Cisco MDS 9000 Family Storage Media Encryption Configuration Guide
Cisco SME CLI Commands
Downloads: This chapterpdf (PDF - 470.0KB) The complete bookPDF (PDF - 10.16MB) | Feedback

Cisco SME CLI Commands

Table Of Contents

Cisco SME CLI Commands

SME Commands

auto-volgrp

clear fc-redirect config

cluster

debug sme

discover

do

fabric

fabric-membership

fc-redirect version2 enable

feature

interface sme

interface sme (Cisco SME cluster node configuration submode)

key-ontape

link-state-trap

load-balancing

node

odrt.bin

rule

scaling batch enable

security-mode

setup

shared-keymode

show debug

show fc-redirect active-configs

show fc-redirect configs

show fc-redirect peer-switches

show interface sme

show role

show sme cluster

show sme transport

show tech-support sme

shutdown (interface configuration submode)

shutdown (Cisco SME cluster configuration submode)

sme

ssl

tape-bkgrp

tape-compression

tape-device

tape-keyrecycle

tape-volgrp

tune-timer


Cisco SME CLI Commands


The commands in this chapter apply to the Cisco MDS 9000 Family of multilayer directors and fabric switches. See the "Command Modes" section to determine the appropriate mode for each command. For more information on CLI commands, refer to the "Related Documentation" section.

SME Commands

This appendix contains an alphabetical listing of commands that are unique to the Cisco SME features.

auto-volgrp

To configure the automatic volume grouping, use the auto-volgrp command. To disable this feature, use the no form of the command.

auto-volgrp

no auto-volgrp

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled.

Command Modes

Cisco SME cluster configuration submode.

Command History

Release
Modification

3.2(2c)

This command was introduced.


Usage Guidelines

If Cisco SME recognizes that the tape's barcode does not belong to an existing volume group, then a new volume group is created when automatic volume grouping is enabled.

Examples

The following example enables automatic volume grouping:

switch# config t
switch(config)# sme cluster c1
switch(config-sme-cl)# auto-volgrp
switch(config-sme-cl)#

The following example disables automatic volume grouping:

switch# config t
switch(config)# sme cluster c1
switch(config-sme-cl)# auto-volgrp
switch(config-sme-cl)#

Related Commands

Command
Description

show sme cluster

Displays Cisco SME cluster information.


clear fc-redirect config

To delete a FC-Redirect configuration on a switch, use the clear fc-redirect config command.

clear fc-redirect {config vt vt-pwwn local-switch-only}

vt vt-pwwn

Specifies the virtual target (VT) of the configuration to be deleted. The format is hh:hh:hh:hh:hh:hh:hh:hh.

local-switch-only

Deletes the configuration only on the local switch.


Defaults

None.

Command Modes

EXEC mode.

Command History

Release
Modification

3.2(2c)

This command was introduced.


Usage Guidelines

This command deletes configurations (including active configurations) on the FC-Redirect created by applications such as Cisco SME and DMM. This command enables the host server to talk to the storage array, which directly bypasses the individual Intelligent Service Applications (ISAs), and causes data corruption.

You must use this command only as the last option to clear any left-over configurations which cannot be deleted from the application (Cisco SME and DMM).

Use this command while decommissioning the switch.

Examples

The following example clears the FC-Redirect configuration on the switch:

switch# clear fc-redirect config vt 2f:ea:00:05:30:00:71:64
Deleting a configuration MAY result in DATA CORRUPTION.
Do you want to continue? (y/n) [n] y

Related Commands

Command
Description

show fc-redirect active configs

Displays all active configurations on the switch.


cluster

To configure a cluster feature, use the cluster command.

cluster enable

Syntax Description

enable

Enables or disables a cluster.


Defaults

None.

Command Modes

Configuration mode.

Command History

Release
Modification

3.2(2)

This command was introduced.

NX-OS 4.1(1b)

This command was deprecated.


Usage Guidelines

Starting from Cisco NX-OS 4.x release, the cluster command is replaced by the feature command.

Examples

The following example enables the Cisco SME clustering:

switch# config terminal
switch(config)# cluster enable
switch(config)#
 
   

Related Commands

Command
Description

show sme cluster

Displays information about the Cisco SME cluster.


debug sme

To enable debugging for the Cisco SME features, use the debug sme command. To disable a debug command, use the no form of the command.

debug sme {all | demux vsan vsan id | deque | error | event vsan vsan id | ha vsan vsan id | trace vsan vsan id | trace-detail vsan vsan id | warning vsan vsan id | wwn-janitor {disable | enable | set-timer-value}}

no debug sme {all | demux vsan vsan id | deque | error | event vsan vsan id | ha vsan vsan id | trace vsan vsan id | trace-detail vsan vsan id | warning vsan vsan id | wwn-janitor {disable | enable | set-timer-value}}

Syntax Description

all

Enables debugging of all Cisco SME features.

demux

Enables debugging of Cisco SME message demux.

vsan vsan id

Restricts debugging to a specified VSAN ID. The range is 1 to 4094.

deque

Enables debugging of Cisco SME message dequeue.

error

Enables debugging of Cisco SME errors.

event

Enables debugging of Cisco SME finite state machine (FSM) and events.

ha

Enables debugging of Cisco SME high availability (HA).

trace

Enables debugging of Cisco SME trace.

trace-detail

Enables debugging of Cisco SME trace-detail.

warning

Enables debugging of Cisco SME warning.

wwn-janitor

Displays Cisco SME WWN janitor related information.

disable

Disables SME WWN janitor task timer.

enable

Enables Cisco SME WWN janitor task timer.

set-timer-value

Sets Cisco SME WWN janitor task timer value in microseconds. The range is from 2000 to 240000.


Defaults

None.

Command Modes

EXEC mode.

Command History

Release
Modification

3.2(2c)

This command was introduced.


Usage Guidelines

None.

Examples

The following example displays the system output from the debug sme all command:

switch# debug sme all 
2007 Sep 23 15:44:44.490796 sme: fu_priority_select:  - setting fd[5] for select
 call
2007 Sep 23 15:44:44.490886 sme: fu_priority_select_select_queue: round credit(8
)
2007 Sep 23 15:44:44.490918 sme:     curr_q - FU_PSEL_Q_CAT_CQ, usr_q_info(2), p
riority(7), credit(4), empty
2007 Sep 23 15:44:44.490952 sme: fu_priority_select: returning FU_PSEL_Q_CAT_MTS
 queue, fd(5), usr_q_info(1)
2007 Sep 23 15:44:44.491059 sme: sme_get_data_from_queue(1031): dequeued mts msg
 (34916564), MTS_OPC_DEBUG_WRAP_MSG
2007 Sep 23 15:44:44.491096 sme: fu_fsm_engine: line[2253]
2007 Sep 23 15:44:44.492596 sme: fu_fsm_execute_all: match_msg_id(0), log_alread
y_open(0)

Related Commands

Command
Description

no debug all

Disables all debugging.

show sme

Displays all information about Cisco SME.


discover

To initiate the discovery of hosts, use the discovery command. To disable this feature, use the no form of the command.

discover host host port target target port vsan vsan id fabric fabric name

no discover host host port target target port vsan vsan id fabric fabric name

Syntax Description

host host port

Identifies the host port WWN. The format is hh:hh:hh:hh:hh:hh:hh:hh.

target target port

Identifies the target port WWN. The format is hh:hh:hh:hh:hh:hh:hh:hh.

vsan vsan id

Selects the VSAN identifier. The range is 1 to 4093.

fabric fabric name

Specifies the fabric for discovery. The maximum length is 32 characters.


Defaults

None.

Command Modes

Cisco SME cluster configuration submode.

Command History

Release
Modification

3.2(2c)

This command was introduced.


Usage Guidelines

If the discover command is issued on an existing host that could be configured or discovered, then Cisco SME deletes all the existing discovered LUNs, sends out a LOGO notification to the host, and does a discovery again.

Examples

The following example discovers a host and specifies a target, a VSAN, and a fabric for discovery:

switch# config t
switch(config)# sme cluster clustername1
switch(config-sme-cl)# discover host 20:00:00:00:c9:49:28:47 target 
21:01:00:e0:8b:29:7e:0c vsan 2345 fabric sw-xyz
 
   

The following example disables the discovery feature:

switch# config t
switch(config)# sme cluster clustername1
switch(config-sme-cl)# no discover

Related Commands

Command
Description

show sme cluster

Displays information about the Cisco SME cluster.


do

Use the do command to execute an EXEC-level show command from any configuration mode or submode.

do command

Syntax Description

command

Specifies the EXEC command to be executed.


Defaults

None.

Command Modes

All configuration modes.

Command History

Release
Modification

1.1(1)

This command was introduced.


Usage Guidelines

Use this command to execute EXEC level show commands while configuring your switch. After the EXEC command is executed, the system returns to the mode from which you issued the do command.

Examples

The following example displays the information about the cluster tape details in the Cisco SME tape volume configuration submode:

switch# config t
switch(config)# sme cluster c1
switch(config-sme-cl)# tape-bkgrp group1
switch(config-sme-cl-tape-bkgrp)# tape-device devicename1
switch(config-sme-cl-tape-bkgrp-tapedevice)#do show sme cluster clustername1 tape detail
Tape t1 is online
    Is a Tape Drive
    Model is HP Ultrium 2-SCSI
    Serial Number is HUM4A00184
    Is configured as tape device b1 in tape group b1
    Paths
      Host 12:01:00:e0:8b:a2:08:90 Target 52:06:0b:11:00:20:4c:4c LUN 0x0000
         Is online

The following example displays the counters in the interface in the Cisco SME crypto tape volume group configuration submode:

switch# config t
switch(config)# sme cluster c1
switch(config-sme-cl)# tape-bkgrp group1
switch(config-sme-cl-tape-bkgrp)# tape-volgrp t1
switch(config-sme-cl-tape-bkgrp-volgrp)#do show interface sme 3/1 description
sme3/1
    5 minutes input rate 0 bits/sec, 0 bytes/sec, 0.00 KB/sec
    5 minutes output rate 0 bits/sec, 0 bytes/sec, 0.00 KB/sec
    SME statistics
      input 0 bytes, 5 second rate 0 bytes/sec, 0.00 KB/sec
        clear 0 bytes, encrypt 0 bytes, decrypt 0
        compress 0 bytes, decompress 0 bytes
      output 0 bytes, 5 second rate 0 bytes/sec, 0.00 KB/sec
        clear 0 bytes, encrypt 0 bytes, decrypt 0
        compress 0 bytes, decompress 0 bytes
          compression ratio 0:0
      flows 0 encrypt, 0 clear
      clear luns 0, encrypted luns 0
      errors
         0 CTH, 0 authentication
         0 key generation, 0 incorrect read
         0 incompressible, 0 bad target responses

fabric

To add a fabric to the cluster, use the fabric command in the Cisco SME cluster configuration submode.

fabric fabric name

Syntax Description

fabric name

Specifies the fabric name. The maximum length is 32 characters.


Defaults

None.

Command Modes

Cisco SME cluster configuration submode.

Command History

Release
Modification

3.2(2c)

This command was introduced.


Usage Guidelines

None.

Examples

The following example adds a fabric named sw-xyz to a cluster:

switch# config terminal
switch(config)# sme cluster c1
switch(config-sme-cl)# fabric sw-xyz

Related Commands

Command
Description

show sme cluster

Displays information about Cisco SME cluster.


fabric-membership

To add a node to a fabric, use the fabric-membership command. To remove the node from the fabric, use the no form of the command.

fabric-membership fabric name

no fabric-membership fabric name

Syntax Description

fabric name

Specifies the fabric name. The maximum length is 32 characters.


Defaults

None.

Command Modes

Cisco SME cluster node configuration submode.

Command History

Release
Modification

3.2(2c)

This command was introduced.


Usage Guidelines

Use the fabric-membership command to put a node in a fabric.

This command has to be configured before the interface sme slot/port [force] command can be accepted. The command cannot be removed if the interface sme slot/port [force] command is enabled.

Examples

The following example specifies a fabric to which the node belongs:

switch# config t
switch(config)# sme cluster clustername1
switch(config-sme-cl)# node local
switch(config-sme-cl-node)# fabric-membership f1

Related Commands

Command
Description

interface sme

Configures the Cisco SME interface to a cluster.

show interface sme

Displays interface information.

shutdown

Enables or disables an interface.


fc-redirect version2 enable

To enable the version2 mode in FC-Redirect, use the fc-redirect version2 enable command in configuration mode. To disable the version2 mode in FC-Redirect, use the no form of the command.

fc-redirect version2 enable

no fc-redirect version2 enable

Syntax Description

This command has no arguments or keywords.

Defaults

None.

Command Modes

Configuration mode.

Command History

Release
Modification

3.3(1c)

This command was introduced.


Usage Guidelines

This command is used to increase scalability of FC-Redirect.

Disabling version2 mode after it is enabled in the fabric is not recommended. However, if you want to disable version2 mode, you cannot disable it until all FC-Redirect configurations are deleted. FC-Redirect configurations can be deleted only by deleting all corresponding application configurations.

The MDS switches running Cisco SAN-OS 3.2.x cannot be added to the fabric after the version2 mode is enabled. If the switches are added, all further FC-Redirect configuration changes will fail across the fabric. This could lead to traffic disruption for applications such as SME and DMM.

Use the show fc-redirect configs command to see the list of applications that create FC-Redirect configurations.

If version2 mode is enabled in the fabric and you want to move a switch to a different fabric, use the clear fc-redirect decommission-switch command before moving the switch to a different fabric. If not, all switches in the new fabric will be converted to version2 mode automatically.


Note All switches in the fabric should be running SAN-OS Release 3.3.x or NX-OS 4.x. Ensure that there are no fabric changes or upgrades in progress. Use the show fc-redirect peer-switches command (UP state) to see all the switches in the fabric.


Examples

The following example shows how to enable version2 mode in FC-Redirect:

switch# fc-redirect version2 enable
Please make sure to read and understand the following implications
before proceeding further:
 
   
 
   
   1) This is a Fabric wide configuration. All the switches in the
      fabric will be configured in Version2 mode.Any new switches
      added to the fabric will automatically be configured in version2
      mode.
 
   
   2) SanOS 3.2.x switches CANNOT be added to the Fabric after Version2
      mode is enabled. If any 3.2.x switch is added when Version2 mode
      is enabled, all further FC-Redirect Configuration changes will Fail
      across the fabric. This could lead to traffic disruption for
      applications like SME.
 
   
   3) If enabled, Version2 mode CANNOT be disabled till all FC-Redirect
      configurations are deleted. FC-Redirect configurations can be
      deleted ONLY after all the relevant application configurations
      are deleted. Please use the command 'show fc-redirect configs'
      to see the list of applications that created FC-Redirect
      configurations.
 
   
   4) 'write erase' will NOT disable this command. After 'write erase'
      on ANY switch in the fabric, the user needs to do:
               'clear fc-redirect decommission-switch'
      on that that switch. Without that, if the user moves the switch
      to a different fabric it will try to convert all the switches
      in the fabric to Version2 mode automatically. This might lead
      to Error conditions and hence Traffic disruption.
 
   
Do you want to continue? (Yes/No) [No]Yes
Before proceeding further, please check the following:
   1) All the switches in the fabric are seen in the output of
      'show fc-redirect peer-switches' command and are in 'UP' state.
 
   
   2) All switches in the fabric are running SanOS version 3.3.x or
      higher.
 
   
   3) Please make sure the Fabric is stable ie.,
       No fabric changes/upgrades in progress
 
   
Do you want to continue? (Yes/No) [No] Yes
 
   

Related Commands

Command
Description

no fc-redirect version2 enable mode

Disables version2 mode in FC-Redirect.


feature

To enable and disable Cisco SME features, use the feature command. To remove the feature, use the no form of the command.

feature {cluster | sme}

no feature {cluster | sme}

Syntax Description

cluster

Enables or disables the clustering feature.

sme

Enables or disables the storage media encryption (SME) services.


Defaults

Disabled.

Command Modes

Configuration mode.

Command History

Release
Modification

NX-OS 4.1(1b)

This command was introduced.


Usage Guidelines

None.

Examples

The following example shows how to enable clustering and configure Cisco SME services:

switch# config terminal
switch(config)# feature cluster
switch(config)# feature sme
switch(config)#

Related Commands

Command
Description

show sme cluster

Displays Cisco SME cluster information.


 
   

interface sme

To configure the Cisco SME interface on a switch, use the interface sme command. To remove the interface, use the no form of the command.

interface sme slot /port

no interface sme slot /port

Syntax Description

slot

Identifies the number of the MSM-18/4 module slot.

port

Identifies the number of the Cisco SME port.


Defaults

Disabled.

Command Modes

Configuration mode.

Command History

Release
Modification

3.2(2c)

This command was introduced.


Usage Guidelines

To use this command, clustering must be enabled using the feature cluster command and Cisco SME services must be activated using the feature sme command.

Once you have configured the interface, use the no shutdown command to enable the interface.

To delete the Cisco SME interface, you must first remove the switch from the cluster. Use the no sme cluster command to remove the switch from the cluster and then use the no interface command to delete the interface.

The interface commands are available in the (config-if) submode.

Examples

The following example configures and enables the Cisco SME interface on the MSM-18/4 module slot and the default Cisco SME port:

switch# config terminal
switch(config)# interface sme 3/1
switch(config-if)# no shutdown

Related Commands

Command
Description

show interface sme

Displays interface information.

shutdown

Enables or disables an interface.


interface sme (Cisco SME cluster node configuration submode)

To add a Cisco SME interface from a local or a remote switch to a cluster, use the interface sme command. To delete the interface, use the no form of the command.

interface sme (slot/port) [force]

no interface sme (slot/port) [force]

Syntax Description

slot

Identifies the MSM-18/4 module slot.

port

Identifies the Cisco SME port.

force

(Optional) Forcibly clears the previous interface context in the interface.


Defaults

Disabled.

Command Modes

Cisco SME cluster node configuration submode.

Command History

Release
Modification

3.2(2c)

This command was introduced.


Usage Guidelines

You have to first configure a node using the fabric-membership command before this command can be executed.

To use this command, clustering must be enabled using the feature cluster command and Cisco SME services must be activated using the feature sme command.

To delete the Cisco SME interface, first remove the switch from the cluster. Use the no sme cluster command to remove the switch from the cluster and then use the no interface command to delete the interface.

Examples

The following example specifies the fabric to which the node belongs and then adds the Cisco SME interface (4/1) from a local switch using the force option:

switch# config t
switch(config)# sme cluster clustername1
switch(config-sme-cl)# node local
switch(config-sme-cl-node)# fabric-membership f1
switch(config-sme-cl-node)# interface sme 4/1 fabric sw-xyz
 
   

The following example specifies the fabric to which the node belongs and then adds the Cisco SME interface (4/1) from a remote switch using the force option:

switch# config t
switch(config)# sme cluster clustername1
switch(config-sme-cl)# node 171.71.23.33
switch(config-sme-cl-node)# fabric-membership f1
switch(config-sme-cl-node)# interface sme 4/1 fabric sw-xyz

Related Commands

Command
Description

fabric-membership

Adds the node to a fabric.

show interface

Displays Cisco SME interface details.


key-ontape

To configure keys on the tape mode and store the encrypted security keys on the backup tapes, use the key-ontape command. To disable this feature, use the no form of the command.

key-ontape

no key-ontape

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled.

Command Modes

Cisco SME cluster configuration submode.

Command History

Release
Modification

3.2(2c)

This command was introduced.


Usage Guidelines

This command allows the encrypted security keys to be stored on the backup tapes.


Note This feature is supported only for unique keys.


Before using this command, automatic volume grouping should be disabled by using the auto-volgrp command.

Examples

The following example enables the key-ontape feature:

switch# config terminal
switch(config)# sme cluster clustername1
switch(config-sme-cl)# key-ontape

The following example disables the key-ontape feature:

switch# config terminal
switch(config)# sme cluster clustername1
switch(config-sme0-cl)# no key-ontape

Related Commands

Command
Description

no auto-volgrp

Disables automatic volume grouping.

no shared-key

Specifies unique key mode.

show sme cluster key

Displays information about cluster key database.

show sme cluster tape

Displays information about tapes.


link-state-trap

To enable an Simple Network Management Protocol (SNMP) link state trap on an interface, use the link-state-trap command. To disable this feature, use the no form of the command.

link-state-trap

no link-state-trap

Syntax Description

This command has no arguments or keywords.

Defaults

None.

Command Modes

Interface configuration submode.

Command History

Release
Modification

3.2(2c)

This command was introduced.


Usage Guidelines

None.

Examples

The following example enables the link-state-trap on the SME interface:

switch# config t
switch(config)# interface sme 4/1
switch(config-if)# link-state-trap
 
   

The following example disables the link-state-trap on the SME interface:

switch# config t
switch(config)# interface sme 4/1
switch(config-if)# no link-state-trap

load-balancing

To enable cluster load balancing for all targets or specific targets, use the load-balancing command. To disable this command, use the no form of the command.

load-balancing {enable | target wwn}

no load-balancing {enable | target wwn}

Syntax Description

enable

Enables cluster load balancing.

target wwn

Specifies the worldwide name (WWN) of the target port.


Defaults

None.

Command Modes

Cisco SME cluster configuration submode.

Command History

Release
Modification

3.3(1c)

This command was introduced.


Usage Guidelines

The load-balancing operation is performed by the Cisco SME administrator for all or specific target ports. This operation first unbinds all the targets from the Cisco SME interfaces. The targets are then associated, one at a time, based on the load-balancing algorithm. For more information on the load- balancing algorithm, see Chapter 1 "Product Overview."

The load-balancing operation can be triggered if the targets remain unconnected due to errors in the prior load-balancing operations in the backend.

Examples

The following example enables reload balancing in Cisco SME:

switch# config t
switch(config)# sme cluster c1
switch(config-sme-cl)# load-balancing enable
switch(config-sme-cl-node)#

The following example adds the host to the Cisco SME interface based on the load-balancing policy:

switch# config t
switch(config))# sme cluster c1
switch(config-sme-cl)# load-balancing 17:11:34:44:44:12:14:10
switch(config-sme-cl-node)#
 
   

Related Commands

Command
Description

show sme cluster

Displays Cisco SME information.


node

To configure Cisco SME switch, use the node command. To disable this command, use the no form of the command.

node {local | {A.B.C.D | X:X::X /n| DNS name}}

no node {local | {A.B.C.D | X:X::X /n| DNS name}}

Syntax Description

local

Configures the local switch.

A.B.C.D

Specifies the IP address of the remote switch in IPv4 format.

X:X::X/n

Specifies the IP address of the remote switch in IPv6 format.

DNS name

Specifies the name of the remote database.


Defaults

None.

Command Modes

Cisco SME cluster configuration submode.

Command History

Release
Modification

3.2(2c)

This command was introduced.


Usage Guidelines

None.

Examples

The following example adds the Cisco SME interface from a local switch:

switch# config t
switch(config)# sme cluster c1
switch(config-sme-cl)# node local
switch(config-sme-cl-node)#

The following example adds the Cisco SME interface from a remote switch:

switch# config t
switch(config))# sme cluster c1
switch(config-sme-cl)# node 171.71.23.33
switch(config-sme-cl-node)#
 
   

Related Commands

Command
Description

show sme cluster node

Displays Cisco SME node information about a local or remote switch.


odrt.bin

To perform offline data recovery of tape encrypted by Cisco SME, use the odrt.bin command on Linux-based systems. This command allows you to recover data when the MSM-18/4 module or the Cisco MDS 9222i fabric switch is not available.

odrt.bin [--help][--version]{-h | -l | -r | -w}{if=input_device_or_file | of=output_device_or_file | kf=key_export_file | verbose=level}

Syntax Description

--help

(Optional) Displays information on the tool.

--version

(Optional) Displays the version of the tool.

-h

Reads and prints the tape header information on the tape.

-l

Lists all SCSI devices.

-r

Reads the tape device and writes data to intermediate file(s).

-w

Reads the intermediate file(s) on disk and writes data to the tape.

if

Specifies the input device or file.

of

Specifies the output device or file

kf

Specifies the key export file name.

verbose

Specifies the level.


Defaults

None.

Command Modes

None. This command runs from the Linux shell.

Command History

Release
Modification

3.3(1c)

This command was introduced.


Usage Guidelines

The odrt.bin command operates in the following steps:

Tape-to-disk- In this mode, the odrt.bin command reads the encrypted data from the tape and stores it as intermediate files on the disk. This mode is invoked with the -r flag. The input parameter is the tape device name and filename on the disk is the output parameter.

Disk-to-tape- In this mode, the odrt.bin command reads intermediate files on the disk, decrypts and decompresses (if applicable) the data and writes the clear-text data to the tape. The decryption key is obtained from the volume group file that is exported from the Cisco Key Management Center (KMC). This mode is invoked with the -w flag. The input parameter is the filename on the disk and tape device name is the output parameter. The volume group file name (key export file) is also accepted as a parameter. Key export password needs to be entered at the command prompt.


Note For information on exporting volume groups, see Chapter 6 "Cisco SME Key Management."


Examples

The following command reads and prints the Cisco tape header information on the tape:

odrt -h if=/dev/sg0
 
   

The following example read the data on tape into intermediate file(s) on disk:

odrt -r if=/dev/sg0 of=diskfile
 
   

The following command reads the encrypted/compressed data in intermediate file(s) and writes back the decrypted/decompressed data to the tape:

odrt -w if=diskfile of=/dev/sg0 kf=c1_tb1_Default.dat
 
   

A sample output of the odrt.bin command follows:

[root@ips-host06 odrt]# ./odrt.bin -w if=c of=/dev/sg2 kf=sme_L700_IBMLTO3_Default.dat 
verbose=3
Log file: odrt30072
Please enter key export password:
Elapsed 0:3:39.28, Read 453.07 MB, 2.07 MB/s, Write 2148.27 MB, 9.80 MB/s
Done

rule

To specify the tape volume group regular expression, use the rule command. To disable this feature, use the no form of the command.

rule {range range | regexp regular expression}

no rule {range range | regexp regular expression}

Syntax Description

range range

Specifies the crypto tape volume barcode range. The maximum length is 32 characters.

regexp regular expression

Specifies the volume group regular expression. The maximum length is 32 characters.


Defaults

None.

Command Modes

Cisco SME crypto tape volume group configuration submode.

Command History

Release
Modification

3.2(2c)

This command was introduced.


Usage Guidelines

None.

Examples

The following example specifies the volume group regular expression:

switch# config t
switch(config)# sme cluster c1
switch(config-sme-cl)# tape-bkgrp tbg1
switch(config-sme-cl-tape-bkgrp)# tape-volgrp tv1
switch(config-sme-cl-tape-bkgrp-volgrp)#rule regexp r1

Related Commands

Command
Description

show sme cluster

Displays information about Cisco SME cluster.

tape-bkgrp groupname

Configures crypto backup group.

tape-volgrp volume groupname

Configures crypto backup volume group.


scaling batch enable

To enable scalability in the Cisco SME configuration, use the scaling batch enable command. To disable this feature, use the no form of the command.

scaling batch enable

no scaling batch enable

Syntax Description

This command has no arguments or keywords.

Defaults

None.

Command Modes

Cisco SME cluster configuration submode.

Command History

Release
Modification

4.1(3)

This command was introduced.


Usage Guidelines

None.

Examples

The following example enables Cisco SME scalability:

switch# config t
switch(config)# sme cluster c1
switch(config-sme-cl)# scaling batch enable
switch(config-sme-cl)# 
 
   

security-mode

To configure the Cisco SME security settings, use the security-mode command. To delete the security settings, use the no form of the command.

security-mode {basic | standard | advanced {schema threshold threshold total total }}

no security-mode {basic | standard | advanced {schema threshold threshold total total }}

Syntax Description

basic

Sets the Cisco SME security level to basic.

standard

Sets the Cisco SME security level to standard.

advanced

Sets the Cisco SME security level to advanced.

schema

Configures the recovery schema.

threshold threshold

Configures the recovery schema threshold. The limit is 2 to 3.

total total

Configures the recovery schema total. The limit is 5 to 5.


Defaults

None.

Command Modes

Cisco SME cluster configuration submode.

Command History

Release
Modification

3.2(2c)

This command was introduced.


Usage Guidelines

None.

Examples

The following example sets the security mode to basic:

switch# config t
switch(config)# sme cluster c1
switch(config-sme-cl)# security-mode basic

The following example sets the security mode to advanced:

switch# config t
switch(config)# sme cluster c1
switch(config-sme-cl)# security-mode advanced schema threshold 3 total 5

Related Commands

Command
Description

show sme cluster

Displays information about the security settings.


setup

To run the basic setup facility, use the setup command.

setup ficon | sme

Syntax Description

ficon

Runs the basic FICON setup command facility.

sme

Runs the basic Cisco SME setup command facility.


Defaults

None.

Command Modes

EXEC.

Command History

Release
Modification

3.3(1c)

This command was introduced.


Usage Guidelines

Use the setup sme command to create the sme-admin and sme-recovery roles for Cisco SME.

Examples

The following example creates the sme-admin and sme-recovery roles:

switch(config)# setup sme
Set up four roles necessary for SME, sme-admin, sme-stg-admin, sme-kmc-admin and 
sme-recovery? (yes/no) [no] yes
If CFS is enabled, please commit the roles so that they can be available. 
SME setup done. 
 
   

Related Commands

Command
Description

show role

Displays information about the various Cisco SME role configurations.


shared-keymode

To configure the shared key mode, use the shared-keymode command. To specify the unique key mode, use the no form of the command.

shared-keymode

no shared-keymode

Syntax Description

This command has no arguments or keywords.

Defaults

None.

Command Modes

Cisco SME cluster configuration submode.

Command History

Release
Modification

3.2(2c)

This command was introduced.


Usage Guidelines

The shared-keymode command generates a single key that is used for a group of backup tapes.

The no shared-keymode command generates unique or specific keys for each tape cartridge.


Note The shared unique key mode should be specified if you want to enable the key-ontape feature.


Examples

The following example specifies the shared key mode:

switch# config t
switch(config)# sme cluster c1
switch(config-sme-cl)# shared-keymode
 
   

The following example specifies the shared unique keymode:

switch# config t
switch(config)# sme cluster c1
switch(config-sme-cl)# no shared-keymode

Related Commands

Command
Description

show sme cluster

Displays Cisco SME cluster information.


show debug

To display all Cisco SME-related debug commands configured on the switch, use the show debug command.

show debug {cluster {bypass | sap sap bypass} | sme bypass}

Syntax Description

cluster

Displays all the debugging flags.

bypass

Displays the bypass flags.

sap sap

Displays all debugging flags of SAP. Specifies the SAP in the range from 1 to 65535

sme

Displays all the debugging flags of Cisco SME.


Defaults

None.

Command Modes

EXEC mode.

Command History

Release
Modification

3.2(2c)

This command was introduced.


Usage Guidelines

None.

Examples

The following example shows all debug commands configured on the switch:

switch# show debug
ILC helper:
 ILC_HELPER errors debugging is on
 ILC_HELPER info debugging is on

Related Commands

Commands
Description

debug sme

Debugs Cisco SME features.


show fc-redirect active-configs

To display all active configurations on a switch, use the show fc-redirect active-configs command.

show fc-redirect active-configs

Syntax Description

This command has no arguments or keywords.

Defaults

None.

Command Modes

EXEC mode.

Command History

Release
Modification

3.2(2c)

This command was introduced.


Usage Guidelines

This command is used to verify if there are active configurations running on the switch during the following procedures:

Downgrading from a Cisco SAN-OS 3.2(1) image (supporting FC-Redirect) to an older image where FC-Redirect is not supported.

Decommissioning a local switch.


Note Active configuration implies configurations created by applications running on the current switch or applications created on remote switches, except the targets and hosts connected to the local switch.


Examples

The following example displays the active configurations running on the switch:

switch# show fc-redirect active-configs
Config#1
==========
Appl UUID = 0x00D8 (ISAPI CFGD Service)
SSM Slot = 2
SSM Switch WWN = 20:00:00:05:30:00:90:9e (LOCAL)
Vt PWWN = 2f:ea:00:05:30:00:71:64
Tgt PWWN = 21:00:00:20:37:38:63:9e (LOCAL)
Local Host PWWN = 21:00:00:e0:8B:0d:12:c6
Config#2
==========
Appl UUID = 0x00D8 (ISAPI CFGD Service)
SSM Slot = 2
SSM Switch WWN = 20:00:00:05:30:00:90:9e (LOCAL)
Vt PWWN = 2f:ea:00:05:30:00:71:65
Tgt PWWN = 21:00:00:20:37:18:67:2c
Local Host PWWN = 21:00:00:e0:8B:0d:12:c6
 
   
Config#3
==========
Appl UUID = 0x00D8 (ISAPI CFGD Service)
SSM Slot = 2
SSM Switch WWN = 20:00:00:0d:EC:20:13:00 (REMOTE)
Vt PWWN = 2f:ea:00:05:30:00:71:66
Tgt PWWN = 21:00:00:20:37:18:64:92
Local Host PWWN = 21:00:00:e0:8B:0d:12:c6

Related Commands

Command
Description

clear fc-redirect vt

Clears the active configurations on the local switch.


show fc-redirect configs

To display all the current configuration mode on a switch, use the show fc-redirect configs command.

show fc-redirect configs

Syntax Description

This command has no arguments or keywords.

Defaults

None.

Command Modes

EXEC mode

Command History

Release
Modification

3.2(2c)

This command was introduced.


Usage Guidelines

None.

Examples

The following example displays the current configuration mode on a switch:

switch# show fc-redirect configs
Configuration Mode    = MODE_V1
Config#1
==========
Appl UUID          = 0x00D8 (ISAPI CFGD Service)
SSM Slot           = 2
SSM Switch WWN     = 20:00:00:05:30:00:90:9e (LOCAL)
Vt PWWN            = 2f:ea:00:05:30:00:71:61
Tgt PWWN           = 21:00:00:20:37:38:89:86
Host  1: Host PWWN = 21:00:00:e0:8b:0d:12:c6
         VI   PWWN = 2f:ec:00:05:30:00:71:61
 
   
Config#2
==========
Appl UUID          = 0x00D8 (ISAPI CFGD Service)
SSM Slot           = 2
SSM Switch WWN     = 20:00:00:05:30:00:90:9e (LOCAL)
Vt PWWN            = 2f:ea:00:05:30:00:71:62
Tgt PWWN           = 21:00:00:20:37:38:a9:0a
Host  1: Host PWWN = 21:00:00:e0:8b:0d:12:c7
         VI   PWWN = 2f:ec:00:05:30:00:71:62

Related Commands

Command
Description

show fc-redirect active-configs

Displays all active configurations on a switch.


show fc-redirect peer-switches

To display all the peer switches in the fabric running FC-Redirect, use the show fc-redirect peer-switches command.

show fc-redirect peer-switches

Syntax Description

This command has no other keywords or arguments.

Defaults

None.

Command Modes

EXEC mode.

Command History

Release
Modification

3.2(2c)

This command was introduced.


Usage Guidelines

This command is used for verifying the fabric state and for troubleshooting.


Note To find the switch IP address for the list of switch WWNs, use the show cfs peers command.


Examples

The following example displays the peer switches in the fabric running FC-Redirect:

switch# show fc-redirect peer-switches
------------------------------------------------
num 			Switch WWN 							State
------------------------------------------------
1 			20:00:00:05:30:00:90:9e 							UP
2 			21:00:00:05:30:00:90:9f	 						DOWN
3 			22:00:00:05:30:00:90:91			 				SYNCING
4 			23:00:00:05:30:00:90:92 							ERROR
 
   

This table shows FC-Redirect peer switches summaries

Field
Description

Up

The peer switch is fully synced with the local switch.

Down

The communication with peer switch is broken.

Syncing

The local switch is syncing its configuration with the peer switch.

Error

Connection with peer switch is not available.


.

Related Commands

Command
Description

clear fc-redirect vt

Clears the active configurations on the local switch.


show interface sme

To display the information about Cisco SME interface, use the show interface sme command.

show interface sme slot/port {brief | counters brief | description}

Syntax Description

slot

Identifies the number of the MSM-18/4 module slot.

port

Identifies the number of the Cisco SME port.

brief

Displays the brief information about Cisco SME interface.

counters

Displays the interface counters.

brief

Displays brief counter information.

description

Displays the description of the interface.


Defaults

None.

Command Modes

EXEC mode.

Command History

Release
Modification

3.2(2c)

This command was introduced.


Usage Guidelines

None.

Examples

The following example displays the brief description of the Cisco SME interface:

switch# show interface sme 3/1 brief
 
   
------------------------------------------------------------------------------
Interface          Status        Cluster
------------------------------------------------------------------------------
sme3/1             up            c2
 
   

The following example displays the counters of the interface:

switch# show interface sme 3/1 description
sme3/1
    5 minutes input rate 0 bits/sec, 0 bytes/sec, 0.00 KB/sec
    5 minutes output rate 0 bits/sec, 0 bytes/sec, 0.00 KB/sec
    SME statistics
      input 0 bytes, 5 second rate 0 bytes/sec, 0.00 KB/sec
        clear 0 bytes, encrypt 0 bytes, decrypt 0
        compress 0 bytes, decompress 0 bytes
      output 0 bytes, 5 second rate 0 bytes/sec, 0.00 KB/sec
        clear 0 bytes, encrypt 0 bytes, decrypt 0
        compress 0 bytes, decompress 0 bytes
          compression ratio 0:0
      flows 0 encrypt, 0 clear
      clear luns 0, encrypted luns 0
      errors
         0 CTH, 0 authentication
         0 key generation, 0 incorrect read
         0 incompressible, 0 bad target responses

Related Commands

Command
Description

interface sme

Configures the Cisco SME interface on the switch.


show role

To display the description about the various Cisco SME role configurations, use the show role command.

show role

Syntax Description

This command has no arguments or keywords.

Defaults

None.

Command Modes

EXEC mode.

Command History

Release
Modification

3.3(1c)

This command was introduced.

NX-OS 4.1(1b)

The sample output was changed.


Usage Guidelines

Execute the setup sme command to set up the Cisco SME administrator and Cisco SME recovery roles and then use the show role command to display the role details.

Examples

The following example displays the Cisco SME role configurations:

switch(config)# setup sme
Set up four roles necessary for SME, sme-admin, sme-stg-admin, sme-kmc-admin and 
sme-recovery? (yes/no) [no] yes
If CFS is enabled, please commit the roles so that they can be available. 
SME setup done. 
 
   
switch# show role 
Role: sme-admin
  Description: new role
  Vsan policy: permit (default)
  -------------------------------------------------
  Rule    Type    Command-type    Feature         
  -------------------------------------------------
  1       permit  show            sme             
  2       permit  config          sme             
  3       permit  debug           sme             
 
Role: sme-stg-admin
  Description: new role
  Vsan policy: permit (default)
  -------------------------------------------------
  Rule    Type    Command-type    Feature         
  -------------------------------------------------
  1       permit  show            sme-stg-admin   
  2       permit  config          sme-stg-admin   
  3       permit  debug           sme-stg-admin   
 
   
Role: sme-kmc-admin
  Description: new role
  Vsan policy: permit (default)
  -------------------------------------------------
  Rule    Type    Command-type    Feature         
  -------------------------------------------------
  1       permit  show            sme-kmc-admin   
  2       permit  config          sme-kmc-admin   
  3       permit  debug           sme-kmc-admin   
 
Role: sme-recovery
  Description: new role
  Vsan policy: permit (default)
  -------------------------------------------------
  Rule    Type    Command-type    Feature         
  -------------------------------------------------
  1       permit  config          sme-recovery-officer
 
   
 
   

Related Commands

Command
Description

setup sme

Sets up the Cisco SME administrator and Cisco SME recovery roles.


 
   

show sme cluster

To display the information about the Cisco SME cluster, use the show sme cluster command.

show sme cluster {cluster name {detail | interface {detail | node {A.B.C.D | X:X::X | DNS name
sme slot/port }| sme slot/port | summary}| it-nexus | key database {detail | guid guid name {detail | summary } | summary} | load-balancing | lun crypto-status | node {{A.B.C.D | X:X::X | DNS name} | summary} | recovery officer {index | detail index | summary index} | summary | tape {detail | summary}| tape-bkgrp tape group name volgrp volume group name} | detail | summary}

Syntax Description

cluster cluster name

Displays Cisco SME cluster information. The maximum length is 32 characters.

detail

Displays Cisco SME cluster details.

interface

Displays information about Cisco SME cluster interface.

node

Display information about Cisco SME cluster remote interface.

A.B.C.D

Specifies the IP address of the remote switch in IPv4 format.

X:X::X

Specifies the IP address of the remote switch in IPv6 format.

DNS name

Specifies the name of the remote database.

sme

Specifies the Cisco SME interface.

slot

Identifies the MSM-18/4 module slot.

port

Identifies the Cisco SME port.

interface summary

Displays Cisco SME cluster interface summary.

it-nexus

Displays the initiator to target connections (IT-nexus) in the Cisco SME cluster.

key database

Shows the Cisco SME cluster key database.

detail

Shows the Cisco SME cluster key database details

guid guid name

Displays Cisco SME cluster key database guid. The maximum length is 64.

summary

Displays Cisco SME cluster key database summary.

load-balancing

Displays the load balancing status of the cluster.

lun

Displays the logical unit numbers (LUNs) in a cluster.

crypto-status

Displays the crypto status of the LUNs.

node summary

Displays Cisco SME cluster node summary.

recovery officer detail

Displays Cisco SME cluster recovery officer detail.

recovery officer summary

Displays Cisco SME cluster recovery officer summary.

index

Specifies recovery officer index. The range is 1 to 8.

detail index

Specifies recovery officer detail index. The range is 1 to 8.

summary index

Specifies recovery officer summary index. The range is 1 to 8.

tape detail

Displays Cisco SME tape detail.

tape summary

Displays the tape summary.

tape-bkgrp tape group name

Displays the crypto tape backup group name. The maximum length is 32 characters.

volgrp volume group name

Displays tape volume group name. The maximum length is 32 characters.

detail

Displays Cisco SME cluster details.

summary

Shows Cisco SME cluster summary.


Defaults

None.

Command Modes

EXEC mode.

Command History

Release
Modification

3.2(2c)

This command was introduced.


Usage Guidelines

None.

Examples

The following example displays the configuration details about a cluster:

switch# show sme cluster c1
Cluster ID is 0x2b2a0005300035e1
 Cluster status is online
 Security mode is advanced
 Total Nodes are 1
 Recovery Scheme is 2 out of 5
 Fabric[0] is Fabric_name-excal10
 KMC server 10.21.113.117:8800 is provisioned, connection state is initializing
 
   
 Master Key GUID is 10af119cfd79c17f-ee568878c049f94d, Version: 0
 Shared Key Mode is Not Enabled
 Auto Vol Group is Not Enabled
 Tape Compression is Not Enabled
 Tape Key Recycle Policy is Not Enabled
 Key On Tape is Not Enabled
 Cluster Infra Status : Operational
 Cluster is Administratively Up
 Cluster Config Version : 24
 
   
 
   
 
   

The following example displays the cluster interface information:

switch# show sme cluster clustername1 interface it-nexus 
-------------------------------------------------------------------------------
    Host WWN                 VSAN    Status    Switch        Interface
    Target WWN
-------------------------------------------------------------------------------
 
   
10:00:00:00:c9:4e:19:ed,
2f:ff:00:06:2b:10:c2:e2      4093     online    switch     sme4/1
 
   
 
   

The following example displays the specific recovery officer of a cluster:

switch# show sme cluster clustername1 recovery officer 
Recovery Officer 1 is set 
  Master Key Version is 0
  Recovery Share Version is 0
  Recovery Share Index is 1
  Recovery Scheme is 1 out of 1 
  Recovery Officer Label is 
  Recovery share protected by a password 
 
   
Key Type is master key share 
    Cluster is clustername1, Master Key Version is 0 
    Recovery Share Version is 0, Share Index is 1 

Related Commands

Command
Description

clear sme

Clears Cisco SME configuration.

show sme cluster

Displays information about Cisco SME cluster.


show sme transport

To display the Cisco SME cluster transport information, use the show sme transport command.

show sme transport ssl truspoint

Syntax Description

ssl

Displays transport Secure Sockets Layer (SSL) information.

trustpoint

Displays transport SSL trustpoint information.


Defaults

None.

Command Modes

EXEC mode.

Command History

Release
Modification

3.2(2c)

This command was introduced.


Usage Guidelines

None.

Examples

The following example displays the internal cluster errors:

switch# show sme transport ssl trustpoint
SME Transport SSL trustpoint is trustpoint-label

Related Commands

Command
Description

clear sme

Clears Cisco SME configuration.

show sme cluster

Displays all information of Cisco SME cluster.


show tech-support sme

To display the information for Cisco SME technical support, use the show tech-support sme command.

show tech-support sme compressed bootflash: | tftp:

Syntax Description

compressed
Saves the compressed Cisco SME
bootflash:
Specifies the filename that need to be stored.

tftp:

Specifies the filename that need to be stored.


Defaults

None.

Command Modes

EXEC mode

Command History

Release
Modification

3.3(1c)

This command was introduced.


Usage Guidelines

None.

Examples

The following example displays the information for SME technical support:

sw-sme-n1# show tech-support sme 
 
   
'show startup-config'
version 4.1(1b)
username admin password 5 $1$jC/GIid6$PuNDstXwdAnwGaxxjdxi50  role network-admin
no password strength-check
feature telnet
ntp server 10.81.254.131
kernel core target 0.0.0.0
kernel core limit 1
aaa group server radius radius 
snmp-server user admin network-admin auth md5 0x7eedfdadb219506ca61b0e2957cc7ef5
 priv 0x7eedfdadb219506ca61b0e2957cc7ef5 localizedkey
snmp-server host 171.71.49.157 informs version 2c public  udp-port 2162
snmp-server enable traps license
snmp-server enable traps entity fru
device-alias database
  device-alias name sme-host-171-hba0 pwwn 21:01:00:e0:8b:39:d7:57
  device-alias name sme-host-171-hba1 pwwn 21:00:00:e0:8b:19:d7:57
  device-alias name sme-host-172-hba0 pwwn 21:01:00:e0:8b:39:c2:58
  device-alias name sme-host-172-hba1 pwwn 21:00:00:e0:8b:19:c2:58
  device-alias name sme-sanblaze-port0-tgt0 pwwn 2f:ff:00:06:2b:0d:39:08
  device-alias name sme-sanblaze-port0-tgt1 pwwn 2f:df:00:06:2b:0d:39:08
--More--
 
   

shutdown (interface configuration submode)

To disable an Cisco SME interface, use the shutdown command. To enable the interface, use the no form of the command.

shutdown

no shutdown

Syntax Description

This command has no arguments or keywords.

Defaults

None.

Command Modes

Interface configuration submode.

Command History

Release
Modification

3.2(2c)

This command was introduced.


Usage Guidelines

The default state for Cisco SME interfaces is shutdown. Use the no shutdown command to enable the interface to carry traffic.

The show interface command shows that the Cisco SME interface is down until the interface is added to a cluster.

Examples

The following example enables a Cisco SME interface:

switch# config t
switch(config)# interface sme 4/1
switch(config-if)# no shutdown
 
   

The following example disables a Cisco SME interface:

switch# config t
switch(config)# interface sme 4/1
switch(config-if)# shutdown

Related Commands

Command
Description

show interface sme

Displays information about the Cisco SME interface.


shutdown (Cisco SME cluster configuration submode)

To disable a cluster for recovery, use the shutdown command. To enable the cluster for recovery, use the no form of the command.

shutdown

no shutdown

Syntax Description

This command has no arguments or keywords.

Defaults

None.

Command Modes

Cisco SME cluster configuration submode.

Command History

Release
Modification

3.2(2c)

This command was introduced.


Usage Guidelines

To disable operation of a cluster for the purpose of recovery, use the shutdown command. To enable the cluster for normal usage, use the no shutdown command.

The default state for clusters is no shutdown. Use the shutdown command for cluster recovery. See the Chapter 9 "Cisco SME Troubleshooting" for additional details about recovery scenarios.

Examples

The following example restarts the cluster after recovery is complete:

switch# config t
switch(config)# sme cluster c1
switch(config-sme-cl)# no shutdown
 
   

The following example disables the cluster operation in order to start recovery:

switch# config t
switch(config))# sme cluster c1
switch(config-sme-cl)# shutdown

Related Commands

Command
Description

show sme cluster

Displays information about the Cisco SME cluster.


sme

To enable or disable the Cisco SME services, use the sme command.

sme {cluster name | transport ssl trustpoint trustpoint label}

Syntax Description

cluster

Configures the cluster.

name

Identifies the cluster name.

transport

Configures the transport information.

ssl

Configures the transport SSL information.

trustpoint

Configures the transport SSL trustpoint.

trustpoint label

Identifies the trustpoint label.


Defaults

Disabled.

Command Modes

Configuration mode.

Command History

Release
Modification

3.2(2c)

This command was introduced.


Usage Guidelines

Cisco SME services must be enabled to take advantage of the encryption and security features.

To use this command, you must enable Cisco SME clustering using the feature cluster command.

Examples

The following example shows how to configure a cluster:

switch# config t
sw-sme-n1(config)# sme cluster clustername
sw-sme-n1(config-sme-cl)#
 
   

ssl

To configure Secure Sockets Layer (SSL), use the ssl command. Use the no form of this command to disable this feature.

ssl kmc

no ssl kmc

Syntax Description

kmc

Enables SSL for Key Management Center (KMC) communication.


Defaults

None.

Command Modes

Cisco SME cluster configuration mode submode.

Command History

Release
Modification

3.3(1c)

This command was introduced.


Usage Guidelines

None.

Examples

The following example enables SSL:

switch# config t
switch(config)# sme cluster c1
switch(config-sme-cl)# ssl kmc

tape-bkgrp

To configure a crypto tape backup group, use the tape-bkgrp command. To disable this feature, use the no form of the command.

tape-bkgrp groupname

no tape-bkgrp groupname

Syntax Description

groupname

Specifies the backup tape group. The maximum length is 31 characters.


Defaults

None.

Command Modes

Cisco SME cluster configuration mode submode.

Command History

Release
Modification

3.2(2c)

This command was introduced.


Usage Guidelines

A tape volume group is a group of tapes that are categorized by function. For example, HR1 could be designated tape volume group for all Human Resources backup tapes.

Adding tape groups allows you to select VSANs, hosts, storage devices, and paths that Cisco SME will use for encrypted data. For example, adding a tape group for HR data sets the mapping for Cisco SME to transfer data from the HR hosts to the dedicated HR backup tapes.

Examples

The following example adds a backup tape group:

switch# config t
switch(config)# sme cluster c1
switch(config-sme-cl)# tape-bkgrp group1
switch(config-sme-cl-tape-bkgrp)#

The following example removes a backup tape group:

switch# config t
switch(config)# sme cluster c1
switch(config-sme-cl)# no tape-bkgrp group1
switch(config-sme-cl-tape-bkgrp)#

Related Commands

Command
Description

clear sme

Clears Cisco SME configuration.

show sme cluster

Displays information about the Cisco SME cluster.


tape-compression

To configure tape compression, use the tape-compression command. To disable this feature, use the no form of the command.

tape-compression

no tape-compression

Syntax Description

This command has no arguments or keywords.

Defaults

None.

Command Modes

Cisco SME cluster configuration submode.

Command History

Release
Modification

3.2(2c)

This command was introduced.


Usage Guidelines

Use this command to compress encrypted data.

Examples

The following example enables tape compression:

switch# config t
switch(config)# sme cluster c1
switch(config-sme-cl)# tape-compression

The following example disables tape compression:

switch# config t
switch(config)# sme cluster c1
switch(config-sme-cl)# no tape-compression

Related Commands

Command
Description

clear sme

Clears Cisco SME configuration.

show sme cluster

Displays information about the Cisco SME cluster.

show sme cluster tape

Displays information about all tape volume groups or a specific group.


tape-device

To configure a crypto tape device, use the tape-device command. To disable this feature, use the no form of the command.

tape-device device name

no tape-device device name

Syntax Description

device name

Specifies the name of the tape device.


Defaults

None.

Command Modes

Cisco SME tape volume configuration submode.

Command History

Release
Modification

3.2(2c)

This command was introduced.


Usage Guidelines

The tape device commands are available in the (config-sme-cl-tape-bkgrp-tapedevice) submode.

Examples

The following example configures a crypto tape device:

switch# config t
switch(config)# sme cluster c1
switch(config-sme-cl)# tape-bkgrp group1
switch(config-sme-cl-tape-bkgrp)# tape-device devicename1
switch(config-sme-cl-tape-bkgrp-tapedevice)#

The following example removes a crypto tape device:

switch# config t
switch(config)# sme cluster c1
switch(config-sme-cl)# tape-bkgrp group1
switch(config-sme-cl-tape-bkgrp)# no tape-device devicename1
switch(config-sme-cl-tape-bkgrp-tapedevice)#
 
   

Related Commands

Command
Description

clear sme

Clears Cisco SME configuration.

show sme cluster

Displays information about the Cisco SME cluster.

show sme cluster tape

Displays information about all tape volume groups or a specific group.


tape-keyrecycle

To configure a tape key recycle policy, use the tape-keyrecycle command. To disable this feature, use the no form of the command.

tape-keyrecycle

no tape-keyrecycle

Syntax Description

This command has no arguments or keywords.

Defaults

None.

Command Modes

Cisco SME cluster configuration submode.

Command History

Release
Modification

3.2(2c)

This command was introduced.


Usage Guidelines

Cisco SME allows you to recycle the tape keys. If you enable tape key recycling, all the previous instances of the tape key will be deleted.

Examples

The following example enables tape key recycling:

switch# config t
switch(config)# sme cluster c1
switch(config-sme-cl)# tape-keyrecycle
 
   

The following example disables tape key recycling:

switch# config t
switch(config)# sme cluster c1
switch(config-sme-cl)# no tape-keyrecycle

Related Commands

Command
Description

clear sme

Clears Cisco SME configuration.

show sme cluster

Displays information about the Cisco SME cluster.


tape-volgrp

To configure the crypto tape volume group, use the tape-volgrp command. To disable this command, use the no form of the command.

tape-volgrp group name

no tape-volgrp group name

Syntax Description

group name

Specifies the tape volume group name.


Defaults

None.

Command Modes

Cisco SME crypto backup tape group configuration submode.

Command History

Release
Modification

3.2(2c)

This command was introduced.


Usage Guidelines

The tape volume group commands are available in the Cisco SME crypto tape volume group (config-sme-cl-tape-bkgrp-volgrp) submode.

Examples

The following example configures a crypto tape volume group:

switch# config t
switch(config))# sme cluster c1
switch(config-sme-cl)# tape-bkgrp tbg1
switch(config-sme-cl-tape-bkgrp)# tape-volgrp tv1
switch(config-sme-cl-tape-bkgrp-volgrp)#
 
   

The following example removes a crypto tape volume group.

switch# config t
switch(config)# sme cluster c1
switch(config-sme-cl)# tape-bkgrp tbg1
switch(config-sme-cl-tape-bkgrp)# no tape-volgrp tv1

Related Commands

Command
Description

clear sme

Clears Cisco SME configuration.

show sme cluster tape

Displays information about tapes.


tune-timer

To tune the Cisco SME timers, use the tune-timer command. To disable this command, use the no form of the command.

tune-timer {global_lb_timer global_lb_timer_value | rscn_suppression_timer rscn_suppresion_timer_value | tgt_lb_timer tgt_lb_timer_value}

no tune-timer {global_lb_timer global_lb_timer_value | rscn_suppression_timer rscn_suppresion_timer_value | tgt_lb_timer tgt_lb_timer_value}

Syntax Description

global_lb_timer

Specifies the global load balancing timer value.

global_lb_timer_value

Identifies the timer value. The range is from 5 to 30 seconds. The default value is 5 seconds.

rscn_suppression_timer

Specifies the Cisco SME Registered State Change Notification (RSCN) suppression timer value.

rscn_suppresion_timer_value

Identifies the timer value. The range is from 1 to 10 seconds. The default value is 5 seconds.

tgt_lb_timer

Specifies the target load balancing timer value.

tgt_lb_timer_value

Identifies the timer value. The range is from 2 to 30 seconds. The default value is 2 seconds.


Defaults

None.

Command Modes

Cisco SME cluster configuration submode.

Command History

Release
Modification

3.3(1c)

This command was introduced.


Usage Guidelines

The tune-timer command is used to tune various Cisco SME timers such as the RSCN suppression, global load balancing, and target load-balancing timers. These timers should be used only in large scale setups. The timer values are synchronized throughout the cluster.

Examples

The following example configures a global load-balancing timer value:

switch# config t
switch(config))# sme cluster c1
switch(config-sme-cl)# tune-timer tgt_lb_timer 6
switch(config-sme-cl)#
 
   

The following example configures a Cisco SME RSCN suppression timer value:

switch# config t
switch(config))# sme cluster c1
switch(config-sme-cl)# tune-timer rscn_suppression_timer 2
switch(config-sme-cl)#
 
   
 
   

The following example configures a target load balancing timer value:

switch# config t
switch(config))# sme cluster c1
switch(config-sme-cl)# tune-timer rscn_suppression_timer 2
switch(config-sme-cl)#