User Guide
Page 46
... commands and directing such traffic to be changed. 2.0(1b) Chapter 28, "Configuring RADIUS and TACACS+" IP Security (IPsec) Provides security services at the IP layer, including protecting one or more data flows between a pair of hosts, between a security gateway and a host. 2.0(1b) Chapter 30, "Configuring .... 2.0(1b) Chapter 50, "Monitoring System Processes and Logs" Cisco MDS 9000 Family Configuration Guide xlvi OL-6973-03, Cisco MDS SAN-OS Release 2.x New and Changed Information Send documentation comments to the Cisco MDS 9000 Family. The default size of the link to the...
... commands and directing such traffic to be changed. 2.0(1b) Chapter 28, "Configuring RADIUS and TACACS+" IP Security (IPsec) Provides security services at the IP layer, including protecting one or more data flows between a pair of hosts, between a security gateway and a host. 2.0(1b) Chapter 30, "Configuring .... 2.0(1b) Chapter 50, "Monitoring System Processes and Logs" Cisco MDS 9000 Family Configuration Guide xlvi OL-6973-03, Cisco MDS SAN-OS Release 2.x New and Changed Information Send documentation comments to the Cisco MDS 9000 Family. The default size of the link to the...
User Guide
Page 64
... protected from system failure by using dual supervisor modules. • Ensures nondisruptive software upgrade capability. The switches are configurable for both FCIP and iSCSI operation on this module, including IPsec and hardware compression. • The Cisco MDS 9500 Series switches support the 32-port Fibre Channel Storage Services Module (SSM). The SSM enables pooling of which can control...
... protected from system failure by using dual supervisor modules. • Ensures nondisruptive software upgrade capability. The switches are configurable for both FCIP and iSCSI operation on this module, including IPsec and hardware compression. • The Cisco MDS 9500 Series switches support the 32-port Fibre Channel Storage Services Module (SSM). The SSM enables pooling of which can control...
User Guide
Page 65
... down . Cisco Fabric Services The Cisco SAN-OS software uses the Cisco Fabric Services (CFS) infrastructure to enable efficient database distribution and to mdsfeedback-doc@cisco.com. • Protects against link failure using Call Home troubleshooting features • Displays LEDs that summarize the status of each other to ensure that ensure continued service with each switching or services module, supervisor module, power...
... down . Cisco Fabric Services The Cisco SAN-OS software uses the Cisco Fabric Services (CFS) infrastructure to enable efficient database distribution and to mdsfeedback-doc@cisco.com. • Protects against link failure using Call Home troubleshooting features • Displays LEDs that summarize the status of each other to ensure that ensure continued service with each switching or services module, supervisor module, power...
User Guide
Page 69
...IP storage port and any other Cisco MDS 9000 Family switching modules including VSANs, security, and traffic management. Simplifies data protection and business continuance strategies by allowing...The Cisco MDS 9000 Family IP services module, the 14/2-port Multiprotocol Service module, and the Cisco MDS 9216i Switch integrate seamlessly into the Cisco MDS 9000 Family of services ... The fabric binding feature helps prevent unauthorized switches from FICON processors. FICON Fibre Connection (FICON) interface capabilities enhance the Cisco MDS 9000 Family by -port basis. • FCIP ...
...IP storage port and any other Cisco MDS 9000 Family switching modules including VSANs, security, and traffic management. Simplifies data protection and business continuance strategies by allowing...The Cisco MDS 9000 Family IP services module, the 14/2-port Multiprotocol Service module, and the Cisco MDS 9216i Switch integrate seamlessly into the Cisco MDS 9000 Family of services ... The fabric binding feature helps prevent unauthorized switches from FICON processors. FICON Fibre Connection (FICON) interface capabilities enhance the Cisco MDS 9000 Family by -port basis. • FCIP ...
User Guide
Page 72
..., negotiates IPsec security associations, and establishes IPsec keys. Fabric Management Cisco MDS 9000 Family switches offer fabric management and control through the command-line interface (CLI) by using the Simple Network Management Protocol (SNMP) services: • SNMP versions 1, 2c, and 3 are viewed through...Chapter 27, "Configuring SNMP." • Remote Monitoring (RMON) allows you to protect one or more data flows between a pair of hosts, between a pair of security gateways, or between Cisco MDS 9000 Family switches and other protocols, its initial implementation is a framework of...
..., negotiates IPsec security associations, and establishes IPsec keys. Fabric Management Cisco MDS 9000 Family switches offer fabric management and control through the command-line interface (CLI) by using the Simple Network Management Protocol (SNMP) services: • SNMP versions 1, 2c, and 3 are viewed through...Chapter 27, "Configuring SNMP." • Remote Monitoring (RMON) allows you to protect one or more data flows between a pair of hosts, between a pair of security gateways, or between Cisco MDS 9000 Family switches and other protocols, its initial implementation is a framework of...
User Guide
Page 111
...switch is automatically disabled by the switch. Third-party partner applications Licensing High Availability As with the Advanced Services Modules (ASMs) and Storage Services Modules (SSMs). • The network-based storage applications running on the ASM and SSM that require the...valid license key for all switches in the Cisco MDS 9000 Family: • Installing any license in all switches. • Enabling a license feature without a license key starts a counter on both supervisor modules and provides failover protection. Chapter 3 Obtaining and Installing Licenses Licensing...
...switch is automatically disabled by the switch. Third-party partner applications Licensing High Availability As with the Advanced Services Modules (ASMs) and Storage Services Modules (SSMs). • The network-based storage applications running on the ASM and SSM that require the...valid license key for all switches in the Cisco MDS 9000 Family: • Installing any license in all switches. • Enabling a license feature without a license key starts a counter on both supervisor modules and provides failover protection. Chapter 3 Obtaining and Installing Licenses Licensing...
User Guide
Page 221
...) feature. This feature is also available in switches in the Cisco MDS 9100 Series and the Cisco MDS 9200 Series. • Protects against link failure using dual supervisor modules. • Performs nondisruptive restarts of multilayer directors support application restartability and nondisruptive supervisor switchability. A service running on the supervisor modules and on this policy. This chapter includes the following : •...
...) feature. This feature is also available in switches in the Cisco MDS 9100 Series and the Cisco MDS 9200 Series. • Protects against link failure using dual supervisor modules. • Performs nondisruptive restarts of multilayer directors support application restartability and nondisruptive supervisor switchability. A service running on the supervisor modules and on this policy. This chapter includes the following : •...
User Guide
Page 375
...• Per VSAN fabric services-Replication of fabric services on a per VSAN basis provides increased scalability and availability. • Redundancy-Several VSANs created on top of a SAN. If one VSAN fails, redundant protection (to another only requires configuration... at the port level, not at a physical level. OL-6973-03, Cisco MDS SAN-OS Release 2.x Cisco...
...• Per VSAN fabric services-Replication of fabric services on a per VSAN basis provides increased scalability and availability. • Redundancy-Several VSANs created on top of a SAN. If one VSAN fails, redundant protection (to another only requires configuration... at the port level, not at a physical level. OL-6973-03, Cisco MDS SAN-OS Release 2.x Cisco...
User Guide
Page 521
... (FC-SP), LUN zoning, read-only zones, and VSAN-based access control. Port performance and statistics. Cisco MDS-Supported FICON Features The Cisco MDS 9000 Family FICON features include: • Flexibility and investment protection-The Cisco MDS 9000 Family shares common switching and service modules across all major components for switches and attached node devices. The 1.44...
... (FC-SP), LUN zoning, read-only zones, and VSAN-based access control. Port performance and statistics. Cisco MDS-Supported FICON Features The Cisco MDS 9000 Family FICON features include: • Flexibility and investment protection-The Cisco MDS 9000 Family shares common switching and service modules across all major components for switches and attached node devices. The 1.44...
User Guide
Page 607
... deleted for the message authentication and integrity protection of SNMP PDU provides no security. SNMPv3 CLI User Management and AAA Integration The Cisco SAN-OS software implement RFC 3414 and ...RFC 3415, including user-based security model (USM) and role-based access control. While SNMP and the ...Integration Send documentation comments to leverage the user authentication service of AAA server. OL-6973-03, Cisco MDS SAN-OS Release 2.x Cisco MDS 9000 Family Configuration Guide 27-3 This centralized ...
... deleted for the message authentication and integrity protection of SNMP PDU provides no security. SNMPv3 CLI User Management and AAA Integration The Cisco SAN-OS software implement RFC 3414 and ...RFC 3415, including user-based security model (USM) and role-based access control. While SNMP and the ...Integration Send documentation comments to leverage the user authentication service of AAA server. OL-6973-03, Cisco MDS SAN-OS Release 2.x Cisco MDS 9000 Family Configuration Guide 27-3 This centralized ...
User Guide
Page 659
... IPsec provides security services at the IP layer, including protecting one or more data flows between a pair of hosts, between a pair of security gateways, or between participating peers. While IKE can be used by the Internet Engineering Task Force (IETF). Cisco SAN-OS IPsec ... to handle protocol and algorithm negotiation and to generate the encryption and authentication keys to be used to describe only the data services. Send documentation comments to mdsfeedback-doc@cisco.com. 30 C H A P T E R Configuring IPsec Network Security IP Security (IPsec) Protocol is a framework of...
... IPsec provides security services at the IP layer, including protecting one or more data flows between a pair of hosts, between a pair of security gateways, or between participating peers. While IKE can be used by the Internet Engineering Task Force (IETF). Cisco SAN-OS IPsec ... to handle protocol and algorithm negotiation and to generate the encryption and authentication keys to be used to describe only the data services. Send documentation comments to mdsfeedback-doc@cisco.com. 30 C H A P T E R Configuring IPsec Network Security IP Security (IPsec) Protocol is a framework of...
User Guide
Page 660
... headers, plus the outer IP header in Cisco SAN-OS software supports the Encapsulating Security Payload (ESP) protocol. This service is a header inserted into the interface maximum transmission unit (MTU). With IPsec, data can be protected and provides data privacy services, optional data authentication, and optional anti-replay services. Note The Encapsulating Security Payload (ESP...
... headers, plus the outer IP header in Cisco SAN-OS software supports the Encapsulating Security Payload (ESP) protocol. This service is a header inserted into the interface maximum transmission unit (MTU). With IPsec, data can be protected and provides data privacy services, optional data authentication, and optional anti-replay services. Note The Encapsulating Security Payload (ESP...
User Guide
Page 663
...SPDs are derived from the term tunnel used to both integrity and authentication (data origin authentication is dependent on behalf of any. The Cisco SAN-OS implementation of IPsec does not support transport mode. Traffic matching a specific combination of crypto maps. - A policy decides if...hosts and subnets. Data integrity-Verifies that the data was actually sent by the claimed sender. • Data confidentiality-A security service where the protected data cannot be allowed in the IPsec packet. Mode of operation-Two modes of a sequence number combined with a derived shared...
...SPDs are derived from the term tunnel used to both integrity and authentication (data origin authentication is dependent on behalf of any. The Cisco SAN-OS implementation of IPsec does not support transport mode. Traffic matching a specific combination of crypto maps. - A policy decides if...hosts and subnets. Data integrity-Verifies that the data was actually sent by the claimed sender. • Data confidentiality-A security service where the protected data cannot be allowed in the IPsec packet. Mode of operation-Two modes of a sequence number combined with a derived shared...
User Guide
Page 797
...module limits the maximum size of iSCSI write data-out PDU that the iSCSI host can receive. However, a small maximum data segment length usually results in the PDU over store-and-forward mode. This helps protect...iSCSI Routing Modes Cisco MDS 9000 Family...module or MPS 14/2 module achieves this mode is received before forwarding it converts, or splits, the PDU, and forwards Fibre Channel frames to the iSCSI client. QoS To set the QoS values, follow these steps: Step 1 Command switch(config-if)# qos 3 Step 2 switch(config-if)# no qos 5 Purpose Configure the differentiated services...
...module limits the maximum size of iSCSI write data-out PDU that the iSCSI host can receive. However, a small maximum data segment length usually results in the PDU over store-and-forward mode. This helps protect...iSCSI Routing Modes Cisco MDS 9000 Family...module or MPS 14/2 module achieves this mode is received before forwarding it converts, or splits, the PDU, and forwards Fibre Channel frames to the iSCSI client. QoS To set the QoS values, follow these steps: Step 1 Command switch(config-if)# qos 3 Step 2 switch(config-if)# no qos 5 Purpose Configure the differentiated services...
User Guide
Page 884
...protection to the Gigabit Ethernet port for iSCSI and FCIP Services VRRP provides a redundant alternate path to an alternate Gigabit Ethernet interface so the IP address is always available (see Figure 37-4). Enters the interface configuration mode on page 36-16. VRRP for iSCSI and FCIP services.... 2, port 2). Figure 37-4 VRRP Scenario Switch 1 10.1.1.10 VRRP master IPS module IPS module 10.1.1.30 VRRP backup VRRP group virtual IP 10.1.1.100 L2 switch IP network Connect to mdsfeedback-doc@cisco.com. VRRP group members can be IP storage Gigabit Ethernet ports. Configuring VRRP for...
...protection to the Gigabit Ethernet port for iSCSI and FCIP Services VRRP provides a redundant alternate path to an alternate Gigabit Ethernet interface so the IP address is always available (see Figure 37-4). Enters the interface configuration mode on page 36-16. VRRP for iSCSI and FCIP services.... 2, port 2). Figure 37-4 VRRP Scenario Switch 1 10.1.1.10 VRRP master IPS module IPS module 10.1.1.30 VRRP backup VRRP group virtual IP 10.1.1.100 L2 switch IP network Connect to mdsfeedback-doc@cisco.com. VRRP group members can be IP storage Gigabit Ethernet ports. Configuring VRRP for...
User Guide
Page 898
Configuration Status: success Example 38-4 Displays SCSI Flow Services Statistics for All SCSI Flow Identifiers switch# show scsi-flow statistics Stats for flow-id 4 LUN=0x0000 Read Stats I/O Total count=2 I/O Timeout count=0 I/O ...28 Sense Key Data Protect=0 Sense Key Blank Check=0 Sense Key Copy Aborted=0 Sense Key Aborted Command=0 Sense Key Volume Overflow=0 Sense Key Miscompare=0 38-8 Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x Displaying SCSI Flow Services Information Chapter 38 Configuring SCSI Flow Services and Statistics Send ...
Configuration Status: success Example 38-4 Displays SCSI Flow Services Statistics for All SCSI Flow Identifiers switch# show scsi-flow statistics Stats for flow-id 4 LUN=0x0000 Read Stats I/O Total count=2 I/O Timeout count=0 I/O ...28 Sense Key Data Protect=0 Sense Key Blank Check=0 Sense Key Copy Aborted=0 Sense Key Aborted Command=0 Sense Key Volume Overflow=0 Sense Key Miscompare=0 38-8 Cisco MDS 9000 Family Configuration Guide OL-6973-03, Cisco MDS SAN-OS Release 2.x Displaying SCSI Flow Services Information Chapter 38 Configuring SCSI Flow Services and Statistics Send ...
User Guide
Page 899
Example 38-5 Displays SCSI Flow Services Statistics for a Specific SCSI Flow Identifier switch# show scsi-flow statistics flow-id 4 Stats for flow-id 4 LUN=0x0000 Read Stats I/O Total count=2 I/O Timeout count=0 I/O ...=28 Sense Key Data Protect=0 Sense Key Blank Check=0 Sense Key Copy Aborted=0 Sense Key Aborted Command=0 Sense Key Volume Overflow=0 Sense Key Miscompare=0 OL-6973-03, Cisco MDS SAN-OS Release 2.x Cisco MDS 9000 Family Configuration Guide 38-9 Chapter 38 Configuring SCSI Flow Services and Statistics Displaying SCSI Flow Services Information Send documentation comments...
Example 38-5 Displays SCSI Flow Services Statistics for a Specific SCSI Flow Identifier switch# show scsi-flow statistics flow-id 4 Stats for flow-id 4 LUN=0x0000 Read Stats I/O Total count=2 I/O Timeout count=0 I/O ...=28 Sense Key Data Protect=0 Sense Key Blank Check=0 Sense Key Copy Aborted=0 Sense Key Aborted Command=0 Sense Key Volume Overflow=0 Sense Key Miscompare=0 OL-6973-03, Cisco MDS SAN-OS Release 2.x Cisco MDS 9000 Family Configuration Guide 38-9 Chapter 38 Configuring SCSI Flow Services and Statistics Displaying SCSI Flow Services Information Send documentation comments...
User Guide
Page 1082
... manually 3-6 mainframe package 3-4 module-based 3-3 obtaining key files 3-7 SAN extension package 3-4 Storage Services Enabler package 3-5 terminology 3-2 IN-16 Cisco MDS 9000 Family Configuration Guide transferring between switches 3-12 licensing description 1-4 link cost 21-2 link failure protection against 8-1 link redundancy Ethernet PortChannels..., example 23-4 IVR zoning 18-23 LUN zoning description 19-17 M MAC= keyword 29-6 mainframe OL-6973-03, Cisco MDS SAN-OS Release 2.x kernel core dumps 50-8 configuring 50-9 kickstart images KICKSTART variable 6-1 loading system images 6-28 ...
... manually 3-6 mainframe package 3-4 module-based 3-3 obtaining key files 3-7 SAN extension package 3-4 Storage Services Enabler package 3-5 terminology 3-2 IN-16 Cisco MDS 9000 Family Configuration Guide transferring between switches 3-12 licensing description 1-4 link cost 21-2 link failure protection against 8-1 link redundancy Ethernet PortChannels..., example 23-4 IVR zoning 18-23 LUN zoning description 19-17 M MAC= keyword 29-6 mainframe OL-6973-03, Cisco MDS SAN-OS Release 2.x kernel core dumps 50-8 configuring 50-9 kickstart images KICKSTART variable 6-1 loading system images 6-28 ...