group occurs. The switch includes the command output in the transmitted Call Home message.
Chapter 26 Configuring Smart Call Home Information About Call Home Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m destination profile only if that Call Home alert belongs to one of the alert groups associated with that destination profile and if the alert has a Call Home message severity at or above the message severity set in the destination profile (see the “Call Home Message Levels” section on page 26-4).
Chapter 26 Configuring Smart Call Home Information About Call Home Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Call Home maps the syslog severity level to the corresponding Call Home severity level for syslog port group messages (see the “Call Home Message Levels” section on page 26-4). You can customize predefined alert groups to execute additional CLI show commands when specific events occur and send that show output with the Call Home message.
Chapter 26 Configuring Smart Call Home Prerequisites for Call Home Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Obtaining Smart Call Home If you have a service contract directly with Cisco Systems, you can register your devices for the Smart Call Home service. Smart Call Home provides fast resolution of system problems by analyzing Call Home messages sent from your devices and providing background information and recommendations.
Chapter 26 Configuring Smart Call Home Configuring Call Home Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 26 Configuring Smart Call Home Configuring Call Home Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Step 4 Command Purpose switch(config-callhome)# email-contact email-address Configures the e-mail address for the primary person responsible for the device. Up to 255 alphanumeric characters are accepted in e-mail address format. Note Step 5 switch(config-callhome)# phone-contact international-phone-number You can use any valid e-mail address.
Chapter 26 Configuring Smart Call Home Configuring Call Home Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Creating a Destination Profile To create a user-defined destination profile and configure the message format for that new destination profile, perform this task: Command Purpose Step 1 switch# configuration terminal Enters configuration mode. Step 2 switch(config)# callhome Enters callhome configuration mode.
Chapter 26 Configuring Smart Call Home Configuring Call Home Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Command Purpose switch(config-callhome)# destination-profile { name | full-txt-destination | short-txt-destination} email-addr address Configures an e-mail address for a user-defined or predefined destination profile.
Chapter 26 Configuring Smart Call Home Configuring Call Home Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m This example shows how to associate all alert groups with the destination profile Noc101: switch# configuration terminal switch(config)# callhome switch(config-callhome)# destination-profile Noc101 alert-group All Adding show Commands to an Alert Group Note You cannot add user-defined CLI show commands to the CiscoTAC-1 destination profile.
Chapter 26 Configuring Smart Call Home Configuring Call Home Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Step 3 Command Purpose switch(config-callhome)# transport email smtp-server ip-address [port number] [use-vrf vrf-name] Configures the SMTP server as either the domain name server (DNS) name, IPv4 address, or IPv6 address). Optionally configures the port number. The port ranges is from 1 to 65535. The default port number is 25.
Chapter 26 Configuring Smart Call Home Configuring Call Home Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Disabling Duplicate Message Throttle You can limit the number of duplicate messages received for the same event. By default, the switch limits the number of duplicate messages received for the same event. If the number of duplicate messages sent exceeds 30 messages within a 2-hour time frame, then the switch discards further messages for that alert type.
Chapter 26 Configuring Smart Call Home Verifying Call Home Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To discard Call Home configuration changes and release the CFS lock in callhome configuration mode, perform this task: Command Purpose switch(config-callhome)# abort Discards Call Home configuration changes and releases the CFS lock.
Chapter 26 Configuring Smart Call Home Call Home Example Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Command Purpose show running-config [callhome | callhome-all] show startup-config callhome Displays the running configuration for Call Home. show startup-config callhome Displays the startup configuration for Call Home. show tech-support callhome Displays the technical support output for Call Home.
Chapter 26 Configuring Smart Call Home Additional References Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 26 Configuring Smart Call Home Additional References Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Table 26-5 Common Fields for All Full Text and XML Messages (continued) Data Item (Plain Text and XML) Description (Plain Text and XML) XML Tag (XML Only) Device ID Unique device identifier (UDI) for end device that generated the message. This field should be empty if the message is nonspecific to a device. The format is type@Sid@serial.
Chapter 26 Configuring Smart Call Home Additional References Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Table 26-5 Common Fields for All Full Text and XML Messages (continued) Data Item (Plain Text and XML) Description (Plain Text and XML) XML Tag (XML Only) Fields specific to a particular alert group message are inserted here. The following fields may be repeated if multiple CLI commands are executed for this alert group.
Chapter 26 Configuring Smart Call Home Additional References Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Table 26-7 Inserted Fields for an Inventory Event Message (continued) Data Item (Plain Text and XML) Description (Plain Text and XML) XML Tag (XML Only) FRU name Name of the affected FRU that is generating the event message. /aml/body/fru/name FRU s/n Serial number of the FRU. /aml/body/fru/serialNo FRU part number Part number of the FRU.
Chapter 26 Configuring Smart Call Home Additional References Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Affected Chassis Hardware Version:0.104 Affected Chassis Software Version:3.
Chapter 26 Configuring Smart Call Home Additional References Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m 12345 building 1 abcdefg12345 WS-C6509@C@69000101 Router user@example.
Chapter 26 Configuring Smart Call Home Additional References Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m 00:03:00: SP: SP: Currently running ROMMON from F1 region 00:03:07: %C6K_PLATFORM-SP-4-CONFREG_BREAK_ENABLED: The default factory setting for config register is 0x2102.It is advisable to retain 1 in 0x2102 as it prevents returning to ROMMON when break is issued.
Chapter 26 Configuring Smart Call Home Additional References Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m slot_id is 8 00:00:31: %FLASHFS_HES-DFC8-3-BADCARD: /bootflash:: The flash card seems to be corrupted 00:00:31: %SYS-DFC8-5-RESTART: System restarted -Cisco DCOS Software, c6lc2 Software (c6lc2-SPDBG-VM), Experimental Version 4.0(20080421:012711) Copyright (c) 1986-2008 by Cisco Systems, Inc.
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 27 Configuring SNMP This chapter describes how to configure the SNMP feature in Cisco Nexus 5000 Series switches.
Chapter 27 Configuring SNMP Information About SNMP Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m SNMP is defined in RFCs 3411 to 34180. Note Cisco NX-OS does not support SNMP sets for Ethernet MIBs. The Cisco Nexus 5000 Series switch supports SNMPv1, SNMPv2c and SNMPv3. Both SNMPv1 and SNMPv2c use a community-based form of security. SNMP Notifications A key feature of SNMP is the ability to generate notifications from an SNMP agent.
Chapter 27 Configuring SNMP Information About SNMP Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • authNoPriv—Security level that provides authentication but does not provide encryption. • authPriv—Security level that provides both authentication and encryption. Three security models are available: SNMPv1, SNMPv2c, and SNMPv3. The security model combined with the security level determine the security mechanism applied when the SNMP message is processed.
Chapter 27 Configuring SNMP Information About SNMP Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m The priv option offers a choice of DES or 128-bit AES encryption for SNMP security encryption. The priv option along with the aes-128 token indicates that this privacy password is for generating a 128-bit AES key.The AES priv password can have a minimum of eight characters. If the passphrases are specified in clear text, you can specify a maximum of 64 characters.
Chapter 27 Configuring SNMP Configuration Guidelines and Limitations Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuration Guidelines and Limitations SNMP has the following configuration guidelines and limitations: • Cisco NX-OS supports read-only access to Ethernet MIBs.
Chapter 27 Configuring SNMP Configuring SNMP Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To enforce SNMP message encryption for a user in the global configuration mode, perform this task: Command Purpose switch(config)# snmp-server user name enforcePriv Enforces SNMP message encryption for this user.
Chapter 27 Configuring SNMP Configuring SNMP Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To configure a host receiver for SNMPv1 traps in a global configuration mode, perform this task: Command Purpose switch(config)# snmp-server host ip-address traps {version 1] community [udp_port number] Configures a host receiver for SNMPv1 traps. The community can be any alphanumeric string up to 255 characters. The UDP port number range is from 0 to 65535.
Chapter 27 Configuring SNMP Configuring SNMP Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Use the following command in global configuration mode to configure the notification target user: Command Purpose switch(config)# snmp-server user name [auth {md5 | sha} passphrase [auto] [priv [aes-128] passphrase] [engineID id] Configures the notification target user with the specified engine ID for notification host receiver.
Chapter 27 Configuring SNMP Configuring SNMP Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 27 Configuring SNMP Configuring SNMP Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • IEFT Cisco—Cisco NX-OS sends the notifications (linkUp, linkDown) defined in IF-MIB and notifications (cieLinkUp, cieLinkDown) defined in CISCO-IF-EXTENSION-MIB.my , if ifLinkUpDownTrapEnable (defined in IF-MIB) is enabled for that interface. Cisco NX-OS sends only the varbinds defined in the linkUp and linkDown notifications.
Chapter 27 Configuring SNMP Verifying SNMP Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Assigning SNMP Switch Contact and Location Information You can assign the switch contact information, which is limited to 32 characters (without spaces), and the switch location. To assign the information, perform this task: Command Purpose Step 1 switch# configuration terminal Enters configuration mode.
Chapter 27 Configuring SNMP Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Default Settings Table 27-3 lists the default settings for SNMP parameters.
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 28 Configuring RMON This chapter describes how to configure the RMON feature.
Chapter 28 Configuring RMON Configuration Guidelines and Limitations Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m When you create an alarm, you specify the following parameters: Note • MIB object to monitor • Sampling interval—The interval that the Cisco Nexus 5000 Series switch uses to collect a sample value of the MIB object. • The sample type—Absolute samples take the current snapshot of the MIB object value.
Chapter 28 Configuring RMON Configuring RMON Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuring RMON This section includes the following topics: • Configuring RMON Alarms, page 28-3 • Configuring RMON Events, page 28-4 Configuring RMON Alarms You can configure RMON alarms on any integer-based SNMP MIB object. You can optionally specify the following parameters: • The event-number to trigger if the rising or falling threshold exceeds the specified limit.
Chapter 28 Configuring RMON Verifying RMON Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuring RMON Events You can configure RMON events to associate with RMON alarms. You can reuse the same event with multiple RMON alarms. Ensure you have configured an SNMP user and enabled SNMP notifications (see the “Configuring SNMP” section on page 27-5).
Chapter 28 Configuring RMON Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Default Settings Table 28-1 lists the default settings for RMON parameters. Table 28-1 Default RMON Parameters Parameters Default Alarms None configured. Events None configured.
Chapter 28 Configuring RMON Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 29 Configuring FCoE Fibre Channel over Ethernet (FCoE) provides a method of transporting Fibre Channel traffic over a physical Ethernet connection. FCoE requires the underlying Ethernet to be full duplex and to provide lossless behavior for Fibre Channel traffic.
Chapter 29 Configuring FCoE Information About FCoE Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Converged Network Adapters The following types of converged network adapters (CNAs) are available: • Hardware adapter – Works with the existing FC HBA driver and LAN NIC driver in the server. – Server operating system view of the network is unchanged; the CNA presents a SAN interface and a LAN interface to the operating system.
Chapter 29 Configuring FCoE Information About FCoE Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Logical Link Up/Down On a native Fibre Channel link, some configuration actions (such as changing the VSAN) require you to reset the interface status. The switch achieves the reset by disabling the interface, and then immediately reenabling the interface.
Chapter 29 Configuring FCoE Configuring FCoE Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m The following rules determine whether the negotiation results in a capability being enabled: • If a capability and its configuration values match between the switch and the adapter, the feature is enabled.
Chapter 29 Configuring FCoE Configuring FCoE Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Enabling FCoE You need to enable the FCoE capability after the FC_FEATURES_PKG is installed. To enable FCoE, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# feature fcoe Enables the FCoE capability.
Chapter 29 Configuring FCoE Configuring LLDP Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m This example shows how to disable FCoE for an Ethernet interface: switch# configure terminal switch(config)# interface ethernet 1/4 switch(config-if)# no fcoe mode auto The fcoe command can only be applied to a physical Ethernet interface. Configuring Priority Flow Control By default, the Ethernet interfaces negotiate PFC capability with the adapter.
Chapter 29 Configuring FCoE Configuring LLDP Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuring Global LLDP Commands You can set global LLDP settings. These settings include the length of time before discarding LLDP information received from peers, the length of time to wait before performing LLDP initialization on any interface, and the rate at which LLDP packets are sent.
Chapter 29 Configuring FCoE Verifying FCoE Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 30 Configuring Virtual Interfaces This section describes the configuration of virtual interfaces on the Cisco Nexus 5000 Series switches.
Chapter 30 Configuring Virtual Interfaces Configuring Virtual Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 30 Configuring Virtual Interfaces Configuring Virtual Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Step 3 Command Purpose switch(config-vlan)# fcoe [vsan vsan-id] Enables FCoE for the specified VLAN. By default, a mapping is created from this VLAN to the VSAN with the same number. (Optional) Configures the mapping from this VLAN to the specified VSAN. Step 4 switch(config-vlan)# exit Exits VLAN configuration mode.
Chapter 30 Configuring Virtual Interfaces Verifying Virtual Interface Information Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Verifying Virtual Interface Information To display configuration information about virtual interfaces, perform one of the following tasks: Command Purpose switch# show interface vfc vfc-id Displays the detailed configuration of the specified Fibre Channel interface. switch# show interface brief Displays the status of all interfaces.
Chapter 30 Configuring Virtual Interfaces Verifying Virtual Interface Information Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 30 Configuring Virtual Interfaces Verifying Virtual Interface Information Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 31 Configuring QoS This chapter describes how to configure the quality of service (QoS) features on the Cisco Nexus 5000 Series switch.
Chapter 31 Configuring QoS Information About QoS Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • QoS for Multicast Traffic, page 31-5 • Policy for Fibre Channel Interfaces, page 31-6 • QoS for Traffic Directed to the CPU, page 31-6 MQC The Cisco Modular QoS CLI (MQC) provides a standard set of commands for configuring QoS. You can use MQC to define additional traffic classes and to configure QoS policies for the whole system and for individual Ethernet interfaces.
Chapter 31 Configuring QoS Information About QoS Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • Match CoS value The match CoS value specifies the IEEE 802.1p CoS value to associate with this system class. • Bandwidth and priority Sets the bandwidth and priority configuration values for this system class. The system class values are used as the default values for all interfaces.
Chapter 31 Configuring QoS Information About QoS Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Ethernet interfaces use PFC to provide lossless service to no-drop system classes. PFC implements Pause frames on a per-class basis and uses the IEEE 802.1p CoS value to identify the classes that require lossless service. In the switch, each system class has an associated IEEE 802.1p CoS value (assigned by default or configured on the system class).
Chapter 31 Configuring QoS Information About QoS Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Ingress Policies You can associate an ingress policy map with an Ethernet interface, to guarantee bandwidth for the specified traffic class or to specify a priority queue. The ingress policy is applied in the adapter to all outgoing traffic that matches the specified CoS value.
Chapter 31 Configuring QoS Configuration Guidelines and Limitations Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m The system provides two predefined class maps for matching broadcast or multicast traffic. These class maps are convenient for creating separate policy maps for unicast and multicast traffic.
Chapter 31 Configuring QoS Configuring PFC and LLC Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • All FCoE traffic on an Ethernet interface is mapped to one no-drop system class. By default, this class is associated with CoS value 3, although you can configure a different value. If you configure standard Ethernet traffic to use the same CoS value as FCoE, the switch does not apply priority flow control to the standard Ethernet traffic.
Chapter 31 Configuring QoS Configuring PFC and LLC Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m You can override the negotiation result by force-enabling the PFC capability. To force-enable the PFC capability, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# interface type slot/port Specifies the interface to be changed.
Chapter 31 Configuring QoS Configuring System Classes Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To disable link-level flow control, perform this task: Command Purpose switch(config-if)# no flowcontrol [receive {on|off}] [transmit {on|off}] Disables 802.3x link-level flow control for the selected interface. Configuring System Classes This section describes how to configure system classes on the switch.
Chapter 31 Configuring QoS Configuring System Classes Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuring Policy Maps The policy-map command is used to create a named object representing a set of policies that are to be applied to a set of traffic classes. The switch provides two default system classes: a no-drop class for lossless service and a drop class for best-effort service. You can define up to four additional system classes for Ethernet traffic.
Chapter 31 Configuring QoS Configuring System Classes Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Note Policy maps can also be configured for interface service policies. However, different parameters are supported in these policy maps. See the “Configuring QoS on Interfaces” section on page 31-13.
Chapter 31 Configuring QoS Configuring System Classes Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m switch(config-pmap-c)# switch(config-pmap-c)# switch(config)# system switch(config-system)# pause no-drop mtu 2000 qos service-policy system-policy In this example, the first class-map command defines a new Ethernet system class. Packets from all over the system with 802.1p CoS value of 5 will be classified into this new system class.
Chapter 31 Configuring QoS Configuring QoS on Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 31 Configuring QoS Configuring QoS on Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Command Purpose Step 5 switch(config-pmap-c) bandwidth percent percentage (Optional) Specifies the guaranteed percentage of bandwidth allocated to incoming traffic of this class. Step 6 switch(config-pmap-c) priority (Optional) Specifies that ingress traffic in this class is mapped to a strict priority queue.
Chapter 31 Configuring QoS Configuring QoS on Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Step 7 Command Purpose switch(config)# interface {ethernet slot/port | port-channel channel-number} Enters configuration mode for the specified interface. Note Step 8 switch(config-if)# service-policy output policy-name The service policy on a port channel overrides any service policy configuration on individual member interfaces.
Chapter 31 Configuring QoS Configuring QoS on Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 32 Configuring Fibre Channel Interfaces This chapter describes interface configuration for Fibre Channel interfaces and virtual Fibre Channel interfaces.
Chapter 32 Configuring Fibre Channel Interfaces Information About Fibre Channel Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Physical Fibre Channel Interfaces Cisco Nexus 5000 Series switches provide up to eight physical Fibre Channel uplinks. The Fibre Channel interfaces are supported on optional expansion modules. The Fibre Channel plus Ethernet expansion module contains four Fibre Channel interfaces.
Chapter 32 Configuring Fibre Channel Interfaces Information About Fibre Channel Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Figure 32-1 Switch Port Modes Host N port ISL lin k F port E port F port N port Note 187233 E port Interfaces are automatically assigned VSAN 1 by default. See Chapter 37, “Configuring and Managing VSANs.
Chapter 32 Configuring Fibre Channel Interfaces Information About Fibre Channel Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m F Port In fabric port (F port) mode, an interface functions as a fabric port. This port may be connected to a peripheral device (host or disk) operating as an N port. An F port can be attached to only one N port. F ports support class 3 service.
Chapter 32 Configuring Fibre Channel Interfaces Information About Fibre Channel Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Interface States The interface state depends on the administrative configuration of the interface and the dynamic state of the physical link.
Chapter 32 Configuring Fibre Channel Interfaces Information About Fibre Channel Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Note Only some of the reason codes are listed in Table 32-4. If the administrative state is up and the operational state is down, the reason code differs based on the nonoperational reason code. Table 32-4 describes the reason codes for nonoperational states.
Chapter 32 Configuring Fibre Channel Interfaces Information About Fibre Channel Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Table 32-4 Reason Codes for Nonoperational States (continued) Reason Code (long version) Description Isolation due to ELP failure The port negotiation failed. Isolation due to ESC failure The port negotiation failed. Isolation due to domain overlap The Fibre Channel domains (fcdomain) overlap.
Chapter 32 Configuring Fibre Channel Interfaces Configuring Fibre Channel Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m The receive BB_credit value (fcrxbbcredit) may be configured for each Fibre Channel interface. In most cases, you do not need to modify the default configuration. Note The receive BB_credit values depend on the port mode. For physical Fibre Channel interfaces, the default value is 16 for F mode and E mode interfaces.
Chapter 32 Configuring Fibre Channel Interfaces Configuring Fibre Channel Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To configure a range of interfaces, perform this task: Command Purpose Step 1 switch# configuration terminal Enters configuration mode. Step 2 switch(config)# interface fc slot/port - port [ , fc slot/port port ] Selects the range of Fibre Channel interfaces and enters interface configuration mode.
Chapter 32 Configuring Fibre Channel Interfaces Configuring Fibre Channel Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Step 3 Command Purpose switch(config-if)# switchport mode F For a virtual Fibre Channel, only the F port mode is supported. switch(config-if)# switchport mode E | F | SD | auto For a Fibre Channel interface, you can set the mode to E, F, or SD port mode.
Chapter 32 Configuring Fibre Channel Interfaces Configuring Fibre Channel Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Step 3 Command Purpose switch(config-if)# switchport speed 1000 Configures the port speed of the interface to 1000 Mbps. The number indicates the speed in megabits per second (Mbps). You can set the speed to 1000 (for 1-Gbps interfaces), 2000 (for 2-Gbps interfaces), 4000 (for 4-Gbps interfaces), or auto (default).
Chapter 32 Configuring Fibre Channel Interfaces Configuring Fibre Channel Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • Faulty or bad GBIC or SFP. • GBIC or SFP is specified to operate at 1 Gbps but is used at 2 Gbps. • GBIC or SFP is specified to operate at 2 Gbps but is used at 4 Gbps. • Short haul cable is used for long haul or long haul cable is used for short haul. • Momentary synchronization loss.
Chapter 32 Configuring Fibre Channel Interfaces Configuring Global Attributes for Fibre Channel Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Step 3 Step 4 Command Purpose switch(config-if)# switchport fcrxbbcredit default Applies the default operational value to the selected interface. The operational value depends on the port mode. The default values are assigned based on the port capabilities.
Chapter 32 Configuring Fibre Channel Interfaces Configuring Global Attributes for Fibre Channel Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Step 2 Command Purpose switch(config)# no system default switchport shutdown san Configures the default setting for administrative state of an interface as Up. (The factory default setting is Down).
Chapter 32 Configuring Fibre Channel Interfaces Verifying Fibre Channel Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To enable or disable NPIV on the switch, perform this task: Command Purpose Step 1 switch# configuration terminal Enters configuration mode. Step 2 switch(config)# npiv enable Enables NPIV for all VSANs on the switch. Step 3 switch(config)# no npiv enable Disables (default) NPIV on the switch.
Chapter 32 Configuring Fibre Channel Interfaces Verifying Fibre Channel Interfaces Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m The following example shows how to display multiple specified interfaces: switch# show interface fc3/1 , fc3/3 fc3/1 is up ... fc3/3 is up ... The following example shows how to display a specific interface: switch# show interface vfc 1 vfc 1 is up ...
Chapter 32 Configuring Fibre Channel Interfaces Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m switch# show running configuration fc3/5 interface fc3/5 switchport speed 2000 switchport mode E channel-group 11 force no shutdown Verifying BB_Credit Information The following example shows how to display the BB_credit information for all Fibre Channel interfaces: switch# show interface bbcredit ...
Chapter 32 Configuring Fibre Channel Interfaces Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 33 Configuring Domain Parameters The Fibre Channel domain (fcdomain) feature performs principal switch selection, domain ID distribution, FC ID allocation, and fabric reconfiguration functions as described in the FC-SW-2 standards. The domains are configured on a per-VSAN basis. If you do not configure a domain ID, the local switch uses a random ID.
Chapter 33 Configuring Domain Parameters Information About Fibre Channel Domains Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Figure 33-1 Sample fcdomain Configuration Switch 2 (principal) Local WWN 20:01:ab:ba:cd:dc:f4:00 Configured domain ID 0 (zero) preferred 7.0.1 Switch 7 (subordinate) Local WWN 20:02:ab:ba:cd:dc:f4:00 7.0.
Chapter 33 Configuring Domain Parameters Information About Fibre Channel Domains Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • Enabling Autoreconfiguration, page 33-6 About Domain Restart Fibre Channel domains can be started disruptively or nondisruptively. If you perform a disruptive restart, reconfigure fabric (RCF) frames are sent to other switches in the fabric and data traffic is disrupted on all the switches in the VSAN (including remotely segmented ISLs).
Chapter 33 Configuring Domain Parameters Information About Fibre Channel Domains Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m When fast restart is enabled and a backup link is available, the domain manager needs only a few milliseconds to select a new principal link to replace the one that failed. Also, the reconfiguration required to select the new principal link only affects the two switches that are directly attached to the failed link, not the entire VSAN.
Chapter 33 Configuring Domain Parameters Information About Fibre Channel Domains Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m About fcdomain Initiation By default, the fcdomain feature is enabled on each switch. If you disable the fcdomain feature in a switch, that switch can no longer participate with other switches in the fabric. The fcdomain configuration is applied to runtime through a disruptive restart.
Chapter 33 Configuring Domain Parameters Domain IDs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Rejecting Incoming RCFs To reject incoming RCF request frames, perform this task: Command Purpose Step 1 switch# configuration terminal switch(config)# Enters configuration mode. Step 2 switch(config)# interface fc slot/port switch(config-if)# Configures the specified interface.
Chapter 33 Configuring Domain Parameters Domain IDs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 33 Configuring Domain Parameters Domain IDs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuration Process Using the Preferred Option Switch 7 (subordinate) Switch 2 (principal) Local WWN 20:01:ab:ba:cd:dc:f4:00 Local WWN 20:02:ab:ba:cd:dc:f4:00 Configured domain ID 7 preferred 1. Request configured domain ID (7).
Chapter 33 Configuring Domain Parameters Domain IDs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Note If you have configured an allow domain ID list, the domain IDs that you add must be in that range for the VSAN. See the “About Allowed Domain ID Lists” section on page 33-9. Specifying Static or Preferred Domain IDs When you assign a static domain ID type, you are requesting a particular domain ID.
Chapter 33 Configuring Domain Parameters Domain IDs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Tip If you configure an allowed list on one switch in the fabric, we recommend that you configure the same list in all other switches in the fabric to ensure consistency or use CFS to distribute the configuration.
Chapter 33 Configuring Domain Parameters Domain IDs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To enable (or disable) allowed domain ID list configuration distribution, perform this task: Command Purpose Step 1 switch# configuration terminal switch(config)# Enters configuration mode. Step 2 switch(config)# fcdomain distribute Enables domain configuration distribution. switch(config)# no fcdomain distribute Disables (default) domain configuration distribution.
Chapter 33 Configuring Domain Parameters Domain IDs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Clearing a Fabric Lock If you have performed a domain configuration task and have not released the lock by either committing or discarding the changes, an administrator can release the lock from any switch in the fabric. If the administrator performs this task, your pending changes are discarded and the fabric lock is released.
Chapter 33 Configuring Domain Parameters FC IDs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Displaying Session Status You can display the status of the distribution session using the show fcdomain session-status vsan command. switch# show fcdomain session-status vsan 1 Last Action: Distribution Enable Result: Success About Contiguous Domain ID Assignments By default, the contiguous domain assignment is disabled.
Chapter 33 Configuring Domain Parameters FC IDs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • The volatile cache stores up to 4000 entries of WWN to FC ID binding. If this cache is full, a new (more recent) entry overwrites the oldest entry in the cache. In this case, the corresponding WWN to FC ID association for the oldest entry is lost.
Chapter 33 Configuring Domain Parameters FC IDs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Persistent FC ID Configuration Guidelines When the persistent FC ID feature is enabled, you can enter the persistent FC ID submode and add static or dynamic entries in the FC ID database. By default, all added entries are static. Persistent FC IDs are configured on a per-VSAN basis.
Chapter 33 Configuring Domain Parameters FC IDs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m About Unique Area FC IDs for HBAs Note Only read this section if the Host Bus Adapter (HBA) port and the storage port are connected to the same switch. Some HBA ports require a different area ID than for the storage ports when they are both connected to the same switch. For example, if the storage port FC ID is 0x6f7704, the area for this port is 77.
Chapter 33 Configuring Domain Parameters FC IDs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m switch(config)# end switch# Step 5 Assign a new FC ID with a different area allocation. In this example, we replace 77 with ee. switch# configuration terminal switch(config)# fcdomain fcid database switch(config-fcid-db)# vsan 3 wwn 50:05:08:b2:00:71:c8:c2 fcid 0x6fee00 area Step 6 Enable the HBA interface in the Cisco Nexus 5000 Series switch.
Chapter 33 Configuring Domain Parameters Verifying fcdomain Information Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Purging Persistent FC IDs To purge persistent FC IDs, perform this task: Step 1 Command Purpose switch# purge fcdomain fcid vsan vsan-id Purges all dynamic and unused FC IDs in the specified VSAN. switch# purge fcdomain fcid vsan vsan-id - vsan-id Purges dynamic and unused FC IDs in the specified VSAN range.
Chapter 33 Configuring Domain Parameters Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 33 Configuring Domain Parameters Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 34 Configuring N Port Virtualization This chapter describes how to configure N port virtualization (NPV) on Cisco Nexus 5000 Series switches.
Chapter 34 Configuring N Port Virtualization Information About NPV Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m The edge switch appears as a Fibre Channel host to the core switch and as a regular Fibre Channel switch to its connected devices. Figure 34-1 shows an interface-level view of an NPV configuration.
Chapter 34 Configuring N Port Virtualization Information About NPV Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m NP Uplinks (External Interfaces) All interfaces from the edge switch to the core switch are configured as proxy N ports (NP ports). An NP uplink is a connection from an NP port on the edge switch to an F port on the core switch.
Chapter 34 Configuring N Port Virtualization Information About NPV Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • The same device might log in using different fWWNs on the core switch (depending on the NPV link it uses) and may need to be zoned using different fWWNs. For additional information about zoning, see the “Information About Zoning” section on page 38-1. NPV Traffic Management Cisco Nexus 5000 Series switches provide NPV traffic management features.
Chapter 34 Configuring N Port Virtualization Guidelines and Limitations Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Note Redistributing a server interface causes traffic disruption to the attached end devices. To avoid disruption of server traffic, you should enable this feature only after adding a new NP uplink, and then disable it again after the server interfaces have been redistributed.
Chapter 34 Configuring N Port Virtualization Configuring NPV Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • NPV uses a load-balancing algorithm to automatically assign end devices in a VSAN to one of the NP uplinks (in the same VSAN) upon initial login. If there are multiple NP uplinks in the same VSAN, you cannot assign an end device to a specific NP uplink.
Chapter 34 Configuring N Port Virtualization Configuring NPV Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuring NPV Interfaces After you enable NPV, you should configure the NP uplink interfaces and the server interfaces. To configure an NP uplink interface, perform this task: Command Purpose Step 1 switch# configure terminal switch(config)# Enters configuration mode.
Chapter 34 Configuring N Port Virtualization Verifying NPV Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To configure a traffic map, perform this task: Command Purpose Step 1 switch# config t switch(config)# Enters configuration mode on the NPV.
Chapter 34 Configuring N Port Virtualization Verifying NPV Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 34 Configuring N Port Virtualization Verifying NPV Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m ---------------------------------------Server-If External-If(s) ---------------------------------------fc1/3 fc1/10,fc1/11 fc1/5 fc1/1,fc1/2 ---------------------------------------- To display the NPV internal traffic details, enter the show npv internal info traffic-map command.
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 35 Configuring VSAN Trunking This chapter describes the VSAN trunking feature provided in Cisco Nexus 5000 Series switches.
Chapter 35 Configuring VSAN Trunking Information About VSAN Trunking Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m VSAN Trunking Mismatches If you misconfigure VSAN configurations across E ports, issues can occur such as the merging of traffic in two VSANs (causing both VSANs to mismatch). The VSAN trunking protocol validates the VSAN interfaces at both ends of an ISL to avoid merging VSANs (see Figure 35-2).
Chapter 35 Configuring VSAN Trunking Configuring VSAN Trunking Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 35 Configuring VSAN Trunking Configuring VSAN Trunking Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Tip The preferred configuration on the Cisco Nexus 5000 Series switches is that one side of the trunk is set to auto and the other is set to on. Note When connected to a third-party switch, the trunk mode configuration has no effect. The ISL is always in a trunking disabled state.
Chapter 35 Configuring VSAN Trunking Configuring VSAN Trunking Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m s1 , nd 2, a 1, 2 , 4, 3a 5a re . nal atio r e op re o per atio nal . Switch 2 VSAN1 VSAN2 VSAN3 Switch 3 VSAN1 VSAN2 VSAN4 VSAN5 79945 AN Switch 1 VS VSAN1 VSAN2 VSAN3 VSAN4 VSAN5 VS AN s Default Allowed-Active VSAN Configuration VSANs 1 and 2 are operational.
Chapter 35 Configuring VSAN Trunking Displaying VSAN Trunking Information Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Operational and Allowed VSAN Configuration Switch 2 VSAN1 VSAN2 VSAN3 Switch 1 VSAN1 VSAN2 VSAN3 VSAN4 VSAN5 VS VS AN ANs 1 s1 , 2, , 2, 5 a 5a re o re ope ra n th e a tional llow . ed list. Switch 3 VSAN1 VSAN2 VSAN4 VSAN5 79946 list. ed w o l l . ea nal n th eratio o re op 3a are nd 3 a s1 and AN Ns 1 VS A VS VSANs 1 and 2 are operational.
Chapter 35 Configuring VSAN Trunking Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m switch# show interface fc3/3 fc3/3 is up Hardware is Fibre Channel, SFP is short wave laser w/o OFC (SN) Port WWN is 20:83:00:0d:ec:6d:78:40 Peer port WWN is 20:0c:00:0d:ec:0d:d0:00 Admin port mode is auto, trunk mode is on ...
Chapter 35 Configuring VSAN Trunking Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 36 Configuring SAN Port Channels SAN port channels refer to the aggregation of multiple physical interfaces into one logical interface to provide higher aggregated bandwidth, load balancing, and link redundancy. On Cisco Nexus 5000 Series switches, SAN port channels can include physical Fibre Channel interfaces, but not virtual Fibre Channel interfaces.
Chapter 36 Configuring SAN Port Channels Information About SAN Port Channels Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 36 Configuring SAN Port Channels Information About SAN Port Channels Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • Exchange based—The first frame in an exchange is assigned to a link, and then subsequent frames in the exchange follow the same link. However, subsequent exchanges can use a different link. This method provides finer granularity for load balancing while preserving the order of frames for each exchange.
Chapter 36 Configuring SAN Port Channels Configuring SAN Port Channels Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Figure 36-4 SID1, DID1, and Exchange-Based Load Balancing Link 1 Frame 1 Frame 2 Link 2 Frame 3 SID1, DID1, Exchange 1 Frame n Link 1 Frame 1 Frame 2 Link 2 Frame 3 SID1, DID1, Exchange 2 79531 Frame n Configuring SAN Port Channels SAN port channels are created with default values.
Chapter 36 Configuring SAN Port Channels Configuring SAN Port Channels Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Figure 36-6 shows examples of invalid configurations. Assuming that the links are brought up in the 1, 2, 3, 4 sequence, links 3 and 4 will be operationally down as the fabric is misconfigured.
Chapter 36 Configuring SAN Port Channels Configuring SAN Port Channels Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m If the following requirements are not met, a SAN port channel error is detected: • Each switch on either side of a SAN port channel must be connected to the same number of interfaces. • Each interface must be connected to a corresponding interface on the other side (see Figure 36-6 for an example of an invalid configuration).
Chapter 36 Configuring SAN Port Channels Configuring SAN Port Channels Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Table 36-1 compares On and Active modes. Table 36-1 Channel Group Configuration Differences On Mode Active Mode No protocol is exchanged. A port channel protocol negotiation is performed with the peer ports.
Chapter 36 Configuring SAN Port Channels Interfaces in a SAN Port Channel Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m If you delete the SAN port channel for one port, then the individual ports within the deleted SAN port channel retain the compatibility parameter settings (speed, mode, port VSAN, allowed VSAN, and port security). You can explicitly change those settings as required.
Chapter 36 Configuring SAN Port Channels Interfaces in a SAN Port Channel Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m About Interface Addition to a SAN Port Channel You can add a physical interface (or a range of interfaces) to an existing SAN port channel. The compatible parameters on the configuration are mapped to the SAN port channel. Adding an interface to a SAN port channel increases the channel size and bandwidth of the SAN port channel.
Chapter 36 Configuring SAN Port Channels Interfaces in a SAN Port Channel Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 36 Configuring SAN Port Channels Port Channel Protocol Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m After the members are deleted, regardless of the mode (Active and On) used, the ports at either end are gracefully brought down, indicating that no frames are lost when the interface is going down.
Chapter 36 Configuring SAN Port Channels Port Channel Protocol Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 36 Configuring SAN Port Channels Port Channel Protocol Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Table 36-2 Channel Group Configuration Differences (continued) User-Configured Channel Group Autocreated Channel Group You can form the SAN port channel with a subset of the ports in the channel group. Incompatible ports remain in a suspended or isolated state depending on the On or Active mode configuration.
Chapter 36 Configuring SAN Port Channels Port Channel Protocol Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Tip When enabling autocreation in any switch in the Cisco Nexus 5000 Series, we recommend that you retain at least one interconnected port between the switches without any autocreation configuration.
Chapter 36 Configuring SAN Port Channels Verifying SAN Port Channel Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Verifying SAN Port Channel Configuration You can view specific information about existing SAN port channels at any time from EXEC mode. The following show commands provide further details on existing SAN port channels. The show san-port-channel summary command displays a summary of SAN port channels within the switch.
Chapter 36 Configuring SAN Port Channels Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m ... Default Settings Table 36-3 lists the default settings for SAN port channels. Table 36-3 Default SAN Port Channel Parameters Parameters Default Port channels FSPF is enabled by default. Create port channel Administratively up. Default port channel mode On. Autocreation Disabled.
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 37 Configuring and Managing VSANs You can achieve higher security and greater stability in Fibre Channel fabrics by using virtual SANs (VSANs). VSANs provide isolation among devices that are physically connected to the same fabric. With VSANs you can create multiple logical SANs over a common physical infrastructure.
Chapter 37 Configuring and Managing VSANs Information About VSANs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • Fabric-related configurations in one VSAN do not affect the associated traffic in another VSAN. • Events causing traffic disruptions in one VSAN are contained within that VSAN and are not propagated to other VSANs. Figure 37-1 shows a fabric with three switches, one on each floor.
Chapter 37 Configuring and Managing VSANs Information About VSANs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Figure 37-2 H2 Example of Two VSANs AS1 H3 AS2 AS3 H1 FC SA1 FC SA2 FC SA3 FC SA4 Link in VSAN 2 79533 Link in VSAN 7 Trunk link The four switches in this network are interconnected by VSAN trunk links that carry both VSAN 2 and VSAN 7 traffic. You can configure a different inter-switch topology for each VSAN.
Chapter 37 Configuring and Managing VSANs Information About VSANs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • Traffic isolation—Traffic is contained within VSAN boundaries and devices reside only in one VSAN ensuring absolute separation between user groups, if desired. • Scalability—VSANs are overlaid on top of a single physical fabric. The ability to create several logical VSAN layers increases the scalability of the SAN.
Chapter 37 Configuring and Managing VSANs Configuring VSANs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Figure 37-3 VSANS with Zoning Physical Topology AS2 Zone A H2 VSAN 2 AS3 SA1 Zone C H1 Zone B SA4 H3 Zone D Zone A AS1 SA2 SA3 79534 VSAN 7 Configuring VSANs VSANs have the following attributes: • VSAN ID—The VSAN ID identifies the VSAN as the default VSAN (VSAN 1), user-defined VSANs (VSAN 2 to 4093), and the isolated VSAN (VSAN 4094).
Chapter 37 Configuring and Managing VSANs Configuring VSANs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 37 Configuring and Managing VSANs Configuring VSANs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m About Port VSAN Membership Port VSAN membership on the switch is assigned on a port-by-port basis. By default each port belongs to the default VSAN. You can assign VSAN membership to ports using one of two methods: • Statically—Assigning VSANs to ports. See the “Assigning Static Port VSAN Membership” section on page 37-7.
Chapter 37 Configuring and Managing VSANs Configuring VSANs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 37 Configuring and Managing VSANs Configuring VSANs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Operational State of a VSAN A VSAN is in the operational state if the VSAN is active and at least one port is up. This state indicates that traffic can pass through this VSAN. This state cannot be configured. About Static VSAN Deletion When an active VSAN is deleted, all of its attributes are removed from the running configuration.
Chapter 37 Configuring and Managing VSANs Configuring VSANs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Deleting Static VSANs To delete a VSAN and its various attributes, perform this task: Command Purpose Step 1 switch# configuration terminal Enters configuration mode. Step 2 switch(config)# vsan database switch(config-db)# Configures the VSAN database. Step 3 switch-config-db# vsan 2 switch(config-vsan-db)# Places you in VSAN configuration mode.
Chapter 37 Configuring and Managing VSANs Displaying Static VSAN Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m About Interop Mode Interoperability enables the products of multiple vendors to connect with each other. Fibre Channel standards guide vendors to create common external Fibre Channel interfaces. For additional information, see the “Switch Interoperability” section on page 43-9.
Chapter 37 Configuring and Managing VSANs Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 38 Configuring and Managing Zones Zoning enables you to set up access control between storage devices or user groups. If you have administrator privileges in your fabric, you can create zones to increase network security and to prevent data loss or corruption. Zoning is enforced by examining the source-destination ID field.
Chapter 38 Configuring and Managing Zones Information About Zoning Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Zoning Features Zoning includes the following features: • A zone consists of multiple zone members. – Members in a zone can access each other; members in different zones cannot access each other. – If zoning is not activated, all devices are members of the default zone.
Chapter 38 Configuring and Managing Zones Information About Zoning Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Note • Default zone membership includes all ports or WWNs that do not have a specific membership association. Access between default zone members is controlled by the default zone policy. • You can configure up to 8000 zones per VSAN and a maximum of 8000 zones for all VSANs on the switch. Interface-based zoning only works with Cisco SAN switches.
Chapter 38 Configuring and Managing Zones Information About Zoning Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Figure 38-2 Fabric with Three Zones Zone 1 H1 S1 H2 Zone 3 S2 H3 Zone 2 S3 79536 Fabric Zone Implementation Cisco Nexus 5000 Series switches automatically support the following basic zone features (no additional configuration is required): • Zones are contained in a VSAN. • Hard zoning cannot be disabled.
Chapter 38 Configuring and Managing Zones Information About Zoning Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Note • Each VSAN can have multiple zone sets but only one zone set can be active at any given time. • When you create a zone set, that zone set becomes a part of the full zone set. • When you activate a zone set, a copy of the zone set from the full zone set is used to enforce zoning, and is called the active zone set.
Chapter 38 Configuring and Managing Zones Information About Zoning Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 38 Configuring and Managing Zones Configuring Zones Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuring Zones To configure a zone and assign a zone name, perform this task: Command Purpose Step 1 switch# configuration terminal Enters configuration mode. Step 2 switch(config)# zone name zone-name vsan vsan-id Configures a zone in the specified VSAN.
Chapter 38 Configuring and Managing Zones Zone Sets Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 38 Configuring and Managing Zones Zone Sets Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m In Figure 38-4, two separate sets are created, each with its own membership hierarchy and zone members.
Chapter 38 Configuring and Managing Zones Zone Sets Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m About the Default Zone Each member of a fabric (in effect a device attached to an Nx port) can belong to any zone. If a member is not part of any active zone, it is considered to be part of the default zone. Therefore, if no zone set is active in the fabric, all devices are considered to be in the default zone.
Chapter 38 Configuring and Managing Zones Zone Sets Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Tip • Domain ID—The domain ID is an integer from 1 to 239. A mandatory port number of a non-Cisco switch is required to complete this membership configuration. • Interface—Interface-based zoning is similar to port-based zoning because the switch interface is used to configure the zone.
Chapter 38 Configuring and Managing Zones Zone Sets Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 38 Configuring and Managing Zones Zone Set Distribution Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Note Be sure you understand how device alias modes work before enabling them. See Chapter 39, “Distributing Device Alias Services” for details and requirements about device alias modes. Zone Enforcement Zoning can be enforced in two ways: soft and hard. Each end device (N port) discovers other devices in the fabric by querying the name server.
Chapter 38 Configuring and Managing Zones Zone Set Distribution Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Enabling Full Zone Set Distribution All switches in the Cisco Nexus 5000 Series distribute active zone sets when new E port links come up or when a new zone set is activated in a VSAN. The zone set distribution takes effect while sending merge requests to the adjacent switch or while activating a zone set.
Chapter 38 Configuring and Managing Zones Zone Set Distribution Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • Import the neighboring switch’s active zone set database and replace the current active zone set (see Figure 38-5). • Export the current database to the neighboring switch. • Manually resolve the conflict by editing the full zone set, activating the corrected zone set, and then bringing up the link.
Chapter 38 Configuring and Managing Zones Zone Set Duplication Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Zone Set Duplication You can make a copy and then edit it without altering the existing active zone set. You can copy an active zone set from the bootflash: directory, volatile: directory, or slot0 to one of the following areas: • To the full zone set • To a remote location (using FTP, SCP, SFTP, or TFTP) The active zone set is not part of the full zone set.
Chapter 38 Configuring and Managing Zones Zone Set Duplication Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Step 2 Step 3 Command Purpose switch(config)# zoneset rename oldname newname vsan vsan-id Renames a zone set in the specified VSAN. switch(config)# zone rename oldname newname vsan vsan-id Renames a zone in the specified VSAN. switch(config)# fcalias rename oldname newname vsan vsan-id Renames a fcalias in the specified VSAN.
Chapter 38 Configuring and Managing Zones Verifying Zone Information Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Verifying Zone Information You can view any zone information by using the show command. If you request information for a specific object (for example, a specific zone, zone set, VSAN, or alias, or keywords such as brief or active), only information for the specified object is displayed.
Chapter 38 Configuring and Managing Zones Enhanced Zoning Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 38 Configuring and Managing Zones Enhanced Zoning Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Changing from Basic Zoning to Enhanced Zoning To change to the enhanced zoning mode from the basic mode, perform this task: Step 1 Verify that all switches in the fabric are capable of working in the enhanced mode. If one or more switches are not capable of working in enhanced mode, then your request to move to enhanced mode is rejected.
Chapter 38 Configuring and Managing Zones Enhanced Zoning Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To enable enhanced zoning in a VSAN, perform this task: Command Purpose Step 1 switch# configuration terminal Enters configuration mode. Step 2 switch(config)# zone mode enhanced vsan vsan-id Enables enhanced zoning in the specified VSAN. switch(config)# no zone mode enhanced vsan vsan-id Disables enhanced zoning in the specified VSAN.
Chapter 38 Configuring and Managing Zones Enhanced Zoning Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Note We recommend using the no zone commit vsan command first to release the session lock in the fabric. If that fails, use the clear zone lock vsan command on the remote switches where the session is still locked.
Chapter 38 Configuring and Managing Zones Enhanced Zoning Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuring Zone Merge Control Policies To configure merge control policies, perform this task: Command Purpose Step 1 switch# configuration terminal Enters configuration mode. Step 2 switch(config)# zone merge-control restrict vsan vsan-id Configures a restricted merge control setting for this VSAN.
Chapter 38 Configuring and Managing Zones Compacting the Zone Database Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Verifying Enhanced Zone Information The following example shows how to display the zone status for a specified VSAN: switch# show zone status vsan 2 Compacting the Zone Database You can delete excess zones and compact the zone database for the VSAN.
Chapter 38 Configuring and Managing Zones Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Default Settings Table 38-6 lists the default settings for basic zone parameters. Table 38-6 Default Basic Zone Parameters Parameters Default Default zone policy Denied to all members. Full zone set distribute The full zone set(s) is not distributed. Enhanced zoning Disabled.
Chapter 38 Configuring and Managing Zones Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 39 Distributing Device Alias Services Switches in the Cisco Nexus 5000 Series support Distributed Device Alias Services (device aliases) on a fabric-wide basis.
Chapter 39 Distributing Device Alias Services Device Alias Databases Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • The device alias application uses the Cisco Fabric Services (CFS) infrastructure to enable efficient database management and distribution. Device aliases use the coordinated distribution mode and the fabric-wide distribution scope (see Chapter 21, “Using Cisco Fabric Services”). • Basic and enhanced modes.
Chapter 39 Distributing Device Alias Services Device Alias Databases Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • Pending database—Your subsequent device alias configuration changes are stored in the pending database. If you modify the device alias configuration, you need to commit or discard the changes as the fabric remains locked during this period. Device alias database changes are validated with the applications.
Chapter 39 Distributing Device Alias Services Device Alias Databases Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Device Alias Modes You can specify that aliases operate in basic or enhanced modes. When operating in basic mode, which is the default mode, the device alias is immediately expanded to a pWWN. In basic mode, when device aliases are changed to point to a new HBA, for example, that change is not reflected in the zone server.
Chapter 39 Distributing Device Alias Services Device Alias Databases Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuring Device Alias Modes To configure device aliases to operate in enhanced mode, perform this task: Command Purpose Step 1 switch# configuration terminal Enters configuration mode. Step 2 switch(config)# device-alias mode enhanced Assigns the device alias to operate in enhanced mode.
Chapter 39 Distributing Device Alias Services Device Alias Databases Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • A copy of the effective database is obtained and used as the pending database. Subsequent modifications are made to the pending database. The pending database remains in use until you commit the modifications to the pending database or discard (abort) the changes to the pending database.
Chapter 39 Distributing Device Alias Services Device Alias Databases Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Fabric Lock Override You can use locking operations (clear, commit, abort) only when device alias distribution is enabled. If you have performed a device alias task and have forgotten to release the lock by either committing or discarding the changes, an administrator can release the lock from any switch in the fabric.
Chapter 39 Distributing Device Alias Services About Legacy Zone Alias Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m ========================================================== Operation: Disable Fabric Distribution Status: Success About Legacy Zone Alias Configuration You can import legacy zone alias configurations to use this feature without losing data if they satisfy the following restrictions: • Each zone alias has only one member.
Chapter 39 Distributing Device Alias Services Verifying Device Alias Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Verifying Device Alias Configuration To display device alias information, perform one of the following tasks: Command Purpose switch# show zoneset [active] Displays the device aliases in the zone set information. switch# show device-alias database [pending | pending-diffs] Displays the device alias database.
Chapter 39 Distributing Device Alias Services Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Default Settings Table 39-2 lists the default settings for device alias parameters. Table 39-2 Default Device Alias Parameters Parameters Default Device alias distribution Enabled. Device alias mode Basic. Database in use Effective database. Database to accept changes Pending database.
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 40 Configuring Fibre Channel Routing Services and Protocols Fabric Shortest Path First (FSPF) is the standard path selection protocol used by Fibre Channel fabrics. The FSPF feature is enabled by default on the E mode and TE mode Fibre Channel interfaces on Cisco Nexus 5000 Series switches. Except in configurations that require special consideration, you do not need to configure any FSPF services.
Chapter 40 Configuring Fibre Channel Routing Services and Protocols Information About FSPF Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • Runs on a per VSAN basis. Connectivity in a given VSAN in a fabric is guaranteed only for the switches configured in that VSAN. • Uses a topology database to keep track of the state of the links on all switches in the fabric and associates a cost with each link.
Chapter 40 Configuring Fibre Channel Routing Services and Protocols FSPF Global Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Figure 40-2 Fault Tolerant Fabric with Redundant Links A B C 1 2 D E 79542 4 3 For example, if all links are of equal speed and no SAN port channels exist, the FSPF calculates four equal paths from A to C: A1-E-C, A2-E-C, A3-D-C, and A4-D-C. If SAN port channels exist, these paths are reduced to two.
Chapter 40 Configuring Fibre Channel Routing Services and Protocols FSPF Global Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m About Link State Records Each time a new switch enters the fabric, a link state record (LSR) is sent to the neighboring switches, and then flooded throughout the fabric. Table 40-1 displays the default settings for switch responses.
Chapter 40 Configuring Fibre Channel Routing Services and Protocols FSPF Interface Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Resetting FSPF to the Default Configuration To return the FSPF VSAN global configuration to its factory default, perform this task: Command Purpose Step 1 switch# configuration terminal Enters configuration mode. Step 2 switch(config)# no fspf config vsan vsan-id Deletes the FSPF configuration for the specified VSAN.
Chapter 40 Configuring Fibre Channel Routing Services and Protocols FSPF Interface Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 40 Configuring Fibre Channel Routing Services and Protocols FSPF Interface Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Command Purpose Step 2 switch(config)# interface fc slot/port Configures the specified interface, or if already configured, enters configuration mode for the specified interface.
Chapter 40 Configuring Fibre Channel Routing Services and Protocols FSPF Interface Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuring Retransmitting Intervals To configure the FSPF retransmit time interval, perform this task: Command Purpose Step 1 switch# configuration terminal Enters configuration mode.
Chapter 40 Configuring Fibre Channel Routing Services and Protocols FSPF Routes Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Clearing FSPF Counters for an Interface To clear the FSPF statistics counters for an interface, perform this task: Command Purpose switch# clear fspf counters vsan vsan-id interface fc slot/port Clears the FSPF statistics counters for the specified interface in the specified VSAN.
Chapter 40 Configuring Fibre Channel Routing Services and Protocols In-Order Delivery Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuring Fibre Channel Routes To configure a Fibre Channel route, perform this task: Command Purpose Step 1 switch# configuration terminal Enters configuration mode. Step 2 switch(config)# fcroute fcid interface fc slot/port domain domain-id vsan vsan-id Configures the route for the specified Fibre Channel interface and domain.
Chapter 40 Configuring Fibre Channel Routing Services and Protocols In-Order Delivery Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 40 Configuring Fibre Channel Routing Services and Protocols In-Order Delivery Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Figure 40-5 Frame 2 Frame 1 Frame 4 Frame 3 Switch 2 Old path New path 85475 Switch 1 Link Congestion Delivery In Figure 40-5, the port of the old path (red dot) is congested. In this scenario, Frame 3 and Frame 4 can be delivered before Frame 1 and Frame 2.
Chapter 40 Configuring Fibre Channel Routing Services and Protocols In-Order Delivery Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Step 2 Command Purpose switch(config)# in-order-guarantee Enables in-order delivery in the switch. switch(config)# no in-order-guarantee Reverts the switch to the factory defaults and disables the in-order delivery feature.
Chapter 40 Configuring Fibre Channel Routing Services and Protocols Flow Statistics Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To configure the network and the switch drop latency time, perform this task: Command Purpose Step 1 switch# configuration terminal Enters configuration mode. Step 2 switch(config)# fcdroplatency network value Configures network drop latency time for the network. The valid range is 0 to 60000 msec.
Chapter 40 Configuring Fibre Channel Routing Services and Protocols Flow Statistics Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m About Flow Statistics If you enable flow counters, you can enable a maximum of 1000 entries for aggregate flow and flow statistics. Be sure to assign an unused flow index for each new flow. The number space for flow index is shared between the aggregate flow statistics and the flow statistics.
Chapter 40 Configuring Fibre Channel Routing Services and Protocols Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Displaying Flow Statistics Use the show fcflow stats commands to view flow statistics.
Chapter 40 Configuring Fibre Channel Routing Services and Protocols Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Table 40-2 Default FSPF Settings (continued) Parameters Default Load balancing Based on destination ID and source ID on different, equal cost paths. In-order delivery Disabled. Drop latency Disabled. Static route cost If the cost (metric) of the route is not specified, the default is 10.
Chapter 40 Configuring Fibre Channel Routing Services and Protocols Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 41 Managing FLOGI, Name Server, FDMI, and RSCN Databases This chapter describes the fabric login (FLOGI) database, the name server features, the Fabric-Device Management Interface (FDMI), and Registered State Change Notification (RSCN) information provided in Cisco Nexus 5000 Series switches.
Chapter 41 Managing FLOGI, Name Server, FDMI, and RSCN Databases Name Server Proxy Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Total number of flogi = 1. The following example shows how to verify the storage devices associated with VSAN 1: switch# show flogi database vsan 1 Name Server Proxy The name server functionality maintains a database containing the attributes for all hosts and storage devices in each VSAN.
Chapter 41 Managing FLOGI, Name Server, FDMI, and RSCN Databases Name Server Proxy Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Rejecting Duplicate pWWNs To reject duplicate pWWNs, perform this task: Command Purpose Step 1 switch# configuration terminal switch(config)# Enters configuration mode. Step 2 switch(config)# fcns reject-duplicate-pwwn vsan vsan-id Logs out devices when they log into the fabric if the pWWNs already exist.
Chapter 41 Managing FLOGI, Name Server, FDMI, and RSCN Databases FDMI Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m ------------------------ The following example shows how to display the name server database statistics for all VSANs: switch# show fcns statistics FDMI Cisco Nexus 5000 Series switches provide support for the Fabric-Device Management Interface (FDMI) functionality, as described in the FC-GS-4 standard.
Chapter 41 Managing FLOGI, Name Server, FDMI, and RSCN Databases RSCN Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • Suppressing Domain Format SW-RSCNs, page 41-6 • Clearing RSCN Statistics, page 41-6 • Configuring the RSCN Timer, page 41-7 • Verifying the RSCN Timer Configuration, page 41-7 • RSCN Timer Configuration Distribution, page 41-8 About RSCN Information A switch RSCN (SW-RSCN) is sent to registered hosts and to all reachable switches in the fabric.
Chapter 41 Managing FLOGI, Name Server, FDMI, and RSCN Databases RSCN Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuring the multi-pid Option To configure the multi-pid option, perform this task: Command Purpose Step 1 switch# configuration terminal switch(config)# Enters configuration mode. Step 2 switch(config)# rscn multi-pid vsan vsan-id Sends RSCNs in a multi-pid format for the specified VSAN.
Chapter 41 Managing FLOGI, Name Server, FDMI, and RSCN Databases RSCN Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuring the RSCN Timer RSCN maintains a per VSAN event list queue, where the RSCN events are queued as they are generated. When the first RSCN event is queued, a per VSAN timer starts. Upon time-out, all the events are dequeued and coalesced RSCNs are sent to registered users.
Chapter 41 Managing FLOGI, Name Server, FDMI, and RSCN Databases RSCN Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m RSCN Timer Configuration Distribution Because the timeout value for each switch is configured manually, a misconfiguration occurs when different switches time out at different times. This means different N-ports in a network can receive RSCNs at different times.
Chapter 41 Managing FLOGI, Name Server, FDMI, and RSCN Databases RSCN Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • A copy of the configuration database becomes the pending database along with the first active change. Committing the RSCN Timer Configuration Changes If you commit the changes made to the active database, the configuration is committed to all the switches in the fabric.
Chapter 41 Managing FLOGI, Name Server, FDMI, and RSCN Databases Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Merge Capable Scope Note : Yes : Logical A merge failure results when the RSCN timer values are different on the merging fabrics.
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 42 Discovering SCSI Targets This chapter describes the SCSI LUN discovery feature provided in switches in the Cisco Nexus 5000 Series. It includes the following sections: • Information About SCSI LUN Discovery, page 42-1 • Displaying SCSI LUN Information, page 42-3 Information About SCSI LUN Discovery Small Computer System Interface (SCSI) targets include disks, tapes, and other storage devices.
Chapter 42 Discovering SCSI Targets Information About SCSI LUN Discovery Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Starting SCSI LUN Discovery To start SCSI LUN discovery, perform this task: Command Purpose switch# discover scsi-target {custom-list | local | remote | vsan vsan-id fcid fc-id} os {aix | hpux | linux | solaris | windows} [lun | target] Discovers SCSI targets for the specified operating system (OS).
Chapter 42 Discovering SCSI Targets Displaying SCSI LUN Information Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Displaying SCSI LUN Information Use the show scsi-target and show fcns database commands to display the results of the discovery.
Chapter 42 Discovering SCSI Targets Displaying SCSI LUN Information Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 43 Advanced Fibre Channel Features and Concepts This chapter describes the advanced Fibre Channel features provided in Cisco Nexus 5000 Series switches.
Chapter 43 Advanced Fibre Channel Features and Concepts Fibre Channel Timeout Values Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • Verifying Configured fctimer Values, page 43-5 Timer Configuration Across All VSANs You can modify Fibre Channel protocol related timer values for the switch. Caution The D_S_TOV, E_D_TOV, and R_A_ TOV values cannot be globally changed unless all VSANs in the switch are suspended.
Chapter 43 Advanced Fibre Channel Features and Concepts Fibre Channel Timeout Values Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m The following example configures the timer value for VSAN 2: switch(config#)# fctimer D_S_TOV 6000 vsan 2 Warning: The vsan will be temporarily suspended when updating the timer value This configuration would impact whole fabric.
Chapter 43 Advanced Fibre Channel Features and Concepts Fibre Channel Timeout Values Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Discarding fctimer Changes After making the configuration changes, you can choose to discard the changes by discarding the changes instead of committing them. In either case, the lock is released.
Chapter 43 Advanced Fibre Channel Features and Concepts World Wide Names Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Verifying Configured fctimer Values Use the show fctimer command to display the configured fctimer values.
Chapter 43 Advanced Fibre Channel Features and Concepts World Wide Names Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Verifying WWN Information Use the show wwn commands to display the status of the WWN configuration. The following example displays the status of all WWNs: switch# show wwn status Type Configured Available ------------- -------------1 64 48 ( 75%) 2,5 524288 442368 ( 84%) Resvd.
Chapter 43 Advanced Fibre Channel Features and Concepts FC ID Allocation for HBAs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m FC ID Allocation for HBAs Fibre Channel standards require a unique FC ID to be allocated to an N port attached to an F port in any switch. To conserve the number of FC IDs used, Cisco Nexus 5000 Series switches use a special allocation scheme. Some HBAs do not discover targets that have FC IDs with the same domain and area.
Chapter 43 Advanced Fibre Channel Features and Concepts FC ID Allocation for HBAs Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Tip We recommend that you set the fcinterop FC ID allocation scheme to auto and use the company ID list and persistent FC ID configuration to manipulate the FC ID device allocation. Use the fcinterop FCID allocation auto command to change the FC ID allocation and the show running-config command to view the currently allocated mode.
Chapter 43 Advanced Fibre Channel Features and Concepts Switch Interoperability Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m The following example displays the company ID for the specified WWN: switch# show fcid-allocation company-id-from-wwn 20:00:00:05:30:00:21:60 Extracted Company ID: 0x000530 Switch Interoperability Interoperability enables the products of multiple vendors to interwork with each other.
Chapter 43 Advanced Fibre Channel Features and Concepts Switch Interoperability Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Table 43-2 lists the changes in switch operation when you enable interoperability mode. These changes are specific to Cisco Nexus 5000 Series switches while in interop mode.
Chapter 43 Advanced Fibre Channel Features and Concepts Switch Interoperability Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Table 43-2 Changes in Switch Operation When Interoperability Is Enabled (continued) Switch Feature Changes if Interoperability Is Enabled Domain reconfiguration disruptive This is a switch-wide impacting event. Brocade and McData require the entire switch to be placed in offline mode and/or rebooted when changing domain IDs.
Chapter 43 Advanced Fibre Channel Features and Concepts Switch Interoperability Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m The Cisco Nexus 5000 Series, Brocade, and McData FC Error Detect (ED_TOV) and Resource Allocation (RA_TOV) timers default to the same values. They can be changed if needed. The RA_TOV default is 10 seconds, and the ED_TOV default is 2 seconds. Per the FC-SW2 standard, these values must be the same on each switch within the fabric.
Chapter 43 Advanced Fibre Channel Features and Concepts Switch Interoperability Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m cisco Nexus5020 Chassis ("40x10GE/Supervisor") Intel(R) Celeron(R) M CPU with 2074308 kB of memory.
Chapter 43 Advanced Fibre Channel Features and Concepts Switch Interoperability Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m ip route 6.1.1.0 255.255.255.0 6.1.1.1 ip routing line console databits 5 speed 110 logging linecard ssh key rsa 512 force ssh server enable switchname MDS9509 username admin password 5 $1$Li8/fBYX$SNc72.xt4nTXpSnR9OUFB/ role network-admin Step 4 Verify if the interoperability mode is active.
Chapter 43 Advanced Fibre Channel Features and Concepts Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Step 7 Verify the next hop and destination for the switch.
Chapter 43 Advanced Fibre Channel Features and Concepts Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 44 Configuring FC-SP and DHCHAP Fibre Channel Security Protocol (FC-SP) capabilities provide switch-to-switch and host-to-switch authentication to overcome security challenges for enterprise-wide fabrics. Diffie-Hellman Challenge Handshake Authentication Protocol (DHCHAP) is an FC-SP protocol that provides authentication between Cisco Nexus 5000 Series switches and other devices.
Chapter 44 Configuring FC-SP and DHCHAP DHCHAP Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Cisco Nexus 5000 Series switches support authentication features to address physical security (see Figure 44-1).
Chapter 44 Configuring FC-SP and DHCHAP DHCHAP Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m DHCHAP is a mandatory password-based, key-exchange authentication protocol that supports both switch-to-switch and host-to-switch authentication. DHCHAP negotiates hash algorithms and DH groups before performing authentication. It supports MD5 and SHA-1 algorithm-based authentication.
Chapter 44 Configuring FC-SP and DHCHAP DHCHAP Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • VSANs—DHCHAP authentication is not done on a per-VSAN basis. About Enabling DHCHAP By default, the DHCHAP feature is disabled in all Cisco Nexus 5000 Series switches. You must explicitly enable the DHCHAP feature to access the configuration and verification commands for fabric authentication.
Chapter 44 Configuring FC-SP and DHCHAP DHCHAP Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Table 44-1 identifies switch-to-switch authentication between two Cisco switches in various modes. Table 44-1 Switch N DHCHAP Modes on auto-Active DHCHAP Authentication Status Between Two MDS Switches Switch 1 DHCHAP Modes on auto-active FC-SP authentication is performed. FC-SP authentication FC-SP authentication Link is brought is performed. is performed. down.
Chapter 44 Configuring FC-SP and DHCHAP DHCHAP Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Tip Caution If you change the hash algorithm configuration, then change it globally for all switches in the fabric. RADIUS and TACACS+ protocols always use MD5 for CHAP authentication. Using SHA-1 as the hash algorithm may prevent RADIUS and TACACS+ usage, even if these AAA protocols are enabled for DHCHAP authentication.
Chapter 44 Configuring FC-SP and DHCHAP DHCHAP Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • Configuration 1—Use the same password for all switches in the fabric. This is the simplest configuration. When you add a new switch, you use the same password to authenticate that switch in this fabric. It is also the most vulnerable configuration if someone from the outside maliciously attempts to access any one switch in the fabric.
Chapter 44 Configuring FC-SP and DHCHAP DHCHAP Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Note The switch WWN identifies the physical switch. This WWN is used to authenticate the switch and is different from the VSAN node WWN. Configuring DHCHAP Passwords for Remote Devices To locally configure the remote DHCHAP password for another switch in the fabric, perform this task: Command Purpose Step 1 switch# configuration terminal Enters configuration mode.
Chapter 44 Configuring FC-SP and DHCHAP Sample Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuring DHCHAP AAA Authentication You can configure AAA authentication to use a RADIUS or TACACS+ server group. If AAA authentication is not configured, local authentication is used by default. To configure the AAA authentication, see the “Configuring AAA” section on page 16-6.
Chapter 44 Configuring FC-SP and DHCHAP Sample Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To configure the authentication setup shown in Figure 44-2, perform this task: Step 1 Obtain the device name of the Cisco Nexus 5000 Series switch in the fabric. The Cisco Nexus 5000 Series switch in the fabric is identified by the switch WWN. switch# show wwn switch Switch WWN is 20:00:00:05:30:00:54:de Step 2 Explicitly enable DHCHAP in this switch.
Chapter 44 Configuring FC-SP and DHCHAP Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Other Devices' Passwords: Password for device with WWN:20:00:00:05:30:00:54:de is ******* MDS-9509# show fcsp interface fc2/4 Fc2/4 fcsp authentication mode:SEC_MODE_ON Status:Successfully authenticated You have now enabled and configured DHCHAP authentication for the sample setup in Figure 44-2.
Chapter 44 Configuring FC-SP and DHCHAP Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 45 Configuring Port Security Cisco Nexus 5000 Series switches provide port security features that reject intrusion attempts and report these intrusions to the administrator. Note Port security is supported on virtual Fibre Channel ports and physical Fibre Channel ports.
Chapter 45 Configuring Port Security Information About Port Security Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m This section includes the following topics: • Port Security Enforcement, page 45-2 • About Auto-Learning, page 45-2 • Port Security Activation, page 45-3 Port Security Enforcement To enforce port security, configure the devices and switch port interfaces through which each device or switch is connected, and activate the configuration.
Chapter 45 Configuring Port Security Configuring Port Security Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Port Security Activation By default, the port security feature is not activated in Cisco Nexus 5000 Series switches.
Chapter 45 Configuring Port Security Configuring Port Security Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m See the “Committing the Changes” section on page 45-13. All switches have port security activated with auto-learning enabled. Step 5 Wait until all switches and all hosts are automatically learned. Step 6 Disable auto-learn on each VSAN. See the“Disabling Auto-Learning” section on page 45-8.
Chapter 45 Configuring Port Security Enabling Port Security Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuring Port Security with Manual Database Configuration To configure port security and manually configure the port security database, perform this task: Step 1 Enable port security. See the “Enabling Port Security” section on page 45-5. Step 2 Manually configure all port security entries into the configure database on each VSAN.
Chapter 45 Configuring Port Security Port Security Activation Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Activating Port Security To activate port security, perform this task: Command Purpose Step 1 switch# configuration terminal switch(config)# Enters configuration mode. Step 2 switch(config)# port-security activate vsan vsan-id Activates the port security database for the specified VSAN, and automatically enables auto-learning.
Chapter 45 Configuring Port Security Auto-Learning Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Database Reactivation Tip If auto-learning is enabled, you cannot activate the database without the force option until you disable auto-learning. To reactivate the port security database, perform this task: Step 1 Disable auto-learning. Step 2 Copy the active database to the configured database. If the active database is empty, you cannot perform this step.
Chapter 45 Configuring Port Security Auto-Learning Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m About Enabling Auto-Learning The state of the auto-learning configuration depends on the state of the port security feature: Tip • If the port security feature is not activated, auto-learning is disabled by default. • If the port security feature is activated, auto-learning is enabled by default (unless you explicitly disabled this option).
Chapter 45 Configuring Port Security Auto-Learning Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 45 Configuring Port Security Port Security Manual Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Table 45-2 Authorization Results for Scenario (continued) Device Connection Request Authorization Condition Reason S2, F11 Denied 7 P10 is bound to F11. P4, N4, F5 (auto-learning on) Permitted 3 No conflict. P4, N4, F5 (auto-learning off) Denied 4 No match. S3, F5 (auto-learning on) Permitted 3 No conflict.
Chapter 45 Configuring Port Security Port Security Manual Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • If an N port’s nWWN is bound to an F port WWN, then all pWWNs in the N port are implicitly paired with the F port. • TE port checking is done on each VSAN in the allowed VSAN list of the VSAN trunk port. • All port channel xE ports must be configured with the same set of WWNs in the same SAN port channel.
Chapter 45 Configuring Port Security Port Security Configuration Distribution Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 45 Configuring Port Security Port Security Configuration Distribution Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Locking the Fabric The first action that modifies the existing configuration creates the pending database and locks the feature in the VSAN. Once you lock the fabric, the following situations apply: • No other user can make any configuration changes to this feature. • A copy of the configuration database becomes the pending database.
Chapter 45 Configuring Port Security Database Merge Guidelines Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m If the pending database contains more than one activation and auto-learning configuration when you commit the changes, the activation and auto-learning changes are consolidated and the resulting operation may change (see Table 45-3).
Chapter 45 Configuring Port Security Database Interaction Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Caution If you do not follow these two conditions, the merge will fail. The next distribution will forcefully synchronize the databases and the activation states in the fabric. Database Interaction Table 45-4 lists the differences and interaction between the active and configuration databases.
Chapter 45 Configuring Port Security Database Interaction Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 45 Configuring Port Security Database Interaction Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Switch 1 Switch 1 config Database config Database Activating the database CLI active Database active Database EMPTY learned entires Note: Learned entries are saved in the active database.
Chapter 45 Configuring Port Security Database Interaction Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Use the port-security database copy vsan command to copy from the active to the configured database. If the active database is empty, this command is not accepted. switch# port-security database copy vsan 1 Use the port-security database diff active vsan command to view the differences between the active database and the configuration database.
Chapter 45 Configuring Port Security Displaying Port Security Configuration Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Displaying Port Security Configuration The show port-security database commands display the configured port security information. You can optionally specify a fWWN and a VSAN, or an interface and a VSAN in the show port-security command to view the output of the activated port security. Access information for each port can be individually displayed.
Chapter 45 Configuring Port Security Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 46 Configuring Fabric Binding This chapter describes the fabric binding feature provided in Cisco Nexus 5000 Series switches.
Chapter 46 Configuring Fabric Binding Information About Fabric Binding Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Port Security Versus Fabric Binding Port security and fabric binding are two independent features that can be configured to complement each other. Table 46-1 compares the two features. Table 46-1 Fabric Binding and Port Security Comparison Fabric Binding Port Security Uses a set of sWWNs and a persistent domain ID. Uses pWWNs/nWWNs or fWWNs/sWWNs.
Chapter 46 Configuring Fabric Binding Configuring Fabric Binding Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuring Fabric Binding The fabric binding feature ensures ISLs are only enabled between specified switches in the fabric binding configuration. Fabric binding is configured on a per-VSAN basis.
Chapter 46 Configuring Fabric Binding Configuring Fabric Binding Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Verify the status of the fabric binding feature of a fabric binding-enabled switch by entering the show fabric-binding status command: switch# show fabric-binding status VSAN 1:Activated database VSAN 4:No Active database About Switch WWN Lists A user-specified fabric binding list contains a list of switch WWNs (sWWNs) within a fabric.
Chapter 46 Configuring Fabric Binding Configuring Fabric Binding Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Note After activation, any already logged in switch that violates the current active database will be logged out, and all switches that were previously denied login because of fabric binding restrictions are reinitialized.
Chapter 46 Configuring Fabric Binding Verifying Fabric Binding Information Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • Use the fabric-binding database diff config vsan command to obtain information on the differences between the config database and the active database.
Chapter 46 Configuring Fabric Binding Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 46 Configuring Fabric Binding Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 47 Configuring Fabric Configuration Servers This chapter describes the Fabric Configuration Server (FCS) feature provided in the Cisco Nexus 5000 Series switches.
Chapter 47 Configuring Fabric Configuration Servers FCS Name Specification Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m information is not known to both of them. FCS operations can be done only on those switches that are visible in the VSAN. M2 can send FCS requests only for VSAN 2 even though S3 is also a part of VSAN 1.
Chapter 47 Configuring Fabric Configuration Servers Displaying FCS Information Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Note Set this command globally only if every switch in the fabric belong to the Cisco MDS 9000 Family or Cisco Nexus 5000 Series of switches. To enable global checking of the platform name, perform this task: Command Purpose Step 1 switch# configuration terminal switch(config)# Enters configuration mode.
Chapter 47 Configuring Fabric Configuration Servers Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 48 Configuring Port Tracking Cisco Nexus 5000 Series switches offer the port tracking feature on physical Fibre Channel interfaces (but not on virtual Fibre Channel interfaces). This feature uses information about the operational state of the link to initiate a failure in the link that connects the edge device.
Chapter 48 Configuring Port Tracking Configuring Port Tracking Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Figure 48-1 Traffic Recovery Using Port Tracking ISL2 X Direct link 1 WAN or MAN X FC WAN or MAN 120490 FC The port tracking feature monitors and detects failures that cause topology changes and brings down the links connecting the attached devices.
Chapter 48 Configuring Port Tracking Configuring Port Tracking Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • Tracking Multiple Ports, page 48-5 • About Monitoring Ports in a VSAN, page 48-5 • Monitoring Ports in a VSAN, page 48-5 • About Forceful Shutdown, page 48-6 • Forcefully Shutting Down a Tracked Port, page 48-6 Enabling Port Tracking The port tracking feature is disabled by default in Cisco Nexus 5000 Series switches.
Chapter 48 Configuring Port Tracking Configuring Port Tracking Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Step 3 Command Purpose switch(config-if)# port-track interface fc slot/port | san-port-channel port Specifies the tracked port. When the tracked port goes down, the linked port is also brought down. Note This link symbolizes the ISL (2) in Figure 48-1. Removes the port tracking configuration that is currently applied to the interface.
Chapter 48 Configuring Port Tracking Configuring Port Tracking Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Tracking Multiple Ports To track multiple ports, perform this task: Command Purpose Step 1 switch# configuration terminal Enters configuration mode. Step 2 switch(config)# interface fc slot/port Configures the specified interface and enters the interface configuration mode. You can now configure tracked ports.
Chapter 48 Configuring Port Tracking Displaying Port Tracking Information Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m About Forceful Shutdown If a tracked port flaps frequently, then tracking ports using the operational binding feature may cause frequent topology change. In this case, you may choose to keep the port in the down state until you are able to resolve the reason for these frequent flaps.
Chapter 48 Configuring Port Tracking Default Port Tracking Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Linked to 1 port(s) Port linked to interface fc2/1 ... The following example shows how to display the port track mode: switch# show interface fc 2/4 fc2/4 is up Hardware is Fibre Channel, FCOT is short wave laser ...
Chapter 48 Configuring Port Tracking Default Port Tracking Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 49 Configuring SPAN The Switched Port Analyzer (SPAN) feature (sometimes called port mirroring or port monitoring) selects network traffic for analysis by a network analyzer. The network analyzer can be a Cisco SwitchProbe, a Fibre Channel Analyzer, or other Remote Monitoring (RMON) probes.
Chapter 49 Configuring SPAN SPAN Destinations Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m • Each source port can be configured with a direction (ingress, egress, or both) to monitor. For VLAN, VSAN, port channel, and SAN port channel sources, the monitored direction can only be ingress and applies to all physical ports in the group. The rx/tx option is not available for VLAN or VSAN SPAN sessions. • Source ports can be in the same or different VLANs or VSANs.
Chapter 49 Configuring SPAN Configuring SPAN Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 49 Configuring SPAN Configuring SPAN Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Configuring an Ethernet Destination Port To configure an Ethernet interface as a SPAN destination port, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 switch(config)# interface ethernet slot/port Enters interface configuration mode for the specified Ethernet interface selected by the slot and port values.
Chapter 49 Configuring SPAN Configuring SPAN Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 49 Configuring SPAN Configuring SPAN Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To configure the source channels for a SPAN session, perform this task: Command Purpose switch(config-monitor)# source {interface {port-channel | san-port-channel} channel-number rx | vlan vlan-range | vsan vsan-range } Configures port channel, SAN port channel, VLAN, or VSAN sources. The monitored direction can only be ingress and applies to all physical ports in the group.
Chapter 49 Configuring SPAN Configuring SPAN Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Suspending or Activating a SPAN Session The default is to keep the session state shut. To open a session that duplicates packets from sources to destinations, perform this task: Command Purpose switch(config)# no monitor session {all | session-number} shut Opens the specified SPAN session or all sessions. The following example shows suspending a SPAN session: ...
Chapter 49 Configuring SPAN Configuring SPAN Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 50 Troubleshooting This chapter describes basic troubleshooting methods used to resolve issues with a Cisco Nexus 5000 Series switch.
Chapter 50 Troubleshooting Recovering a Lost Password Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m roles:network-admin network-operator Step 2 Assign a new network administrator password if your username has network-admin privileges. switch# configure terminal switch(config)# username admin password switch(config)# exit switch# Step 3 Save the configuration.
Chapter 50 Troubleshooting Using Ethanalyzer Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Step 8 Reset the new password to ensure that is it is also the SNMP password. switch# configure terminal switch(config)# username admin password switch(config)# exit switch# Step 9 Save the configuration.
Chapter 50 Troubleshooting Using Ethanalyzer Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m This example shows captured data (limited to four packets) on the management interface: switch# ethanalyzer local interface mgmt brief limit-captured-frames 4 Capturing on eth0 2005-01-25 07:18:08.997132 10.193.24.42 -> 10.200.0.103 TELNET Telnet Data ... 2005-01-25 07:18:09.166266 10.200.0.103 -> 10.193.24.
Chapter 50 Troubleshooting Troubleshooting Fibre Channel Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Destination port: telnet (23) Sequence number: 0 (relative sequence number) Acknowledgement number: 0 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0.
Chapter 50 Troubleshooting Troubleshooting Fibre Channel Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m To perform the fctrace operation, perform one of these tasks: Command Purpose switch# fctrace fcid 0xd70000 vsan 1 Route present for : 0xd70000 20:00:00:0b:46:00:02:82(0xfffcd5) Timestamp Invalid. 20:00:00:05:30:00:18:db(0xfffcd7) Timestamp Invalid. 20:00:00:05:30:00:18:db(0xfffcd7) Invokes fctrace for the specified FC ID of the destination N port.
Chapter 50 Troubleshooting Troubleshooting Fibre Channel Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m fcping The fcping feature verifies reachability of a node by checking its end-to-end connectivity. You can invoke the fcping feature by providing the FC ID, the destination port WWN, or the device alias information.
Chapter 50 Troubleshooting show tech-support Command Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Note The FC ID variable used in this procedure is the domain controller address; it is not a duplication of the domain ID.
Chapter 50 Troubleshooting show tech-support Command Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 50 Troubleshooting show tech-support Command Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 50 Troubleshooting show tech-support Command Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m System Image IP Address/Mask Switch WWN No of VSANs Configured VSANs VSAN 1: : 4.0(0) bootflash:/nuova-or-system-nsg.4.0.0.001.binnms-or-47 : 172.16.24.
Chapter 50 Troubleshooting show tech-support Command Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 50 Troubleshooting show tech-support Command Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 50 Troubleshooting show tech-support Command Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 50 Troubleshooting show tech-support Command Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Chapter 50 Troubleshooting Default Settings Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m CH A P T E R 51 Configuration Limits The features supported by the Cisco Nexus 5000 Series Switch have maximum configuration limits. For some of the features, we have verified configurations that support limits less that the maximum. Table 51-1 lists the Cisco verified limits and maximum limits for switches running Cisco NX-OS Release 4.0.x.
Chapter 51 Configuration Limits Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Index Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Index Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Index Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Index Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m recovering from link isolations trunking configuration ethanalyzer 38-14 35-3 port security comparison 46-1 saving to config database 46-5 sWWN lists 50-3 examples 46-4 verifying status AAA configurations 46-3 viewing active databases (procedure) 46-6 Exchange Fabric Membership Data.
Index Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Index Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Index Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m Hello time intervals isolated states configuring for FSPF description SFP types 40-6 36-9 32-15 suspended states 40-6 host ports 36-9 UDLD kinds of configuring 7-3 defined 5-5 5-2 VSAN membership I interface speed 37-6 5-4 interface statistics IDs Cisco vendor ID serial IDs description 16-11, 17-3 32-15 interoperability 26-16 configuring interop mode 1 IEEE 802.
Index Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m displaying information evaluation 4-5 grace period alerts MAC addresses 4-8 grace period expiration grace periods host IDs description 4-1 displaying information installation options 4-2 installing key files 4-4 installing manually 3-21 management interfaces.
Index Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m port priority root switch N port identifier virtualization. See NPIV 9-18, 9-19 N ports 9-16 secondary root switch switch priority FCS support 9-17 fctrace 9-20 CST 47-1 50-5 hard zoning defined 9-4 operations between regions enabling the mode 9-5 zone enforcement 38-13 zone membership 38-2 See also Nx ports 9-13 NP-ports IEEE 802.
Index Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Index Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Index Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Index Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m small computer system interface.
Index Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Index Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m TE port mode link state classes of service description merging traffic 32-4 restrictions 32-4 TE ports FCS support associated with VSANs 37-7 trunking protocol 50-5 40-1 interoperability 43-10 default settings default state recovering from link isolations trunking restrictions description 38-14 35-7 35-2 35-2 detecting port isolation 35-1 timeout values.
Index Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o . c o m specifying on AAA servers features 16-10, 16-11 users 37-1 flow statistics description FSPF 22-1 40-14 40-4 FSPF connectivity interop mode V isolated 40-1 43-10 37-8 vendor-specific attributes.
Index Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Index Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .
Index Se n d f e e d b a ck t o n x 5 0 0 0 - d o c f e e d b a ck @ c i s c o .