Cisco SN 5428-2 Storage Router Software Configuration Guide, Release 3.2
Chapter 11 - Command Line Interface Reference
Downloads: This chapterpdf (PDF - 4.1MB) The complete bookPDF (PDF - 7.29MB) | Feedback

Command Line Interface Reference

Table Of Contents

Command Line Interface Reference

About CLI Commands

CLI Usage Tips

CLI Commands

aaa authentication enable

aaa authentication iscsi

aaa authentication login

aaa generate password

aaa group server radius

aaa group server radius deadtime

aaa group server radius server

aaa group server tacacs+

aaa group server tacacs+ server

aaa new-model

aaa test authentication

accesslist

accesslist A.B.C.D/bits

accesslist chap-username

accesslist description

accesslist iscsi-name

admin contactinfo

admin password

cdp enable

cdp holdtime

cdp interface

cdp timer

clear conf

clear conf {all | system}

clear counters interface

clear counters scsirouter

clear fcswitch

clear log

clear logging table

clear scsirouter failover

clear scsirouter primary

clock set

clock timezone

copy

debug aaa

debug cmd

debug interface

debug interface fc?

debug interface ge?

debug ip rip;

debug scsirouter

debug scsirouter target

delete accesslist

delete fcalias

delete logging

delete savedconfig

delete script

delete scsirouter

delete software version

delete zone

delete zoneset

download software

enable

exit

failover eligibility

failover scsirouter

fcalias

fcalias member

fcswitch beacon enable

fcswitch devlog

fcswitch devlog enable

fcswitch diag

fcswitch domainid

fcswitch dstov

fcswitch edtov

fcswitch enable

fcswitch fstov

fcswitch interop-credit

fcswitch log interface

fcswitch ratov

fcswitch syslog

fcswitch syslog enable

fcswitch zoning autosave

fcswitch zoning default

fcswitch zoning merge

halt

help

hostname

interface fc? al-fairness

interface fc? default

interface fc? diag

interface fc? enable

interface fc? ext-credit

interface fc? fan-enable

interface fc? linkspeed

interface fc? loopback

interface fc? mfs-bundle

interface fc? ms-enable

interface fc? reset

interface fc? rscn

interface fc? type

interface fci? devicediscoverytimer

interface ge?

interface ge? ip-address

interface ha

interface ha ip-address

interface mgmt

interface mgmt ip-address

ip default-gateway

ip domain-name

ip name-server

ip radius sourceinterface

ip rip enable

ip rip timers

ip route

ip tacacs sourceinterface

logging #?

logging level

logging on

logging syslog

logout

monitor password

ntp peer

ping

radius-server deadtime

radius-server host

radius-server key

radius-server retransmit

radius-server timeout

read script

reboot

restore aaa

restore accesslist

restore all

restore fcswitch

restore scsirouter

restore system

restore vlan

restrict

restrict console

save aaa

save accesslist

save all

save fcswitch

save scsirouter

save system

save vlan

scsirouter

scsirouter authentication

scsirouter cdbretrycount

scsirouter description

scsirouter enable

scsirouter failover

scsirouter lun reset

scsirouter password

scsirouter primary

scsirouter reserveproxy

scsirouter serverif

scsirouter slp enable

scsirouter target accesslist

scsirouter target crc

scsirouter target description

scsirouter target enable

scsirouter target {serial | lunid | wwpn} #?

scsirouter target lun lunid

scsirouter target lun serial

scsirouter target lun wwpn lun

scsirouter target profile

scsirouter target wwpn

scsirouter username

session-timeout

setup

setup access

setup cluster

setup iscsi-port

setup mgmt

setup netmgmt

setup scsi

setup time

show aaa

show accesslist

show admin

show boot

show bootconfig

show buffers

show cdp

show cdp entry

show cdp interface

show cdp neighbors

show cdp traffic

show cli

show clock

show cluster

show cpu

show crash

show debug

show debug fcswitch

show debug interface fc?

show debug interface ge?

show debug scsirouter

show devices

show diagnostics

show fcalias

show fcswitch

show fcswitch eport

show fcswitch fabric

show fcswitch global-nameserver

show fcswitch linkstate

show fcswitch nameserver

show ha

show interface

show ip

show logging

show memory

show modules

show restrict

show route

show runningconfig

show savedconfig

show script

show scsirouter

show sessions

show slp

show snmp

show software version

show ssh

show ssh fingerprint

show stack

show system

show task

show tech-support

show telnet

show version

show vlan

show vtp

show zone

show zoneset

slp findattrs

slp findsrvs

slp findsrvtypes

snmp-server

software http url

software http username

software proxy

software proxy url

software proxy username

software tftp

software version

ssh enable

ssh keygen

tacacs-server host

tacacs-server key

tacacs-server timeout

telnet enable

username password

verify software version

vlan

vtp domain

vtp mode

zone

zone member

zoneset

zoneset enable

zoneset zone


Command Line Interface Reference


The Cisco SN 5428-2 Storage Router provides three interfaces for operation, configuration, administration, maintenance, and support tasks: command line interface (CLI), web-based GUI, and SNMP.

This chapter documents the storage router CLI. For help on the web-based GUI, point your browser to the storage router's management interface IP address. After logging on, click the Help link to access the online help system.

This chapter provides information about the following CLI topics:

About CLI Commands

CLI Usage Tips

CLI Commands

About CLI Commands

This chapter lists all possible CLI commands. However, the set of CLI commands and keywords that are available to you depends on the level of authority associated with your CLI management session and the deployment option selected for the SN 5428-2 Storage Router during initial configuration.

Use the show cli command to view all CLI commands and keywords that are valid for your current CLI management session.

CLI Usage Tips

Commands and keywords can be truncated at any point after they are unique.

Use the Tab key to complete the current word.

Use the question mark ( ? ) key to list all of the options available at that point in the command line.

CLI commands and keywords are not case-sensitive. Commands and keywords can be entered in any case (including mixed case).

User-defined strings are case-sensitive. User-defined strings must be entered in the appropriate case (including mixed case). Case for user-defined strings is preserved in the configuration.

An asterisk ( * ) at the beginning of the CLI command prompt indicates that the system configuration has been changed but not saved.

CLI Commands

This section lists all CLI commands in alphabetical order. The no form of any command is shown with the primary command entry. Command information includes syntax, defaults, mode, history, usage guidelines, examples, and related commands.

aaa authentication enable

To configure authentication, authorization and accounting (AAA) authentication services for Administrator mode access to the CLI (via the CLI enable command), use the aaa authentication enable command. To disable this authentication, use the no form of this command.

aaa authentication enable default services1 [services2...]

no aaa authentication enable default

Syntax Description

default

The name of the authentication list. The list name must be default.

services1 [services2...]

At least one of the services described in Table 11-1.


Defaults

If the default list is not configured, only the Administrator mode password is checked. This has the same effect as the following command:

aaa authentication enable default enable

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Administrator mode access ("Enable") authentication uses AAA authentication services to provide authentication of users that request Administrator mode access to the storage router via the CLI enable command. Because the enable command does not require the user to enter a user name, the special user name $enab15$ is used if RADIUS or TACACS+ servers are used for authentication.

AAA attempts to use each service in the order listed in the default authentication list, until authentication succeeds or fails. If the service fails to find a user name and password match, authentication fails and access is denied. If AAA returns an error (because the RADIUS or TACACS+ server is not available, for example), AAA attempts to use the next service in the list for authentication. To specify that the authentication should succeed even if all methods return an error (not if they return an authentication failure), specify none as the final method in the command line. Use the show aaa command to display the current authentication lists.

In a cluster environment, AAA management functions are handled by a single storage router. To determine which storage router is performing AAA management functions, issue the show cluster command. If you issue the aaa authentication enable command from a storage router that is not performing AAA management functions, the CLI displays an informational message with the name of the node that is currently handling those functions.


Note Enable authentication extends to users accessing the storage router via an FTP session. An FTP session requires the user name admin and the password that would be entered for the CLI enable command.


In Table 11-1, the group radius and group tacacs+ methods refer to all previously defined RADIUS or TACACS+ servers; the group name method refers to a previously defined group of one or more RADIUS or TACACS+ servers. Use the radius-server host and tacacs-server host commands to configure the servers, and the aaa group server radius and aaa group server tacacs+ commands to create server groups.

Table 11-1 aaa authentication enable default services

Keyword
Description

enable

Uses the configured Administrator mode password for authentication.

group name

Uses a named group of defined RADIUS or TACACS+ servers for authentication, using the user name $enab15$.

group radius

Uses the list of all RADIUS servers for authentication, using the user name $enab15$.

group tacacs+

Uses the list of all TACACS+ servers for authentication, using the user name $enab15$.

monitor

Uses the configured Monitor mode password for authentication.

none

Uses no authentication.


Examples

The following example creates a default AAA authentication list to be used to perform Enable authentication. When Administrator access of the storage router is requested via the CLI enable command, AAA first attempts to contact a RADIUS server, using the $enab15$ username and the entered password. If no server is found, AAA returns an error and authentication is performed by checking the entered password against the configured Administrator mode password. If there is no match, authentication fails and the user is denied Administrator access.

[SN5428-2A]# aaa authentication enable default group radius enable

Related Commands

Command
Description

aaa group server radius

Create a named group of RADIUS servers for AAA authentication services.

aaa group server tacacs+

Create a named group of TACACS+ servers for AAA authentication services.

aaa authentication login

Configure AAA authentication services for Monitor mode access to the SN 5428-2 Storage Router via the CLI.

aaa test authentication

Enable testing of the specified AAA authentication list.

debug aaa

Enable debugging for the AAA authentication services.

radius-server host

Configure remote RADIUS servers for AAA authentication services.

restore aaa

Restore AAA authentication services from the named configuration file.

save aaa

Save the current AAA configuration information.

show aaa

Display AAA configuration information.

tacacs-server host

Configure remote TACACS+ servers for AAA authentication services.


aaa authentication iscsi

To configure authentication, authorization and accounting (AAA) authentication services for iSCSI authentication of IP hosts requesting access to storage via SCSI routing instances, use the aaa authentication iscsi command. To disable this authentication, use the no form of this command.

aaa authentication iscsi {listname | default} services1 [services2...]

no aaa authentication iscsi {listname | default}

Syntax Description

listname

The name of the authentication list. Enter a maximum of 31 characters.

default

The name of the default authentication list.

services1 [services2...]

At least one of the services described in Table 11-2.


Defaults

If iSCSI authentication is enabled and the named authentication list is not configured, authentication fails.

If iSCSI authentication is enabled using the default list but the default list is not configured, only the local user database is selected. This has the same effect as the following command:

aaa authentication iscsi default local

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

iSCSI authentication uses AAA authentication services to provide authentication of IP hosts that request access to storage from SCSI routing instances that have authentication enabled.

AAA attempts to use each service in the order listed in the specified iSCSI authentication list, until authentication succeeds or fails. If the service fails to find a user name match, authentication fails. If AAA returns an error (because the RADIUS or TACACS+ server is not available, for example), AAA attempts to use the next service in the list for authentication.

If either local or local-case is the first service on the iSCSI authentication list and AAA fails to find a user name match, AAA attempts to use the next method on the list for authentication. If the local or local-case service is in any other position on the list and AAA fails to find a user name match, authentication fails and access is denied. If a RADIUS or TACACS+ server fails to find a user name match (regardless of position on the iSCSI authentication list), authentication fails and access is denied.

Use the show aaa command to display the current authentication lists.

In a cluster environment, AAA management functions are handled by a single storage router. To determine which storage router is performing AAA management functions, issue the show cluster command. If you issue the aaa authentication iscsi command from a storage router that is not performing AAA management functions, the CLI displays an informational message with the name of the node that is currently handling those functions.

In Table 11-2, the group radius and group tacacs+ methods refer to all previously defined RADIUS or TACACS+ servers; the group name method refers to a group of one or more RADIUS or TACACS+ servers. Use the radius-server host and tacacs-server host commands to configure the servers, and the aaa group server radius and aaa group server tacacs+ commands to create server groups.


Note A named server group must be defined to be used as an authentication method. However, verification of server groups occurs only at runtime. If a server group is not defined, the authentication process generates error messages and the server group is skipped. This could cause unexpected authentication failures.


Table 11-2 aaa authentication iscsi services

Keyword
Description

group name

Uses a named group of defined RADIUS or TACACS+ servers for authentication.

group radius

Uses the list of all RADIUS servers for authentication.

group tacacs+

Uses the list of all TACACS+ servers for authentication.

local

Uses the local username database for authentication.

local-case

Uses case-sensitive local username authentication.

none

Uses no authentication.


If the local authentication service is selected, the user name validation is not case-sensitive. If local-case authentication service is selected, the user name validation is case-sensitive. The password validation for both the local service and the local-case service is case-sensitive.

Examples

The following example creates a new AAA authentication list named webtest and enables iSCSI authentication for the SCSI routing instance named myCompanyWebserver2, using the webtest authentication list. When iSCSI authentication is required, AAA first tries to use the local username database for authentication. If no match is found, AAA attempts to contact a TACACS+ server. If no server is found, AAA returns an error and the user is allowed access with no authentication.

[SN5428-2A]# aaa authentication iscsi webtest local group tacacs+ none
[SN5428-2A]# scsirouter myCompanyWebserver2 authentication webtest

Related Commands

Command
Description

aaa group server radius

Create a named group of RADIUS servers for AAA authentication services.

aaa group server tacacs+

Create a named group of TACACS+ servers for AAA authentication services.

aaa test authentication

Enable testing of the specified AAA authentication list.

debug aaa

Enable debugging for the AAA authentication services.

radius-server host

Configure remote RADIUS servers for AAA authentication services.

restore aaa

Restore AAA authentication services from the named configuration file.

save aaa

Save the current AAA configuration information.

scsirouter authentication

Enable iSCSI authentication for the named SCSI routing instance.

show aaa

Display AAA configuration information.

tacacs-server host

Configure remote TACACS+ servers for AAA authentication services.


aaa authentication login

To configure authentication, authorization and accounting (AAA) authentication services for Monitor mode access to the storage router via the CLI, use the aaa authentication login command. To disable this authentication, use the no form of this command.

aaa authentication login default services1 [services2...]

no aaa authentication login default

Syntax Description

default

The name of the authentication list. The list name must be default.

services1 [services2...]

At least one of the services described in Table 11-3.


Defaults

If the default list is not configured, only the Monitor mode password is checked. This has the same effect as the following command:

aaa authentication login default monitor


Note If the default list is not configured, the user is only prompted to enter a password; the user is not prompted to enter a user name.


Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Monitor mode access ("Login") authentication uses AAA authentication services to provide authentication of users that request Monitor mode access to the SN 5428-2 Storage Router via the CLI. A user attempting Monitor mode access of the storage router via the CLI will be prompted for a user name and password.

AAA attempts to use each service in the order listed in the default authentication list, until authentication succeeds or fails. If the service fails to find a user name match, authentication fails. If AAA returns an error (because the RADIUS or TACACS+ server is not available, for example), AAA attempts to use the next service in the list for authentication. To specify that the authentication should succeed even if all methods return an error (not if they return an authentication failure), specify none as the final method in the command line.

If either local or local-case is the first service on the default authentication list and AAA fails to find a user name match, AAA attempts to use the next method on the list for authentication. If the local or local-case service is in any other position on the list and AAA fails to find a user name match, authentication fails and access is denied. If a RADIUS or TACACS+ server fails to find a user name match (regardless of position on the default authentication list), authentication fails and access is denied.

If the Enable service is used, the user name is ignored and the password is authenticated against the configured Administrator mode password. If the Monitor service is used, the user name is ignored and the password is authenticated against the configured Monitor mode password.


Note AAA does not provide authentication for access via the GUI (using HTTP or HTTPS).


Use the show aaa command to display the current authentication lists.

In a cluster environment, AAA management functions are handled by a single storage router. To determine which storage router is performing AAA management functions, issue the show cluster command. If you issue the aaa authentication login command from a storage router that is not performing AAA management functions, the CLI displays an informational message with the name of the node that is currently handling those functions.

In Table 11-3, the group radius and group tacacs+ methods refer to all previously defined RADIUS or TACACS+ servers; the group name method refers to a previously defined group of one or more RADIUS or TACACS+ servers. Use the radius-server host and tacacs-server host commands to configure the servers, and the aaa group server radius and aaa group server tacacs+ commands to create server groups.

Table 11-3 aaa authentication login default services

Keyword
Description

enable

Uses the configured Administrator mode password for authentication. The user name is ignored.

group name

Uses a named group of defined RADIUS or TACACS+ servers for authentication.

group radius

Uses the list of all RADIUS servers for authentication.

group tacacs+

Uses the list of all TACACS+ servers for authentication.

local

Uses the local username database for authentication.

local-case

Uses case-sensitive local username authentication.

monitor

Uses the configured Monitor mode password for authentication. The user name is ignored.

none

Uses no authentication.


If the local authentication service is selected, the user name validation is not case-sensitive. If local-case authentication service is selected, the user name validation is case-sensitive. The password validation for both the local service and the local-case service is case-sensitive.

Examples

The following example creates a default AAA authentication list to be used to perform Login authentication. AAA first attempts to contact a RADIUS server. If no server is found, AAA returns an error and authentication is performed by checking the local username database. If no match is found, AAA performs authentication by checking the entered password against the configured Monitor mode password.

[SN5428-2A]# aaa authentication login default group radius local monitor

Related Commands

Command
Description

aaa authentication enable

Configure AAA authentication services for Administrator mode access to the SN 5428-2 Storage Router via the CLI enable command.

aaa group server radius

Create a named group of RADIUS servers for AAA authentication services.

aaa group server tacacs+

Create a named group of RADIUS servers for AAA authentication services.

aaa test authentication

Enable testing of the specified AAA authentication list.

debug aaa

Enable debugging for the AAA authentication services.

radius-server host

Configure remote RADIUS servers for AAA authentication services.

restore aaa

Restore AAA authentication services from the named configuration file.

save aaa

Save the current AAA configuration information.

scsirouter authentication

Enable iSCSI authentication for the named SCSI routing instance.

show aaa

Display AAA configuration information.

tacacs-server host

Configure remote TACACS+ servers for AAA authentication services.


aaa generate password

To generate a long random password, use the aaa generate password command.

aaa generate password

Syntax Description

This command has no arguments or keywords.

Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use this command to generate a long random password. From a CLI management session, you can cut and paste this password into other commands or applications, using the conventions appropriate to your specific Telnet or SSH client, or operating system.

Examples

The following example generates a long random password:

[SN5428-2A]# aaa generate password
Password: 28b79da19608342a99642ce92fbdd3114

Related Commands

Command
Description

aaa test authentication

Enable testing of the specified AAA authentication list.

admin password

Set the login password for administrative access to the storage router management interface.

monitor password

Set the login password for view-only access to the storage router management interface.

username password

Add a user name and optional password to the local username database.


aaa group server radius

To create a named group of RADIUS servers to be used for AAA authentication, use the aaa group server radius command. To disable an existing group of RADIUS servers, use the no form of this command.

aaa group server radius name

no aaa group server radius name

Syntax Description

name

The name of the group of RADIUS servers to be used for AAA authentication. Enter a maximum of 31 characters.


Defaults

None. All configured RADIUS servers belong to the group named radius.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use this command to create a subset of RADIUS servers to be used for AAA authentication. The named group can then be added to a AAA authentication methods list, allowing the specified set of RADIUS servers to be used for authentication. After creating the named group, use the aaa group server radius server command to add a RADIUS server to the group.

Use the radius-server host command to configure a RADIUS server to be used by the storage router for AAA authentication.

Group names must be unique across the storage router; you cannot have a group of RADIUS servers named labauth and a group of TACACS+ servers named labauth. The default group name of radius includes all configured RADIUS servers.

In a cluster environment, AAA management functions are handled by a single storage router. To determine which storage router is performing AAA management functions, issue the show cluster command. If you issue the aaa group server radius command from a storage router that is not performing AAA management functions, the CLI displays an informational message with the name of the node that is currently handling those functions.

Examples

The following example creates a RADIUS server group named region2:

[SN5428-2A]# aaa group server radius region2

Related Commands

Command
Description

aaa authentication enable

Configure AAA authentication services for Administrator mode access to the SN 5428-2 Storage Router via the CLI enable command.

aaa group server radius deadtime

Specify the length of time the storage router can skip a RADIUS server in the named group that is marked as unavailable.

aaa group server radius server

Add the specified RADIUS server to the named RADIUS server group.

aaa authentication iscsi

Configure the AAA authentication services to be used for iSCSI authentication.

aaa authentication login

Configure AAA authentication services for Monitor mode access to the SN 5428-2 Storage Router via the CLI.

aaa test authentication

Enable testing of the specified AAA authentication list.

radius-server deadtime

Specify the length of time the storage router can skip a RADIUS server that is marked as unavailable.

radius-server host

Configure remote RADIUS servers for AAA authentication services.

radius-server key

Sets the global authentication and encryption key for all RADIUS communications between the storage router and the RADIUS daemon.

radius-server retransmit

Specifies how many times the storage router resends the RADIUS request to a server before giving up.

radius-server timeout

Sets the interval the storage router waits for a RADIUS server to reply before retransmitting.

restore aaa

Restore AAA authentication services from the named configuration file.

save aaa

Save the current AAA configuration information.

scsirouter authentication

Enable iSCSI authentication for the named SCSI routing instance.

show aaa

Display AAA configuration information.


aaa group server radius deadtime

To improve RADIUS response time when some servers might be unavailable, use the aaa group server radius deadtime command to cause the storage router to skip the unavailable servers in the specified group immediately. To set the dead time to 0, effectively preventing the storage router from skipping any RADIUS server in the specified group, use the no form of this command.

aaa group server radius name deadtime minutes

no radius-server deadtime

Syntax Description

name

The name of the group of RADIUS servers. Enter a maximum of 31 characters.

minutes

The length of time, in minutes, for which a RADIUS server in the specified group is skipped over by the storage router when requesting AAA authentication services, up to a maximum of 1440 minutes (24 hours).


Defaults

The dead time is set to zero (0) by default.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use this command to cause the storage router to mark as "dead" any RADIUS servers in the specified group that fail to respond to authentication requests, thus avoiding the wait for the authentication request to time out before trying the next configured server. A RADIUS server marked as dead is skipped by additional requests for the specified number of minutes, unless all RADIUS servers in the specified list are marked as dead. If all RADIUS servers in a group are marked as dead, the deadtime setting is ignored.

This command overrides the global setting that applies to all configured RADIUS servers. If the deadtime is not set for a RADIUS server group, the global dead time setting applies.

In a cluster environment, AAA management functions are handled by a single storage router. To determine which storage router is performing AAA management functions, issue the show cluster command. If you issue the aaa group server radius deadtime command from a storage router that is not performing AAA management functions, the CLI displays an informational message with the name of the node that is currently handling those functions.

Examples

The following example specifies a dead time of five minutes for all RADIUS servers in the group named region2 that fail to respond to AAA authentication requests:

[SN5428-2A]# aaa group server radius region6 deadtime 5

The following example effectively sets a dead time of zero minutes for all RADIUS servers in the group named region6. The global dead time value, if set, will apply to all RADIUS server in the group.

[SN5428-2A]# no aaa group server radius region6 deadtime

Related Commands

Command
Description

radius-server deadtime

Specify the length of time the storage router can skip a RADIUS server that is marked as unavailable.

show aaa

Display AAA configuration information.


aaa group server radius server

To add a RADIUS server to a named group of RADIUS servers to be used for AAA authentication, use the aaa group server radius server command. To remove a RADIUS server from an existing group of RADIUS servers, use the no form of this command.

aaa group server radius name server ip-address [auth-port port-number]

no aaa group server radius name server ip-address [auth-port port-number]

Syntax Description

name

The name of the group of RADIUS servers. Enter a maximum of 31 characters.

ip-address

The IP address of the RADIUS server.

auth-port port-number

(Optional) The UDP destination port for authentication requests. If unspecified, the port number defaults to 1645.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use this command to add a RADIUS server to a group of RADIUS servers to be used for AAA authentication. Use the radius-server host command to define a RADIUS server for use by the storage router.

During authentication, the servers are accessed in the order in which they are added to the group.


Note Verification of IP addresses in a server group occurs only at runtime. If a RADIUS server group contains an IP address that is not defined as a RADIUS server, the authentication process generates error messages and the IP address is skipped. This could cause unexpected authentication failures.


In a cluster environment, AAA management functions are handled by a single storage router. To determine which storage router is performing AAA management functions, issue the show cluster command. If you issue the aaa group server radius server command from a storage router that is not performing AAA management functions, the CLI displays an informational message with the name of the node that is currently handling those functions.

Examples

The following example identifies the servers with IP address 10.5.0.53 and 10.6.0.61 as RADIUS servers, using the default port for authentication. It creates a RADIUS server group named region2 and adds the previously configured RADIUS servers to the region2 group.

[SN5428-2A]# radius-server host 10.5.0.53
[SN5428-2A]# radius-server host 10.6.0.61
[SN5428-2A]# aaa group server radius region2
[SN5428-2A]# aaa group server radius region2 server 10.5.0.53
[SN5428-2A]# aaa group server radius region2 server 10.6.0.61

The following example removes the RADIUS server with IP address 10.5.0.53 from the RADIUS server group named region2:

[SN5428-2A]# no aaa group server radius region2 server 10.5.0.53

Related Commands

Command
Description

aaa authentication enable

Configure AAA authentication services for Administrator mode access to the SN 5428-2 Storage Router via the CLI enable command.

aaa authentication iscsi

Configure the AAA authentication services to be used for iSCSI authentication.

aaa authentication login

Configure AAA authentication services for Monitor mode access to the SN 5428-2 Storage Router via the CLI.

aaa group server radius

Create a named group of RADIUS servers for AAA authentication services.

aaa group server radius deadtime

Specify the length of time the storage router can skip a RADIUS server in the named group that is marked as unavailable.

aaa test authentication

Enable testing of the specified AAA authentication list.

radius-server deadtime

Specify the length of time the storage router can skip a RADIUS server that is marked as unavailable.

radius-server host

Configure remote RADIUS servers for AAA authentication services.

radius-server key

Sets the global authentication and encryption key for all RADIUS communications between the storage router and the RADIUS daemon.

radius-server retransmit

Specifies how many times the storage router resends the RADIUS request to a server before giving up.

radius-server timeout

Sets the interval the storage router waits for a RADIUS server to reply before retransmitting.

restore aaa

Restore AAA authentication services from the named configuration file.

save aaa

Save the current AAA configuration information.

scsirouter authentication

Enable iSCSI authentication for the named SCSI routing instance.

show aaa

Display AAA configuration information.


aaa group server tacacs+

To create a named group of TACACS+ servers to be used for AAA authentication, use the aaa group server tacacs+ command. To disable an existing group of TACACS+ servers, use the no form of this command.

aaa group server tacacs+ name

no aaa group server tacacs+ name

Syntax Description

name

The name of the group of TACACS+ servers to be used for AAA authentication. Enter a maximum of 31 characters.


Defaults

None. All configured TACACS+ servers belong to the group named tacacs+.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use this command to create a subset of TACACS+ servers to be used for AAA authentication. The named group can then be added to a AAA authentication methods list, allowing the specified set of TACACS+ servers to be used for authentication. After creating the named group, use the aaa group server tacacs+ server command to add a TACACS+ server to the group.

Use the tacacs-server host command to configure a TACACS+ server to be used by the storage router for AAA authentication.

Group names must be unique across the storage router; you cannot have a group of TACACS+ servers named labauth and a group of RADIUS servers named labauth. The default group name of tacacs+ includes all configured TACACS+ servers.

In a cluster environment, AAA management functions are handled by a single storage router. To determine which storage router is performing AAA management functions, issue the show cluster command. If you issue the aaa group server tacacs+ command from a storage router that is not performing AAA management functions, the CLI displays an informational message with the name of the node that is currently handling those functions.

Examples

The following example creates a TACACS+ server group named region3:

[SN5428-2A]# aaa group server tacacs+ region3

Related Commands

Command
Description

aaa authentication enable

Configure AAA authentication services for Administrator mode access to the SN 5428-2 Storage Router via the CLI enable command.

aaa authentication iscsi

Configure the AAA authentication services to be used for iSCSI authentication.

aaa authentication login

Configure AAA authentication services for Monitor mode access to the SN 5428-2 Storage Router via the CLI.

aaa group server tacacs+ server

Add the specified TACACS+ server to the named TACACS+ server group.

aaa test authentication

Enable testing of the specified AAA authentication list.

tacacs-server host

Configure remote TACACS+ servers for AAA authentication services.

tacacs-server key

Sets the global authentication and encryption key for all TACACS+ communications between the storage router and the TACACS+ daemon.

tacacs-server timeout

Sets the interval the storage router waits for a TACACS+ server to reply.

restore aaa

Restore AAA authentication services from the named configuration file.

save aaa

Save the current AAA configuration information.

scsirouter authentication

Enable iSCSI authentication for the named SCSI routing instance.

show aaa

Display AAA configuration information.


aaa group server tacacs+ server

To add a TACACS+ server to a named group of TACACS+ servers to be used for AAA authentication, use the aaa group server tacacs+ server command. To remove a RADIUS server from an existing group of TACACS+ servers, use the no form of this command.

aaa group server tacacs+ name server ip-address [auth-port port-number]

no aaa group server tacacs+ name server ip-address [auth-port port-number]

Syntax Description

name

The name of the group of TACACS+ servers. Enter a maximum of 31 characters.

ip-address

The IP address of the TACACS+ server.

auth-port port-number

(Optional) The server port number. Valid port numbers range from 1 to 65535. If unspecified, the port number defaults to 49.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use this command to add a TACACS+ server to a group of TACACS+ servers to be used for AAA authentication. Use the tacacs-server host command to define a TACACS+ server for use by the storage router.

During authentication, the servers are accessed in the order in which they are added to the group.


Note Verification of IP addresses in a server group occurs only at runtime. If a TACACS+ server group contains an IP address that is not defined as a TACACS+ server, the authentication process generates error messages and the IP address is skipped. This could cause unexpected authentication failures.


In a cluster environment, AAA management functions are handled by a single storage router. To determine which storage router is performing AAA management functions, issue the show cluster command. If you issue the aaa group server tacacs+ server command from a storage router that is not performing AAA management functions, the CLI displays an informational message with the name of the node that is currently handling those functions.

Examples

The following example identifies the servers with IP address 172.29.39.46 and 10.7.0.72 as TACACS+ servers, using the default port for authentication. It creates a TACACS+ server group named region3 and adds the previously configured TACACS+ servers to the region3 group.

[SN5428-2A]# tacacs-server host 172.29.39.46
[SN5428-2A]# tacacs-server host 10.7.0.72
[SN5428-2A]# aaa group server tacacs+ region3
[SN5428-2A]# aaa group server tacacs+ region3 server 172.29.39.46
[SN5428-2A]# aaa group server tacacs+ region3 server 10.7.0.72

The following example removes the TACACS+ server with IP address 10.7.0.72 from the TACACS+ server group named region3:

[SN5428-2A]# no aaa group server tacacs+ region3 server 10.7.0.72

Related Commands

Command
Description

aaa authentication enable

Configure AAA authentication services for Administrator mode access to the SN 5428-2 Storage Router via the CLI enable command.

aaa authentication iscsi

Configure the AAA authentication services to be used for iSCSI authentication.

aaa authentication login

Configure AAA authentication services for Monitor mode access to the SN 5428-2 Storage Router via the CLI.

aaa group server tacacs+

Create a named group of TACACS+ servers for AAA authentication services.

aaa test authentication

Enable testing of the specified AAA authentication list.

tacacs-server host

Configure remote TACACS+ servers for AAA authentication services.

tacacs-server key

Sets the global authentication and encryption key for all TACACS+ communications between the storage router and the TACACS+ daemon.

tacacs-server timeout

Sets the interval the storage router waits for a TACACS+ server to reply.

restore aaa

Restore AAA authentication services from the named configuration file.

save aaa

Save the current AAA configuration information.

scsirouter authentication

Enable iSCSI authentication for the named SCSI routing instance.

show aaa

Display AAA configuration information.


aaa new-model

To enable the AAA access control model, issue the aaa new-model command.

aaa new-model

no aaa new-model

Syntax Description

This command has no arguments or keywords.

Defaults

AAA is enabled. AAA cannot be disabled on the SN 5428-2 Storage Router.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

This command enables the AAA access control model. The no aaa new-model command is available for completeness only; AAA cannot be disabled for the storage router.

AAA authentication services are used to provide the following authentication types:

iSCSI authentication—provides authentication of IP hosts requiring access to storage via SCSI routing instances

Login authentication—provides authentication of users requiring Monitor mode access to the storage router via the CLI

Enable authentication—provides authentication of users requiring Administrator mode access to the storage router via the CLI enable command

In a cluster environment, AAA management functions are handled by a single storage router. To determine which storage router is performing AAA management functions, issue the show cluster command. If you issue the aaa new-model command from a storage router that is not performing AAA management functions, the CLI displays an informational message with the name of the node that is currently handling those functions.

Examples

The following example initializes AAA:

[SN5428-2A]# aaa new-model

Related Commands

Command
Description

aaa authentication enable

Configure AAA authentication services for Administrator mode access to the SN 5428-2 Storage Router via the CLI enable command.

aaa authentication iscsi

Configure the AAA authentication services to be used for iSCSI authentication.

aaa authentication login

Configure AAA authentication services for Monitor mode access to the SN 5428-2 Storage Router via the CLI.

aaa group server radius

Create a named group of RADIUS servers for AAA authentication services.

aaa group server tacacs+

Create a named group of TACACS+ servers for AAA authentication services.

aaa test authentication

Enable testing of the specified AAA authentication list.

debug aaa

Enable debugging for the AAA authentication services.

radius-server host

Configure remote RADIUS servers for AAA authentication services.

restore aaa

Restore AAA authentication services from the named configuration file.

save aaa

Save the current AAA configuration information.

scsirouter authentication

Enable iSCSI authentication for the named SCSI routing instance.

show aaa

Display AAA configuration information.

tacacs-server host

Configure remote TACACS+ servers for AAA authentication services.


aaa test authentication

To test authentication using the specified authentication list, use the aaa test authentication command.

aaa test authentication {enable | login} default username password

aaa test authentication iscsi {listname | default} username password

aaa test authentication cancel

Syntax Description

enable default

Use the services in the Enable authentication list for testing. The name of the list must be default.

login default

Use the services in the Login authentication list for testing. The name of the list must be default.

iscsi listname

Use the services in the named iSCSI authentication list for testing.

iscsi default

Use the services in the iSCSI authentication list for testing. The name of the list must be default.

username

The user name to be tested.

password

The password associated with the specified user name.

cancel

Cancel any outstanding test authentication requests.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

AAA uses the services in the specified authentication list to perform Enable, Login or iSCSI authentication. Use this command to test iSCSI authentication prior to enabling authentication for SCSI routing instances or for troubleshooting purposes.

Use the cancel keyword to terminate any outstanding test authentication requests. For example, if a RADIUS or TACACS+ server is configured with a very long timeout value, you can cancel the request rather than waiting for the timeout to occur.

In a cluster environment, AAA management functions are handled by a single storage router. To determine which storage router is performing AAA management functions, issue the show cluster command. If you issue the aaa test authentication command from a storage router that is not performing AAA management functions, the CLI displays an informational message with the name of the node that is currently handling those functions.

Examples

The following example tests iSCSI authentication using the default authentication list for the user named user1, with a password of password1:

[SN5428-2A]# aaa test authentication iscsi default user1 password1

The following example tests iSCSI authentication using the authentication list named webtest1, for the user named user2, with a password of password2:

[SN5428-2A]# aaa test authentication iscsi webtest1 user2 password2

The following example tests Enable authentication for the user named $enab15$, with a password of admin:

[SN5428-2A]# aaa test authentication enable default $enab15$ admin

The following example tests Login authentication for the user named monitor, with a password of cisco:

[SN5428-2A]# aaa test authentication login default monitor cisco

Related Commands

Command
Description

aaa authentication enable

Configure AAA authentication services for Administrator mode access to the SN 5428-2 Storage Router via the CLI enable command.

aaa authentication iscsi

Configure the AAA authentication services to be used for iSCSI authentication.

aaa authentication login

Configure AAA authentication services for Monitor mode access to the SN 5428-2 Storage Router via the CLI.

aaa group server radius

Create a named group of RADIUS servers for AAA authentication services.

aaa group server tacacs+

Create a named group of TACACS+ servers for AAA authentication services.

debug aaa

Enable debugging for the AAA authentication services.

radius-server host

Configure remote RADIUS servers for AAA authentication services.

restore aaa

Restore AAA authentication services from the named configuration file.

save aaa

Save current AAA configuration information.

scsirouter authentication

Enable iSCSI authentication for the named SCSI routing instance.

show aaa

Display AAA configuration information.

tacacs-server host

Configure remote TACACS+ servers for AAA authentication services.


accesslist

To create an access list entity, use the accesslist command.

accesslist name

Syntax Description

name

The name of the access list entity created by this command. Enter a maximum of 31 characters.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Access lists identify the IP hosts allowed to access a common set of storage resources and are associated with specific storage targets. IP hosts can be identified by:

IP address

CHAP user name (used for iSCSI authentication)

iSCSI Name

An access list can contain one or more types of identification entries. If an identification entry type exists in the access list, the IP host attempting to access the associated storage target must have a matching entry defined in the access list. For example, if an access list contains both IP address and iSCSI Name identification entry types, then every IP host that requires access to the associated set of storage resources must have a matching IP address and iSCSI Name entry in the access list.


Note If there is a CHAP user name entry in the access list, the SCSI routing instance used to access the storage target must also have iSCSI authentication enabled. See "Configuring Authentication" for more information about AAA and iSCSI authentication.


In a cluster environment, access list management functions are handled by a single storage router. To determine which storage router is performing access list management functions, issue the show cluster command. If you issue an accesslist command from a storage router that is not performing access list management functions, the CLI displays an informational message with the name of the node that is currently handling those functions.

See "Maintaining and Managing the SN 5428-2 Storage Router," for more information about operating the storage router in a cluster.

Examples

The following command creates an access list named webserver2:

[SN5428-2A]# accesslist webserver2

Related Commands

Command
Description

accesslist A.B.C.D/bits

Add IP addresses to an access list.

accesslist chap-username

Add CHAP user name entries to an access list.

accesslist description

Add a description to an access list.

accesslist iscsi-name

Add iSCSI Name entries to an access list.

delete accesslist

Delete a specific access list entry or an entire access list.

restore accesslist

Restore the named access list or all access lists from the named configuration file.

save accesslist

Save configuration data for the named access list or all access lists.

scsirouter target accesslist

Associate an access list with a specific SCSI routing instance target or all targets.

show accesslist

Display the contents of the named access list or all access lists.

show scsirouter

Display configuration and operational information for the named SCSI routing instance.


accesslist A.B.C.D/bits

To add the IP address and subnet mask of IP hosts to the named access list, use the accesslist A.B.C.D/bits command.

accesslist name A.B.C.D/bits A.B.C.D/1.2.3.4 [A.B.C.D/bits A.B.C.D/1.2.3.4] . . . [A.B.D.F/bits A.B.C.D/1.2.3.4]

Syntax Description

name

The name of an access list to which you are adding information.

A.B.C.D/bits

IP address and subnet mask of the IP host being added to the access list. A.B.C.D is the dotted quad notation of the IP address. The /bits specifies the subnet mask in CIDR style.

A.B.C.D/1.2.3.4

The IP address and subnet mask of the IP host being added to the access list. A.B.C.D is the dotted quad notation of the IP address. 1.2.3.4 is the dotted quad notation of the subnet mask.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use the accesslist A.B.C.D/bits command after creating an access list to populate the list with IP address entries. Enter multiple addresses and masks, separating each by a space.

Access lists identify the IP hosts allowed to access a common set of storage resources and are associated with specific storage targets. IP hosts can be identified by:

IP address

CHAP user name (used for iSCSI authentication)

iSCSI Name

An access list can contain one or more types of identification entries. If an identification entry type exists in the access list, the IP host attempting to access the associated storage target must have a matching entry defined in the access list. For example, if an access list contains both IP address and iSCSI Name identification entry types, then every IP host that requires access to the associated set of storage resources must have a matching IP address and iSCSI Name entry in the access list.

In a cluster environment, access list management functions are handled by a single storage router. To determine which storage router is performing access list management functions, issue the show cluster command. If you issue an accesslist A.B.C.D/bits command from a storage router that is not performing access list management functions, the CLI displays an informational message with the name of the node that is currently handling those functions.

See "Maintaining and Managing the SN 5428-2 Storage Router," for more information about operating the storage router in a cluster.

Examples

The following commands add the specified entries to the named access lists:

[SN5428-2A]# accesslist myAccessList 192.168.54.12/32 192.168.54.15/32
*[SN5428-2A]# accesslist Webserver5 209.165.201.1/255.255.255.0 
209.165.201.5/255.255.255.0

Related Commands

Command
Description

accesslist

Create an access list entity.

accesslist chap-username

Add CHAP user name entries to an access list.

accesslist description

Add a description to an access list.

accesslist iscsi-name

Add iSCSI Name entries to an access list.

delete accesslist

Delete a specific access list entry or an entire access list.

restore accesslist

Restore the named access list or all access lists from the named configuration file.

save accesslist

Save configuration data for the named access list or all access lists.

scsirouter target accesslist

Associate an access list with a specific SCSI routing instance target or all targets.

show accesslist

Display the contents of the named access list or all access lists.

show scsirouter

Display configuration and operational information for the named SCSI routing instance.


accesslist chap-username

To add the CHAP user name of IP hosts to the named access list, use the accesslist chap-username command.

accesslist name chap-username username

Syntax Description

name

The name of an access list to which you are adding information.

username

The CHAP user name (used for iSCSI authentication purposes) configured for the IP host that requires access to storage.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use the accesslist chap-username command after creating an access list to populate the list with CHAP user name entries. A CHAP user name is required for iSCSI authentication.

Access lists identify the IP hosts allowed to access a common set of storage resources and are associated with specific storage targets. IP hosts can be identified by:

IP address

CHAP user name (used for iSCSI authentication)

iSCSI Name

An access list can contain one or more types of identification entries. If an identification entry type exists in the access list, the IP host attempting to access the associated storage target must have a matching entry defined in the access list. For example, if an access list contains both IP address and iSCSI Name identification entry types, then every IP host that requires access to the associated set of storage resources must have a matching IP address and iSCSI Name entry in the access list.

The iSCSI driver is configured with a CHAP user name and password when SCSI routing instances have iSCSI authentication enabled. AAA authentication services authenticate the IP host using the CHAP user name and password. An access list can also use the CHAP user name to identify IP hosts allowed access to a common set of storage resources.


Note If there is a CHAP user name entry in the access list, the SCSI routing instance used to access the storage target must also have iSCSI authentication enabled. See "Configuring Authentication" for more information about AAA and iSCSI authentication.


In a cluster environment, access list management functions are handled by a single storage router. To determine which storage router is performing access list management functions, issue the show cluster command. If you issue an accesslist chap-username command from a storage router that is not performing access list management functions, the CLI displays an informational message with the name of the node that is currently handling those functions.

See "Maintaining and Managing the SN 5428-2 Storage Router," for more information about operating the storage router in a cluster.

Examples

The following commands add the specified entries to the named access lists:

[SN5428-2A]# accesslist myAccessList chap-username foo
*[SN5428-2A]# accesslist Webserver5 chap-username server1

Related Commands

Command
Description

accesslist

Create an access list entity.

accesslist A.B.C.D/bits

Add IP addresses to an access list.

accesslist description

Add a description to an access list.

accesslist iscsi-name

Add iSCSI Names to an access list.

delete accesslist

Delete a specific access list entry or an entire access list.

restore accesslist

Restore the named access list or all access lists from the named configuration file.

save accesslist

Save configuration data for the named access list or all access lists.

scsirouter target accesslist

Associate an access list with a specific SCSI routing instance target or all targets.

show accesslist

Display the contents of the named access list or all access lists.

show scsirouter

Display configuration and operational information for the named SCSI routing instance.


accesslist description

To add a description to an existing access list entity, use the accesslist description command.

accesslist name description "text"

Syntax Description

name

The name of an existing access list entity.

text

User-defined identification information associated with this access list. Enclose the description string in quotes. Enter a maximum of 64 characters.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Access lists identify the IP hosts allowed to access a common set of storage resources and are associated with specific storage targets. IP hosts can be identified by:

IP address

CHAP user name (used for iSCSI authentication)

iSCSI Name

An access list can contain one or more types of identification entries. If an identification entry type exists in the access list, the IP host attempting to access the associated storage target must have a matching entry defined in the access list. For example, if an access list contains both IP address and iSCSI Name identification entry types, then every IP host that requires access to the associated set of storage resources must have a matching IP address and iSCSI Name entry in the access list.

In a cluster environment, access list management functions are handled by a single storage router. To determine which storage router is performing access list management functions, issue the show cluster command. If you issue an accesslist description command from a storage router that is not performing access list management functions, the CLI displays an informational message with the name of the node that is currently handling those functions.

See "Maintaining and Managing the SN 5428-2 Storage Router," for more information about operating the storage router in a cluster.

Examples

The following command adds a description to the access list named webserver2:

[SN5428-2A]# accesslist webserver2 description "Access list for company web servers"

Related Commands

Command
Description

accesslist

Create an access list entity.

accesslist A.B.C.D/bits

Add IP addresses to an access list.

accesslist chap-username

Add CHAP user name entries to an access list.

accesslist iscsi-name

Add iSCSI Name entries to an access list.

delete accesslist

Delete a specific access list entry, or an entire access list.

restore accesslist

Restore the named access list or all access lists from the named configuration file.

save accesslist

Save configuration data for the named access list or all access lists.

scsirouter target accesslist

Associate an access list with a specific SCSI routing instance target or all targets.

show accesslist

Display the contents of the named access list or all access lists.

show scsirouter

Display configuration and operational information for the named SCSI routing instance.


accesslist iscsi-name

To add the iSCSI Name of IP hosts to the named access list, use the accesslist iscsi-name command.

accesslist name iscsi-name string

Syntax Description

name

The name of an access list to which you are adding information.

string

The iSCSI Name of IP host that requires access to storage. The iSCSI Name is a UTF-8 character string based on iSCSI functional requirements. It is a location-independent permanent identifier for an iSCSI node. An iSCSI node can be either an initiator, a target, or both.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use the accesslist iscsi-name command after creating an access list to populate the list with iSCSI Name entries.

If you do not know the iSCSI Name of the IP host, configure the IP host and attempt to access the desired storage targets. Use the show scsirouter command with the host table keywords to then display the iSCSI Name (along with the initiator alias, IP address and CHAP user name) of all IP hosts that have attempted to access storage resources.

Access lists identify the IP hosts allowed to access a common set of storage resources and are associated with specific storage targets. IP hosts can be identified by:

IP address

CHAP user name (used for iSCSI authentication)

iSCSI Name

An access list can contain one or more types of identification entries. If an identification entry type exists in the access list, the IP host attempting to access the associated storage target must have a matching entry defined in the access list. For example, if an access list contains both IP address and iSCSI Name identification entry types, then every IP host that requires access to the associated set of storage resources must have a matching IP address and iSCSI Name entry in the access list.

In a cluster environment, access list management functions are handled by a single storage router. To determine which storage router is performing access list management functions, issue the show cluster command. If you issue an accesslist iscsi-name command from a storage router that is not performing access list management functions, the CLI displays an informational message with the name of the node that is currently handling those functions.

See "Maintaining and Managing the SN 5428-2 Storage Router," for more information about operating the storage router in a cluster.

Examples

The following command add the specified iSCSI Name to the access list named foo:

[SN5428-2A]# accesslist foo iscsi-name ign.1987-05.com.cisco.01.88e8b25a6bf3372a34567123f

Related Commands

Command
Description

accesslist

Create an access list entity.

accesslist A.B.C.D/bits

Add IP addresses to an access list.

accesslist chap-username

Add CHAP user name entries to an access list.

accesslist description

Add a description to an access list.

delete accesslist

Delete a specific access list entry or an entire access list.

restore accesslist

Restore the named access list or all access lists from the named configuration file.

save accesslist

Save configuration data for the named access list or all access lists.

scsirouter target accesslist

Associate an access list with a specific SCSI routing instance target or all targets.

show accesslist

Display the contents of the named access list or all access lists.

show scsirouter

Display configuration and operational information for the named SCSI routing instance.


admin contactinfo

To provide basic contact information for the system administrator of this SN 5428-2 Storage Router, use the admin contactinfo command.

admin contactinfo [name "string" | email "string" | phone "string" | pager "string"]

admin contact info name "string" email "string" phone "string" pager "string"

Syntax Description

name string

(Optional) The name of the storage router administrator.

email string

(Optional) The e-mail address of the storage router administrator. This is an address to which alerts may be sent.

phone string

(Optional) The phone number of the storage router administrator.

pager string

(Optional) The pager number of the storage router administrator.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use the admin contactinfo command to provide site-specific information for the system administrator of the SN 5428-2 Storage Router. The command accepts each parameter separately, or all parameters together. If all parameters are specified, they must be in the sequence shown. Usage is completely site-specific.

Enclose each string containing spaces in single or double quotes. If a string contains a single quote, enclose it is double quotes; if it contains a double quote, enclose it in single quotes. A string cannot contain both single and double quotes.

Examples

The following commands set the system administrator name and e-mail address:

[SN5428-2A]# admin contactinfo name "Pat Hurley" 
[SN5428-2A]# admin contactinfo email "hurley@abc123z.com"

The following command sets all system administrator contact information:

[SN5428-2A]# admin contactinfo name "Chris Smith" email "chris.smith@zxy478x.com" phone 
"123.555.5555 ext 97" pager "555.3444 pin 2234"

Related Commands

Command
Description

admin password

Set the login password for administrative access to the storage router management interface.

restore system

Restore selected system information from the named configuration file.

save all

Save all configuration information, including the system administrator contact information.

save system

Save selected system configuration information, including the system administrator contact information.

show admin

Display system administrator contact information.


admin password

To set the password used for administrative access to the SN 5428-2 Storage Router management interface, use the admin password command. Access may be via Telnet or SSH (for CLI), or web-based GUI.

admin password string

Syntax Description

string

The password associated with administrative access to the storage router management interface. The string can be enclosed in quotes, and must be enclosed in quotes if the password includes one or more spaces. A string value of "" clears the password. The default password is cisco.


Defaults

The default password is cisco.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

The management interface is password protected. You must enter passwords when accessing the storage router via Telnet or SSH (for CLI) or web-based GUI. The Monitor mode password provides view-only access to the management interface, while the Administrator mode password allows the user to create entities and make changes to the configuration of the storage router. Password protection can also be extended to the storage router console, using the restrict console command.

The password can contain one or more spaces, if the password string is enclosed in quotes. A string value of "" clears the password, effectively setting it to nothing.

In a cluster environment, the Administrator mode and Monitor mode passwords are cluster-wide configuration elements and apply to all storage routers in a cluster. The password management functions are handled by a single storage router. To determine which storage router is performing password management functions, issue the show cluster command. If you issue the admin password command from a storage router that is not performing password management functions, the CLI displays an informational message with the name of the node that is currently handling those functions.


Note The password is displayed in clear text as the command is entered, but it is changed to a series of number signs (#####) when the change is acknowledged.


Examples

The following example sets the Administrator mode password to foo73G. All passwords are case sensitive.

[SN5428-2A]# admin password foo73G

The following example sets the Administrator mode password to "xZm! 673":

[SN5428-2A]# admin password "xZm! 673"

Related Commands

Command
Description

aaa generate password

Generate a long random password.

enable

Enter Administrator mode.

exit

Leave Administrator mode and enter Monitor mode.

monitor password

Set the login password for view-only access to the storage router management interface.

restrict console

Enable or disable password checking on the storage router console interface.

save all

Save all configuration information, including the administrator password.

save system

Save selected system configuration information, including the Administrator mode passwords.

setup access

Run the wizard to configure Monitor mode and Administrator mode passwords.


cdp enable

To enable Cisco Discovery Protocol (CDP) on the SN 5428-2 Storage Router, use the cdp enable command. To disable CDP on the storage router, use the no form of this command.

cdp enable

no cdp enable

Syntax Description

This command has no arguments or keywords.

Defaults

CDP is enabled.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

CDP is enabled by default in order to send or receive CDP information. CDP can be switched on or off for each specific interface via the cdp interface command.

Examples

The following example enables CDP on the storage router:

[SN5428-2A]# cdp enable

Related Commands

Command
Description

cdp holdtime

Specify the amount of time the receiving device should hold a CDP packet from the SN 5428-2 Storage Router before discarding it.

cdp interface

Switch CDP on or off for the specified interface.

cdp timer

Specify the amount of time between transmissions of CDP packets from the SN 5428-2 Storage Router.


cdp holdtime

To specify the amount of time the receiving device should hold a CDP packet from the SN 5428-2 Storage Router before discarding it, use the cdp holdtime command. To revert to the default setting, use the no form of this command.

cdp holdtime nn

no cdp holdtime

Syntax Description

nn

The holdtime to be sent in the CDP update packets, in seconds.


Defaults

The default holdtime is 180 seconds.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

The CDP holdtime must be set to a higher number of seconds than the time between CDP transmissions, which is set using the cdp timer command.

Examples

The following example sets the CDP holdtime to 60, meaning that the CDP packet being sent from the storage router should be held by the receiving device for 60 seconds before being discarded. You may want to set the holdtime lower than the default setting of 180 seconds if information about the storage router changes frequently.

[SN5428-2A]# cdp holdtime 60

Related Commands

Command
Description

cdp enable

Enable or disable CDP on the SN 5428-2 Storage Router.

cdp interface

Switch CDP on or off for the specified interface.

cdp timer

Specify the amount of time between transmissions of CDP packets from the SN 5428-2 Storage Router.


cdp interface

To enable CDP for a specific interface, use the cdp interface command. To disable CDP for a specific interface, use the no form of this command.

cdp interface if-name enable

no cdp interface if-name enable

Syntax Description

if-name

The name of the interface for which you are enabling or disabling CDP. CDP can be enabled on the management (mgmt), HA, and Gigabit Ethernet (ge2) interfaces. When you type the cdp interface ? command, the CLI lists the interfaces available. You cannot specify a nonexistent interface.

enable

Keyword used to enable CDP for the specified interface.


Defaults

CDP is enabled for all interfaces.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

CDP must be enabled for the SN 5428-2 Storage Router, using the cdp enable command, before it can be enabled for a specific interface.

Examples

The following example enables CDP for the Gigabit Ethernet interface, ge2:

[SN5428-2A]# cdp interface ge2 enable

The following example disables CDP for the management interface:

[SN5428-2A]# no cdp interface mgmt enable

Related Commands

Command
Description

cdp enable

Enable or disable CDP on the SN 5428-2 Storage Router.

cdp holdtime

Specify the amount of time the receiving device should hold a CDP packet from the SN 5428-2 Storage Router before discarding it.

cdp timer

Specify the amount of time between transmissions of CDP packets from the SN 5428-2 Storage Router.


cdp timer

To specify the amount of time between transmissions of CDP packets from the SN 5428-2 Storage Router, use the cdp timer command. To revert to the default setting, use the no form of this command.

cdp timer nn

no cdp timer

Syntax Description

nn

The number of seconds between transmissions of CDP packets from the SN 5428-2 Storage Router.


Defaults

The default is 60 seconds.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

The time between CDP transmissions must be set to a lower number than the CDP holdtime, which is set using the cdp holdtime command. There is a trade-off between sending more frequent CDP updates and bandwidth utilization.

Examples

The following example sets the CDP timer to 90, meaning that CDP updates are sent every 90 seconds, which is less frequently than the default of 60 seconds. You may want to make this change if you are concerned about preserving bandwidth.

[SN5428-2A]# cdp timer 90

Related Commands

Command
Description

cdp enable

Enable or disable CDP on the SN 5428-2 Storage Router.

cdp holdtime

Specify the amount of time the receiving device should hold a CDP packet from the SN 5428-2 Storage Router before discarding it.

cdp interface

Switch CDP on or off for the specified interface.


clear conf

To return certain configuration settings to factory defaults, use the clear conf wizard. The clear conf wizard prompts the user to enter the Administrator mode password and then to indicate which settings to restore to factory defaults.

clear conf

Syntax Description

This command has no arguments or keywords.

Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

The clear conf wizard is only available when the storage router is deployed for SCSI routing. If the storage router is deployed for transparent SCSI routing, use the clear conf {all | system} command to return the storage router configuration to factory default settings.

Follow these guidelines when using the clear conf wizard:

Select apps to remove all SCSI routing instances but retain system configuration settings.

Select system to remove all SCSI routing instances and system configuration settings.

Select saved to delete all backup configuration files from disk.

Select all to remove all SCSI routing instances, system configuration settings, and saved configuration files.

The system will reboot if you select apps, system, or all.

System configuration settings include:

The management and HA interface IP addresses

Configuration information for Fibre Channel interfaces

Saved zone configuration information

Domain name servers

NTP server and time zone information

SNMP information

Administrator and Monitor passwords, and administrator contact information

AAA authentication configuration information

VLAN and VTP information

Deleting system configuration makes the storage router unavailable to Telnet, SSH or web-based GUI sessions until the management interface is reconfigured with an IP address via a console connection. See "First-Time Configuration," for more information about initial system configuration.


Note The clear conf wizard will not reset any Secure Shell (SSH) public and private key pairs generated for the storage router. Use the ssh keygen command to generate new SSH keys after the storage router is restored to the selected factory default settings.


Examples

The following example removes all SCSI routing instances from the storage router. The system configuration settings are retained.

[SN5428-2_A1]# clear conf
 
Enter admin password: *****
 
This process can restore factory default settings for the SN5428-2.
* Select "apps" to remove active applications and retain system
  configuration settings.
* Select "system" to remove active applications and system
  configuration settings.
* Select "saved" to remove all backup configurations from disk.
* Select "all" to remove active applications, system configuration,
  and saved configurations.
 
The system configuration includes the management port, dns, admin and
monitor login, ntp, and snmp. You will need to use the console
to reconfigure the management port if you erase the system configuration.
 
The system will reboot if you select "apps", "system", or "all".
 
Erase what? [apps/system/saved/all/cancel (cancel)]apps
 
Configuration cleared. System configuration settings retained.
System halting.............!
 
System has been halted

Related Commands

Command
Description

setup access

Run the wizard to configure Monitor mode and Administrator mode passwords.

setup cluster

Change the configuration of the high availability environment.

setup iscsi-port

Run the wizard to manually configure the port used for iSCSI traffic.

setup mgmt

Run the wizard to configure the management interface.

setup netmgmt

Run the wizard to configure network management.

setup scsi

Run the wizard to configure a SCSI routing instance.

setup time

Run the wizard to configure the system date and time.


clear conf {all | system}

To return certain configuration settings to factory defaults, use the clear conf {all | system} command.

clear conf {all | system} password

Syntax Description

all

Remove all storage router configuration information, including system configuration settings, saved configuration files, SCSI routing instances, access lists, and cluster configuration settings.

system

Remove all system configuration settings, SCSI routing instances, access lists and cluster configuration settings. Saved configuration files will be retained.

password

The Administrator mode password.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

System configuration settings include:

The management and HA interface IP addresses

Configuration information for Fibre Channel interfaces

Saved zone configuration information

Domain name servers

NTP server and time zone information

SNMP information

Administrator and Monitor passwords, and administrator contact information

AAA authentication information

VLAN and VTP information

Issuing the clear conf command with either the system or all keyword causes the storage router to reboot.

Deleting system configuration makes the storage router unavailable to Telnet or web-based GUI sessions until the management interface is reconfigured with an IP address via a console connection. See "First-Time Configuration," for more information about initial system configuration.


Note The clear conf command will not reset any Secure Shell (SSH) public and private key pairs generated for the storage router. Use the ssh keygen command to generate new SSH keys after the storage router is restored to the selected factory default settings.


Examples

The following example removes all storage router configuration information, returning the storage router to its initial default configuration. The example uses the default Administrator mode password, cisco.

[SN5428-2_A1]# clear conf all cisco
 
Clearing configuration...
 
 
Current configuration and named configurations cleared.
System halting.........

Related Commands

Command
Description

clear conf

Run the wizard to reset the storage router to factory defaults.

setup access

Run the wizard to configure Monitor mode and Administrator mode passwords.

setup cluster

Change the configuration of the storage router's high availability environment.

setup iscsi-port

Run the wizard to manually configure the port used for iSCSI traffic.

setup mgmt

Run the wizard to configure the management interface.

setup netmgmt

Run the wizard to configure network management.

setup scsi

Run the wizard to configure a SCSI routing instance.

setup time

Run the wizard to configure the system date and time.


clear counters interface

To clear all counters associated with the specified interface, or all interfaces, use the clear counters interface command.

clear counters interface {if-name | all}

Syntax Description

if-name

The name of the interface. Counters can be cleared for the management (mgmt), Fibre Channel (fc?), FC initiator interfaces (fci?), Gigabit Ethernet (ge?) interfaces, and the high availability (ha) interface (if available). When you type the clear counters interface ? command, the CLI lists the interfaces available. You cannot specify a nonexistent interface.

all

Clear counters for all interfaces.


Defaults

None.

Command Modes

Administrator or Monitor.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

This command resets all accumulated operational statistics for the specified interface. Operational statistics can include counters for packets received and transmitted, collisions, octets, multicast packets, dropped and unsupported protocol, exception status IOCBs (such as LIP reset aborts, port unavailable or logged out, DMA errors, port configuration changed, command timeout, data overrun, write or read data underrun, and queue full), Fibre Channel errors, and other general events.

Clear counters before beginning a troubleshooting session, so you can quickly identify the counters that are changing.

Examples

The following example clears all accumulated operational statistics counters for the Fibre Channel interface fc1.

[SN5428-2A]# clear counters interface fc1

Related Commands

Command
Description

show interface

Display operational and configuration information for the specified interface or all interfaces.


clear counters scsirouter

To reset accumulated operational statistics for the specified SCSI routing instance, use the clear counters scsirouter command.

clear counters scsirouter {name | all} {connection | host | target {name | all}}

Syntax Description

name

The name of the SCSI routing instance for which counters will be cleared.

all

Clear counters for all SCSI routing instances.

connection

Clear operational statistics related to connections only.

host

Clear operational statistics related to currently connected hosts only.

target name

Clear operational statistics related to the specified target.

target all

Clear operational statistics related to all targets.


Defaults

None.

Command Modes

Administrator or Monitor.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

This command resets the specified operational statistics. It does not display the accumulated statistics before resetting the counters.

Clear counters before beginning a troubleshooting session, so you can quickly identify the counters that are changing.

Examples

The following example clears the connection counters for the SCSI routing instance myScsi1.

[SN5428-2A]# clear counters scsirouter myScsi1 connection

Related Commands

Command
Description

show scsirouter

Display configuration and operational information for the named SCSI routing instance.


clear fcswitch

To clear the switch log files of all entries or to clear stored zoning configuration information, issue the clear fcswitch command.

clear fcswitch {devlog | syslog | zones {fabric | local}}

Syntax Description

devlog

The switch development log file.

syslog

The switch system log file.

zones

Zoning changes received from switches in the fabric and stored by the SN 5428-2 Storage Router.

fabric

Keyword used to clear the local zoning database and deactivate the active zone set for the entire fabric.

local

Keyword used to clear the local zoning database for the storage router only. All ports operating as E_Ports must be inactive before the local zoning configuration is cleared.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Clear the switch development or system log file if it is large, or if you are going to perform testing and want to be sure the switch log files only reflects information from the testing session.

Clear local zoning configuration if you are moving the storage router from one FC switched zoned fabric to another or removing a switch from the fabric, or when other network changes have been made that render the saved zoning information inaccurate. All ports operating as E_Ports must be inactive. If the clear fcswitch zones local command is issued when there is an active E_Port on the SN 5428-2 Storage Router, the command fails and issues a warning message indicating the FC interfaces that are currently enabled.

Use the fabric keyword to clear the local zoning database and deactivate the active zoneset for the entire fabric.

Examples

The following example clears the switch development log files:

[SN5428-2A]# clear fcswitch devlog

The following example clears the switch system log files:

[SN5428-2A]# clear fcswitch syslog

The following example clears all saved zoning information from the storage router local zoning database:

[SN5428-2A]# clear fcswitch zones local

The following example clears the local zoning database and deactivates the active zone set for the entire fabric:

[SN5428-2A]# clear fcswitch zones fabric

Related Commands

Command
Description

fcswitch devlog

Specify logging parameters for the switch development log file.

fcswitch domainid

Set the domain ID for the storage router, to be used for FC switched fabric zoning.

fcswitch syslog

Specify logging parameters for the switch system log file.

fcswitch zoning autosave

Configure the storage router to participate in FC switched fabric zones.

show debug fcswitch

Display internal FC interface parameters, including switch log entries.

show fcswitch

Display global configuration information for storage router FC interfaces.

show fcswitch fabric

Display information about the Fibre Channel fabric.

show fcswitch linkstate

Display information about the storage router link state database.

zone

Create a Fibre Channel fabric zone.

zoneset

Create a Fibre Channel fabric zone set.


clear log

To clear the SN 5428-2 Storage Router log file of all entries, issue the clear log command.

clear log

Syntax Description

This command has no arguments or keywords.

Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1.

This command was introduced.


Usage Guidelines

Clear the storage router log file if it is large, or if you are going to perform testing and want to be sure the log file only reflects information from the testing session.

Examples

The following example clears all entries from the storage router log file:

[SN5428-2A]# clear log

Related Commands

Command
Description

logging level

Add rule entries to route storage router event, debug and trace messages to various destinations based on facility and notification level.

show logging

Display the routing rules in the logging table and the contents of the storage router log file.


clear logging table

To clear the SN 5428-2 Storage Router logging table of all entries, or to reset the table to factory defaults, issue the clear logging table command.

clear logging table [to factory_defaults]

Syntax Description

to factory_defaults

Return the storage router logging table to the factory default logging rule entries.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1.

This command was introduced.


Usage Guidelines

Use this command to remove all rules for routing storage router event messages. If the logging table is cleared, logging is still enabled but all messages will be discarded.

To return the logging table to the factory default logging rules, use the to factory_defaults keywords. The factory default logging rules are as follows:

All messages from all facilities at notice level or lower levels are logged to all destinations.

All messages from all facilities at info level of lower levels are logged to the storage router log file.

Examples

The following example clears all entries from the storage router logging table and returns the table to the default logging rules:

[SN5428-2A]# clear logging table to factory_defaults

Related Commands

Command
Description

delete logging

Delete a rule from the logging table.

logging #?

Insert a routing rule entry into the storage router logging table.

logging level

Add rule entries to route storage router event, debug and trace messages to various destinations based on facility and notification level.

logging on

Enable or temporarily disable logging of storage router event message.

show logging

Display the routing rules in the logging table and the contents of the storage router log file.


clear scsirouter failover

To clear the primary or secondary storage router from the HA failover list for the specified SCSI routing instance, use the clear scsirouter command.

clear scsirouter name failover {primary | secondary}

Syntax Description

name

The name of the SCSI routing instance.

primary

Delete the current primary storage router from the HA failover list.

secondary

Delete the secondary storage router from the HA failover list.


Defaults

None.

Command Modes

Administrator or Monitor.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use the clear scsirouter failover command to reset the primary or secondary storage router on the HA failover list for the specified SCSI routing instance. If there is no primary or secondary storage router configured on the HA failover list when the SCSI routing instance fails over, the cluster attempts to run the instance on the first node that is available based on HA failover eligibility information.

Use the scsirouter failover command to add a storage router to the HA failover list.


Note This command causes the SCSI routing instance configuration information to be saved and all nodes in the cluster to be updated.


Examples

The following example removes the current primary storage router from the HA failover list for SCSI routing instance foo:

[SN5428-2A]# clear scsirouter foo failover primary

Related Commands

Command
Description

failover scsirouter

Cause the named SCSI routing instance to cease running on the storage router.

scsirouter failover

Add the storage router to the HA failover list for the specified SCSI routing instance.


clear scsirouter primary

To remove the storage router configured as the primary for the named SCSI routing instance, use the clear scsirouter primary command.

clear scsirouter name primary

Syntax Description

name

The name of the SCSI routing instance.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

At any given time, a SCSI routing instance can run on only one storage router in a cluster. If a SCSI routing instance has the primary attribute set, the specified storage router will take over running that instance upon system restart or whenever target and critical resources are available.

If the primary attribute is not set, the SCSI routing instance continues running on the node where it was started until it is explicitly stopped (via a no scsirouter enable command), it automatically fails over to another storage router in the cluster because targets or critical resources are unavailable, or an explicit failover scsirouter command is issued. This is the default behavior.

Examples

The following command removes the storage router configured as the primary for the SCSI routing instance named lab2:

[SN5428-2A]# clear scsirouter lab2 primary

Related Commands

Command
Description

clear scsirouter failover

Remove the designated primary or secondary storage router from the HA failover list for the specified SCSI routing instance.

scsirouter primary

Identify the storage router as the preferred storage router to run the named SCSI routing instance.

scsirouter failover

Add the storage router to the HA failover list for the specified SCSI routing instance.


clock set

To set the storage router system clock to the given date and time, use the clock set command. Date and time information is used for log files and the user interface.

clock set hh:mm:ss mm dd yyyy

Syntax Description

hh:mm:ss mm dd yyyy

The current time in hours, minutes, and seconds, followed by the current month, day, and year. For example, 13:55:22 06 22 2001.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

If the storage router should synchronize its date and time with a network time protocol (NTP) server, see the ntp peer command.

Examples

The following example sets the storage router date and time to June 22, 2001 at 14:39:00.

[SN5428-2A]# clock set 14:39:00 06 22 2001

Related Commands

Command
Description

clock timezone

Specify the time zone for the storage router.

ntp peer

Specify the name or IP address of the NTP server with which the storage router will synchronize date and time.

setup time

Run the wizard to configure the system date and time.

show clock

Display the current system date and time, including the system timezone.


clock timezone

To specify the time zone for the storage router, use the clock timezone command.

clock timezone {string | ?}

Syntax Description

string

A character string representing the time zone of the storage router. For example, America/Chicago or Europe/Amsterdam.

?

Display a list of all valid time zones. Use any time zone in this list for the string parameter to set the storage router to that time zone.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Unless you specify the time zone, the clock setting is assumed to be in Universal time, also known as Greenwich Mean Time (GMT).

You can use the setup time wizard to select a time zone, set the clock and date, and identify an NTP server for the storage router.

To use the clock timezone command, you must know the appropriate time zone string. Use the "?" to display a list of valid time zone strings.

Examples

The following example sets the storage router time zone to US/Mountain:

[SN5428-2A]# clock timezone US/Mountain

Related Commands

Command
Description

clock set

Set the storage router system clock.

ntp peer

Specify the name or IP address of the NTP server with which the storage router will synchronize date and time.

setup time

Run the wizard to configure the system date and time.

show clock

Display the current system date and time, including the system time zone.


copy

To copy the named configuration file or script file from the specified location to the savedconfig or script directory, or from the storage router to the specified location, use the copy command. The exchange is via HTTP or TFTP. When copying files to the storage router, any file of the same name in the savedconfig or script directory is overwritten.

copy http://FileUrl {savedconfig:configfilename | script:scriptfilename}

copy tftp://Location/Directory/Filename {savedconfig:configfilename | script:scriptfilename}

copy {savedconfig:configfilename | script:scriptfilename} tftp://Location/Directory/Filename

Syntax Description

FileUrl

The URL (including the file name) of the configuration or script file to be copied to the storage router, such as http://acme/~myhome/allconf.xml. (In this example, the host name acme can be used if the ip name-server command was previously issued.) Configuration files are transferred to the savedconfig directory; script files are transferred to the script directory.

configfilename

The name of the saved configuration file. If the file is being copied from the storage router to a TFTP server, it must exist in the storage router savedconfig directory.

scriptfilename

The name of the saved script file. If the file is being copied from the storage router to a TFTP server, it must exist in the storage router script directory.

Location/Directory/Filename

The name of the TFTP server and default directory, followed by the file name. The file must currently exist in the directory. It will be overwritten by the file copied from the storage router.

Note If the default directory is tftpboot, specify only the name of the TFTP server and the file name.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

The copy command does not affect the running or persistent configuration of the storage router or high availability cluster. However, the restore command can be used to copy the contents of a saved configuration file into persistent memory, while the read script command can be used to execute the commands in a script file to modify a storage router configuration.

Because TFTP does not require a user name and password, directories and files cannot be created. When you copy a file to a TFTP server, you must have read/write permissions for the complete file path, and the file copied from the storage router must already exist.

Examples

The following example copies the saved configuration file myFoo.xml from a server with an IP address of 10.1.40.10 to the storage router. The file name is changed to myFoo_restore.xml when it is written to the storage router savedconfig directory.

[SN5428-2A]# copy http://10.1.40.10/usr/SN5428-2/savedconfig/myFoo.xml 
savedconfig:myFoo_restore.xml

The following example copies the script file SN5428-2_Lab from a server named acme. The file name is unchanged when it is written to the storage router script directory.

[SN5428-2A]# copy http://acme/~myhome/SN5428-2_Lab script:SN5428-2_Lab

The following example copies the saved configuration file, backup_23, to the daily_backup file in the tftpboot directory of the tftp_primary server. The file, daily_backup, must already exist in the tftpboot directory of the tftp_primary server. This command will overwrite the existing daily_backup file.


Note Because the default directory is tftpboot, the command does not specify directory information.


[SN5428-2A]# copy savedconfig:backup_23 tftp://tftp_primary/daily_backup

Related Commands

Commands
Description

read script

Read and execute the CLI commands in the named script file.

restore aaa

Restore AAA authentication services from the named configuration file.

restore accesslist

Restore the named access list or all access lists from the named configuration file.

restore all

Restore the contents of the named configuration file into memory.

restore scsirouter

Restore the named SCSI routing instance from the named configuration file.

restore system

Restore selected system information from the named configuration file.

restore vlan

Restore VLAN configuration information from the named configuration file.

save aaa

Save the current AAA configuration information.

save accesslist

Save configuration data for the named access list or all access lists.

save all

Save all configuration information.

save scsirouter

Save configuration information for the named SCSI routing instance.

save system

Save selected system configuration information.

save vlan

Save configuration information for the named VLAN or for all VLANs.

show savedconfig

Display the contents of the savedconfig directory or the contents of the named configuration file.

show script

Display the contents of the script directory or the contents of the named command file.


debug aaa

To enable debugging for authentication, authorization, and accounting (AAA) services, use the debug aaa command. To disable debugging for AAA authentication services, use the no form of this command.

debug aaa

no debug aaa

Syntax Description

This command has no arguments or keywords.

Defaults

Debugging is not enabled.

Command Modes

Administrator.

Command History

Release
Modifications

3.2.1

This command was introduced.


Usage Guidelines

Use this command to debug problems with iSCSI, Enable and Login authentication or general AAA authentication services. Create log route entries for notification level debugging to send the trace and debug messages to the desired destination, using the logging level command.

Examples

The following example enables AAA debugging:

[SN5428-2A]# debug aaa

Related Commands

Command
Description

aaa authentication enable

Configure AAA authentication services for Administrator mode access to the SN 5428-2 Storage Router via the CLI enable command.

aaa authentication iscsi

Configure the AAA authentication services to be used for iSCSI authentication.

aaa authentication login

Configure AAA authentication services for Monitor mode access to the SN 5428-2 Storage Router via the CLI.

aaa group server radius

Create a named group of RADIUS servers for AAA authentication services.

aaa group server tacacs+

Create a named group of TACACS+ servers for AAA authentication services.

aaa test authentication

Enable testing of AAA authentication services.

debug scsirouter

Enable debugging for the named SCSI routing instance.

logging level

Add rule entries to route storage router event, debug and trace messages to various destinations based on facility and notification level.

restore aaa

Restore AAA configuration services from a saved configuration file.

save aaa

Save the current AAA configuration information.

scsirouter authentication

Enable iSCSI authentication for the named SCSI routing instance.

show aaa

Display AAA configuration information.


debug cmd

To run any operating system command with up to five arguments from the CLI, use the debug cmd command.

debug cmd os-command [parameters]

Syntax Description

os-command

Any valid operating system command. Do not invoke interactive functions.

parameters

Up to five command parameters.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modifications

3.2.1

This command was introduced.


Usage Guidelines

The debug cmd command is designed for debug purposes, and should be used under the guidance of a Cisco Technical Support professional.

Examples

The following example displays usage information for the debug cmd:

[SN5428-2A]# debug cmd dbgRunOSCmdHelp 0
[SN5428-2A]# debug cmd dbgRunOSCmdHelp 0c 1a c4 3c
 
Running command dbgRunOSCmdHelp(0xc1ac43c) with args 0 0 0 0 0
 
 
CLI usage: debug cmd symbol arg1 .. arg5
  symbol -- any named OS function
  arg1 .. arg5 -- numbers (interpreted as hex) or
                  strings if escaped with an initial '$', such as $fc1
                  Anything that doesn't convert to a number is a string
 
Return value is 0 = 0x0 (OK)

Related Commands

Command
Description

debug aaa

Enable debugging for AAA authentication services.

debug scsirouter

Enable debugging for the named SCSI routing instance.


debug interface

To specify the maximum number of firmware dump files that can exist on the storage router for a specified initiator interface, or to remove all existing firmware dump files, use the debug interface command.

debug interface if-name {forcefcfwdump | lldrestartfcfw}

debug interface if-name fwdumpcount nn

debug interface if-name removefwdumps

Syntax Description

if-name

Enable IP trace for the FC initiator interfaces. When you type the debug interface ? command, the CLI lists the interfaces available. You cannot specify a nonexistent interface.

forcefcfwdump

Force a dump of FC firmware. A file named qlclifwdump01.txt is created in the /ata4 partition.

lldrestartfcfw

Restart the FC firmware. Any existing connections may be dropped.

fwdumpcount nn

Specify the maximum number of times the firmware dump files for the specified interface can be overwritten. If a firmware dump is requested and the dump files cannot be overwritten, the firmware will be restarted but a dump file will not be created. The default is 1.

removefwdumps

Keyword used to clear all existing firmware dump files for the specified interface from the storage router.


Defaults

The maximum number of times firmware dump files can be overwritten for each FC initiator interface is 1.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Best practices suggest clearing all existing firmware dump files for the specified interface before requesting a new firmware dump.


Caution Some debug interface commands may perform actions that drop existing connections or otherwise impact normal storage router performance. The debug interface command is designed for debug purposes and should be used under the guidance of a Cisco Technical Support professional.

Examples

The following example sets the maximum number of times the firmware dump files for fci1 can be overwritten to 2:

[SN5428-2A]# debug interface fci1 fwdumpcount 2

The following example clears all firmware dump files for fci2:

[SN5428-2A]# debug interface fci2 removefwdumps

Related Commands

Command
Description

show debug

Display a variety of debug information or perform specific troubleshooting activities.

show interface

Display operational and configuration information for the specified interface or all interfaces.


debug interface fc?

To configure a variety of operational parameters for the internal FC interface switch ports, use the debug interface fc? command. To disable various parameters, use the no form of this command.

debug interface fc? {al-fairness | fan-enable |ms-enable} enable

debug interface fc? default

debug interface fc? diag

debug interface fc? enable

debug interface fc? ext-credit nn

debug interface fc? linkspeed {auto | 1gb | 2gb}

debug interface fc? loopback {external | internal | online}

debug interface fc? mfs-bundle enable [timeout nn]

debug interface fc? type {auto | f-port | fl-port | g-port | gl-port}

debug interface fc? type tl-port mode {autobridge | autolearn}

no debug interface fc? {al-fairness | fan-enable | ms-enable} enable

no debug interface fc? enable

no debug interface fc? mfs-bundle enable [timeout nn]

Syntax Description

fc?

The name of the internal FC interface switch port for which you are setting this parameter. Valid values are fc0 and fc15. When you type the debug interface fc? command, the CLI lists the interfaces available. You cannot specify a nonexistent interface.

al-fairness enable

Keywords, used to enable the fairness algorithm (loop priority) on the named internal switch port.

default

Keyword used to reset the port to default operational parameters.

diag

Keyword used to places the switch port into diagnostic mode for testing purposes.

enable

Keyword used to enable the specified switch port.

ext-credit nn

Keywords used to enable the port to use additional data buffer credits. Valid values are 0, 11, 22, 33, 44, 55, 66 and 77. The default is 0, indicating that the port is not enabled for credit extension.

fan-enable enable

Keywords, used to enable Fabric Address Notification (FAN) on the specified switch port.

linkspeed auto

Keywords, indicating that the transfer rate is negotiated.

linkspeed 1gb

Keywords, indicating the transfer rate is fixed at 1 Gbps.

linkspeed 2gb

Keywords, indicating the transfer rate is fixed at 2 Gbps.

loopback external

Keywords, indicating an external test will be performed. The specified port must be in a diagnostic state.

loopback internal

Keywords, indicating an internal test will be performed. The specified port must be in a diagnostic state.

loopback online

Keywords, indicating an online loopback test will be performed. The specified port must be enabled.

mfs-bundle enable

Keywords, used to enable Multi-Frame sequence (MFS) bundling for the named switch port.

timeout nn

The timeout value associated with MFS bundling, in milliseconds. Valid values are 10 through 20480. The default timeout value is 10 msecs.

ms-enable enable

Keywords, used to enable GS-3 management server commands for the specified switch port.

type auto

Keywords, indicating the port type is automatically negotiated and functions as a generic loop (GL_Port).

type donor

Keywords, indicating the port type is donor. A donor port places its data buffer credits in a pool that ports configured for credit extension draw on. A donor port is essentially disabled; it cannot be used for FC communication.

type f-port

Keywords, indicating that the port type is fabric. F_Ports are fabric ports.

type fl-port

Keywords, indicating that the port type is fabric loop (also known as "public loop").

type g-port

Keywords, indicating that the port type is generic and can function as either an F_Port or an E_Port. An E_Port is also known as an "expansion port."

type gl-port

Keywords, indicating that the port type is generic loop and can function as either an F_Port, FL_Port, or E_Port.

type tl-port

Keywords, indicating that the port type is translated loop.

mode autobridge

Keywords, indicating public targets are made visible to the initiator in a private loop.

mode autolearn

Keywords, indicating targets in a private loop are made visible.


Defaults

The internal FC switch ports have the following default operational characteristics:

fairness algorithm is disabled (switch has priority)

Fabric Address Notification (FAN) is enabled

transfer rate is fixed at 2 Gbps

Multi-Frame sequence bundling is enabled

GS-3 management server commands are enabled

port type is fabric (F_Port)

credit extension is disabled (ext-credit is set to 0)

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

The debug interface fc? command is designed for debug purposes, and should be used under the guidance of a Cisco Technical Support professional.


Caution Changing operational characteristic for the interface FC switch ports can cause unexpected behavior in the storage router.

Examples

The following example places the internal FC switch port fc0 into diagnostic mode for testing purposes:

[SN5428-2A]# debug interface fc0 diag

Related Commands

Command
Description

show debug interface fc?

Display debug information for internal FC interface switch ports.


debug interface ge?

To enable packet tracing on a Gigabit Ethernet interface, use the debug interface ge? command. To disable packet tracing, use the no form of this command.

debug interface ge? trace [pktcnt nn] [pktsize nn] enable

no debug interface ge? trace enable

Syntax Description

ge?

Enable IP trace for the specified Gigabit Ethernet interface. When you type the debug interface ge? command, the CLI lists the interfaces available. You cannot specify a nonexistent interface.

trace

Keyword indicating IP packet tracing will be enabled.

pktcnt nn

(Optional) Specify the maximum number of packets to be traced. nn must be a value greater then zero (0). If not specified, a circular trace buffer is used. This is the default.

pktsize nn

(Optional) Specify the maximum number of bytes to trace per packet. Valid values are 14 to 1024, inclusive. The default is 128.

enable

Keyword used to enable IP packet tracing.


Defaults

IP packet tracing for all Gigabit Ethernet interfaces is disabled by default. The maximum trace size is 128, and all packets use a circular trace buffer.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

The debug interface ge? command is designed for debug purposes, and should be used under the guidance of a Cisco Technical Support professional.

Use the pktcnt keyword to specify the maximum number of packets to be traced. IP packet tracing will automatically be disabled when the specified number of packets is traced, or the trace buffer fills up. If a packet count is not specified, a circular trace buffer is used. The default trace buffer size is 131072 bytes.

Use the pktsize keyword to specify the maximum number of bytes to trace per packet. This value must be in the range of 14 to 1024. The default number of bytes to trace per packet is 128.

Use the show debug interface command to display statistics about the packet trace and to display the contents of the trace buffer in hex.


Note IP packet tracing must be disabled on the interface before the trace buffer can be displayed.


Examples

The following example enables IP packet tracing on the ge2 interface:

[SN5428-2A]# debug interface ge2 trace enable

The following example enables IP packet tracing on ge1, for a maximum of 100 packets. A maximum of 200 bytes will be traced per packet.

[SN5428-2A]# debug interface ge1 trace pktcnt 100 pktsize 200 enable

Related Commands

Command
Description

show debug

Display a variety of debug information or perform specific troubleshooting activities.

show debug interface ge?

Display IP packet trace statistics or the contents of the trace buffer.


debug ip rip;

To enable routing information protocol (RIP) debug log message, use the debug ip rip command. To disable RIP debug log message, use the no form of this command.

debug ip rip

no debug ip rip

Syntax Description

This command has no arguments or keywords.

Defaults

RIP debug log messages are disabled.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

The debug ip rip command is designed for debug purposes, and should be used under the guidance of a Cisco Technical Support professional.

Examples

The following example enables RIP, configures logging to send debug message to all virtual terminal sessions, and then enables RIP debug log messages. The show ip rip command is used to verify the running RIP configuration.

[SN5428-2A]# ip rip enable
Dec 09 16:12:50: %IP-5-IRMRSAR: RIP Services are running
*[SN5428-2A]# logging level debug from ip to vty
*[SN5428-2A]# debug ip rip
Dec 31 12:52:14: %IP-7-IRRPRL00: RIP Packet received from 10.1.30.1 length 124
Dec 31 12:52:14: %IP-7-IRRPRL01:   command 2 version 1
Dec 31 12:52:14: %IP-7-IRRPRL02:     route af 2, dest 10.1.40.0 mask 0.0.0.0 nextHop 
0.0.0.0 metric 2
Dec 31 12:52:14: %IP-7-IRRPRL02:     route af 2, dest 10.1.51.0 mask 0.0.0.0 nextHop 
0.0.0.0 metric 1
 
*[SN5428-2A]# show ip rip
Routing Information Protocol (RIP) Information:
        Invalid Timer: 180
        Enabled Flag:  true
        Debug Flag:    true
        Running Flag:  true

Related Commands

Command
Description

ip rip enable

Enable the storage router to learn dynamic routing using the routing information protocol (RIP).

show ip

Display entries from the SN 5428-2 Storage Router routing table, and statistics about the protocols used in the storage router network. Use the rip keyword to display RIP configuration information.


debug scsirouter

To enable trace facilities for debugging SCSI routing instances, use the debug scsirouter command. To disable debugging, use the no form of this command.

debug scsirouter name scsitrace

no debug scsirouter name scsitrace

Syntax Description

name

The name of the SCSI routing instance to be debugged.

scsitrace

Keyword indicating tracing services will be enabled.


Defaults

All trace facilities are enabled by default.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

When enabled at this level, debug tracing will trace traffic to and from all targets associated with the named SCSI routing instance. Use the show debug scsirouter command to view the trace buffer output.

Examples

The following example enables debug tracing facilities for a SCSI routing instance named foo:

[SN5428-2A]# debug scsirouter foo scsitrace

Related Commands

Command
Description

debug aaa

Enable debugging for AAA authentication services.

debug scsirouter target

Enable debugging for a specific SCSI routing instance target and LUN combination.

show debug scsirouter

Display trace buffer output.


debug scsirouter target

To enable trace facilities for debugging a specific SCSI routing instance target and LUN combination, use the debug scsirouter target command. To disable debugging, use the no debug scsirouter target form of this command.

debug scsirouter name target name lun nn scsitrace

no debug scsirouter name target name lun nn scsitrace

Syntax Description

name

The name of the SCSI routing instance to be debugged.

target name

The name of the target to be included in the trace.

lun nn

The specific LUN associated with the target.

scsitrace

Keyword indicating tracing services will be enabled.


Defaults

All trace facilities are enabled by default.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

When enabled at this level, SCSI tracing will trace traffic to and from the specified target and LUN combination associated with the named SCSI routing instance. Use the show debug scsirouter command to view the trace buffer output.

Examples

The following example enables SCSI tracing facilities for the target and LUN combination myTarget, LUN 0, associated with the SCSI routing instance named foo:

[SN5428-2A]# debug scsirouter foo target myTarget lun 0 scsitrace

Related Commands

Command
Description

debug aaa

Enable debugging for AAA authentication services.

debug scsirouter

Enable debugging for the named SCSI routing instance.

show debug scsirouter

Display trace buffer output.


delete accesslist

To delete an entire access list, all access lists, or a specified entry from the named access list, use the delete accesslist command. This command does not change the persistent storage router configuration until the relevant configuration information has been saved using the appropriate save command with the bootconfig keyword.

delete accesslist all

delete accesslist name [A.B.C.D/bits | A.B.C.D/1.2.3.4]

delete accesslist name [chap-username username | iscsi-name string]

delete accesslist name all

Syntax Description

name

The name of the access list.

A.B.C.D/bits

(Optional) IP address and subnet mask of the IP host being deleted from the access list. A.B.C.D is the dotted quad notation of the IP address. The /bits specifies the subnet mask in CIDR style.

A.B.C.D/1.2.3.4

(Optional) IP address and subnet mask of the IP host being deleted from the access list. A.B.C.D is the dotted quad notation of the IP address. 1.2.3.4 is the dotted quad notation of the subnet mask.

chap-username username

(Optional) The CHAP user name configured for the IP host being deleted from the access list. The CHAP user name is used for iSCSI authentication purposes.

iscsi-name string

(Optional) The iSCSI Name of the IP host being deleted from the access list.

name all

Delete all entries from the named access list.

all

Delete all access lists.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Because access lists are cluster entities, this operation affects all targets associated with this access list, regardless of where the associated SCSI routing instance is running within the high availability cluster.

Use the delete accesslist name all to clear all entries from the access list, but retain the access list entity.

Use the delete accesslist name command with no additional parameters to completely delete the named access list. Before completely deleting an access list, verify that it is no longer associated with any SCSI routing instance target.

Changes to access lists do not impact currently connected IP hosts; changes are effective for all subsequent connections.


Note If you delete an access list that is still associated with a SCSI routing instance target, the target remains bound to the access list, but subsequent connection requests by IP hosts will be rejected (as if the scsirouter target accesslist none command had been issued). Use the show scsirouter command with the target keyword to view access lists associated with SCSI routing instance targets.


In a cluster environment, access list management functions are handled by a single storage router. To determine which storage router is performing access list management functions, issue the show cluster command. If you issue a delete accesslist command from a storage router that is not performing access list management functions, the CLI displays an informational message with the name of the node that is currently handling those functions.

See "Maintaining and Managing the SN 5428-2 Storage Router," for more information on operating the storage router in a cluster.

Examples

The following example completely deletes the access list named fooList from the currently running configuration:

[SN5428-2A]# delete accesslist fooList

The following example deletes all entries from the access list named fooList1. The access list entity itself is not deleted from the currently running configuration:

[SN5428-2A]# delete accesslist fooList1 all

The following example deletes all access lists from the currently running configuration:

[SN5428-2A]# delete accesslist all

The following example deletes the specified IP address from the named access list, fooList2. This command does not update the bootable configuration of the storage router until a save accesslist bootconfig or save all bootconfig command is issued.

[SN5428-2A]# delete fooList2 192.168.54.12/32

The following example deletes the specified CHAP user name from the named accesslist, fooList3. This command does not update the bootable configuration of the storage router until a save accesslist bootconfig or save all bootconfig command is issued.

[SN5428-2A]# delete fooList3 chap-username webserver15

The following example deletes the specified iSCSI Name from the named accesslist, fooList4. This command does not update the bootable configuration of the storage router until a save accesslist bootconfig or save all bootconfig command is issued.

[SN5428-2A]# delete fooList4 iscsi-name ign.1987-05.com.cisco.01.8838a325b4017f

Related Commands

Command
Description

accesslist

Create an access list entity.

accesslist A.B.C.D/bits

Add IP addresses to an access list.

accesslist chap-username

Add CHAP user name entries to an access list.

accesslist iscsi-name

Add iSCSI Name entries to an access list.

restore accesslist

Restore the named access list or all access lists from the named configuration file.

save accesslist

Save configuration data for the named access list or for all access lists.

scsirouter target accesslist

Associate an access list with a specific SCSI routing target or all targets.

show accesslist

Display the contents of the named access list or all access lists.


delete fcalias

To delete the named alias, or the specified member WWPN from the named alias, use the delete fcalias command.

delete fcalias alias-name [member wwpn xxxxxxxxxxxxxxxx]

Syntax Description

alias-name

The name of the alias.

member wwpn xxxxxxxxxxxxxxxx

The WWPN of the alias member.

Note WWPN address notation is represented by 16 hex digits. The digits may be separated by colons. When entering WWPN addresses, colons can be omitted or placed anywhere in the address notation as long as they do not leave one character without a partner character.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

An alias is a collection of Fibre Channel devices, such as switches, initiators, storage and other SN 5428-2 Storage Routers, that can be zoned together. An alias is not a zone and cannot include a zone or another alias as a member.

Use this command to delete an entire alias and all its members from the zoning database, or to delete a specified member WWPN from an alias.

If the alias is a member of the active zone set, the alias will not be removed from the active zone set until the active zone set is deactivated. Use the no zoneset command with the enable keyword to deactivate the active zone set.


Caution If the storage router is connected to the FC switched fabric, all zoning changes (including the deletion of an alias) are immediately propagated to other SN 5428-2 Storage Routers and switches in the fabric.

See "Configuring Fibre Channel Interfaces," for more information about FC fabric zoning.

Examples

The following example deletes the alias named AliasFoo and all its members. The alias will be removed from all zone sets in which it is used.

[SN5428-2A]# delete fcalias AliasFoo

The following example deletes the member WWPN 21000004ed4105ab from the alias AliasFoo:

[SN5428-2A]# delete fcalias AliasFoo member wwpn 21000004ed4105ab

Related Commands

Command
Description

fcalias

Create an alias entity for use in Fibre Channel zoning.

fcalias member

Add the specified member to the named alias.

show fcalias

Display information about aliases and their members.


delete logging

To delete a rule from the logging table, use the delete logging command.

delete logging level notification-level from facility-name

delete logging #?

delete logging #nn

Syntax Description

level notification-level

The notification level of the routing rules entry to be deleted. See Table 11-13 in the Usage Guidelines section for a list of valid names that can be used for the notification-level argument.

from facility-name

The name of the facility. A facility is the feature area from which the message is received. See Table 11-14 in the Usage Guidelines section for a list of valid facility names.

#?

Request an indexed list of entries in the logging table.

#nn

The index number from the displayed list of entries. The specified routing rule will be deleted.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Event, trace and debug messages can be routed to various destinations, based on the notification level of the message and the application area (facility) that generated the message. When a log message is received by the storage router, the logging table rules are searched by facility name and by message level until a match is found. The log message is sent to all the destinations specified by the matching rule.

Use this command to delete logging rules based on notification level and facility name, or by index number.

To display an indexed lists of entries in the logging table, use the number sign (#) character followed by a question mark (?). That action will cause the routing rules in the logging table to be displayed as a numbered (indexed) set of lines. The command is displayed at the prompt below the list to the point of the # keyword. Complete the command by entering the appropriate index number. The specified routing rule will be deleted.

The level limits logging to messages of the specified level or lower levels, based on level number. Table 11-4 describes the available logging levels.

Table 11-4 Logging Level Message Levels and Corresponding Numbers 

Notification Level
Level Number
Description

emergency

0

System unusable

alert

1

Immediate action needed

critical

2

Critical conditions

error

3

Error conditions

warning

4

Non-fatal warning conditions

notice

5

Normal but significant conditions

info

6

Informational messages only

debug

7

Information for troubleshooting purposes



Note The debug notification level should be used for specific troubleshooting purposes only. System performance and HA behavior may be adversely affected by logging at the debug notification level.


Each facility can have up to eight notification levels. Each facility and notification level pair can have up to seven destinations. Table 11-5 describes the available facility names.

Table 11-5 Logging Level Facilities  

Facility Name
Description

all

All facilities.

AUTH

AAA authentication.

CDP

Cisco Discovery Protocol.

CONF

Configuration functions.

FC

Fibre Channel interfaces.

GE

Gigabit Ethernet interfaces.

HA

High availability cluster functions.

IF

Interface manager.

INVALID

Generic functions.

IP

IP functions.

ISCSI

iSCSI functions.

MON

Hardware monitor.

SLP

Service Location Protocol service functions.

SNMP

Simple Network Management Protocol.

SYSLOG

Syslog functions.

UI

User interface functions.

VTP

VTP and VLAN functions.


Use the save system bootconfig or save all bootconfig commands to save the updated logging table.

Examples

The following example displays the logging table and then deletes the routing rule entry for messages at level info from facility all:

[SN5428-2A]# show logging 
Logging is enabled
 
Index Level     Priority Facility   Route                         
1     info      6        all        console logfile               
2     debug     7        HA         logfile rslog                 
 
Syslog host is enabled, ip-address is 10.1.1.144
 
[SN5428-2A]# delete logging level info from all

The following example displays an indexed list of the routing rules in the logging table and then deletes the third entry:

[SN5428-2A]# delete logging #?
 
Logging is enabled
 
Index Level     Priority Facility   Route                         
1     critical  2        all        console logfile                   
2     debug     7        SNMP       rslog
3     notice    5        HA         all               
4     warning   4        CDP        rslog 
 
Syslog host is enabled, ip-address is 10.1.1.144
 
[SN5428-2A]# delete logging #3

Related Commands

Command
Description

clear logging table

Clear the SN 5428-2 Storage Router logging table of all entries, or to reset the table to factory defaults.

logging #?

Insert a routing rule entry into the storage router logging table.

logging level

Add rule entries to route storage router event, debug and trace messages to various destinations based on facility and notification level.

logging on

Enable or temporarily disable logging of storage router event message.

show logging

Display the routing rules in the logging table and the contents of the storage router log file.


delete savedconfig

To remove the named file from the savedconfig directory, use the delete savedconfig command.

delete savedconfig {filename | all}

Syntax Description

filename

The name of the configuration file to be deleted. This file must exist in the savedconfig directory.

all

Keyword, indicating that all configuration files in the savedconfig directory are to be deleted.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use the show savedconfig command to display the contents of the savedconfig directory.

Examples

The following example removes the configuration file named foo_config from the storage router:

[SN5428-2A]# delete savedconfig foo_config

Related Commands

Command
Description

copy

Copy the named configuration or script file from a remote location to the storage router, or from the storage router to a remote location.

restore all

Restore the contents of the named configuration file into memory.

save all

Save all configuration information.

save system

Save selected system configuration information

show savedconfig

Display the contents of the savedconfig directory or the contents of the named configuration file.

show script

Display the contents of the script directory or the contents of the named command file.


delete script

To remove the named command file from the script directory, use the delete script command.

delete script {filename | all}

Syntax Description

filename

The name of the command file to be deleted. This file must exist in the script directory.

all

Keyword, indicating that all command files in the script directory are to be deleted.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use the show script command to display the contents of the script directory or the specified command file.

Examples

The following example removes the command file named foo_script from the storage router:

[SN5428-2A]# delete script foo_script

Related Commands

Command
Description

copy

Copy the named configuration or script file from a remote location to the storage router, or from the storage router to a remote location.

read script

Read and execute the CLI commands in the named script file.

restore all

Restore the contents of the named configuration file into memory.

save all

Save all configuration information.

save system

Save selected system configuration information.

show bootconfig

Display the bootable configuration, or create a command file based on the bootable configuration.

show runningconfig

Display the running configuration, or create a command file based on the running configuration.

show savedconfig

List the contents of the savedconfig directory or the contents of the named configuration file.

show script

Display the contents of the script directory or the contents of the named command file.


delete scsirouter

To delete the named elements from the SCSI routing instance, use the delete scsirouter command. This command does not change the persistent storage router configuration until the relevant configuration information has been saved using the appropriate save command with the bootconfig keyword.

delete scsirouter {name | all} [connection nn | serverif ge? [vlan vid]]

delete scsirouter {name | all} target {name | all} [lun nn]

delete scsirouter {name | all} target {name | all} [lun nn] force

delete scsirouter {name | all} force

delete scsirouter name all

Syntax Description

name

The name of the SCSI routing instance.

all

Delete all SCSI routing instances from the storage router, or delete all attributes for the named SCSI routing instance.

Note You are not prompted to confirm your actions.

connection nn

(Optional) Delete the specified connection from the named instance or all instances. Use the show scsirouter command with the connection keyword to display connection IDs.

serverif ge?

(Optional) Delete the server interface for the named SCSI routing instance or all instances.

vlan vid

(Optional) Delete the specified VLAN from the named SCSI routing instance or all instances.

target name

The name of the specific target to delete.

target all

Delete all targets from the named instance.

lun nn

(Optional) Delete the specified iSCSI LUN from the named target or all targets.

force

(Optional) Keyword that overrides normal protections, allowing the action to be performed.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

In a cluster environment, changes to the SCSI routing instance can only be made on the storage router that is the currently running that instance. The SCSI routing instance may be in a stopped state at the time it is deleted.

The force option allows the SCSI routing instance to be deleted from a storage router that is not currently running the instance. The force option should only be used when the storage router, or a specific SCSI routing instance, is in an abnormal state and cannot be recovered without rebooting.

When used with the target or LUN keywords, the force option allows the specified object to be deleted, even if in use by an iSCSI driver. Under normal circumstances, a target or LUN cannot be deleted if an iSCSI driver is logged in.

Use the all keyword to delete all attributes of a named SCSI routing instance. The named SCSI routing instance, however, is not deleted.


Note When making changes to SCSI routing instances (such as adding or deleting targets or changing access) be sure to make the complimentary changes to the iSCSI configuration of IP hosts using these services to access the storage resources. See the readme files for the appropriate iSCSI drivers for additional details. You can access the latest iSCSI drivers and readme and example configuration files from Cisco.com.


Examples

The following example deletes all targets associated with the SCSI routing instance named foo:

[SN5428-2A]# delete scsirouter foo target all

The following example deletes the specified VLAN from the Gigabit Ethernet interface, ge2, used by the SCSI routing instance named foo2:

[SN5428-2A]# delete scsirouter foo2 serverif ge2 vlan 101

The following example deletes all attributes of the SCSI routing instance named foo3. The SCSI routing instance named foo3 remains available for configuration on the storage router.

[SN5428-2A]# delete scsirouter foo3 all

The following example deletes the entire SCSI routing instance named foo4:

[SN5428-2A]# delete scsirouter foo4


Note All examples update the currently running configuration only. To make a deletion permanent, issue the appropriate save all bootconfig or save scsirouter bootconfig command.


Related Commands

Command
Description

restore scsirouter

Restore the named SCSI routing instance from the named configuration file.

save scsirouter

Save configuration information for the named SCSI routing instance.

scsirouter

Create a SCSI routing instance.

scsirouter enable

Start and stop the named SCSI routing instance.

scsirouter serverif

Assign a Gigabit Ethernet interface, IP address, and optionally a VLAN to the named SCSI routing instance.

setup scsi

Run the wizard to configure a SCSI routing instance.

show accesslist

Display the contents of the named access list or all access lists.

show scsirouter

Display configuration and operational information for the named SCSI routing instance.


delete software version

To delete a version of software from the storage router, use the delete software version command.


Note The version of software currently running and the version that will be booted when the system is restarted may not be deleted.


delete software version {v.x.y | all}

Syntax Description

v.x.y

The version of storage router software to be deleted.

all

Delete all non-bootable and non-current software versions.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use this command to remove old versions of software from the storage router.

Examples

The following example removes version 2.0.1 from the storage router:

[SN5428-2A]# delete software version 2.0.1

Related Commands

Command
Description

download software

Download the list of available software versions or the specified version of software from the named location.

software http url

Specify the default location from which to download updated storage router software via HTTP.

software proxy url

Specify the default location from which to download updated storage router software via HTTP, using a proxy server.

software tftp

Specify the default location from which to download updated storage router software via TFTP.

verify software version

Check the specified software version for problems.


delete zone

To delete the specified Fibre Channel (FC) zone or the specified member of the zone from the zoning database, use the delete zone command.

delete zone name [member {fcalias alias-name | fcid port-id | wwpn xxxxxxxxxxxxxxxx}]

Syntax Description

name

The name of the zone.

member

(Optional) Keyword, indicating the specified zone member will be deleted.

fcalias alias-name

Deletes the named alias member from the named zone.

fcid port-id

Deletes the specified Port ID member from the named zone.

wwpn xxxxxxxxxxxxxxxx

Deletes the specified WWPN member from the named zone.

Note WWPN address notation is represented by 16 hex digits. The digits may be separated by colons. When entering WWPN addresses, colons can be omitted or placed anywhere in the address notation as long as they do not leave one character without a partner character.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

A zone is a group of FC ports or devices, such as switches, storage or SN 5428-2 Storage Routers, grouped together to control the exchange of information.

Use this command to delete the specified zone from the zoning database. If the zone is a member of the active zone set, the zone will not be removed from the active zone set until the active zone set is deactivated. Use the no zoneset command with the enable keyword to disable the active zone set.

Use the member keyword to delete the specified alias, Port ID or WWPN member from the named zone.


Caution If the storage router is connected to the FC switched fabric, all zoning changes (including the deletion of a zone or zone member) are immediately propagated to other SN 5428-2 Storage Routers and switches in the fabric.

See "Configuring Fibre Channel Interfaces," for more information about FC fabric zoning.

Examples

The following example deletes the zone named testlab from the zoning database:

[SN5428-2A]# delete zone testlab

The following example deletes the alias member myfoo from the zone webservices:

[SN5428-2A]# delete zone webservices member fcalias myfoo

Related Commands

Command
Description

show zone

Display configuration and operational information for Fibre Channel fabric zones from the local zoning database.

show zoneset

Display configuration and operational information for Fibre Channel fabric zone sets.

zone

Create a Fibre Channel fabric zone.

zone member

Add a device or an alias to a zone.

zoneset

Create a Fibre Channel fabric zone set.

zoneset zone

Add a member zone to a zone set.


delete zoneset

To delete the specified zone from the zone set or to delete the entire named zone set from the zoning database, use the delete zoneset command.

delete zoneset name [zone name]

Syntax Description

name

The name of the zone set.

zone name

(Optional) Deletes the named zone from the specified zone set.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

A zone set is a group of zones. Zoning enables you to divide the ports and devices of the Fibre Channel fabric into zones for more efficient and secure communication among functionally grouped nodes. Only one zone set can be active at a time. The active zone set defines the zoning for the Fibre Channel fabric.

Use this command to delete an entire zone set from the zoning database or only the named zone from the zone set. If the zone set is active, the command does not take effect until the zone set is deactivated. Use the no zoneset command with the enable keyword to disable the active zone set.


Caution If the storage router is connected to the FC switched fabric, all zoning changes (including the deletion of a zone set) are immediately propagated to other SN 5428-2 Storage Routers and switches in the fabric.

See "Configuring Fibre Channel Interfaces," for more information about FC fabric zoning.

Examples

The following example deletes the zone set named testgroup:

[SN5428-2A]# delete zoneset testgroup

The following example deletes the zone named zoneA from the zoneset named testgroupA:

[SN5428-2A]# delete zoneset testgroupA zone zoneA

Related Commands

Command
Description

show zone

Display configuration and operational information for Fibre Channel fabric zones from the local zoning database.

show zoneset

Display configuration and operational information for Fibre Channel fabric zone sets.

zone

Create a Fibre Channel fabric zone.

zone member

Add a device or an alias to a zone.

zoneset

Create a Fibre Channel fabric zone set.

zoneset zone

Add a member zone to a zone set.


download software

To fetch the specified object from the named location or the default download location, use the download software list command.

download software {http | proxy} {list | url full_url | version v.x.y}

download software tftp {hostname host filename file | list | version v.x.y}

Syntax Description

http

Download using the HTTP protocol.

proxy

Download using a proxy server.

list

(Optional) Download a list of available versions.

url

(Optional) Keyword indicating that the download is from the specified URL.

full_url

The fully qualified URL from which to download this version of storage router software. For example, http://anywebserver.com/3.2.1.tar.

version v.x.y

(Optional) Download the specified version of storage router software from the default location.

tftp

Download using the TFTP protocol

hostname host

The name of the TFTP host.

filename file

The name of the file to be downloaded, such as 3.2.1.tar. This file contains the storage router software.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

The list of available software versions is stored in the file named sw-sn5428-2-versions.txt. This text file must contain one line for each version of software that is available from the download location. If you store and download software from a site other than the system default (http://www.cisco.com), create this file and update it whenever a new version of software is available.

Software is either downloaded from the default locations set for the specified protocol or from the location specified as part of the command. Always verify software after it has downloaded to assure no errors were encountered. See "Installing Updated Software" for details on verification and making updated software available to the storage router.

A maximum of two versions of software can be stored on the SN 5428-2 Storage Router.


Note While the size of the software file may vary, it will exceed 16 MB. Some older TFTP implementations have a 16 MB download limitation.


Examples

The following example downloads storage router software version 3.2.1 from the default location via standard Hypertext Transfer Protocol (HTTP):

[SN5428-2A]# download software http version 3.2.1

The following example downloads a file named sn5428-2v251.tar from the TFTP host named my_tftpHost. The file must exist in the default TFTP directory.

[SN5428-2A]# download software tftp hostname my_tftpHost filename sn5428-2v251.tar

The following file downloads the list of available software from the default location using the proxy configuration:

[SN5428-2A]# download software proxy list

Related Commands

Command
Description

delete software version

Remove the specified version of software from the storage router.

software http url

Specify the default location from which to download updated storage router software via HTTP.

software http username

Configure the user name and optional password required to access the default download location.

software proxy

Configure HTTP proxy information.

software proxy url

Specify the default location from which to download updated storage router software via HTTP, using a proxy server.

software proxy username

Configure the user name and optional password required to access the proxy URL.

software tftp

Specify the default location from which to download updated storage router software via TFTP.

verify software version

Check the specified software version for problems.


enable

To change the management session from Monitor mode to Administrator mode, use the enable command. Monitor mode, which is the default mode, provides view-only access to the storage router management interface. Administrator mode allows the user to create entities and make changes to the configuration of the storage router.

enable

Syntax Description

This command has no arguments or keywords.

Defaults

None.

Command Modes

Monitor.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Issue the enable command after a successful CLI login to change to Administrator mode. You are prompted to enter the Administrator mode password, if required. Use the exit command to return to Monitor mode.

Examples

The following example changes the session from Monitor mode to Administrator mode.

[SN5428-2A]# enable
 
Enter admin password: *****
[Entering Administrator mode]

Related Commands

Command
Description

aaa authentication enable

Configure AAA authentication services for Administrator mode access to the SN 5428-2 Storage Router via the CLI enable command.

exit

Leave Administrator mode and enter Monitor mode.

logout

Terminate the management session.

show aaa

Display AAA configuration information.


exit

To return the management session to Monitor mode from Administrator mode, use the exit command.

exit

Syntax Description

This command has no arguments or keywords.

Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Issue the exit command to return to Monitor mode after previously issuing the enable command.

Examples

The following example returns the CLI session to Monitor mode:

[SN5428-2A]# exit
[Leaving Administrator mode]

Related Commands

Command
Description

enable

Enter Administrator mode.

logout

Terminate the management session.


failover eligibility

To enable failover by eligibility for all SCSI routing instances running on the storage router, use the failover eligibility command. To disable failover by eligibility, use the no form of this command.

failover eligibility on

no failover eligibility on

Syntax Description

on

Keyword used to enable failover by eligibility for all SCSI routing instances running on the storage router.


Defaults

Failover by eligibility is enabled.

Command Modes

Administrator mode.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Each storage router in a cluster maintains and exchanges information about available resources. Failover by eligibility is enabled by default; HA bases the decision to automatically fail over a SCSI routing instance to another node in a cluster based on the Fibre Channel and other resources available to that SCSI routing instance.

Failover occurs when:

All mapped targets are unavailable or a critical resource for the SCSI routing instance is unavailable, and some or all mapped targets would be available from another node in the cluster. A critical resource can be a configured Gigabit Ethernet interface, a required Fibre Channel interface, or an internal resource needed to run the SCSI routing instance.

Some mapped targets are unavailable and all mapped targets are available on another node in the cluster.

All mapped targets are available, but another node in the cluster also has all targets available and is designated at the primary for the SCSI routing instance.

The storage router stops receiving heartbeats from another node within the cluster.

For more manual control over where a SCSI routing instance runs, use the no failover eligibility on command to prevent failover by eligibility on a storage router. If a SCSI routing instance is running on (or fails over to) a storage router that is configured with failover by eligibility turned off, it will continue running on that storage router unless there are no mapped targets available or a critical resource is unavailable.

Use the failover eligibility on command to restore normal failover functions.

The failover eligibility setting is not retained across a reboot; restarting the storage router restores the default setting (failover by eligibility is enabled).

Examples

The following example disables failover by eligibility for all SCSI routing instances running on the storage router named SN 5428-2A:

[SN5428-2A] no failover eligibility on

Related Commands

Command
Description

failover scsirouter

Cause the named SCSI routing instance to cease running on the storage router.

show ha

Display HA operational statistics for the storage router or for a specific application.

show scsirouter

Display configuration and operational information for the named SCSI routing instance.


failover scsirouter

To cause the named SCSI routing instance to cease running on this storage router and start running on another storage router in the cluster, use the failover scsirouter command.


Note If no eligible storage router is found, the SCSI routing instance will start running again on the same node. If the storage router is configured as a standalone system, failover is not allowed.


failover scsirouter name [pri | sec | to systemname]

failover scsirouter all [to systemname]

Syntax Description

name

The name of the SCSI routing instance to be failed over.

all

Failover all instances currently running on this storage router.

pri

(Optional) Force failover to the designated primary storage router on the failover list.

sec

(Optional) Force failover to the designated secondary storage router on the failover list.

to systemname

(Optional) Perform the failover to the specified storage router. This node must be active in the cluster.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use the all keyword to failover all SCSI routing instances currently running on this storage router. Each storage router can run a maximum of 12 SCSI routing instances; there is a maximum of 12 SCSI routing instances per cluster.

Examples

The following example causes the SCSI routing instance named foo to failover to another storage router in the cluster:

[SN5428-2A]# failover scsirouter foo

The following example causes all SCSI routing instances to failover to the storage router named TestLab1:

[SN5428-2A]# failover scsirouter all to TestLab1

Related Commands

Command
Description

scsirouter enable

Stop or start the named SCSI routing instance.

scsirouter failover

Add the storage router to the HA failover list for the specified SCSI routing instance.

setup cluster

Change the configuration of the high availability environment.


fcalias

To create an alias entity for use in Fibre Channel zoning, use the fcalias command. An alias is a group of FC ports or devices (such as switches, storage or SN 5428-2 Storage Routers) that are grouped together for convenience.

fcalias alias-name

Syntax Description

alias-name

The name of the alias entity created by this command. Enter a maximum of 31 characters. The name must begin with an alpha character.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

An alias allows you to group FC ports and devices together for zoning purposes. Unlike zones, however, aliases do not impose any communication restrictions on its members. An alias can belong to one or more zones, but a zone cannot be a member of an alias, nor can an alias be a member of another alias.

You must create a named alias entity before you can add members to the alias.

A default alias of iscsi is provided that contains both initiators WWPN1 and WWPN2.


Caution If the storage router is connected to the FC switched fabric, all zoning changes (including the creation of an alias) are immediately propagated to other SN 5428-2 Storage Routers and switches in the fabric.

See "Configuring Fibre Channel Interfaces," for more information about FC fabric zoning.

Examples

The following example creates an alias entity named LabGroupA:

[SN5428-2A]# fcalias LabGroupA

Related Commands

Command
Description

delete fcalias

Delete the named alias or the specified alias member.

fcalias member

Add the specified member to the named alias.

show fcalias

Display information about aliases and their members.

zone member

Add a device or an alias to a zone.


fcalias member

To add the specified member to the named alias, use the fcalias member command. An alias is a group of FC ports or devices (such as switches, storage or SN 5428-2 Storage Routers) that are grouped together for convenience.

fcalias alias-name member wwpn xxxxxxxxxxxxxxxx

Syntax Description

alias-name

The name of the alias entity.

wwpn xxxxxxxxxxxxxxxx

The world-wide port name (WWPN) of the port or device to be added to the alias.

Note WWPN address notation is represented by 16 hex digits. The digits may be separated by colons. When entering WWPN addresses, colons can be omitted or placed anywhere in the address notation as long as they do not leave one character without a partner character.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

An alias allows you to group FC ports and devices together for zoning purposes. Unlike zones, however, aliases do not impose any communication restrictions on its members. An alias can belong to one or more zones, but a zone cannot be a member of an alias, nor can an alias be a member of another alias.

The command verifies the format of the WWPN, but does not verify that the specified device exists. A default alias of iscsi is provided that contains both initiators WWPN1 and WWPN2.


Caution If the storage router is connected to the FC switched fabric, all zoning changes (including adding a member to an alias) are immediately propagated to other SN 5428-2 Storage Routers and switches in the fabric.

See "Configuring Fibre Channel Interfaces," for more information about FC fabric zoning.

Examples

The following example creates the alias named LabGroupA, and then adds the devices with the WWPN 2200001026558a0f and 220000201744ab3c to the named alias:

[SN5428-2A]# fcalias LabGroupA
[SN5428-2A]# fcalias LabGroupA member wwpn 2200001026558a0f
[SN5428-2A]# fcalias LabGroupA member wwpn 220000201744ab3c

Related Commands

Command
Description

delete fcalias

Delete the named alias or the specified alias member.

fcalias

Create an alias entity for use in Fibre Channel zoning.

show fcalias

Display information about aliases and their members.

zone member

Add a device or an alias to a zone.


fcswitch beacon enable

To enable all Fibre Channel port Logged-In (LOG) LEDs to flash, use the fcswitch beacon enable command. To disable LOG LED flashing, use the no form of this command.

fcswitch beacon enable

no fcswitch beacon enable

Syntax Description

This command has no arguments or keywords.

Defaults

Beacon flashing is disabled, by default. See the SN 5428-2 Storage Router Hardware Installation Guide for default LOG LED indication descriptions.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use this command to assist in locating a physical unit. This command is primarily used for troubleshooting purposes.

Examples

The following example causes all Fibre Channel port LOG LEDs on the storage router to flash:

[SN5428-2A]# fcswitch beacon enable

Related Commands

Command
Description

show debug fcswitch

Display internal Fibre Channel interface parameters.

show fcswitch

Display global configuration information for storage router FC interfaces.


fcswitch devlog

To specify the logging parameters for the SN 5428-2 Storage Router integrated Fibre Channel (FC) switch component development log file, use the fcswitch devlog command.

fcswitch devlog components component1 [component2...]

fcswitch devlog level notification-level

Syntax Description

components component1 [component2...]

At least one of the components described in Table 11-6.

level notification-level

Limit logging to messages of a specified level or lower. See Table 11-7 in the Usage Guidelines section for a list of valid names that can be used for the notification-level argument.


Defaults

No components or notification level are configured. Development logging for the SN 5428-2 Storage Router integrated FC switch component is disabled.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

The fcswitch devlog command is designed for debug purposes, and should be used under the guidance of a Cisco Technical Support professional.

After logging is enabled, use this command to limit the amount of information recorded in the switch development log by component and by notification level. To stop all logging for all components, set the notification level to none. Use the fcswitch devlog enable command to enable development logging.

Table 11-6 fcswitch devlog components 

Component
Description

Cmon

Monitors internal chassis components and applications.

Diag

Handles online testing and other diagnostic tasks.

Ds

Data services repository for all switch data.

Fc2

Class 2 frame handler.

MgmtApp

Manages the user interface and internal configuration for the switch.

PortApp

Manages the switch ports.

Swb

Software bus internal process communications mechanism.

Util

Utility message interpreter for handling legacy user interfaces.


Table 11-7 fcswitch devlog notification-level  

Notification Level
Description

Critical

Log all messages from the selected components (critical, warning and informational).

Warn

Log all warning and informational messages for the selected components.

Info

Log informational messages only for the selected components.

None

Log no messages. This setting stops switch development logging.


Examples

The following example limits the switch development log file to informational messages only from the management application and the class 2 frame handler:

[SN5428-2A]# fcswitch devlog components MgmtApp Fc2
[SN5428-2A]# fcswitch devlog level info

The following example stops all switch devlog logging:

[SN5428-2A]# fcswitch devlog level none

Related Commands

Command
Description

clear fcswitch

Clear the switch log files of all entries or clear stored zoning configuration information.

fcswitch devlog enable

Enable development logging for the integrated FC switch component.

fcswitch log interface

Restrict the integrated FC switch logging to information related to a specific FC interface.

show debug fcswitch

Display internal FC interface parameters, including switch log entries.


fcswitch devlog enable

To start development logging for the SN 5428-2 Storage Router integrated Fibre Channel (FC) switch component, use the fcswitch devlog enable command. To stop development logging, use the no form of this command.

fcswitch devlog enable

no fcswitch devlog enable

Syntax Description

This command has no arguments or keywords.

Defaults

Development logging is stopped.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

The fcswitch devlog enable command is designed for debug purposes, and should be used under the guidance of a Cisco Technical Support professional.

Examples

The following example starts development logging for the FC switch component and limits the switch development log file to informational messages only from the management application and the class 2 frame handler:

[SN5428-2A]# fcswitch devlog components MgmtApp Fc2
[SN5428-2A]# fcswitch devlog level info
[SN5428-2A]# fcswitch devlog enable

Related Commands

Command
Description

clear fcswitch

Clear the switch log files of all entries or clear stored zoning configuration information.

fcswitch devlog

Specify logging parameters for the switch development log file.

fcswitch log interface

Restrict the integrated FC switch logging to information related to a specific FC interface.

show debug fcswitch

Display internal FC interface parameters, including switch log entries.


fcswitch diag

To set all Fibre Channel (FC) interfaces into diagnostic mode for testing purposes, use the fcswitch diag command.

fcswitch diag

Syntax Description

This command has no arguments or keywords.

Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use this command to change all FC interfaces to diagnostic mode prior to performing internal or external loopback testing on individual FC interfaces.

Use the fcswitch enable command to reenable all FC interfaces. An FC interface must be enabled to run online loopback tests or to allow access to storage targets.

Use the no fcswitch enable command to disable all FC interfaces. When you are ready to allow access to the storage targets, you can enable all FC interfaces at once via the fcswitch enable command, or enable individual interfaces via the interface fc? enable command.

Examples

The following example sets all FC interfaces into a diagnostic state and then performs an internal loopback test on the FC interface named fc6:

[SN5428-2A]# fcswitch diag
[SN5428-2A]# interface fc6 loopback internal

Related Commands

Command
Description

fcswitch enable

Enable all FC interfaces.

interface fc? diag

Set the named FC interface into diagnostic mode for testing purposes.

interface fc? enable

Enable the named FC interface.

interface fc? loopback

Initiate a loopback test on the named FC interface.

show fcswitch

Display global configuration information for storage router FC interfaces.


fcswitch domainid

To set the SN 5428-2 Storage Router's domain ID for switched zoned fabric to a unique value, and to prevent the FC fabric from changing that domain ID, use the fcswitch domainid command. To disable the lock and allow the domain ID to be changed by the switched zoned fabric, use the no form of this command.

fcswitch domainid {domain-id} [force]

fcswitch domainid lock enable

no fcswitch domainid lock enable

Syntax Description

domain-id

The domain identification number associated with the storage router.

force

(Optional) Suppress warning prompts and messages.

lock enable

Keywords used to disallow changes to the domain ID from the switched zoned fabric.


Defaults

The default domain ID for fabric zoning is 1. The domain ID can be changed by the switched zoned fabric, by default.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use this command to set the SN 5428-2 Storage Router's domain identification number for switched zoned fabric to a unique value or to prevent changes to that value by the zoned fabric. Domain IDs allow fabrics to be segmented into different areas.

Domain IDs must be unique among all switch elements within a fabric. If there is a domain ID conflict, the expansion ports (ports operating as E_Ports) on the two conflicting elements are disabled, isolating the Interswitch Link (ISL).

If you are planning to connect to a switched zoned fabric via one or more FC interfaces, complete the appropriate zoning configuration for the storage router, as described in "Configuring Fibre Channel Interfaces."


Note Changing the domain ID in an operational fabric may cause traffic disruption. All ports operating as E_Ports should be inactive or disabled prior to changing the domain ID.


Examples

The following example sets the switched zoned fabric domain ID for the storage router to 42:

[SN5428-2A]# fcswitch domainid 42
*** Warning: Changing domain ID in an operational fabric will cause traffic disruption
  Do you want to continue? [(yes/no (no)] yes

The following example sets the switched zoned fabric domain ID for the storage router to 5 and enables the lock, which prevents the domain ID from being changed by the zoned fabric.

[SN5428-2A]# fcswitch domainid 5
*** Warning: Changing domain ID in an operational fabric will cause traffic disruption
  Do you want to continue? [(yes/no (no)] yes
[SN5428-2A]# fcswitch domainid lock enable

Related Commands

Command
Description

fcswitch enable

Enable all FC interfaces.

fcswitch interop-credit

Set the data buffer credit capacity for all FC ports.

fcswitch zoning autosave

Configure the storage router to participate in FC switched zones.

fcswitch zoning default

Select the level of communication between the storage router and devices in the fabric where there is no active zone set.

fcswitch zoning merge

Set zoning merge compliance.

interface fc? diag

Set the named FC interface into diagnostic mode for testing purposes.

interface fc? enable

Enable the named FC interface.

interface fc? loopback

Initiate a loopback test on the named FC interface.

show fcswitch

Display global configuration information for storage router FC interfaces.

show fcswitch eport

Display FSPF protocol information.


fcswitch dstov

To specify the amount of time the storage router is to wait for Fibre Channel (FC) Distributed Services, use the fcswitch dstov command.

fcswitch dstov {nn | default}

Syntax Description

nn

The Distributed Services timeout value, in milliseconds.

default

Keyword, indicating the storage router is to wait 5000 milliseconds for Fibre Channel Distributed Services.


Defaults

The default Distributed Services timeout value is 5000 milliseconds.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use this command to specify the length of time the storage router should wait for FC Distributed Services, such as the Management Server or Name Server, before returning an error.

Use the default keyword to return the Distributed Services timeout value to 5000 milliseconds.

Examples

The following example sets the Distributed Services timeout value to 7500 milliseconds:

[SN5428-2A]# fcswitch dstov 7500

The following example resets the Distributed Services timeout value to the default of 5000 milliseconds:

[SN5428-2A]# fcswitch dstov default

Related Commands

Command
Description

fcswitch edtov

Specify an error detect timeout value for all Fibre Channel interfaces.

fcswitch enable

Enable all FC interfaces.

fcswitch fstov

Specify the fabric stability timeout value.

fcswitch ratov

Specify a Fibre Channel resource allocation timeout value for the storage router.

show fcswitch

Display global configuration information for storage router FC interfaces.


fcswitch edtov

To specify an error detect timeout value for all Fibre Channel (FC) interfaces, use the fcswitch edtov command.

fcswitch edtov {nn | default}

Syntax Description

nn

The amount of time a port is to wait for errors to clear, in milliseconds.

default

Keyword, indicating the port is to wait 2000 milliseconds for errors to clear.


Defaults

The default error detect timeout value is 2000 milliseconds.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

The error detect timeout value is the amount of time the FC port is to wait for all errors to clear. This value applies to all FC interfaces in the storage router.

Error detect timeout values should be the same for all SN 5428-2 Storage Routers or switches in the fabric.

Examples

The following example sets the error detect timeout value to 4000 milliseconds:

[SN5428-2A]# fcswitch edtov 4000

The following example resets the error detect timeout value to the default of 2000 milliseconds:

[SN5428-2A]# fcswitch edtov default

Related Commands

Command
Description

fcswitch dstov

Specify the amount of time the storage router is to wait for Fibre Channel Distributed Services.

fcswitch enable

Enable all FC interfaces.

fcswitch fstov

Specify the fabric stability timeout value.

fcswitch ratov

Specify a Fibre Channel resource allocation timeout value for the storage router.

show fcswitch

Display global configuration information for storage router FC interfaces.


fcswitch enable

To enable all Fibre Channel (FC) interfaces, use the fcswitch enable command. To disable all FC interfaces, use the no form of this command.

fcswitch enable

no fcswitch enable

Syntax Description

This command has no arguments or keywords.

Defaults

All FC interfaces are enabled, by default.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

An FC interface must be enabled to allow access to storage targets or perform online loopback testing. Use this command to enable all FC interfaces at one time.

If you experience problems with FC storage, use the no form of this command to quickly disable all FC interfaces at once.

Examples

The following example enables all FC interfaces and then performs an online loopback test for the FC interface named fc6:

[SN5428-2A]# fcswitch enable
[SN5428-2A]# interface fc6 loopback online

The following example disables all FC interfaces.

[SN5428-2A]# no fcswitch enable

Related Commands

Command
Description

fcswitch diag

Set all FC interfaces into diagnostic mode for testing purposes.

interface fc? diag

Set the named FC interface into diagnostic mode for testing purposes.

interface fc? enable

Enable the named FC interface.

interface fc? loopback

Initiate a loopback test on the named FC interface.

show fcswitch

Display global configuration information for storage router FC interfaces.

show fcswitch eport

Display FSPF protocol information.


fcswitch fstov

To specify the fabric services timeout value, use the fcswitch fstov command.

fcswitch fstov {nn | default}

Syntax Description

nn

The amount of time the storage router is to wait for fabric services, in milliseconds.

default

Keyword, indicating the storage router will wait for 1000 milliseconds for fabric services.


Defaults

The default fabric stability timeout value is 1000 milliseconds.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use this command to specify the number of milliseconds the storage router will wait for fabric services.

Examples

The following example sets the fabric services timeout value to 5000 milliseconds:

[SN5428-2A]# fcswitch fstov 5000

The following example resets the fabric services timeout value to the default of 1000 milliseconds:

[SN5428-2A]# fcswitch fstov default

Related Commands

Command
Description

fcswitch dstov

Specify the amount of time the storage router is to wait for Fibre Channel Distributed Services.

fcswitch edtov

Specify an error detect timeout value for all Fibre Channel interfaces.

fcswitch enable

Enable all FC interfaces.

fcswitch ratov

Specify a Fibre Channel resource allocation timeout value for the storage router.

show fcswitch

Display global configuration information for storage router FC interfaces.


fcswitch interop-credit

To set the buffer-to-buffer credit value for all Fibre Channel (FC) ports, use the fcswitch interop-credit command.

fcswitch interop-credit credit

Syntax Description

credit

The data buffer credit capacity, also known as the buffer-to-buffer credit value. The credit variable is an integer between 0 and 255 inclusive. The default value is 12.


Defaults

The data buffer credit capacity is 12, by default.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use this command to set the data buffer credit capacity for all the storage router FC ports. The port buffer credit is used to determine how many maximum sized frames can be sent to a recipient before the sending port must wait for an acknowledgement. When the acknowledgement is received, the sending port can continue by sending the next frame. Port buffer credits are required when buffer-to-buffer flow control is in use. Buffer-to-buffer flow control occurs between directly connected FC ports.

The data buffer credit capacity must be the same for all switches across the fabric, and should be set to the lowest system-wide setting.

Examples

The following example sets the data buffer credit capacity to 15:

[SN5428-2A]# fcswitch interop-credit 15

Related Commands

Command
Description

fcswitch domainid

Set the domain ID for the storage router, to be used for FC switched fabric zoning.

fcswitch enable

Enable all FC interfaces.

fcswitch zoning autosave

Configure the storage router to participate in FC switched zones.

fcswitch zoning default

Select the level of communication between the storage router and devices in the fabric where there is no active zone set.

fcswitch zoning merge

Set zoning merge compliance.

interface fc? diag

Set the named FC interface into diagnostic mode for testing purposes.

interface fc? enable

Enable the named FC interface.

interface fc? loopback

Initiate a loopback test on the named FC interface.

show fcswitch

Display global configuration information for storage router FC interfaces.


fcswitch log interface

To restrict the SN 5428-2 Storage Router integrated Fibre Channel (FC) switch logging to information related to a specific FC interface, use the fcswitch log interface command. To remove the restriction, use the no form of this command.

fcswitch log interface if-name

no fcswitch log interface if-name

Syntax Description

if-name

The name of the FC interface for which you are setting this parameter. Valid values are fc1 through fc8, and default. Use "default" to enable logging for all FC interfaces. When you type the interface fc? command, the CLI lists the interfaces available. You cannot specify a nonexistent interface.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

The fcswitch log interface command is designed for debug purposes, and should be used under the guidance of a Cisco Technical Support professional.

Examples

The following example restricts logging for the integrated FC switch to information associated with fc3:

[SN5428-2A]# fcswitch log interface fc3

The following example removes the integrated FC switch logging restriction for fc3:

[SN5428-2A]# no fcswitch log interface fc3

Related Commands

Command
Description

clear fcswitch

Clear the switch log files of all entries or clear stored zoning configuration information.

fcswitch devlog

Specify logging parameters for the switch development log file.

fcswitch devlog enable

Enable development logging for the integrated FC switch component

fcswitch syslog

Specify logging parameters for the switch system log file.

fcswitch syslog enable

Enable system logging for the integrated FC switch component.

show debug fcswitch

Display internal FC interface parameters, including switch log entries.


fcswitch ratov

To specify a Fibre Channel (FC) resource allocation timeout value for the storage router, use the fcswitch ratov command.

fcswitch ratov {nn | default}

Syntax Description

nn

The amount of time the storage router is to wait to allow two FC ports to allocate enough resources to establish a link.

default

Keyword, indicating the storage router is to wait up to 10000 milliseconds to allow two FC ports to allocate enough resources to establish a link.


Defaults

The default resource allocation timeout value is 10000 milliseconds.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

The resource allocation timeout value is the amount of time the storage router is to wait to allow two FC ports to allocate sufficient resources to establish a link.

Resource allocation timeout values should be the same for all SN 5428-2 Storage Routers or switches in the fabric.

Examples

The following example sets the resource allocation timeout value to 9000 milliseconds:

[SN5428-2A]# fcswitch ratov 9000

The following example resets the resource allocation timeout value to the default of 10000 milliseconds:

[SN5428-2A]# fcswitch ratov default

Related Commands

Command
Description

fcswitch dstov

Specify the amount of time the storage router is to wait for Fibre Channel Distributed Services.

fcswitch edtov

Specify an error detect timeout value for all Fibre Channel interfaces.

fcswitch enable

Enable all FC interfaces.

fcswitch fstov

Specify the fabric stability timeout value.

show fcswitch

Display global configuration information for storage router FC interfaces.


fcswitch syslog

To specify the logging parameters for the SN 5428-2 Storage Router integrated Fibre Channel (FC) switch component system log file, use the fcswitch syslog command.

fcswitch syslog components component1 [component2...]

fcswitch syslog level notification-level

Syntax Description

components component1 [component2...]

At least one of the components described in Table 11-8.

level notification-level

Limit logging to messages of a specified level or lower. See Table 11-9 in the Usage Guidelines section for a list of valid names that can be used for the notification-level argument.


Defaults

All components log information into the SN 5428-2 Storage Router integrated FC switch component system log, by default. The default notification level is critical.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use this command to limit the amount of information recorded in the switch system log by component and by notification level. To stop all logging for all components, set the notification level to none.

Table 11-8 fcswitch syslog components  

Component
Description

Blade

Monitors modular circuit boards.

Chassis

Monitors chassis hardware components.

Eport

Monitors all Fibre Channel interfaces where the port is operating as an expansion port (E_Port).

NameServer

Monitors name server events.

MgmtServer

Monitors management server status.

Other

Monitors miscellaneous events.

Port

Monitors all port events.

Switch

Monitors switch management events.

Zoning

Monitors zoning conflict events.


Table 11-9 fcswitch syslog notification level  

Notification Level
Description

Critical

Log all messages from the selected components (critical, warning and informational).

Warn

Log all warning and informational messages for the selected components.

Info

Log informational messages only for the selected components.

None

Log no messages. This setting stops switch system logging.


Examples

The following example limits the switch system log file to informational messages only for name server, management server, port and switch management events:

[SN5428-2A]# fcswitch syslog components NameServer MgmtServer Port Switch
[SN5428-2A]# fcswitch syslog level info

The following example stops all switch syslog logging:

[SN5428-2A]# fcswitch syslog level none

Related Commands

Command
Description

clear fcswitch

Clear the switch log files of all entries or clear stored zoning configuration information.

fcswitch log interface

Restrict the integrated FC switch logging to information related to a specific FC interface.

fcswitch syslog enable

Enable system logging for the integrated FC switch component.

show debug fcswitch

Display internal FC interface parameters, including switch log entries.


fcswitch syslog enable

To start system logging for the SN 5428-2 Storage Router integrated Fibre Channel (FC) switch component, use the fcswitch syslog enable command. To stop system logging, use the no form of this command.

fcswitch syslog enable

no fcswitch syslog enable

Syntax Description

This command has no arguments or keywords.

Defaults

System logging for the integrated FC switch component is started, by default.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

The fcswitch syslog enable command is designed for debug purposes, and should be used under the guidance of a Cisco Technical Support professional.

Examples

The following example stops system logging for the integrated FC switch component. When system logging is started, logging will continue based on the existing component and notification level settings.

[SN5428-2A]# no fcswitch syslog enable

Related Commands

Command
Description

clear fcswitch

Clear the switch log files of all entries or clear stored zoning configuration information.

fcswitch log interface

Restrict the integrated FC switch logging to information related to a specific FC interface.

fcswitch syslog

Specify logging parameters for the switch system log file.

show debug fcswitch

Display internal FC interface parameters, including switch log entries.


fcswitch zoning autosave

To enable the SN 5428-2 Storage Router to automatically save zoning changes received from switches in the fabric, use the fcswitch zoning autosave command. To prevent the storage router from saving zoning changes, use the no form of this command.

fcswitch zoning autosave enable

no fcswitch zoning autosave enable

Syntax Description

autosave enable

Enables the storage router to save zoning changes received from switches in the fabric to non-volatile memory. This is the default.


Defaults

The storage router saves zoning changes by default.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

By default, the SN 5428-2 Storage Router can merge into existing FC switched fabric zones and participate in the zoning. Use the no form of this command, in conjunction with the fcswitch domainid command with the lock keyword to prevent the storage router from participating in FC switched fabric zones.

Examples

The following example prevents the storage router from participating in FC switched fabric zones. The first command prevents the storage router from saving zoning changes received from switches in the fabric, and the second command locks the domain ID, preventing the FC switched fabric from making changes to that value.

[SN5428-2A]# no fcswitch zoning autosave enable
[SN5428-2A]# fcswitch domainid lock enable

Related Commands

Command
Description

clear fcswitch

Clear the switch log files of all entries or clear stored zoning configuration information.

fcswitch domainid

Set the domain ID for the storage router, to be used for FC switched fabric zoning.

fcswitch enable

Enable all FC interfaces.

fcswitch interop-credit

Set the data buffer credit capacity for all FC ports.

fcswitch zoning default

Select the level of communication between the storage router and devices in the fabric where there is no active zone set.

fcswitch zoning merge

Set zoning merge compliance.

interface fc? diag

Set the named FC interface into diagnostic mode for testing purposes.

interface fc? enable

Enable the named FC interface.

interface fc? loopback

Initiate a loopback test on the named FC interface.

show fcswitch

Display global configuration information for storage router FC interfaces.

zone

Create a Fibre Channel fabric zone.

zoneset

Create a Fibre Channel fabric zone set.

zoneset enable

Activate a zone set.


fcswitch zoning default

To select the level of communication between the storage router and devices in the fabric when there is no active zone set, use the fcswitch zoning default command.

fcswitch zoning default {all | none}

Syntax Description

default all

Enables the storage router to communicate with all switches and other devices in the fabric when there is no active zone set. This is the default.

default none

When there is no active zone set, the storage router cannot communicate with any other switch or device in the fabric.


Defaults

If there is no active zone set, the storage router can communicate with all switches and other devices in the fabric, by default.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

By default, the SN 5428-2 Storage Router can merge into existing FC switched fabric zones and participate in the zoning. Use this command to isolate the storage router and prevent communication with any switch or other device in the fabric, if there is no active zone set.

Before changing the default behavior, disconnect any ISL links to other fabric entities to prevent unintended disruption of fabric traffic.

Examples

The following example prevents the storage router from communicating with switches and all other devices in the fabric, if there is no active zone set:

[SN5428-2A]# fcswitch zoning default none

Related Commands

Command
Description

clear fcswitch

Clear the switch log files of all entries or clear stored zoning configuration information.

fcswitch domainid

Set the domain ID for the storage router, to be used for FC switched fabric zoning.

fcswitch enable

Enable all FC interfaces.

fcswitch interop-credit

Set the data buffer credit capacity for all FC ports.

fcswitch zoning autosave

Enable the SN 5428-2 Storage Router to save zoning changes received from switches in the fabric.

fcswitch zoning merge

Set zoning merge compliance.

interface fc? diag

Set the named FC interface into diagnostic mode for testing purposes.

interface fc? enable

Enable the named FC interface.

interface fc? loopback

Initiate a loopback test on the named FC interface.

show fcswitch

Display global configuration information for storage router FC interfaces.

zone

Create a Fibre Channel fabric zone.

zoneset

Create a Fibre Channel fabric zone set.

zoneset enable

Activate a zone set.


fcswitch zoning merge

To set zoning merge compliance, use the fcswitch zoning merge command.

fcswitch zoning merge sw2

Syntax Description

sw2

Indicates the fabric includes only FC-SW-2 compliant switches. A merge may only occur of active zoning information, ensuring all switches have identical active zone sets. This is the default.


Defaults

The SN 5428-2 Storage Router is FC-SW-2 compliant, and is configured to participate in a fabric with only FC-SW-2 compliant switches by default.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

By default, the SN 5428-2 Storage Router can merge into existing FC switched fabric zones and participate in the zoning. All switches in a fabric should be set to the same merge mode to prevent switches from becoming isolated from each other. By default, the storage router supports the FC-SW-2 compliant merge mode.

Examples

The following example sets the merge mode for participation in a fabric with FC-SW-2 compliant switches:

[SN5428-2A]# fcswitch zoning merge sw2

Related Commands

Command
Description

clear fcswitch

Clear the switch log files of all entries or clear stored zoning configuration information.

fcswitch domainid

Set the domain ID for the storage router, to be used for FC switched fabric zoning.

fcswitch enable

Enable all FC interfaces.

fcswitch interop-credit

Set the data buffer credit capacity for all FC ports.

fcswitch zoning autosave

Enable the SN 5428-2 Storage Router to save zoning changes received from switches in the fabric.

fcswitch zoning default

Select the level of communication between the storage router and devices in the fabric where there is no active zone set.

interface fc? diag

Set the named FC interface into diagnostic mode for testing purposes.

interface fc? enable

Enable the named FC interface.

interface fc? loopback

Initiate a loopback test on the named FC interface.

show fcswitch

Display global configuration information for storage router FC interfaces.

zone

Create a Fibre Channel fabric zone.

zoneset

Create a Fibre Channel fabric zone set.

zoneset enable

Activate a zone set.


halt

To prepare the storage router to be powered down, issue the halt command.

halt [force] [fast]

Syntax Description

force

(Optional) Force an immediate halt of the SN 5428-2 Storage Router.

fast

(Optional) Bypass hardware diagnostics when the storage router is next restarted.


Defaults

If there are unsaved configuration changes when the command is issued, the default is to save all changes before halting. If the command is issued with the optional force keyword, any unsaved configuration changes are discarded.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

The halt command prepares the SN 5428-2 Storage Router file system to be powered down. If the storage router is participating in a cluster, the halt command will cause any SCSI routing instances running on this SN 5428-2 to failover to another storage router in the cluster.

If the halt command is issued with no keywords and there are unsaved changes to the current configuration, you are prompted to save or discard the changes.

Use the force keyword to cause an immediate halt of the storage router, discarding any unsaved configuration changes. Append the optional fast keyword to bypass diagnostics when the storage router is restarted.

When the halt command completes, the storage router displays the following system prompt:

[HALTED]# 

The storage router can be safely powered down when the HALTED system prompt appears. The only CLI command that can be issued from the storage router at the HALTED system prompt is the reboot command.


Note When the storage router is restarted, the cluster determines any SCSI routing instances that should start on the SN 5428-2. If the storage router is identified as the preferred storage router for any SCSI routing instance (via the scsirouter primary command), that instance will start running on the SN 5428-2 (assuming targets and critical resources are available).


Examples

The following prompt is received if you issue a halt command (without the force keyword) when the storage router has unsaved configuration changes.

[SN5428-2A]# halt

*** Warning: This will halt the system.
Do you want to continue? [yes/no (no)] yes
 
Changes have been made to the current configuration of the system which
have not been saved.
yes    - all of the configuration data will be saved,
no     - modifications to the configuration data will not be saved.
 
Save ALL configuration data? [yes/no (yes)] no
Halting system............!
[HALTED]# 

The following example halts the SN 5428-2 Storage Router (after prompting the user to save any unsaved configuration changes). Diagnostics will be bypassed when the storage router is restarted.

[SN5428-2A]# halt fast

Related Commands

Command
Description

reboot

Cause the SN 5428-2 Storage Router to shut down and then restart.


help

To display information on how to use the CLI, issue the help command.

help

Syntax Description

This command has no arguments or keywords.

Defaults

None.

Command Modes

Administrator or Monitor.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

The help command displays information about the various CLI commands that can be issued, based on the mode currently in use. The help command also displays information about the special keys that can be used in the CLI.

Examples

The following example shows the special key information returned as a result of the help command:

[SN5428-2A]# help
 
Special keys:
  ?                     list choices
  Backspace             delete character backward
  Tab                   complete current word
  Ctrl-A                go to beginning of line
  Ctrl-B or Arrow Left  go backward one character
  Ctrl-D                delete character
  Ctrl-E                go to end of line
  Ctrl-F or Arrow Right go forward one character
  Ctrl-K                delete from current position to end of line
  Ctrl-N or Arrow Down  go to next line in history buffer
  Ctrl-P or Arrow Up    go to previous line in history buffer
  Ctrl-T                transpose current character and previous character
  Ctrl-U                delete line
  Ctrl-W                delete previous word

Related Commands

Command
Description

enable

Enter Administrator mode.

exit

Leave Administrator mode and enter Monitor mode.


hostname

To specify a new system name for the SN 5428-2 Storage Router, use the hostname command. The storage router is recognized by this name through the management interface.

This command takes effect immediately, and the new system name is automatically integrated into the prompt string.

hostname sysname

Syntax Description

sysname

The name of the storage router. This may be the fully qualified domain name. Maximum length is 19 characters. The name cannot contain blanks, white space, or control characters.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

The SN 5428-2 Storage Router must have a system name, which is assigned to the storage router during initial configuration. Use this command to change the system name.

If you wish to enable network management on the storage router using the facilities of a Domain Name Server (DNS), you must make the storage router system name and IP address known to the DNS. Use the system name specified in this command.

Examples

The following example changes the storage router name to sn5428-2lab1.

[SN5428-2A]# hostname sn5428-2lab1

Related Commands

Command
Description

save all

Save all configuration information.

save system

Save selected system configuration information.

show system

Display selected system information, including system name.


interface fc? al-fairness

To enable the fairness algorithm (loop priority) on the named Fibre Channel (FC) interface, use the interface fc? al-fairness command. To disable the fairness algorithm on the named FC interface, use the no form of this command.

interface fc? al-fairness enable

no interface fc? al-fairness enable

Syntax Description

fc?

The name of the FC interface for which you are setting this parameter. Valid values are fc1 through fc8. When you type the interface fc? command, the CLI lists the interfaces available. You cannot specify a nonexistent interface.

enable

Keyword, required to enable the fairness algorithm on the named FC interface.


Defaults

The fairness algorithm is disabled on all FC interfaces by default, allowing the switch to have priority.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

When the fairness algorithm is not enabled for a specific FC interface, the switch receives priority. Use this command to enable the fairness algorithm for the named interface, removing the switch priority for that interface.


Note All storage routers in a cluster should be configured with the same interface-specific parameters, allowing failover of SCSI routing instances to provide consistent performance characteristics.


Examples

The following example enables the fairness algorithm on the FC interface named fc6:

[SN5428-2A]# interface fc6 al-fairness enable

The following example disables the fairness algorithm on the FC interface named fc3. The switch receives priority for traffic on this interface.

[SN5428-2A]# no interface fc3 al-fairness enable

Related Commands

Command
Description

interface fc? default

Return the named FC interface to its default operational characteristics.

interface fc? fan-enable

Enable Fabric Address Notification (FAN) on the named FC interface.

interface fc? linkspeed

Set the transfer rate for the named FC interface.

interface fc? mfs-bundle

Enable Multi-Frame Sequence bundling for the named FC interface.

interface fc? ms-enable

Enable GS-3 management server commands for the specified FC interface.

interface fc? type

Set the port type for the named FC interface.

show interface

Display operational and configuration information for the specified interface or all interfaces.


interface fc? default

To return the named Fibre Channel (FC) interface to its default operational characteristics, use the interface fc? default command.

interface fc? default

Syntax Description

fc?

The name of the FC interface to be returned to its default operational characteristics. Valid values are fc1 through fc8. When you type the interface fc? command, the CLI lists the interfaces available. You cannot specify a nonexistent interface.


Defaults

The following are the default operational characteristics for the Fibre Channel interface:

fairness algorithm is disabled (switch has priority)

Fabric Address Notification (FAN) is enabled

transfer rate is automatically negotiated (linkspeed auto)

Multi-Frame sequence bundling is enabled

GS-3 management server commands are enabled

port type is generic loop, indicating the port can function as either a fabric loop port (FL_Port), an expansion port (E_Port) or a fabric port (F_Port)

credit extension is not enabled (ext-credit is 0)

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use this command to quickly reset the named FC interface to its default operational characteristics. The results of this command are the same as if each of the following commands were issued for the same named FC interface:

no interface fc? al-fairness enable

interface fc? ext-credit 0

interface fc? fan-enable enable

interface fc? linkspeed auto

interface fc? mfs-bundle enable timeout 10

interface fc? ms-enable enable

interface fc? type gl-port


Note All storage routers in a cluster should be configured with the same interface-specific parameters, allowing failover of SCSI routing instances to provide consistent performance characteristics.


Examples

The following example returns the operational characteristics to their default settings for the FC interface named fc6:

[SN5428-2A]# interface fc6 default

Related Commands

Command
Description

interface fc? al-fairness

Enable the fairness algorithm on the named FC interface.

interface fc? fan-enable

Enable Fabric Address Notification (FAN) on the named FC interface.

interface fc? linkspeed

Set the transfer rate for the named FC interface.

interface fc? mfs-bundle

Enable Multi-Frame Sequence bundling for the named FC interface.

interface fc? ms-enable

Enable GS-3 management server commands for the specified FC interface.

interface fc? type

Set the port type for the named FC interface.

show interface

Display operational and configuration information for the specified interface or all interfaces.


interface fc? diag

To set the named Fibre Channel (FC) interface into diagnostic mode for testing purposes, use the interface fc? diag command.

interface fc? diag

Syntax Description

fc?

The name of the FC interface to be placed into diagnostic mode. Valid values are fc1 through fc8. When you type the interface fc? command, the CLI lists the interfaces available. You cannot specify a nonexistent interface.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use this command to change the named FC interface to diagnostic mode prior to performing an internal or external loopback test.

Use the interface fc? enable command to reenable the FC interface. An FC interface must be enabled to run an online loopback test, or to allow access to storage targets.

Use the no interface fc? enable command to disable the FC interface. When you are ready to allow access to the storage targets, you can enable all FC interfaces at once via the interface fc enable command, or enable individual interfaces via the interface fc? enable command.

Examples

The following example sets the FC interface fc6 into a diagnostic state and then performs an internal loopback test:

[SN5428-2A]# interface fc6 diag
[SN5428-2A]# interface fc6 loopback internal

Related Commands

Command
Description

fcswitch diag

Set all FC interfaces into diagnostic mode for testing purposes.

fcswitch enable

Enable all FC interfaces.

interface fc? enable

Enable the named FC interface.

interface fc? loopback

Initiate a loopback test on the named FC interface.

interface fc? reset

Disable and then enable the specified FC interface.

show fcswitch

Display global configuration information for storage router FC interfaces.


interface fc? enable

To enable the named Fibre Channel (FC) interface, use the interface fc? enable command. To disable the named FC interface, use the no form of this command.

interface fc? enable

no interface fc? enable

Syntax Description

fc?

The name of the FC interface to be enabled. Valid values are fc1 through fc8. When you type the interface fc? command, the CLI lists the interfaces available. You cannot specify a nonexistent interface.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

An FC interface must be enabled to allow access to storage targets or perform online loopback testing. Use this command to enable an individual FC interface.

If you experience a problem with the FC interface or a specific storage resource, use the no form of this command to disable the named FC interface.

Examples

The following example enables the FC interface fc6 and then performs an online loopback test:

[SN5428-2A]# interface fc6 enable
[SN5428-2A]# interface fc6 loopback online

The following example disables the FC interface fc3:

[SN5428-2A]# no interface fc3 enable

Related Commands

Command
Description

fcswitch diag

Set all FC interfaces into diagnostic mode for testing purposes.

fcswitch enable

Enable all FC interfaces.

interface fc? diag

Set the named FC interface into diagnostic mode for testing purposes.

interface fc? loopback

Initiate a loopback test on the named FC interface.

interface fc? reset

Disable and then enable the specified FC interface.

show fcswitch

Display global configuration information for storage router FC interfaces.


interface fc? ext-credit

To configure the specified interface for credit extension, use the interface fc? ext-credit command.

interface fc? ext-credit nn

Syntax Description

fc?

The name of the interface to receive the additional buffer credits. Valid values are fc1 through fc8. When you type the interface fc? command, the CLI lists the interfaces available. You cannot specify a nonexistent interface.

nn

The maximum number of additional buffer credits available to this interface. Valid values are 0, 11, 22, 33, 44, 55, 66 or 77.


Defaults

No extended credits are available. By default, each FC interface has 12 data buffer credits available.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

By default, each SN 5428-2 Storage Router Fibre Channel (FC) interface has a data buffer capacity of 12 maximum sized FC frames or "credits." This enables full bandwidth class 2 service over a distance of 20 kilometers at 1 Gbps, or 10 kilometers at 2 Gbps, for fibre optic cables. Longer distances can be spanned at full bandwidth by extending the credits available to an interface. An interface configured for credit extension draws on a pool of credits donated by designated donor interfaces. Each donor interface contributes 11 credits to the pool from which the recipient interfaces can draw.

In order to receive donated credits, the interface must have a running port type of E_Port, F_Port or G_Port. An interface with a running loop mode port type (FL_Port, GL_Port or translated loop) cannot receive donated credits. In order to donate credits, the interface port type must be donor.

Each interface with a port type of donor donates 11 buffer credits; all 11 buffer credits must go to a single recipient interface.

Use the show interface command to display the maximum data buffer credits available to an interface, and to display the ports receiving donated credits.

To make the interface unavailable for donated data buffer credits, use this command with a maximum number of additional buffer credits of 0 (zero).

Examples

The following example sets the port type for interface fc1 to F_Port, sets the port type for interface fc8 as donor (making 11 extended credits available to the interface fc1), and configures interface fc1 for credit extension:

[SN5428-2A]# interface fc8 type donor
*[SN5428-2A]# interface fc1 type f-port
*[SN5428-2A]# interface fc1 ext-credit 11

The following example makes the interface fc1 unavailable for credit extension:

[SN5428-2A]# interface fc1 ext-credit 0

Related Commands

Command
Description

fcswitch interop-credit

Set the data buffer credit capacity for all FC ports.

interface fc? type

Set the port type for the named FC interface.

show fcswitch

Display global configuration information for storage router FC interfaces.

show interface

Display operational and configuration information for the specified interface or all interfaces.


interface fc? fan-enable

To enable Fabric Address Notification (FAN) on the named Fibre Channel (FC) interface, use the interface fc? fan-enable command. To disable FAN on the named FC interface, use the no form of this command.

interface fc? fan-enable enable

no interface fc? fan-enable enable

Syntax Description

fc?

The name of the FC interface for which you are setting this parameter. Valid values are fc1 through fc8. When you type the interface fc? command, the CLI lists the interfaces available. You cannot specify a nonexistent interface.

enable

Keyword, required to enable FAN on the named FC interface.


Defaults

FAN is enabled on all FC interfaces by default

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use this command to enable or disable FAN loop login behavior on the named FC interface.


Note All storage routers in a cluster should be configured with the same interface-specific parameters, allowing failover of SCSI routing instances to provide consistent performance characteristics.


Examples

The following example disables FAN on the FC interface named fc6:

[SN5428-2A]# no interface fc6 fan-enable enable

The following example enables FAN on the FC interface named fc3.

[SN5428-2A]# interface fc3 fan-enable enable

Related Commands

Command
Description

interface fc? al-fairness

Enable the fairness algorithm on the named FC interface.

interface fc? default

Return the named FC interface to its default operational characteristics.

interface fc? linkspeed

Set the transfer rate for the named FC interface.

interface fc? mfs-bundle

Enable Multi-Frame Sequence bundling for the named FC interface.

interface fc? ms-enable

Enable GS-3 management server commands for the specified FC interface.

interface fc? type

Set the port type for the named FC interface.

show interface

Display operational and configuration information for the specified interface or all interfaces.


interface fc? linkspeed

To set the transfer rate for the named Fibre Channel (FC) interface, use the interface fc? linkspeed command.

interface fc? linkspeed {auto | 1gb | 2gb}

Syntax Description

fc?

The name of the FC interface for which you are setting this parameter. Valid values are fc1 through fc8. When you type the interface fc? command, the CLI lists the interfaces available. You cannot specify a nonexistent interface.

auto

Keyword, indicating the transfer rate will be negotiated.

1gb

Keyword, indicating the transfer rate will be fixed at 1 Gbps.

2gb

Keyword, indicating the transfer rate will be fixed at 2 Gbps.


Defaults

The transfer rate is automatically negotiated to either 1 Gbps or 2 Gbps, by default.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use this command to change the transfer rate for the named FC interface.


Note All storage routers in a cluster should be configured with the same interface-specific parameters, allowing failover of SCSI routing instances to provide consistent performance characteristics.


Examples

The following example sets the transfer rate for to 2 Gbps for the FC interface named fc6:

[SN5428-2A]# interface fc6 linkspeed 2gb

Related Commands

Command
Description

interface fc? al-fairness

Enable the fairness algorithm on the named FC interface.

interface fc? default

Return the named FC interface to its default operational characteristics.

interface fc? fan-enable

Enable Fabric Address Notification (FAN) on the named FC interface.

interface fc? mfs-bundle

Enable Multi-Frame Sequence bundling for the named FC interface.

interface fc? ms-enable

Enable GS-3 management server commands for the specified FC interface.

interface fc? type

Set the port type for the named FC interface.

show interface

Display operational and configuration information for the specified interface or all interfaces.


interface fc? loopback

To initiate a loopback test on the named Fibre Channel (FC) interface, use the interface fc? loopback command.

interface fc? loopback {external | internal | online}

Syntax Description

fc?

The name of the FC interface to be tested. Valid values are fc1 through fc8. When you type the interface fc? command, the CLI lists the interfaces available. You cannot specify a nonexistent interface.

external

Keyword, indicating an external loopback test will be performed. The FC interface must be in a diagnostic state.

internal

Keyword, indicating an internal loopback test will be performed. The FC interface must be in a diagnostic state.

online

Keyword, indicating an online loopback test will be performed. The FC interface must be enabled.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Loopback tests are part of standard diagnostic procedures. To display the results or status of a loopback test, use the show interface fc? command.

Before performing a loopback test, the named FC interface must be in the correct state.

For online loopback testing, the FC interface must be enabled. Use the interface fc? enable command to enable the FC interface before performing online loopback testing.

For external or internal loopback testing, the FC interface must be in a diagnostic state. Use the interface fc? diag command to set the FC interface into a diagnostic state before performing external or internal loopback testing.

Examples

The following example sets the FC interface fc6 into a diagnostic state and then performs an internal loopback test:

[SN5428-2A]# interface fc6 diag
[SN5428-2A]# interface fc6 loopback internal

The following example enables the FC interface fc3 and then performs an online loopback test:

[SN5428-2A]# interface fc3 enable
[SN5428-2A]# interface fc3 loopback online

Related Commands

Command
Description

fcswitch diag

Set all FC interfaces into diagnostic mode for testing purposes.

fcswitch enable

Enable all FC interfaces.

interface fc? diag

Set the named FC interface into diagnostic mode for testing purposes.

interface fc? enable

Enable the named FC interface.

interface fc? reset

Disable and then enable the specified FC interface.

show interface

Display operational and configuration information for the specified interface or all interfaces.


interface fc? mfs-bundle

To enable Multi-Frame Sequence (MFS) bundling for the named Fibre Channel (FC) interface, use the interface fc? mfs-bundle command. To disable MFS bundling for the named FC interface, use the no form of this command.

interface fc? mfs-bundle enable timeout nn

no interface fc? mfs-bundle enable

Syntax Description

fc?

The name of the FC interface for which you are setting this parameter. Valid values are fc1 through fc8. When you type the interface fc? command, the CLI lists the interfaces available. You cannot specify a nonexistent interface.

enable

Keyword, required to enable MFS bundling on the named FC interface.

timeout nn

The timeout threshold, in milliseconds. Valid values are 10 through 20480. The default timeout value is 10 msecs.


Defaults

MFS bundling is enabled on all FC interfaces, by default. The default timeout value is 10 msec.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

MFS bundling is used to support systems that require frames to be sequenced in a particular order.


Note All storage routers in a cluster should be configured with the same interface-specific parameters, allowing failover of SCSI routing instances to provide consistent performance characteristics.


Examples

The following example enables MFS bundling for the FC interface named fc6, and sets the timeout value to 640 msecs:

[SN5428-2A]# interface fc6 mfs-bundle enable timeout 640

The following example disables MFS bundling for the FC interface named fc3:

[SN5428-2A]# no interface fc3 mfs-bundle enable

Related Commands

Command
Description

interface fc? al-fairness

Enable the fairness algorithm on the named FC interface.

interface fc? default

Return the named FC interface to its default operational characteristics.

interface fc? fan-enable

Enable Fabric Address Notification (FAN) on the named FC interface.

interface fc? linkspeed

Set the transfer rate for the named FC interface.

interface fc? ms-enable

Enable GS-3 management server commands for the specified FC interface.

interface fc? type

Set the port type for the named FC interface.

show interface

Display operational and configuration information for the specified interface or all interfaces.


interface fc? ms-enable

To enable GS-3 management server commands for the specified Fibre Channel (FC) interface, use the interface fc? ms-enable command. To disable GS-3 management server commands, use the no form of this command.

interface fc? ms-enable enable

no interface fc? ms-enable enable

Syntax Description

fc?

The name of the FC interface for which you are setting this parameter. Valid values are fc1 through fc8. When you type the interface fc? command, the CLI lists the interfaces available. You cannot specify a nonexistent interface.

enable

Keyword, required to enable GS-3 management server commands for the named FC interface.


Defaults

GS-3 management server commands are enabled on all FC interfaces.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Enabling GS-3 management server commands for the FC interface allows in-band management of the SN 5428-2 Storage Router integrated FC switch component. GS-3 management server commands must be enabled if you want to use storage management tools to provide in-band management of the integrated FC switch component along with other switches in the fabric.

Use the no form of this command to disable in-band management on the specified FC interface.

Examples

The following example disables GS-3 management server commands for fc8:

[SN5428-2A]# no interface fc8 ms-enable enable

Related Commands

Command
Description

interface fc? default

Return the named FC interface to its default operational characteristics.

show fcswitch

Display global configuration information for storage router 2 FC interfaces.

show interface

Display operational and configuration information for the specified interface or all interfaces.


interface fc? reset

To disable and then enable the specified Fibre Channel (FC) interface, use the interface fc? reset command.

interface fc? reset

Syntax Description

fc?

The name of the FC interface for which you are setting this parameter. Valid values are fc1 through fc8. When you type the interface fc? command, the CLI lists the interfaces available. You cannot specify a nonexistent interface.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

This command is functionally equivalent to issuing a no interface fc? enable command, followed by an interface fc? enable command.

After placing the FC interface into diagnostic mode and performing internal loopback testing, use this command to return the interface to an operational state.

Examples

The following example resets the FC interface named fc3:

[SN5428-2A]# interface fc3 reset

Related Commands

Command
Description

interface fc? diag

Set the named FC interface into diagnostic mode for testing purposes.

interface fc? enable

Enable the named FC interface.

interface fc? loopback

Initiate a loopback test on the named FC interface.


interface fc? rscn

To enable the generation of Registered State Control Notification (RSCN) messages on the specified Fibre Channel (FC) interface, use the interface fc? rscn command. To disable RSCN messages, use the no form of this command.

interface fc? rscn enable

no interface fc? rscn enable

Syntax Description

fc?

The name of the FC interface for which you are setting this parameter. Valid values are fc1 through fc8. When you type the interface fc? command, the CLI lists the interfaces available. You cannot specify a nonexistent interface.

enable

Keyword, required to enable generation of RSCN messages on the specified interface.


Defaults

RSCN messages are generated on all FC interfaces.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Each SN 5428-2 Storage Router and FC switch contains its own local Name Server, called a distributed Name Server (dNS). By default, all SN 5428-2 Storage Routers and FC switches in the fabric distribute RSCN messages whenever a change takes place in their local dNS database. RSCN notification is used to maintain the integrity of the local dNS database.

Examples

The following example disables generation of RSCN messages on interface fc5:

[SN5428-2A]# no interface fc5 rscn enable

Related Commands

Command
Description

show fcswitch nameserver

Display the local Fibre Channel nameserver database.


interface fc? type

To set the port type for the named Fibre Channel interface, use the interface fc? type command.

interface fc? type {auto | f-port | fl-port | g-port | gl-port}

interface fc? type tl-port mode {autobridge | autolearn}

interface fc? type donor

Syntax Description

fc?

The name of the FC interface for which you are setting this parameter. Valid values are fc1 through fc8. When you type the interface fc? command, the CLI lists the interfaces available. You cannot specify a nonexistent interface.

auto

Keyword, indicating the port type is automatically negotiated and functions as a generic loop (GL_Port).

f-port

Keyword, indicating the port type is fabric. F_Ports are fabric ports.

fl-port

Keyword, indicating the port type is fabric loop (also known as "public loop").

g-port

Keyword, indicating the port type is generic and can function as either an F_Port or an E_Port. An E_Port (also known as an "expansion port") is used to link multiple FC switches together into a fabric.

gl-port

Keyword, indicating the port type is generic loop and can function as either an F_Port, an FL_Port or an E_Port.

tl-port

Keyword, indicating the port type is translated loop.

mode autobridge

Keywords, indicating public targets are made visible to the initiator in a private loop.

mode autolearn

Keywords, indicating targets in a private loop are made visible.

donor

Keyword, indicating the interface is functioning as a donor port, making 11 buffer credits available to a recipient port, configured for credit extension.


Defaults

The port type is generic loop (GL_Port), by default.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Select the appropriate port type based on the connected equipment. By default, all of the storage router FC ports are defined as self configuring GL_Ports.

A GL_Port configures as an FL_Port when connected to a loop of public devices, an F_Port when connected to a single device, or an E_Port when connected to another SN 5428-2 or an FC-SW-2 compliant switch. A GL_Port may also configure as an E_Port when connected to a switch running non-FC-SW-2 compliant firmware.

A G_Port configures as an F_Port when connected to a single public device or an E_Port when connected to another SN 5428-2 or an FC-SW-2 compliant switch. A G_Port may also configure as an E_Port when connected to a switch running non-FC-SW-2 compliant firmware.

An F_Port supports connection to a single public device (N_Port).

An FL_Port supports connection to a loop of up to 126 public devices (NL_Port).

A TL_Port supports connection to a loop of up to 126 private devices with the ability to communicate with "off-loop" devices, such as public fabric devices and private devices on other TL_Ports. TL_Ports connect to devices that confirm to the Fibre Channel-Private Loop SCSI Direct Attach (FC-PLDA) standard. A TL_Port acts as a proxy for the off-loop device, translating private frames to and from public frames. Each TL_Port can proxy up to 64 off-loop devices.

A donor port type indicates that the interface is donating its buffer credits and is not used for FC devices. Each donor ports donates 11 buffer credits to the pool. All of the 11 credits must go to a single recipient interface, configured for credit extension.

Public devices have full Fibre Channel addressing capability and can communicate with any other public device on the fabric; private devices do not have full FC addressing capability. Private devices have only the Arbitrated Loop Physical Address (ALPA) portion.


Note All storage routers in a cluster should be configured with the same interface-specific parameters, allowing failover of SCSI routing instances to provide consistent performance characteristics.


Examples

The following example sets the port type to fabric for the FC interface named fc6:

[SN5428-2A]# interface fc6 type f-port

The following example set the port type to translated loop for the FC interface named fc3. The mode is autolearn, so targets in private loop are made visible.

[SN5428-2A]# interface fc3 type tl-port mode autolearn

The following example sets the port type for interface fc1 to F_Port, sets the port type for interface fc8 as donor (making 11 buffer credits available to the interface fc1), and configures interface fc1 for credit extension:

[SN5428-2A]# interface fc1 type f-port
*[SN5428-2A]# interface fc8 type donor
*[SN5428-2A]# interface fc1 ext-credit 11

Related Commands

Command
Description

interface fc? al-fairness

Enable the fairness algorithm on the named FC interface.

interface fc? default

Return the named FC interface to its default operational characteristics.

interface fc? ext-credit

Configure the specified interface as a potential recipient of donated data buffer credits.

interface fc? fan-enable

Enable Fabric Address Notification (FAN) on the named FC interface.

interface fc? linkspeed

Set the transfer rate for the named FC interface.

interface fc? mfs-bundle

Enable Multi-Frame Sequence bundling for the named FC interface.

interface fc? ms-enable

Enable GS-3 management server commands for the specified FC interface.

show interface

Display operational and configuration information for the specified interface or all interfaces.


interface fci? devicediscoverytimer

To enable the SN 5428-2 Storage Router internal Fibre Channel (FC) interfaces to perform background device rediscovery for all attached FC targets at specific time intervals, use the interface fci? devicediscoverytimer command.

interface fci? devicediscoverytimer nn

Syntax Description

fci?

The name of the internal FC interface. Valid values are fci1 or fci2. When you type the interface fci? command, the CLI lists the interfaces available. You cannot specify a nonexistent interface.

nn

The amount of time, in minutes between automatic background device rediscovery.


Defaults

The device discovery timer value is 0, indicating that automatic background device rediscovery is disabled.

Command Modes

Administrator.

Command History

Release
Modifications

3.2.1

This command was introduced.


Usage Guidelines

Use this command to enable automatic device rediscovery on a periodic basis in environments where LUNs can be created on FC targets, but no event occurs to cause devices to be rediscovered. This situation may occur with certain RAID controllers or virtualization type devices.

You do not need to issue the interface fci? devicediscoverytimer command for both internal FC interfaces. When you enable automatic background device rediscovery for one internal FC interface (for example, fci1), the same setting is enabled for the other internal FC interface (for example, fci2).

When automatic background device rediscovery is enabled, use the show interface command with the stats keyword to display the current device rediscovery timer configuration.

Examples

The following example enables automatic device rediscovery every 20 minutes:

[SN5428-2A]# interface fci2 devicediscoverytimer 20
device discovery timer changed to 20 minutes on interface fci1
device discovery timer changed to 20 minutes on interface fci2

The following example disables automatic background device rediscovery by setting the device discovery timer interval to 0. (This is the default setting.)

[SN5428-2A]# interface fci2 devicediscoverytimer 0
device discovery timer changed to 0 minutes on interface fci1
device discovery timer changed to 0 minutes on interface fci2

Use the show interface command with the stats keyword to display the current device rediscovery timer configuration. In the following example, the storage router will perform background device rediscovery every 10 minutes.

[SN5428-2B]# show interface fci1 stats
loop:       LOOP READY
connection: F Port
Data Rate:  2 Gb/s
port id:    0x20f00
ALPA:       0x0
firmware:   READY
device rediscovery timer:   10 minutes
. . .


Note The device rediscovery timer information does not display if automatic background device rediscovery is not enabled.


Related Commands

Command
Description

show interface

Display operational and configuration information for the specified interface or all interfaces.


interface ge?

To set various operational parameters associated with the Gigabit Ethernet interface, such as the size of the maximum transfer unit (MTU) or the use of VLANs, use the interface ge? command. To disable the use of VLANs, use the no form of this command. To specify that auto negotiation will never be used on this interface, use the interface ge? no autonegotiation command.

interface ge? {autonegotiation [autodetect] | mtusize {nn | default} 

interface ge? no autonegotiation

interface ge? vlan enable

no interface ge? vlan enable

Syntax Description

ge?

The name of the interface for which you are setting this parameter. When you type the interface ge? command, the CLI lists the interfaces available. You cannot specify a nonexistent interface.

autonegotiation

Auto negotiation will always be used on this interface.

autonegotiation autodetect

Automatically detect if auto negotiation should be used for this interface. This is the default setting.

mtusize nn

The size of the MTU, in bytes. nn is an integer between 1500 and 9000 inclusive.

mtusize default

Reset the value to the factory default of 1500 bytes.

vlan enable

Enable VLANs for this interface. This is the default.


Defaults

MTU size defaults to 1500 bytes. Auto negotiation defaults to autodetect. For storage routers deployed for SCSI routing, the use of VLANs is enabled by default.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

All storage routers in a cluster should be configured with the same MTU size and other interface-specific parameters, allowing failover of applications to provide consistent performance characteristics.

Use the no interface ge? vlan enable command to quickly restrict VLAN functionality on the Gigabit Ethernet interface for troubleshooting purposes.

Examples

The following example enables auto negotiation on the Gigabit Ethernet interface, ge1. The ge1 interface will not come up until auto negotiation is successfully completed.

[SN5428-2A]# interface ge1 autonegotiation

The following example disables VLANs for the Gigabit Ethernet interface, ge2:

[SN5428-2A]# no interface ge2 vlan enable

Related Commands

Command
Description

show interface

Display operational and configuration information for the specified interface or all interfaces.


interface ge? ip-address

To enable an IP address on a Gigabit Ethernet interface for management of the SN 5428-2 Storage Router, use the interface ge? ip-address command. To disable an IP address configured for storage router management, use the no form of this command.

interface ge? [vlan vid] ip-address {A.B.C.D/bits A.B.C.D/1.2.3.4} [secondary ge?]

no interface ge? [vlan vid] ip-address

Syntax Description

ge?

The name of the Gigabit Ethernet interface associated with this IP address. When you type the interface ge? command, the CLI lists the interfaces available. You cannot specify a nonexistent interface.

vlan vid

The keyword and the VLAN identifier.

A.B.C.D/bits

The IP address of the specified Gigabit Ethernet interface to be used for management of the SN 5428-2 Storage Router. If the keyword vlan is used, the IP address is part of the specified VLAN. The /bits specifies the network mask in CIDR style.

A.B.C.D/1.2.3.4

The IP address of the specified Gigabit Ethernet interface to be used for management of the SN 5428-2 Storage Router. If the keyword vlan is used, the IP address is part of the specified VLAN. A.B.C.D is the dotted quad notation of the IP address. 1.2.3.4 is the dotted quad notation of the subnet mask.

secondary ge?

(Optional) The name of the Gigabit Ethernet interface to be used as a secondary interface for the specified IP address. If the primary interface goes down and remains down for two seconds, the specified IP address will be moved to the secondary interface.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use this command to designate an IP address on a Gigabit Ethernet interface to be used for management of the SN 5428-2 Storage Router (in-band management). The Gigabit Ethernet IP address specified for storage router management can perform all the normal management tasks, but unlike the management interface, it cannot perform HA functions in a cluster environment if the HA interface is unavailable.

In-band management is performed via a Telnet or Secure Shell (SSH) session, or via the web-based GUI. Only one IP address per logical interface can be configured for in-band management. Telnet, SSH, HTTP and SSL access is restricted, by default, on all Gigabit Ethernet interfaces. Use the no restrict CLI command to allow access to the storage router using the desired protocol via the specified Gigabit Ethernet interface.

If the secondary keyword is used, both Gigabit Ethernet interfaces must be connected to the same network segment. If you configure a Gigabit Ethernet IP address with a secondary interface, all Gigabit Ethernet IP addresses on the same subnet must also be configured with the same secondary interface.


Note The IP address used for management of the SN 5428-2 Storage Router cannot be used as a Gigabit Ethernet IP address associated with a SCSI routing instance (serverif); the IP address must not already be in use on the storage router.


Examples

The following example configures the IP address 10.1.0.244/24 on ge1 for management of the storage router, and enables the ge1 interface for Telnet access.

[SN5428-2B]# interface ge1 ip-address 10.1.0.244/24
[SN5428-2B]# no restrict ge1 telnet

The following example configures two IP addresses on unique logical interfaces for storage router management. The IP address 10.1.0.160/255.255.255.128 is specified as part of VLAN 100 on ge2; the IP address 10.1.0.168/255.255.255.128 is also on ge2 but is not part of a VLAN. The interface ge2 is enabled for SSH access.

[SN5428-2B]# interface ge2 vlan 100 ip-address 10.1.0.160/255.255.255.128
[SN5428-2B]# interface ge2 ip-address 10.1.0.168/255.255.255.128
[SN5428-2B]# no restrict ge2 ssh

The following example configures the IP address 10.1.0.230/24 on ge2 for storage router management. If the ge2 interface is unavailable, the ge1 interface will be used. Both ge1 and ge2 are enabled for HTTP access.

[SN5428-2B]# interface ge2 ip-address 10.1.0.230/24 secondary ge1
[SN5428-2B]# no restrict ge2 http
[SN5428-2B]# no restrict ge1 http

The following example removes the IP address configured for storage router management from ge1, and restricts SSL access to the interface:

[SN5428-2B]# no interface ge1 ip-address
[SN5428-2B]# restrict ge1 ssl

Related Commands

Command
Description

restrict

Secure access to storage router interfaces by communications protocols and services.

show interface

Display operational and configuration information for the specified interface or all interfaces.

show ip

Display entries from the SN 5428-2 Storage Router routing table and statistics about the protocols used in the SN 5428-2 network.

show restrict

Display configurable security settings for the storage router interfaces.


interface ha

To set various operational parameters associated with the high availability (HA) interface, such as the speed and duplex mode, use the interface ha command.

interface ha autonegotiation

interface ha no autonegotiation [speed {10 | 100}] [duplex {full | half}]

Syntax Description

autonegotiation

Auto negotiation will always be used on this interface. Operational characteristics will automatically be negotiated with the partner.

speed 10

(Optional) The interface speed is fixed at 10 Mbps. Auto negotiation is not used.

speed 100

(Optional) The interface speed is fixed at 100 Mbps. Auto negotiation is not used. If speed is not specified, the default is 100 Mbps.

duplex full

(Optional) The duplex setting is fixed at full. Auto negotiation is not used. If the duplex setting is not specified, the default is full duplex.

duplex half

(Optional) The duplex setting is fixed at half. Auto negotiation is not used.


Defaults

Auto negotiation is enabled.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use this command to manually set a specific interface speed and duplex setting, if the partner is unable to auto negotiate these settings.

All storage routers in a cluster should be configured with the same interface-specific parameters, allowing failover to provide consistent performance characteristics. Use the show interface ha command to display current operating characteristics for the HA interface.

Examples

The following example disables auto negotiation, and sets the interface speed to 10 Mbps, duplex full:

[SN5428-2A] interface ha no autonegotiation speed 10 duplex full

Related Commands

Command
Description

interface ha ip-address

Specify the HA interface IP address and subnet mask.

show interface

Display operational and configuration information for the specified interface or all interfaces.


interface ha ip-address

To specify the IP address and subnet mask for this system's high availability interface, use the interface ha ip-address command.

interface ha ip-address {A.B.C.D/bits A.B.C.D/1.2.3.4}

Syntax Description

A.B.C.D/nn

The IP address of the HA interface. A.B.C.D is the dotted quad notation of the IP address. The /bits specifies the subnet mask in CIDR style.

A.B.C.D/1.2.3.4

The IP address of the HA interface. A.B.C.D is the dotted quad notation of the IP address. 1.2.3.4 is the dotted quad notation of the subnet mask.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

The HA features are used within a cluster of storage routers. Each member of the cluster communicates over the HA and management interfaces, exchanging heartbeats and other configuration information, allowing for failover in case of system problems.

The HA interface and the management interface must be on unique IP subnets. In a cluster, the HA interfaces for all nodes should be on the same IP subnet.

After initial system configuration, use the setup cluster command to change the configuration of the high availability environment.

For SN 5428-2 Storage Routers deployed for transparent SCSI routing, or standalone storage routers deployed for SCSI routing, the HA interface is optional.

Examples

The following example assigns the IP address of 10.1.20.56/24 to the HA interface:

[SN5428-2B]# interface ha ip-address 10.1.20.56/24

Related Commands

Command
Description

interface mgmt ip-address

Specify the management interface IP address and subnet mask.

save all

Save all configuration information.

save system

Save selected system configuration information, including HA IP address.

setup cluster

Change the configuration of the high availability environment.

show cluster

Display cluster-related operational statistics, including heartbeat information.

show ha

Display HA operational statistics for the storage router or for a specific application.


interface mgmt

To set various operational parameters associated with the management interface, such as the speed and duplex mode, use the interface mgmt command.

interface mgmt autonegotiation

interface mgmt no autonegotiation [speed {10 | 100}] [duplex {full | half}]

Syntax Description

autonegotiation

Auto negotiation will always be used on this interface. Operational characteristics will automatically be negotiated with the partner.

speed 10

(Optional) The interface speed is fixed at 10 Mbps. Auto negotiation is not used.

speed 100

(Optional) The interface speed is fixed at 100 Mbps. Auto negotiation is not used. If speed is not specified, the default is 100 Mbps.

duplex full

(Optional) The duplex setting is fixed at full. Auto negotiation is not used. If the duplex setting is not specified, the default is full duplex.

duplex half

(Optional) The duplex setting is fixed at half. Auto negotiation is not used.


Defaults

Auto negotiation is enabled.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use this command to manually set a specific interface speed and duplex setting, if the partner is unable to auto negotiate these settings.

All storage routers in a cluster should be configured with the same interface-specific parameters, allowing failover to provide consistent performance characteristics. Use the show interface mgmt command to display current operating characteristics for the management interface.

Examples

The following example disables auto negotiation, and sets the interface speed to 10 Mbps, duplex full:

[SN5428-2A] interface mgmt no autonegotiation speed 10 duplex full

Related Commands

Command
Description

interface mgmt ip-address

Specify the management interface IP address and subnet mask.

show interface

Display operational and configuration information for the specified interface or all interfaces.


interface mgmt ip-address

To specify the IP address and subnet mask of the interface labeled MGMT on the front panel of the SN 5428-2 Storage Router, use the interface mgmt ip-address command. This address is used to manage the storage router via Telnet, Secure Shell (SSH), the web-based GUI, or SNMP.

interface mgmt ip-address {A.B.C.D/bits A.B.C.D/1.2.3.4}

Syntax Description

A.B.C.D/bits

The IP address of the management interface. A.B.C.D is the dotted quad notation of the IP address. The /bits specifies the subnet mask in CIDR style.

A.B.C.D/1.2.3.4

The IP address of the management interface. A.B.C.D is the dotted quad notation of the IP address. 1.2.3.4 is the dotted quad notation of the subnet mask.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

The management and HA interfaces must be on unique IP subnets. In a cluster, the management interfaces for all nodes should be on the same IP subnet.

Examples

The following example assigns the IP address of 10.1.10.244/24 to the management interface:

[SN5428-2A]# interface mgmt ip-address 10.1.10.244/24

Related Commands

Command
Description

interface ha ip-address

Specify the HA interface IP address and subnet mask.

ip route

Add a static route to the SN 5428-2 Storage Router routing table.

save all

Save all configuration information.

save system

Save selected system configuration information, including management and HA interface information.

setup mgmt

Run the wizard to configure the management interface.

show cluster

Display cluster-related operational statistics, including heartbeat information.

show interface

Display operational and configuration information for the specified interface or all interfaces.


ip default-gateway

To add a gateway to the default route in the SN 5428-2 Storage Router routing table, use the ip default-gateway command. To delete the gateway, use the no form of this command.

ip default-gateway E.F.G.H [administrative-distance]

no ip default-gateway [A.B.C.D]

Syntax Description

E.F.G.H

The default gateway IP address.

administrative-distance

(Optional) The administrative distance for the route. Valid values are 0 to 255 inclusive. The default administrative distance is 1.

A.B.C.D

(Optional) The IP address of the default route. The gateway to this route will be removed.


Defaults

The default administrative distance for a static route is 1.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

All IP interfaces in the SN 5428-2 use the routing table to reach services and networks outside their local network. Other facilities, such as SNMP and connections to an NTP server or DNS servers, may also use the routing table. Use the ip default-gateway command to add a gateway to the default route in this table.

Only one default route is allowed in the routing table.


Note This command is functionally equivalent to issuing the ip route command for IP address 0.0.0.0/00.


The administrative distance is used to determine which route to install in the routing table when there are multiple routes to the same destination. The default administrative distance for static routes is 1; the administrative distance for dynamic routes created by RIP is 120. The route with the lower administrative distance is installed in the routing table (as long as the interface used by the route is up).

By default, a static route will always override a dynamic route learned by RIP. To modify this behavior, change the administrative distance of a static route to a value greater than 120.

Examples

The following example adds a default route to gateway 10.3.40.1 in the routing table. The administrative distance is 1, by default.

[SN5428-2A]# ip default-gateway 10.3.40.1

The following example adds a default route to gateway 10.3.30.1, with an administrative distance of 130, in the routing table. If RIP is enabled for the storage router, the default route can be overridden by a dynamically learned route.

[SN5428-2A]# ip default-gateway 10.3.30.1 130

Related Commands

Command
Description

ip route

Add a static route to the SN 5428-2 Storage Router routing table.

show ip

Display entries from the SN 5428-2 Storage Router routing table and statistics about the protocols used in the storage router network.

show route

Display the default routes.


ip domain-name

To specify the name of the SN 5428-2 Storage Router domain, use the ip domain-name command. To remove a domain name, use the no form of this command.

ip domain-name name

no ip domain-name

Syntax Description

name

The name of the SN 5428-2 Storage Router domain.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use the ip domain-name command in conjunction with the ip name-server command. The storage router requires access to a DNS if any IP addresses are entered as host names via any of the storage router management interfaces, or if the management interface IP address is to be correlated with a DNS host name.


Note If the DNS is outside the storage router management subnet, use the ip route command to add an appropriate gateway IP address to the routing table.


Examples

The following example assigns the domain name abc123z.com to the storage router.

[SN5428-2A]# ip domain-name abc123z.com

Related Commands

Command
Description

ip default-gateway

Configure a gateway for the default route.

ip name-server

Specify the IP addresses of a primary (and optional secondary) DNS.

ip route

Add a static route to the SN 5428-2 Storage Router routing table.

setup mgmt

Run the wizard to configure the management interface.


ip name-server

To specify the IP address of the primary and optional secondary Domain Name Server (DNS), use the ip name-server command. To remove the settings for current domain name servers, use the no form of this command.

ip name-server A.B.C.D [E.F.G.H]

no ip name-server

Syntax Description

A.B.C.D

The IP address of a primary Domain Name Server, accessible by the storage router. A.B.C.D is the dotted quad notation of the IP address.

E.F.G.H

(Optional) The IP address of a secondary DNS, accessible by the storage router. E.F.G.H is the dotted quad notation of the IP address.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Configuration

3.2.1

This command was introduced.


Usage Guidelines

The storage router requires access to a DNS if any IP addresses are entered as host names via any of the storage router management interfaces, or if the management interface IP address is to be correlated with a DNS host name. To use the services of a DNS, you must also assign a domain name to the storage router via the ip domain-name command.

If the DNS is outside the storage router management subnet, use the ip route command to add an appropriate gateway IP address to the routing table.

Examples

The following example assigns the domain name abc123z.com to the storage router, and assigns the IP address of the primary DNS to 10.1.40.243 and the secondary DNS to 10.1.50.249:

[SN5428-2A]# ip domain-name abc123z.com
[SN5428-2A]# ip name-server 10.1.40.243 10.1.50.249

Related Commands

Command
Description

ip default-gateway

Configure a gateway for the default route.

ip domain-name

Assign a domain name to the SN 5428-2 Storage Router.

ip route

Add a static route to the SN 5428-2 Storage Router routing table.

setup mgmt

Run the wizard to configure the management interface.


ip radius sourceinterface

To specify a single network interface to be used as the source IP address for all outgoing AAA authentication requests to RADIUS servers, use the ip radius sourceinterface command. To disable this restriction, use the no form of this command.

ip radius sourceinterface if-name

no ip radius sourceinterface

Syntax Description

if-name

The name of the interface to which you are restricting all outgoing AAA authentication requests to RADIUS servers. When you type the IP radius sourceinterface ? command, the CLI lists the interfaces available. You cannot specify a nonexistent interface.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use this command to restrict all outgoing AAA authentication requests to RADIUS servers to a single interface.

Examples

The following example restricts all outgoing AAA authentication requests to RADIUS servers to the Gigabit Ethernet interface ge1:

[SN5428-2A]# ip radius sourceinterface ge1

Related Commands

Command
Description

aaa authentication enable

Configure AAA authentication services for Administrator mode access to the SN 5428-2 Storage Router via the CLI enable command.

aaa authentication iscsi

Configure the AAA authentication services to be used for iSCSI authentication.

aaa authentication login

Configure AAA authentication services for Monitor mode access to the SN 5428-2 Storage Router via the CLI.

radius-server host

Configure remote RADIUS servers for AAA authentication services.

restore aaa

Restore AAA authentication services from the named configuration file.

save aaa

Save the current AAA configuration information.

show aaa

Display AAA configuration information.


ip rip enable

To enable the SN 5428-2 Storage Router to learn dynamic routing using the routing information protocol (RIP), use the ip rip enable command. To disable dynamic routing via RIP, use the no form of this command.

ip rip enable

no ip rip enable

Syntax Description

This command has no arguments or keywords.

Defaults

RIP is disabled by default.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Routing Information Protocol (RIP) is an Interior Gateway Protocol (IGP) for dynamic routing and uses a distance vector algorithm to determine the best route between nodes in an Autonomous System (AS).

The SN 5428-2 Storage Router is a passive, or silent, RIP device; it updates routes based on RIP advertisements but it does not advertise. The storage router listens for advertised routes, learning routing information dynamically as it is exchanged in the network. The storage router supports both RIP version 1 (v1) and RIP version 2 (v2).

The SN 5428-2 RIP implementation runs RIP v2 in broadcast mode. This allows the storage router to learn from either RIP v1 or RIP v2 hosts that are operating in broadcast mode. The storage router will not learn routes from RIP v2 hosts operating in multicast mode.

If you are using RIP in your network, you can enable RIP support on the storage router. RIP eliminates or reduces the need to configure static routes for the storage router, because the storage router updates the route table based on the RIP advertisements.

The storage router can learn a maximum of 200 routes. Additional routes that are received are silently ignored. In the routing table, a static route will always override a dynamic route by default. To modify this behavior, change the administrative distance of a static route to a value greater than 120.

Examples

The following example enables RIP for the SN 5428-2 Storage Router:

[SN5428-2A]# ip rip enable
[SN5428-2A] Dec 09 17:54:16: %IP-5-IRMRSAR: RIP Services are running

The following command disables RIP:

[SN5428-2A]# no ip rip enable

Related Commands

Command
Description

ip rip timers

Configure various RIP timers.

show ip

Display entries from the SN 5428-2 Storage Router routing table, and statistics about the protocols used in the storage router network. Use the rip keyword to display RIP configuration information.


ip rip timers

To configure various RIP timers, use the ip rip timers command.

ip rip timers invalid {nn | default}

Syntax Description

invalid nn

Specifies the maximum time, in seconds, between updates before a route is expired and made a candidate for removal from the routing table.

default

Keyword, used to return the specified timer to the default value. The default invalid timer is180 seconds.


Defaults

The RIP invalid timer defaults to 180 seconds.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Routing Information Protocol (RIP) is an Interior Gateway Protocol (IGP) for dynamic routing and uses a distance vector algorithm to determine the best route between nodes in an Autonomous System (AS).

The SN 5428-2 Storage Router is a passive, or silent, RIP device; it updates routes based on RIP advertisements but it does not advertise. The storage router listens for advertised routes, learning routing information dynamically as it is exchanged in the network. The storage router supports both RIP version 1 (v1) and RIP version 2 (v2).

The SN 5428-2 RIP implementation runs RIP v2 in broadcast mode. This allows the storage router to learn from either RIP v1 or RIP v2 hosts that are operating in broadcast mode. The storage router will not learn routes from RIP v2 hosts operating in multicast mode.

The storage router can learn a maximum of 200 routes. Additional routes that are received are silently ignored. In the routing table, a static route will always override a dynamic route by default. To modify this behavior, change the administrative distance of a static route to a value greater than 120.

Timers are used to configure the timing of RIP activities. The invalid timer configures the maximum amount of time between updates of the internal route table. Use the default keyword to return a RIP timer to its default value.

Examples

The following example sets the RIP invalid timer to a value of 200 seconds and saves all configuration changes. This is the maximum amount of time between updates before a route is marked as expired.

[SN5428-2A]# ip rip timers invalid 200
*[SN5428-2A]# save all bootconfig

Related Commands

Command
Description

ip rip enable

Enable the storage router to learn dynamic routing using the routing information protocol (RIP).

show ip

Display entries from the SN 5428-2 Storage Router routing table, and statistics about the protocols used in the storage router network. Use the rip keyword to display RIP configuration information.


ip route

To add a static route to the SN 5428-2 Storage Router routing table, use the ip route command. The specified IP address is accessed via the gateway specified in the command. To remove a static route from the routing table, use the no form of this command.

ip route {A.B.C.D/bits | A.B.C.D/1.2.3.4} E.F.G.H [administrative-distance]

no ip route {A.B.C.D/bits | A.B.C.D/1.2.3.4}

Syntax Description

A.B.C.D/bits

The IP address of the static route. A.B.C.D is the dotted quad notation of the IP address. The /bits specifies the subnet mask in CIDR style.

A.B.C.D/1.2.3.4

The IP address of the static route. A.B.C.D is the dotted quad notation of the IP address. 1.2.3.4 is the dotted quad notation of the subnet mask.

E.F.G.H

The gateway IP address through which the static route (A.B.C.D/bits or A.B.C.D/1.2.3.4) is accessed.

administrative-distance

(Optional) The administrative distance for the route. Valid values are 0 to 255 inclusive. The default administrative distance is 1.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

All IP interfaces in the storage router use the routing table to reach services and networks outside their local network. Other facilities, such as SNMP and connections to an NTP server or DNS servers, may also use the routing table. Use the ip route command to specify routes for servers or networks outside the local networks associated with the storage router IP interfaces.

Use the show ip route command to display the SN 5428-2 Storage Router routing table. Use the show route command to display all the default routes, included the routes that have been configured but not added to the routing table.

The administrative distance is used to determine which route to install in the routing table when there are multiple routes to the same destination. The default administrative distance for static routes is 1; the administrative distance for dynamic routes created by RIP is 120. The route with the lower administrative distance is installed in the routing table (as long as the interface used by the route is up).

By default, a static route will always override a dynamic route learned by RIP. To modify this behavior, change the administrative distance of a static route to a value greater than 120.


Note A route is not added to the routing table until the associated IP gateway address is configured. The CLI displays an informational message if a route is added for an IP address that is not yet configured.


Examples

The following command adds a unique route for IP address 10.1.30.0, specifying the subnet mask in dotted quad notation:

[SN5428-2A]# ip route 10.1.30.0/255.255.255.0 10.1.10.10

The following command adds a unique route for IP address 10.1.40.0, using gateway 10.1.10.10, which is not yet on a locally connected network. The message indicates that the route has been configured but has not yet been made operational in the storage router.

[SN5428-2A]# ip route 10.1.40.0/24 10.1.10.10
Oct 25 19:25:17: %UI-4-NMREEO1: Gateway 10.1.10.10 used by route 10.1.40.0/24 is currently 
unreachable

The following command adds a unique route for IP address 10.1.20.0 with an administrative distance of 130, in the routing table. If RIP is enabled for the storage router, the route can be overridden by a dynamically learned route.

[SN5428-2A]# ip route 10.1.20.0/24 10.1.10.10 130

Related Commands

Command
Description

ip default-gateway

Configure a gateway for the default route.

ip domain-name

Assign a domain name to the SN 5428-2 Storage Router.

ip name-server

Specify the IP addresses of a primary (and optional secondary) DNS.

show ip

Display entries from the SN 5428-2 Storage Router routing table, and statistics about the protocols used in the storage router network.

show route

Display the default routes.


ip tacacs sourceinterface

To specify a single network interface to be used as the source IP address for all outgoing AAA authentication requests to TACACS+ servers, use the ip tacacs sourceinterface command. To disable this restriction, use the no form of this command.

ip tacacs sourceinterface if-name

no ip tacacs sourceinterface

Syntax Description

if-name

The name of the interface to which you are restricting all outgoing AAA authentication requests to TACACS+ servers. When you type the IP tacacs sourceinterface ? command, the CLI lists the interfaces available. You cannot specify a nonexistent interface.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Use this command to restrict all outgoing AAA authentication requests to TACACS+ servers to a single interface.

Examples

The following example restricts all outgoing AAA authentication requests to TACACS+ servers to the management interface, mgmt:

[SN5428-2A]# ip tacacs sourceinterface mgmt

Related Commands

Command
Description

aaa authentication enable

Configure AAA authentication services for Administrator mode access to the SN 5428-2 Storage Router via the CLI enable command.

aaa authentication iscsi

Configure the AAA authentication services to be used for iSCSI authentication.

aaa authentication login

Configure AAA authentication services for Monitor mode access to the SN 5428-2 Storage Router via the CLI.

restore aaa

Restore AAA authentication services from the named configuration file.

save aaa

Save the current AAA configuration information.

show aaa

Display AAA configuration information.

tacacs-server host

Configure remote TACACS+ servers for AAA authentication services.


logging #?

To insert a routing rules entry into the logging table before the specified entry, use the logging #? command.

logging #?

logging #nn level notification-level from facility-name to destination1 [destination2...]

Syntax Description

#?

Request an indexed list of entries in the logging table.

#nn

The index number from the displayed list of entries. The new routing rule will be inserted before the specified logging table entry.

notification-level

Limit logging to messages of a specified level or lower levels. See Table 11-10 in the Usage Guidelines section for a list of valid names that can be used for the notification-level argument.

from facility-name

The name of the facility. A facility is the feature area from which the message is received. See Table 11-11 in the Usage Guidelines section for a list of valid facility names. Each facility can have eight notification levels. Each notification level can have up to seven destination.

to destination1 [destination2...]

At least one of the destinations described in Table 11-12.


Defaults

None.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced.


Usage Guidelines

Event, trace and debug messages can be routed to various destinations, based on the notification level of the message and the application area (facility) that generated the message. When a log message is received by the storage router, the logging table rules are searched by facility name and by message level until a match is found. The log message is sent to all the destinations specified by the matching rule.

New routing rules are normally appended to the existing rules in the table. Use this command to insert a routing rule at a specific location within the table.

To display an indexed lists of entries in the logging table, use the number sign (#) character followed by a question mark (?). That action will cause the routing rules in the logging table to be displayed as a numbered (indexed) set of lines. The command is displayed at the prompt below the list to the point of the # keyword. Complete the command by entering the appropriate index number and the desired keywords and variables to compose the new routing rule. The new routing rule will be added to the table before the specified entry.

The level limits logging to messages of the specified notification level or lower levels, based on level number. Table 11-10 describes the available logging levels.

Table 11-10 Logging Level Notification Levels and Corresponding Numbers 

Notification Level
Level Number
Description

emergency

0

System unusable

alert

1

Immediate action needed

critical

2

Critical conditions

error

3

Error conditions

warning

4

Non-fatal warning conditions

notice

5

Normal but significant conditions

info

6

Informational messages only

debug

7

Information for troubleshooting purposes



Note The debug notification level should be used for specific troubleshooting purposes only. System performance and HA behavior may be adversely affected by logging at the debug notification level.


Each facility can have up to eight notification levels. Each facility and notification level pair can have up to seven destinations. Table 11-11 describes the available facility names.

Table 11-11 Logging Level Facilities  

Facility Name
Description

all

All facilities.

AUTH

AAA authentication.

CDP

Cisco Discovery Protocol.

CONF

Configuration functions.

FC

Fibre Channel interfaces.

GE

Gigabit Ethernet interfaces.

HA

High availability cluster functions.

IF

Interface manager.

INVALID

Generic functions.

IP

IP functions.

ISCSI

iSCSI functions.

MON

Hardware monitor.

SLP

Service Location Protocol service functions.

SNMP

Simple Network Management Protocol.

SYSLOG

Syslog functions.

UI

User interface functions.

VTP

VTP and VLAN functions.


Table 11-12 describes the available logging destinations.

Table 11-12 Logging Level Destinations  

Destination
Description

all

Logs to all destinations.

none

No logging occurs.

console

Logs to serial console CLI sessions.

logfile

Logs messages to the storage router log file.

rslog

Logs messages to a remote syslog server. Use the logging syslog command to specify the IP address of the remote syslog server.

vty

Logs to all Telnet, SSH, or other virtual terminal CLI sessions.


Use the save system bootconfig or save all bootconfig commands to save the list of log route entries. To delete a log route entry by its index number, use the delete logging command.

Examples

The following example displays an indexed list of the routing rules in the logging table, and then inserts an entry to log anything from the HA facility with notification level of notice (or lower) to all logging destinations before the third entry. The show logging command displays the newly inserted entry.

[SN5428-2A]# logging #?
 
[SN5428-2A]# logging #?
Index Level     Priority Facility    Route                         
1     critical  2        all        console vty logfile 
2     debug     7        SNMP       rslog                         
3     warning   4        CDP        rslog 
 
[SN5428-2A]# logging #3 level notice from HA to all
 
[SN5428-2A]# show logging
Logging is enabled
 
Index Level     Priority Facility   Route                         
1     critical  2        all        console vty logfile 
2     debug     7        SNMP       rslog
3     notice    5        HA         all               
4     warning   4        CDP        rslog 
 
Syslog host is enabled, ip-address is 10.1.1.144

Related Commands

Command
Description

clear logging table

Clear the SN 5428-2 Storage Router logging table of all entries, or to reset the table to factory defaults.

delete logging

Delete a rule from the logging table.

logging level

Add rule entries to route storage router event, debug and trace messages to various destinations based on facility and notification level.

logging on

Enable or temporarily disable logging of storage router event message.

logging syslog

Identify a remote syslog host to be used to log messages.

save all

Save all configuration information, including the log route entries list.

save system

Save selected system configuration information, including log route entries list.

show logging

Display the routing rules in the logging table and the contents of the storage router log file.

show system

Display selected system information.


logging level

To add a routing rule to the logging table, use the logging level command.

logging level notification-level from facility-name to destination1 [destination2...]

Syntax Description

notification-level

Limit logging to messages of a specified level or lower levels. See Table 11-13 in the Usage Guidelines section for a list of valid names that can be used for the notification-level argument.

from facility-name

The name of the facility. A facility is the feature area from which the message is received. See Table 11-14 in the Usage Guidelines section for a list of valid facility names. Each facility can have eight notification levels. Each notification level can have up to seven destination.

to destination1 [destination2...]

At least one of the destinations described in Table 11-15.


Defaults

The factory default logging rules are as follows:

All messages from all facilities at notice level or lower levels are logged to all destinations.

All messages from all facilities at info level or lower levels are logged to the storage router log file.

All messages from all facilities at debug level are not logged.

Command Modes

Administrator.

Command History

Release
Modification

3.2.1

This command was introduced


Usage Guidelines

Event, trace and debug messages can be routed to various destinations, based on the notification level of the message and the application area (facility) that generated the message. When a log message is received by the storage router, the logging table rules are searched by facility name and by notification level until a match is found. The log message is sent to all the destinations specified by the matching rule. When a new routing rule is added, it is appended to the existing list of entries.

Messages are sent in the following format:

<timestamp>: %<facility>-<level_number>-<mnemonic>: <message text>

The following is an example log message, for the SNMP facility:

Mar 18 11:48:05: %SNMP-5-SASAS: SnmpApp starting...

Each facility can have up to eight notification levels. The notification level limits logging to messages of the specified level or lower levels, based on level number. Table 11-13 describes the available logging levels.

Each facility and notification level pair can have up to seven destinations. Table 11-14 describes the available facility names.

Table 11-13 Logging Level Notification Levels and Corresponding Numbers 

Notification Level
Level Number
Description

emergency

0

System unusable

alert

1

Immediate action needed

critical

2

Critical conditions

error

3

Error conditions

warning

4

Non-fatal warning conditions

notice

5

Normal but significant conditions

info

6

Informational messages only

debug

7

Information for troubleshooting purposes



Note The debug notification level should be used for specific troubleshooting purposes only. System performance and HA behavior may be adversely affected by logging at the debug notification level.


Table 11-14 Logging Level Facilities  

Facility Name
Description

all

All facilities.

AUTH

AAA authentication.

CDP

Cisco Discovery Protocol.

CONF

Configuration functions.

FC

Fibre Channel interfaces.

GE

Gigabit Ethernet interfaces.

HA

High availability cluster functions.

IF

Interface manager.

INVALID

Generic functions.

IP

IP functions.

ISCSI

iSCSI functions.

MON

Hardware monitor.

SLP

Service Location Protocol service functions.

SNMP

Simple Network Management Protocol.

SYSLOG

Syslog functions.

UI

User interface functions.

VTP

VTP and VLAN functions.


Table 11-15 describes the available logging destinations.

Table 11-15 Logging Level Destinations  

Destination
Description

all

Logs to all destinations.

none

No logging occurs.

console

Logs to console CLI sessions.

logfile

Logs messages to the storage router log file.

rslog

Logs messages to a remote syslog server. Use the logging syslog command to specify the IP address of the remote syslog server.

vty

Logs to all Telnet, SSH, or other virtual terminal CLI sessions.


Use the save system bootconfig or save all bootconfig commands to save the logging table

To delete a routing rule from the logging table, use the delete logging command.


Note Any message that does not have a matching rule in the logging table is discarded.


Examples

The following example logs anything from the HA facility with notification level of notice (or lower) to all logging destinations.

[SN5428-2A]# logging level notice from HA to all

The following example logs messages from all facilities with a notification level of warning or lower to all destinations. (If this is the only rule in the logging table, any message with a notification level of debug, info or notice is discarded and not logged.) The log route entries are saved to the bootable configuration of the storage router.

[SN5428-2A]# logging level warning from all to all
[SN5428-2A]# save system bootconfig

Related Commands

Command
Description

clear logging table

Clear the SN 5428-2 Storage Router logging table of all entries, or to reset the table to factory defaults.

delete logging

Delete a rule from the logging table.

logging #?

Insert a routing rule entry into the storage router logging