Switch Guide
Page 13
...-2 Configuring DHCHAP Authentication 19-3 Enabling DHCHAP 19-3 Configuring DHCHAP Authentication Modes 19-3 Configuring the DHCHAP Hash Algorithm 19-4 Configuring DHCHAP Groups 19-4 Configuring DHCHAP Passwords 19-4 Configuring Passwords for Other Devices 19-5 Configuring the DHCHAP Timeout Value 19-5 Default Fabric Security Settings 19-5 Configuring Port Security 20-1 Port Security Features 20-1 Enforcing Port Security 20-1 Configuring a Port Binding 20-2 Copying an Active Configuration to the Running Configuration 20-2 Deleting a Port Binding 20-3 About Auto...
...-2 Configuring DHCHAP Authentication 19-3 Enabling DHCHAP 19-3 Configuring DHCHAP Authentication Modes 19-3 Configuring the DHCHAP Hash Algorithm 19-4 Configuring DHCHAP Groups 19-4 Configuring DHCHAP Passwords 19-4 Configuring Passwords for Other Devices 19-5 Configuring the DHCHAP Timeout Value 19-5 Default Fabric Security Settings 19-5 Configuring Port Security 20-1 Port Security Features 20-1 Enforcing Port Security 20-1 Configuring a Port Binding 20-2 Copying an Active Configuration to the Running Configuration 20-2 Deleting a Port Binding 20-3 About Auto...
Switch Guide
Page 51
... offer fabric management and control through the command-line interface (CLI) by using the Simple Network Management Protocol (SNMP) services: • SNMP versions 1, 2, and 3 are reported to the switch. See the Cisco MDS 9000 Family MIB Reference Guide for secure user authentication and data encryption. • IP Access control lists (IP-ACLs)-Provide basic network security to all switches in the Cisco MDS 9000 Family. • Login requests from unauthorized Fibre Channel devices (Nx ports) and switches (xE ports) are rejected...
... offer fabric management and control through the command-line interface (CLI) by using the Simple Network Management Protocol (SNMP) services: • SNMP versions 1, 2, and 3 are reported to the switch. See the Cisco MDS 9000 Family MIB Reference Guide for secure user authentication and data encryption. • IP Access control lists (IP-ACLs)-Provide basic network security to all switches in the Cisco MDS 9000 Family. • Login requests from unauthorized Fibre Channel devices (Nx ports) and switches (xE ports) are rejected...
Switch Guide
Page 74
...; Create-Insert a new row into a table (if applicable). • Delete Row-Delete the selected row from a table (if applicable). • Copy (Ctrl-C)-Copy data from one row to another . • Apply Changes-Apply configuration changes. (Note: After making changes you enter the values required for controlling the behavior and appearance of the Device Manager. • Refresh-Update the current display. • Command Line Interface-Open a Telnet/SSH session...
...; Create-Insert a new row into a table (if applicable). • Delete Row-Delete the selected row from a table (if applicable). • Copy (Ctrl-C)-Copy data from one row to another . • Apply Changes-Apply configuration changes. (Note: After making changes you enter the values required for controlling the behavior and appearance of the Device Manager. • Refresh-Update the current display. • Command Line Interface-Open a Telnet/SSH session...
Switch Guide
Page 91
... - Port security - Read-only zones - VSAN-based access control - Fibre Channel Security Protocol (FC-SP) authentication • Advanced traffic engineering--Quality of Service (QoS) • Enhanced VSAN routing--inter-VSAN routing • FCIP protocol • FCIP compression • FCIP write acceleration OL-7753-01 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 5-3 Chapter 5 Obtaining and Installing Licenses Licensing Model Table 5-1 Feature-Based Licenses Feature License Standard package (free...
... - Port security - Read-only zones - VSAN-based access control - Fibre Channel Security Protocol (FC-SP) authentication • Advanced traffic engineering--Quality of Service (QoS) • Enhanced VSAN routing--inter-VSAN routing • FCIP protocol • FCIP compression • FCIP write acceleration OL-7753-01 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 5-3 Chapter 5 Obtaining and Installing Licenses Licensing Model Table 5-1 Feature-Based Licenses Feature License Standard package (free...
Switch Guide
Page 98
... CLI console messages, SNMP traps, syslog error messages, and Call Home messages on the Delete Row icon in Release 1.2(x). Note To delete a license, you want to January 29th • From January 30th, the FICON feature will run without a license for a grace period of the License Key File you purchased Cisco support through a Cisco reseller, contact the reseller directly. Updating Licenses If your network traffic...
... CLI console messages, SNMP traps, syslog error messages, and Call Home messages on the Delete Row icon in Release 1.2(x). Note To delete a license, you want to January 29th • From January 30th, the FICON feature will run without a license for a grace period of the License Key File you purchased Cisco support through a Cisco reseller, contact the reseller directly. Updating Licenses If your network traffic...
Switch Guide
Page 110
... Cisco, contact Cisco Technical Support at this time. • Space Verify that everyone who has access to the switch or the network is not specified, the switch uses the current running kickstart image. - Essential Upgrade Prerequisites Chapter 8 Software Images Essential Upgrade Prerequisites Before attempting to migrate to any software image version, follow these guidelines: • Customer Service Before performing any install procedure. Table 8-1 Term bootable impact Terms Specific...
... Cisco, contact Cisco Technical Support at this time. • Space Verify that everyone who has access to the switch or the network is not specified, the switch uses the current running kickstart image. - Essential Upgrade Prerequisites Chapter 8 Software Images Essential Upgrade Prerequisites Before attempting to migrate to any software image version, follow these guidelines: • Customer Service Before performing any install procedure. Table 8-1 Term bootable impact Terms Specific...
Switch Guide
Page 116
... status of every module. Viewing the State of a Module Chapter 9 Managing Modules Cisco MDS 9500 Series switches have completed successfully and the configuration is being downloaded. The switch detects insufficient power for a switching module to user traffic. The module has established connection with the supervisor and the switching module is enabled. This module is the standby supervisor module and that enters the active mode is dependent on which a module can exist. If the active module fails, the standby module...
... status of every module. Viewing the State of a Module Chapter 9 Managing Modules Cisco MDS 9500 Series switches have completed successfully and the configuration is being downloaded. The switch detects insufficient power for a switching module to user traffic. The module has established connection with the supervisor and the switching module is enabled. This module is the standby supervisor module and that enters the active mode is dependent on which a module can exist. If the active module fails, the standby module...
Switch Guide
Page 153
Default Settings Table 13-2 lists the default settings for more information. Table 13-2 Default Trunk Configuration Parameters Parameters Switch port trunk mode Allowed VSAN list Trunking protocol Default On 1 to the Cisco MDS 9000 Family Fabric Manager User Guide for trunking parameters. Refer to 4093 user-defined VSAN IDs Enabled OL-7753-01 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 13-5 Chapter 13 Configuring Trunking Default Settings The trunking protocol cannot detect merging of VSANs when a third-party switch is placed in between two Cisco MDS 9000...
Default Settings Table 13-2 lists the default settings for more information. Table 13-2 Default Trunk Configuration Parameters Parameters Switch port trunk mode Allowed VSAN list Trunking protocol Default On 1 to the Cisco MDS 9000 Family Fabric Manager User Guide for trunking parameters. Refer to 4093 user-defined VSAN IDs Enabled OL-7753-01 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 13-5 Chapter 13 Configuring Trunking Default Settings The trunking protocol cannot detect merging of VSANs when a third-party switch is placed in between two Cisco MDS 9000...
Switch Guide
Page 201
... user authentication and network service access information. Setting the RADIUS Server Address You can set RADIUS server addresses. You can add up to a central RADIUS server that secures networks against unauthorized access. You see the Radius dialog box with any security system currently available on the market. Chapter 18 Configuring Switch Security Configuring RADIUS • Setting Iterations of the RADIUS server, define vendor-specific attributes, and display RADIUS server details. In the Cisco implementation, RADIUS clients run on the Fabric Manager...
... user authentication and network service access information. Setting the RADIUS Server Address You can set RADIUS server addresses. You can add up to a central RADIUS server that secures networks against unauthorized access. You see the Radius dialog box with any security system currently available on the market. Chapter 18 Configuring Switch Security Configuring RADIUS • Setting Iterations of the RADIUS server, define vendor-specific attributes, and display RADIUS server details. In the Cisco implementation, RADIUS clients run on the Fabric Manager...
Switch Guide
Page 216
.... clear text (0)-Not encrypted A switch tries to connect to a RADIUS server once (1). admin. UDP port 1813. If the Telnet or SSH options are not specified, the command applies to expire. The default time-out is configured. No key is one (5) seconds. Disabled Allows access to all TACACS+ severs. Default Security Settings Chapter 18 Configuring Switch Security Default Security Settings Table 18-1 lists the default settings for all security features in each switch (for CLI and SNMP users) AAA authentication login Telnet server Accounting log file size...
.... clear text (0)-Not encrypted A switch tries to connect to a RADIUS server once (1). admin. UDP port 1813. If the Telnet or SSH options are not specified, the command applies to expire. The default time-out is configured. No key is one (5) seconds. Disabled Allows access to all TACACS+ severs. Default Security Settings Chapter 18 Configuring Switch Security Default Security Settings Table 18-1 lists the default settings for all security features in each switch (for CLI and SNMP users) AAA authentication login Telnet server Accounting log file size...
Switch Guide
Page 221
... 19 Configuring Fabric Security Configuring DHCHAP Authentication • PortChannel interfaces-If DHCHAP is enabled for ports belonging to access the configuration and verification commands for fabric authentication. Identify and configure the DHCHAP authentication modes. Configure the password for the local switch and other switches in the Cisco MDS 9000 Family. Configuring DHCHAP Authentication Modes The DHCHAP authentication status for reauthentication. If the connecting device does not support DHCHAP authentication, the software...
... 19 Configuring Fabric Security Configuring DHCHAP Authentication • PortChannel interfaces-If DHCHAP is enabled for ports belonging to access the configuration and verification commands for fabric authentication. Identify and configure the DHCHAP authentication modes. Configure the password for the local switch and other switches in the Cisco MDS 9000 Family. Configuring DHCHAP Authentication Modes The DHCHAP authentication status for reauthentication. If the connecting device does not support DHCHAP authentication, the software...
Switch Guide
Page 223
... fabric--when you add a new switch, you create a new password list and update all fabric security features in any switch. OL-7753-01 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 19-5 The time ranges from 20 (no authentication is different from the VSAN node WWN. This approach requires considerable password maintenance by SHA-1 for DHCHAP authentication auto-passive. This WWN is used to authenticate the...
... fabric--when you add a new switch, you create a new password list and update all fabric security features in any switch. OL-7753-01 Cisco MDS 9000 Fabric Manager Switch Configuration Guide 19-5 The time ranges from 20 (no authentication is different from the VSAN node WWN. This approach requires considerable password maintenance by SHA-1 for DHCHAP authentication auto-passive. This WWN is used to authenticate the...
Switch Guide
Page 297
... Gigabit Ethernet port where the FCIP links terminates. Create a FCIP interface, assign the profile to the profile. Basic FCIP Configuration To configure a FCIP link, follow these steps on the required switches in the fabric. Chapter 24 Configuring IP Storage Configuring FCIP • the local connection points (IP address and TCP port number) • the behavior of the underlying TCP connections for the FCIP link. • E port parameters-Trunking mode and trunk allowed VSAN list...
... Gigabit Ethernet port where the FCIP links terminates. Create a FCIP interface, assign the profile to the profile. Basic FCIP Configuration To configure a FCIP link, follow these steps on the required switches in the fabric. Chapter 24 Configuring IP Storage Configuring FCIP • the local connection points (IP address and TCP port number) • the behavior of the underlying TCP connections for the FCIP link. • E port parameters-Trunking mode and trunk allowed VSAN list...
Switch Guide
Page 303
... : The configured round-trip-time option determines the window scaling factor of multiple lost packet per round trip time. If the FCIP link has only one TCP connection, that data DSCP value is outlined below which TCP aggressively maintains a window size sufficient to all packets in that TCP allows before flow controlling the switch's egress path for window management. The default buffer size is enabled on Cisco MDS 9000 Family switches. The sender...
... : The configured round-trip-time option determines the window scaling factor of multiple lost packet per round trip time. If the FCIP link has only one TCP connection, that data DSCP value is outlined below which TCP aggressively maintains a window size sufficient to all packets in that TCP allows before flow controlling the switch's egress path for window management. The default buffer size is enabled on Cisco MDS 9000 Family switches. The sender...
Switch Guide
Page 304
... network has sufficient buffering, try increasing the CWM burst size beyond the default to discover and authenticate the link. You can also use the peer TCP port along with the IP address. • -Used to be configured on special frames. On the peer side, the special-frame option must first create the interface and enter the config-if submode. Optionally, you can also use the port...
... network has sufficient buffering, try increasing the CWM burst size beyond the default to discover and authenticate the link. You can also use the peer TCP port along with the IP address. • -Used to be configured on special frames. On the peer side, the special-frame option must first create the interface and enter the config-if submode. Optionally, you can also use the port...
Switch Guide
Page 314
....org, for information on a switch using Fabric Manager, follow these changes or click the Undo Changes icon to remove all switches in the fabric that you want to save these steps: 24-26 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01 By default, this feature, all switches in the Cisco MDS 9000 Family. The ISCSI tables display in all related configurations are only available when...
....org, for information on a switch using Fabric Manager, follow these changes or click the Undo Changes icon to remove all switches in the fabric that you want to save these steps: 24-26 Cisco MDS 9000 Fabric Manager Switch Configuration Guide OL-7753-01 By default, this feature, all switches in the Cisco MDS 9000 Family. The ISCSI tables display in all related configurations are only available when...
Switch Guide
Page 321
... to multiple Fibre Channel targets, each time the iSCSI host connects to the IPS module a new Fibre Channel N port is used on the initiator's pWWNs and/or nWWNs. By default, the switch uses the iSCSI node name to multiple IPS ports, each IP address it uses the same node name in one of two ways: system assignment or manual assignment. • System assignment-When a static mapping configuration is created...
... to multiple Fibre Channel targets, each time the iSCSI host connects to the IPS module a new Fibre Channel N port is used on the initiator's pWWNs and/or nWWNs. By default, the switch uses the iSCSI node name to multiple IPS ports, each IP address it uses the same node name in one of two ways: system assignment or manual assignment. • System assignment-When a static mapping configuration is created...
Switch Guide
Page 373
... specific Virtual network interface Cisco MDS 9000 Family specific VRRP configuration Cisco MDS 9000 Family specific VRRP engine Cisco MDS 9000 Family specific VSAN syslog Cisco MDS 9000 Family specific vshd Cisco MDS 9000 Family specific WWN manager Cisco MDS 9000 Family specific Xbar syslog Cisco MDS 9000 Family specific Zone server Cisco MDS 9000 Family specific Table 28-2 describes the severity levels supported by the system message logs. OL-7753-01 Cisco MDS 9000 Fabric Manager Switch Configuration Guide...
... specific Virtual network interface Cisco MDS 9000 Family specific VRRP configuration Cisco MDS 9000 Family specific VRRP engine Cisco MDS 9000 Family specific VSAN syslog Cisco MDS 9000 Family specific vshd Cisco MDS 9000 Family specific WWN manager Cisco MDS 9000 Family specific Xbar syslog Cisco MDS 9000 Family specific Zone server Cisco MDS 9000 Family specific Table 28-2 describes the severity levels supported by the system message logs. OL-7753-01 Cisco MDS 9000 Fabric Manager Switch Configuration Guide...
Switch Guide
Page 395
... destination port. • Frames dropped by a source port are not spanned. This feature is connected to 16 SPAN sessions with multiple ingress (rx) sources. • You can configure a maximum of three SPAN sessions with one egress (tx) port. • In a 32-port switching module, you can use SPAN to be physically connected. • Supports only 1 Gbps or 2 Gbps speeds. Without SPAN You can monitor traffic using the switchport mode command. • The outgoing frames can...
... destination port. • Frames dropped by a source port are not spanned. This feature is connected to 16 SPAN sessions with multiple ingress (rx) sources. • You can configure a maximum of three SPAN sessions with one egress (tx) port. • In a 32-port switching module, you can use SPAN to be physically connected. • Supports only 1 Gbps or 2 Gbps speeds. Without SPAN You can monitor traffic using the switchport mode command. • The outgoing frames can...
Switch Guide
Page 398
... SD port Default Active. Default SPAN Settings Table 30-1 lists the default settings for all captured frames. Remote SPAN The Remote SPAN (RSPAN) feature enables you to the same Fibre Channel fabric. The Fibre Channel tunnel is attached to remotely monitor traffic for any remote Cisco MDS 9000 Family switch or director, just as you would monitor traffic in any SPAN source ports. Disabled. A destination switch is usually different from the source switch to TE ports, the RSPAN feature uses two other interface types...
... SD port Default Active. Default SPAN Settings Table 30-1 lists the default settings for all captured frames. Remote SPAN The Remote SPAN (RSPAN) feature enables you to the same Fibre Channel fabric. The Fibre Channel tunnel is attached to remotely monitor traffic for any remote Cisco MDS 9000 Family switch or director, just as you would monitor traffic in any SPAN source ports. Disabled. A destination switch is usually different from the source switch to TE ports, the RSPAN feature uses two other interface types...