Table Of Contents

R Commands

radius-server deadtime

radius-server host

radius-server key

radius-server retransmit

radius-server timeout

read script

reboot

restore aaa

restore accesslist

restore all

restore fcip

restore fcswitch

restore scsirouter

restore system

restore vlan

restrict

restrict console

R Commands

---

This chapter covers the following commands:

•radius-server deadtime

•radius-server host

•radius-server key

•radius-server retransmit

•radius-server timeout

•read script

•reboot

•restore aaa

•restore accesslist

•restore all

•restore fcip

•restore fcswitch

•restore scsirouter

•restore system

•restore vlan

•restrict

•restrict console

radius-server deadtime

To improve RADIUS response time when some servers might be unavailable, use the radius-server deadtime command to cause the storage router to skip the unavailable servers immediately. To set the dead time to 0, effectively preventing the storage router from skipping any RADIUS server, use the no form of this command.

radius-server deadtime minutes

no radius-server deadtime

Syntax Description

minutes

The length of time, in minutes, for which a RADIUS server is skipped over by the storage router when requesting AAA authentication services, up to a maximum of 1440 minutes (24 hours).

Defaults

The dead time is set to zero (0) by default.

Command Modes

Administrator.

Command History

Release	Modification
2.5.1	This command was introduced for the SN 5428.
3.2.1	This command was introduced for the SN 5428-2.

Usage Guidelines

Use this command to cause the storage router to mark as "dead" any RADIUS servers that fail to respond to authentication requests, thus avoiding the wait for the authentication request to time out before trying the next configured server. A RADIUS server marked as dead is skipped by additional requests for the specified number of minutes, unless all RADIUS servers are marked as dead. If all RADIUS servers are marked as dead, the deadtime setting is ignored.

This is a global command that applies to all configured RADIUS servers. To override the global dead time setting for a specific group of RADIUS server, use the aaa group server radius deadtime command.

Examples

The following example specifies a dead time of five minutes for all RADIUS servers that fail to respond to AAA authentication requests:

[SN5428-2A]# radius-server deadtime 5

The following example effectively sets a dead time of zero minutes for all RADIUS servers. The storage router will wait for any AAA authentication request to a RADIUS server to time out before retransmitting or retrying the next configured server.

[SN5428-2A]# no radius-server deadtime

Related Commands

Command	Description
aaa group server radius deadtime	Specify the length of time the storage router can skip a RADIUS server in the named group that is marked as unavailable.
show aaa	Display AAA configuration information.

radius-server host

To specify a RADIUS server to be used for AAA authentication services, use the radius-server host command. To delete the specified RADIUS server, use the no form of this command.

radius-server host ip-address [auth-port port-number] [timeout seconds] [retransmit retries] [key key-string]

no radius-server host ip-address [auth-port port-number]

Syntax Description

ip-address	The IP address of the RADIUS server.
auth-port port-number	(Optional) The UDP destination port for authentication requests. If unspecified, the port number defaults to 1645.
timeout seconds	(Optional) The host-specific time interval that the storage router waits for the RADIUS server to reply before retransmitting. Enter a value in the range of 1 to 1000. This setting overrides the global value of the radius-server timeout command. If no timeout value is specified, the global value is used.
retransmit retries	(Optional) The number of times a RADIUS request is resent to the RADIUS server, if the server is not responding or responding slowly. Enter a value in the range of 0 to 100. A value of 0 disables RADIUS request retransmission. This setting overrides the global setting of the radius-server retransmit command. If no retransmit value is specified, the global value is used.
key key-string	(Optional) The authentication and encryption key for all RADIUS communications between the storage router and the RADIUS server. This key must match the encryption used on the RADIUS daemon. If spaces are used in the key, enclose the key in quotation marks. This key overrides the global setting of the radius-server key command. If no key string is specified, the global value is used.

Defaults

No RADIUS server is specified.

Command Modes

Administrator.

Command History

Release	Modification
2.2.1	This command was introduced for the SN 5428.
3.2.1	This command was introduced for the SN 5428-2.

Usage Guidelines

AAA authentication services are used to provide the following authentication types:

•iSCSI authentication—provides authentication of IP hosts requiring access to storage via SCSI routing instances

•Login authentication—provides authentication of users requiring Monitor mode access to the storage router via the CLI

•Enable authentication—provides authentication of users requiring Administrator mode access to the storage router via the CLI enable command

You can use multiple radius-server host commands to specify multiple RADIUS servers. AAA authentication searches for servers in the order in which you specify them.

Use the aaa group server radius server command to add a RADIUS server to a server group. If you delete a RADIUS server, delete the server from the RADIUS server using the no aaa group server radius server command.

If no host-specific timeout, retransmit, or key values are specified, the global values apply to each RADIUS server.

A retransmit value of zero (0) disables RADIUS request retransmission.

If you use spaces in the key, enclose the key in quotation marks.

---

Note Verification of IP addresses in a server group occurs only at runtime. If a RADIUS server group contains an IP address that is not defined as a RADIUS server, the authentication process generates error messages and the IP address is skipped. This could cause unexpected authentication failures.

---

Examples

The following example identifies the server with IP address 10.5.0.53 as the RADIUS server and uses the default port for authentication:

[SN5428-2A]# radius-server host 10.5.0.53

The following example identifies port 1612 as the destination port for authentication requests on the RADIUS server 10.6.0.61:

[SN5428-2A]# radius-server host 10.6.0.61 auth-port 1612

The following example identifies the server with IP address 10.5.0.53 as the RADIUS server, uses ports 1612 as the authorization port, sets the timeout value to 6, sets the retransmit value to 5, and sets "rad123" as the encryption key, matching the key on the RADIUS server:

[SN5428-2A]# radius-server host 10.5.0.53 auth-port 1612 timeout 6 retransmit 5 key rad123

Related Commands

Command	Description
aaa authentication enable	Configure AAA authentication services for Administrator mode access to the storage router via the CLI enable command.
aaa authentication iscsi	Configure the AAA authentication services to be used for iSCSI authentication.
aaa authentication login	Configure AAA authentication services for Monitor mode access to the storage router via the CLI.
aaa group server radius	Create a named group of RADIUS servers for AAA authentication services.
aaa group server radius deadtime	Specify the length of time the storage router can skip a RADIUS server in the named group that is marked as unavailable.
aaa test authentication	Enable testing of the specified AAA authentication list.
radius-server deadtime	Specify the length of time the storage router can skip a RADIUS server that is marked as unavailable.
radius-server key	Sets the global authentication and encryption key for all RADIUS communications between the storage router and the RADIUS daemon.
radius-server retransmit	Specifies how many times the storage router resends the RADIUS request to a server before giving up.
radius-server timeout	Sets the interval the storage router waits for a RADIUS server to reply before retransmitting.
restore aaa	Restore AAA authentication services from the named configuration file.
save aaa	Save the current AAA configuration information.
scsirouter authentication	Enable iSCSI authentication for the named SCSI routing instance.
show aaa	Display AAA configuration information.
tacacs-server host	Configure remote TACACS+ servers for AAA authentication services.

radius-server key

To set the authentication and encryption key to be used for all RADIUS communications between the storage router and the RADIUS daemon, use the radius-server key command. To disable the key, use the no form of this command.

radius-server key key-string

no radius-server key

Syntax Description

key-string

The authentication and encryption key string to be used for all RADIUS communications, in clear text. If spaces are used in the key, enclose the key in quotation marks.

Defaults

None.

Command Modes

Administrator.

Command History

Release	Modification
2.2.1	This command was introduced for the SN 5428.
3.2.1	This command was introduced for the SN 5428-2.

Usage Guidelines

Use the radius-server key command to set the global authentication and encryption key to be used by the storage router for communications with RADIUS servers. The key entered as part of the command must match the key used on the RADIUS daemon. If the key includes spaces, enclose the key in quotation marks.

To override the global key for a specific RADIUS server, use the radius-server host command with the key keyword.

Examples

The following example sets the global authentication and encryption key to my key string:

[SN5428-2A]# radius-server key "my key string"

Related Commands

Command	Description
aaa authentication enable	Configure AAA authentication services for Administrator mode access to the storage router via the CLI enable command.
aaa authentication iscsi	Configure the AAA authentication services to be used for iSCSI authentication.
aaa authentication login	Configure AAA authentication services for Monitor mode access to the storage router via the CLI.
aaa group server radius	Create a named group of RADIUS servers for AAA authentication services.
aaa group server radius deadtime	Specify the length of time the storage router can skip a RADIUS server in the named group that is marked as unavailable.
aaa test authentication	Enable testing of the specified AAA authentication list.
debug aaa	Enable debugging for the AAA authentication services.
radius-server deadtime	Specify the length of time the storage router can skip a RADIUS server that is marked as unavailable.
radius-server host	Configure remote RADIUS servers for AAA authentication services.
radius-server retransmit	Specifies how many times the storage router resends the RADIUS request to a server before giving up.
radius-server timeout	Sets the interval the storage router waits for a RADIUS server to reply before retransmitting.
restore aaa	Restore AAA authentication services from the named configuration file.
save aaa	Save the current AAA configuration information.
scsirouter authentication	Enable iSCSI authentication for the named SCSI routing instance.
show aaa	Display AAA configuration information.
tacacs-server host	Configure remote TACACS+ servers for AAA authentication services.

radius-server retransmit

To specify the number of times the storage router resends the RADIUS request to each server in the list of configured RADIUS servers after a timeout occurs, use the radius-server retransmit command. To disable retransmission, use the no form of this command.

radius-server retransmit retries

no radius-server retransmit

Syntax Description

retries

The number of times the request can be resent to each server in the list. Enter a value in the range of 0 to 100. A value of zero (0) disables RADIUS request retransmission. The default is 3.

Defaults

The number of possible resends defaults to three.

Command Modes

Administrator.

Command History

Release	Modification
2.2.1	This command was introduced for the SN 5428.
3.2.1	This command was introduced for the SN 5428-2.

Usage Guidelines

If multiple RADIUS servers are configured for AAA authentication, the storage router attempts to reach each server in the list before incrementing the retransmit count. To disable RADIUS request retransmission, set the retransmit count to zero.

To override the global retransmit count for a specific RADIUS server, use the radius-server host command with the retransmit keyword.

Examples

The following example sets the retransmit count to six, meaning the request can be resent up to six times for every RADIUS server:

[SN5428-2A]# radius-server retransmit 6

The following example disables RADIUS request retransmission by setting the retransmit count to zero:

[SN5428-2A]# radius-server retransmit 0

Related Commands

Command	Description
aaa authentication enable	Configure AAA authentication services for Administrator mode access to the storage router via the CLI enable command.
aaa authentication iscsi	Configure the AAA authentication services to be used for iSCSI authentication.
aaa authentication login	Configure AAA authentication services for Monitor mode access to the storage router via the CLI.
aaa group server radius	Create a named group of RADIUS servers for AAA authentication services.
aaa group server radius deadtime	Specify the length of time the storage router can skip a RADIUS server in the named group that is marked as unavailable.
aaa test authentication	Enable testing of the specified AAA authentication list.
debug aaa	Enable debugging for the AAA authentication services.
radius-server deadtime	Specify the length of time the storage router can skip a RADIUS server that is marked as unavailable.
radius-server host	Configure remote RADIUS servers for AAA authentication services.
radius-server key	Sets the global authentication and encryption key for all RADIUS communications between the storage router and the RADIUS daemon.
radius-server timeout	Sets the interval the storage router waits for a RADIUS server to reply before retransmitting.
restore aaa	Restore AAA authentication services from the named configuration file.
save aaa	Save the current AAA configuration information.
scsirouter authentication	Enable iSCSI authentication for the named SCSI routing instance.
show aaa	Display AAA configuration information.
tacacs-server host	Configure remote TACACS+ servers for AAA authentication services.

radius-server timeout

To set the global interval that the storage router waits for a RADIUS server to reply, use the radius-server timeout command. To restore the default, use the no form of this command.

radius-server timeout seconds

no radius-server timeout

Syntax Description

seconds

The global timeout value in seconds. Enter a value in the range of 1 to 1000. The default is 5.

Defaults

The timeout value defaults to five seconds.

Command Modes

Administrator.

Command History

Release	Modification
2.2.1	This command was introduced for the SN 5428.
3.2.1	This command was introduced for the SN 5428-2.

Usage Guidelines

Use this command to set the number of seconds the storage router waits for a RADIUS server to reply before timing out.

To override the global timeout value for a specific RADIUS server, use the radius-server host command with the timeout keyword.

Examples

The following example sets the global timeout value to 10. You may want to increase the timeout value if you have network problems or if the RADIUS servers are slow to response, which causes consistent timeouts when a lower timeout value is used.

[SN5428-2A]# radius-server timeout 10

Related Commands

Command	Description
aaa authentication enable	Configure AAA authentication services for Administrator mode access to the storage router via the CLI enable command.
aaa authentication iscsi	Configure the AAA authentication services to be used for iSCSI authentication.
aaa authentication login	Configure AAA authentication services for Monitor mode access to the storage router via the CLI.
aaa group server radius	Create a named group of RADIUS servers for AAA authentication services.
aaa group server radius deadtime	Specify the length of time the storage router can skip a RADIUS server in the named group that is marked as unavailable.
aaa test authentication	Enable testing of the specified AAA authentication list.
debug aaa	Enable debugging for the AAA authentication services.
radius-server deadtime	Specify the length of time the storage router can skip a RADIUS server that is marked as unavailable.
radius-server host	Configure remote RADIUS servers for AAA authentication services.
radius-server key	Sets the global authentication and encryption key for all RADIUS communications between the storage router and the RADIUS daemon.
radius-server retransmit	Specifies how many times the storage router resends the RADIUS request to a server before giving up.
restore aaa	Restore AAA authentication services from the named configuration file.
save aaa	Save the current AAA configuration information.
scsirouter authentication	Enable iSCSI authentication for the named SCSI routing instance.
show aaa	Display AAA configuration information.
tacacs-server host	Configure remote TACACS+ servers for AAA authentication services.

read script

To read and execute the CLI commands in a command file, use the read script command.

read script command-file [force [parameters]]

Syntax Description

command-file	The name of the command file. The command file must exist in the script directory.
force	(Optional) Suppress warning prompts and messages and execute the script immediately.
parameters	(Optional) Pass one or more parameters to the specified script. If the parameter includes spaces, enclose it in quotation marks.

Defaults

None.

Command Modes

Administrator.

Command History

Release	Modification
2.2.1	This command was introduced for the SN 5428.
2.5.1	The parameters argument was added.
3.2.1	This command was introduced for the SN 5428-2.

Usage Guidelines

Use the show bootconfig and show runningconfig commands with the to keyword to create basic files containing many of the CLI commands that were issued to create the storage router's bootable or currently running configuration. These files can be modified and used as command files to automate common tasks.

You can also manually create a command file. If you have a set of CLI commands that you run periodically, you can place them in a command file, copy that file to the storage router script directory and use the read script command to execute them when needed.

Each command should be on a separate line or contain a backslash ( \ ) as the line continuation character at the end of the line. At the end of a continuation sequence, add a blank line as a separator between the sequence and any following command. Any line beginning with an exclamation mark (!) or a number sign (#) is considered to be a comment and will not be executed.

When the command is issued without the force keyword, you are reminded that the action may change the configuration of the storage router and are then prompted to confirm your actions. When the command is issued with the force keyword, all warning prompts and messages are suppressed and the script is executed immediately.

You can also pass optional parameters to the script to control processing. Any parameter that includes spaces must be enclosed in quotation marks. Within the script, use the key character "@" to instruct the script execution function to substitute the value of the specified parameter. Whenever the execution function encounters @1, it substitutes the value of the first passed parameter. The value of the second parameter is substituted for @2, and so forth.

Refer to the appropriate Cisco Storage Router Software Configuration Guide for your storage router model for additional information about using scripts to automate tasks.

Examples

The following example reads and executes the CLI commands in the command file named myCommands.

[SN5428-2A]# read script myCommands

*** Warning: this script may change your configuration.

Do you want to continue? [yes/no (yes)] yes

Related Commands

Command	Description
show bootconfig	Display the bootable configuration, or create a command file based on the bootable configuration.
show cli	Display the syntax of CLI commands.
show runningconfig	Display the running configuration, or create a command file based on the running configuration.
show script	Display the contents of the script directory or the contents of the named command file.

reboot

To cause the storage router to shut down and then restart, issue the reboot command.

---

Note Rebooting may cause the storage router to run a different version of software. See the software version command for details.

---

reboot [force] [fast]

Syntax Description

fast	(Optional) Force a soft reboot of the storage router, bypassing hardware diagnostics.
force	(Optional) Force an immediate reboot of the storage router.

Defaults

If there are unsaved configuration changes when the command is issued, the default is to save all changes before rebooting. If the command is issued with the optional force keyword, any unsaved configuration changes are discarded.

Command Modes

Administrator.

Command History

Release	Modification
2.2.1	This command was introduced for the SN 5428.
3.2.1	This command was introduced for the SN 5428-2.

Usage Guidelines

If the storage router is participating in a cluster, the reboot command will cause any SCSI routing instances running on this storage router to failover to another node in the cluster. At restart, the cluster determines any SCSI routing instances that should start on the storage router. If the node is identified as the preferred storage router for any SCSI routing instance (via the scsirouter primary command), that instance will start running on the node (assuming targets and critical resources are available).

If the reboot command is issued with no keywords and there are unsaved changes to the current configuration, you can choose to either save all changes or reboot without saving any changes.

Use the force keyword to cause an immediate reboot of the storage router, discarding any unsaved configuration changes. Append the optional fast keyword to bypass diagnostics during the reboot sequence.

Examples

The following prompt is received if you issue a reboot command (without the force keyword) when the storage router has unsaved configuration changes.

[SN5428-2A]# reboot

*** Warning: This will reboot the system.

Do you want to continue? [yes/no (no)] yes

Changes have been made to the current configuration of the system which

have not been saved.

yes    - all of the configuration data will be saved,

no     - modifications to the configuration data will not be saved.

Save ALL configuration data? [yes/no (yes)] yes

Halting system.........

The following example reboots the storage router (after prompting you to save any unsaved configuration changes) but bypasses diagnostics during the reboot process:

[SN5428-2A]# reboot fast

Related Commands

Command	Description
halt	Prepare the storage router to be powered down.
software version	Specify the version of software to run when the storage router is restarted.

restore aaa

To cause the AAA authentication configuration to be copied from the specified configuration file into persistent memory, use the restore aaa command. The configuration file must exist in the savedconfig directory. To display the contents of the savedconfig directory, issue the show savedconfig command.

---

Note If the storage router belongs to a cluster, the restored AAA configuration information will automatically be propagated to other members of that cluster.

---

restore aaa from filename

Syntax Description

from filename

The name of the configuration file containing the information to be restored. This file must exist in the savedconfig directory.

Defaults

None.

Command Modes

Administrator.

Command History

Release	Modification
2.2.1	This command was introduced for the SN 5428.
3.2.1	This command was introduced for the SN 5428-2.

Usage Guidelines

The restore command overwrites all existing AAA configuration information, including any user name and passwords in the local username database, RADIUS and TACACS+ configuration information, and the AAA authentication lists used for iSCSI, Enable, and Login authentication.

---

Note In a cluster environment, AAA management functions are handled by a single storage router. To determine which storage router is performing AAA management functions, issue the show cluster command. If you issue a restore aaa command from a storage router that is not performing AAA management functions, the CLI displays an informational message with the name of the node that is currently handling those functions. Refer to the appropriate Cisco Storage Router Software Configuration Guide for your storage router model for more information about operating the storage router in a cluster.

---

Examples

The following example restores the AAA authentication configuration from the saved configuration file named aaa_backup:

[SN5428-2A]# restore aaa from aaa_backup

Related Commands

Command	Description
aaa authentication enable	Configure AAA authentication services for Administrator mode access to the storage router via the CLI enable command.
aaa authentication iscsi	Configure the AAA authentication services to be used for iSCSI authentication.
aaa authentication login	Configure AAA authentication services for Monitor mode access to the storage router via the CLI.
aaa generate password	Generate a long random password.
aaa group server radius	Create a named group of RADIUS servers for AAA authentication services.
aaa group server tacacs+	Create a named group of TACACS+ servers for AAA authentication services.
aaa test authentication	Enable testing of the specified AAA authentication list.
debug aaa	Enable debugging for the AAA authentication services.
delete savedconfig	Remove a saved configuration file from the storage router.
radius-server host	Configure remote RADIUS servers for AAA authentication services.
save aaa	Save the current AAA configuration information.
scsirouter authentication	Enable iSCSI authentication for the named SCSI routing instance.
show aaa	Display AAA configuration information.
show savedconfig	List the contents of the savedconfig directory or the contents of the named configuration file.
tacacs-server host	Configure remote TACACS+ servers for AAA authentication services.

restore accesslist

To cause the named access list or all access lists to be copied from the specified configuration file into persistent memory, use the restore accesslist command. The configuration file must exist in the savedconfig directory. To display the contents of the savedconfig directory, issue the show savedconfig command.

---

Note If the storage router belongs to a cluster, the restored access list information will automatically be propagated to other members of that cluster.

---

restore accesslist {name | all} from filename

Syntax Description

name	The name of the access list to be restored.
all	Keyword to restore all access lists.
from filename	The name of the configuration file containing the information to be restored. This file must exist in the savedconfig directory.

Defaults

None.

Command Modes

Administrator.

Command History

Release	Modification
2.2.1	This command was introduced for the SN 5428.
3.2.1	This command was introduced for the SN 5428-2.

Usage Guidelines

If the access list currently exists in some form, the restore command does not delete existing information. The restore command adds missing entries, or overwrites existing entries of the same name, but never purges or deletes existing access list entries. If necessary, you can delete an access list and all its entries and then restore it from a saved configuration file.

There is a maximum of 100 access lists per storage router or per storage router cluster. There is a maximum of 200 access list identification entries across all access lists in the storage router or storage router cluster.

---

Note In a cluster environment, access list management functions are handled by a single storage router. To determine which storage router is performing access list management functions, issue the show cluster command. If you issue a restore accesslist command from a storage router that is not performing access list management functions, the CLI displays an informational message with the name of the node that is currently handling those functions. Refer to the appropriate Cisco Storage Router Software Configuration Guide for your storage router model for more information about operating the storage router in a cluster.

---

Examples

The following example restores the access list named fooList from the saved configuration file named accessList_backup:

[SN5428-2A]# restore accesslist fooList from accessList_backup

Related Commands

Command	Description
accesslist	Create an access list entity.
accesslist A.B.C.D/bits	Add IP addresses to an access list.
delete accesslist	Delete a specific access list entry or an entire access list.
restore all	Restore all the contents of the named configuration file into memory.
restore scsirouter	Restore the named SCSI routing instance from the named configuration file.
save accesslist	Save configuration data for the named access list or for all access lists.
save scsirouter	Save configuration information for the named SCSI routing instance.
save system	Save selected system configuration information.
scsirouter target accesslist	Associate an access list with a specific SCSI routing instance target or all targets.
show accesslist	Display the contents of the named access list or all access lists.
show savedconfig	List the contents of the savedconfig directory or the contents of the named configuration file.

restore all

To cause all the previously saved configuration information to be copied from the specified configuration file into persistent memory, use the restore all command. The configuration file must exist in the savedconfig directory. Use the show savedconfig command to display the contents of the savedconfig directory.

---

Note This command may change the running configuration of the storage router.

---

restore all from filename

Syntax Description

from filename

The name of the configuration file containing the information to be restored. This file must exist in the savedconfig directory.

Defaults

None.

Command Modes

Administrator.

Command History

Release	Modification
2.2.1	This command was introduced for the SN 5428.
3.2.1	This command was introduced for the SN 5428-2.

Usage Guidelines

The restore all command restores all information from the named configuration file. Depending on the information that is restored, the running configuration of the storage router may be changed.

A restore command may overwrite or delete existing items. However, the restore command will not purge or delete existing items from access lists, but will add missing items or overwrite existing items of the same name. If necessary, you may delete access lists, or any other item to be restored, before restoring from a saved configuration file.

The restore all command will not restore the route table and RIP settings, the Fibre Channel (FC) zoning database, or the logging table. Use the restore system ip-route command to restore a saved route table and RIP settings, and the restore fcswitch zones command to restore the FC zoning database. Use the restore system logging command to restore the logging table.

SCSI routing instances and FCIP instances must be stopped before they can be restored. Use the no scsirouter enable command to stop active SCSI routing instances. Use the no fcip enable command to stop an active FCIP instance. After the restore is complete, use the scsirouter enable command to start the restored SCSI routing instances. Restored FCIP instances are automatically restarted.

---

Note In a cluster environment, all AAA, access list, password, and VLAN management functions are handled by a single storage router. To determine which storage router is performing these management functions, issue the show cluster command. If you issue the restore all command from a storage router that is not performing these management functions, the CLI displays an informational message with the name of the node that is currently handling those functions. Refer to the appropriate Cisco Storage Router Software Configuration Guide for your storage router model for more information about operating the storage router in a cluster.

---

Examples

The following example restores all configuration data contained in the configuration file named foo_backup into persistent memory:

[SN5428-2A]# restore all from foo_backup

Related Commands

Command	Description
failover scsirouter	Cause the named SCSI routing instance to cease running on the storage router.
restore aaa	Restore AAA authentication services from the named configuration file.
restore accesslist	Restore the named access list or all access lists from the named configuration file.
restore fcip	Restore the named FCIP instance from the named configuration file.
restore fcswitch	Restore Fibre Channel configuration information from the named configuration file.
restore scsirouter	Restore the named SCSI routing instance from the named configuration file.
restore system	Restore selected system information from the named configuration file.
restore vlan	Restore VLAN configuration information from the named configuration file.
save aaa	Save the current AAA configuration information.
save accesslist	Save configuration data for the named access list or all access lists.
save all	Save all configuration information.
save fcip	Save configuration information for the named FCIP instance.
save fcswitch	Save all Fibre Channel configuration, including global configuration settings and zoning information.
save scsirouter	Save configuration information for the named SCSI routing instance.
save system	Save selected system configuration information.
save vlan	Save configuration information for the named VLAN or all VLANs.
scsirouter enable	Stop or start the named SCSI routing instance.
show savedconfig	List the contents of the savedconfig directory or the contents of the named configuration file.

restore fcip

To cause the previously saved configuration information related to the named FCIP instance to be copied from the specified configuration file into the bootable configuration, use the restore fcip command. The configuration file must exist in the savedconfig directory. Use the show savedconfig command to display the contents of the savedconfig directory.

---

Note This does not change the running configuration of the storage router.

---

restore fcip {name | all} from filename

Syntax Description

name	The name of the FCIP instance to be restored. Valid names are fcip1 and fcip2.
all	Keyword to restore all FCIP instances.
from filename	The name of the configuration file containing the information to be restored. This file must exist in the savedconfig directory.

Defaults

None.

Command Modes

Administrator.

Command History

Release	Modification
3.3.1	This command was introduced for the SN 5428-2.

Usage Guidelines

The FCIP instance should be inactive before it is restored. Use the no fcip enable command to stop an active FCIP instance so it can be restored. After the specified FCIP instance is restored, it is automatically enabled and the running configuration of the storage router is updated.

A restore command never deletes existing FCIP instances. The restore command will add missing instances and will overwrite configuration information for existing instances of the same name. If necessary, you can delete the FCIP instance and then restore it from a saved configuration file.

Examples

The following example restores the FCIP instance fcip1 from the configuration file named fcip_backup001:

[SN5428-2A]# restore fcip fcip1 from fcip_backup001

Related Commands

Command	Description
fcip	Create an FCIP instance.
fcip enable	Stop or start the named FCIP instance.
save fcip	Save configuration information for the named FCIP instance.
show fcip	Display configuration and operational information for the named FCIP instance.

restore fcswitch

To cause the previously saved configuration information associated with the storage router Fibre Channel (FC) interfaces to be copied from the specified configuration file into the bootable configuration, use the restore fcswitch command. The configuration file must exist in the savedconfig directory. Use the show savedconfig command to display the contents of the savedconfig directory.

restore fcswitch {all | config | interface | zones} from filename

Syntax Description

all	Keyword used to restore all global and interface-specific FC configuration information from the specified configuration file. Note Zoning information is not restored.
config	Keyword used to restore global FC configuration information, including time out values and domain ID.
interface	Keyword used to restore configuration information for the FC interfaces, including link speed and port type settings.
zones	Keyword used to restore all alias, zone and zone set configuration information. If the storage router is connected to the FC switched fabric, the restored zoning database is propagated to the FC switched fabric
from filename	The name of the configuration file containing the information to be restored. This file must exist in the savedconfig directory.

Defaults

None.

Command Modes

Administrator.

Command History

Release	Modification
2.5.1	This command was introduced for the SN 5428.
3.2.1	This command was introduced for the SN 5428-2.

Usage Guidelines

The restore fcswitch command overwrites the specified FC configuration information.

Use the config keyword to restore global FC configuration information, including:

•The domain ID and domain ID lock setting

•Resource allocation timeout value

•Distributed services timeout value

•Fabric stability timeout value

•Error detect timeout value

•Buffer-to-buffer credit value for all FC ports

•Zoning management operational settings, including merge mode and level of communication between the storage router and devices in the fabric when there is no active zone set

Use the interface keyword to restore configuration information for each FC port, including:

•State of the interface (enabled or disabled)

•Fairness algorithm

•FAN

•MFS bundling and associated timeout value

•Transfer rate (linkspeed)

•Port type

Use the zones keyword to restore the internal zoning database, including:

•Aliases and alias members

•Zones and zone members

•Zone sets and zone set members

•Active zone set information

---

Caution If the storage router is connected to the FC switched fabric, the restored zoning database information is propagated throughout the fabric.

---

Examples

The following example restores the configuration information for all FC interface from the configuration file named fc_config_08152002:

[SN5428-2A]# restore fcswitch interface from fc_config_08152002

The following example restore all global and interface-specific FC configuration information from the configuration file named SN5428-2A_L2:

[SN5428-2A]# restore fcswitch all from SN5428-2A_L2

Related Commands

Command	Description
delete fcalias	Delete the named alias or the specified alias member.
delete zone	Delete the specified Fibre Channel zone or the specified member of the zone from the zoning database.
delete zoneset	Delete the specified zone from the zone set or to delete the entire named zone set from the zoning database.
fcalias	Create an alias entity for use in Fibre Channel zoning.
fcswitch domainid	Set the domain ID for the storage router, to be used for FC switched fabric zoning.
fcswitch dstov	Specify the amount of time the storage router is to wait for Fibre Channel Distributed Services.
fcswitch edtov	Specify an error detect timeout value for all Fibre Channel interfaces.
fcswitch fstov	Specify the fabric stability timeout value.
fcswitch interop-credit	Set the data buffer credit capacity for all FC ports.
fcswitch ratov	Specify a Fibre Channel resource allocation timeout value for the storage router.
fcswitch zoning autosave	Enable the storage router to save zoning changes received from switches in the fabric.
fcswitch zoning default	Select the level of communication between the storage router and devices in the fabric where there is no active zone set.
fcswitch zoning merge	Set zoning merge compliance.
interface fc? al-fairness	Enable the fairness algorithm on the named FC interface.
interface fc? ext-credit	Configure the specified interface as a potential recipient of donated data buffer credits.
interface fc? fan-enable	Enable Fabric Address Notification (FAN) on the named FC interface.
interface fc? linkspeed	Set the transfer rate for the named FC interface.
interface fc? mfs-bundle	Enable Multi-Frame Sequence bundling for the named FC interface.
interface fc? ms-enable	Enable GS-3 management server commands for the specified FC interface.
interface fc? type	Set the port type for the named FC interface.
restore all	Restore all the contents of the named configuration file into memory.
save fcswitch	Save all Fibre Channel configuration, including global configuration settings and zoning information.
show fcalias	Display information about aliases and their members.
show fcswitch	Display global configuration information for storage router FC interfaces.
show fcswitch eport	Display FSPF protocol information.
show interface	Display operational and configuration information for the specified interface or all interfaces.
show zone	Display configuration and operational information for Fibre Channel fabric zones from the local zoning database.
show zoneset	Display configuration and operational information for Fibre Channel fabric zone sets.
zone	Create a Fibre Channel fabric zone.
zoneset	Create a Fibre Channel fabric zone set.

restore scsirouter

To cause the previously saved configuration information related to the named SCSI routing instance to be copied from the specified configuration file into the bootable configuration, use the restore scsirouter command. The configuration file must exist in the savedconfig directory. Use the show savedconfig command to display the contents of the savedconfig directory.

---

Note This does not change the running configuration of the storage router.

---

restore scsirouter {name | all} from filename

Syntax Description

name	The name of the SCSI routing instance to be restored.
all	Keyword to restore all SCSI routing instances.
from filename	The name of the configuration file containing the information to be restored. This file must exist in the savedconfig directory.

Defaults

None.

Command Modes

Administrator.

Command History

Release	Modification
2.2.1	This command was introduced for the SN 5428.
3.2.1	This command was introduced for the SN 5428-2.

Usage Guidelines

A SCSI routing instance must be inactive before it can be restored. Use the no scsirouter enable command to stop an active SCSI routing instance so it can be restored. After the specified SCSI routing instance is restored, issue the scsirouter enable command to start the instance and update the running configuration of the storage router.

A restore command never deletes existing SCSI routing instances. The restore command will add missing instances and will overwrite configuration information for existing instances of the same name. If necessary, you can delete a SCSI routing instance and then restore it from a saved configuration file.

Examples

The following example restores the SCSI routing instance foo from the configuration file named scsi_backup001:

[SN5428-2A]# restore scsirouter foo from scsi_backup001

Related Commands

Command	Description
failover scsirouter	Cause the named SCSI routing instance to cease running on the storage router.
restore accesslist	Restore the named access list or all access lists from the named configuration file.
restore all	Restore the contents of the named configuration file into memory.
save accesslist	Save configuration data for the named access list or all access lists.
save all	Save all configuration information.
save scsirouter	Save configuration information for the named SCSI routing instance.
scsirouter enable	Stop or start the named SCSI routing instance.
scsirouter primary	Identify a storage router as the preferred storage router to run the named SCSI routing instance.
scsirouter target maxcmdqueuedepth	Specify the maximum number of commands allowed at any given time from each iSCSI session to the specified target.
show savedconfig	List the contents of the savedconfig directory or the contents of the named configuration file.

restore system

To cause previously saved system configuration information to be copied from the specified configuration file into persistent memory, use the restore system command. The configuration file must exist in the savedconfig directory. Use the show savedconfig command to display the contents of the savedconfig directory.

restore system {name | all} from  filename

Syntax Description

name	The named system information to be restored. See Table 13-1 in the Usage Guidelines section for a list of valid names that can be used for the name argument.
all	Restore all restorable system information (except the route table and RIP settings, and the logging table) from the saved configuration file. Restorable system information includes CDP configuration, administrator contact data, DNS and NTP information, restrict configuration, remote logging data, SNMP configuration, Telnet and Secure Shell (SSH) settings, and the default download location for updated storage router software. Note The route table, RIP settings, and the logging table, are not restored.
from filename	The name of the configuration file containing the information to be restored. This file must exist in the savedconfig directory.

Defaults

None.

Command Modes

Administrator.

Command History

Release	Modification
2.2.1	This command was introduced for the SN 5428.
2.3.1	The ip-route and logging keywords were added.
3.2.1	This command was introduced for the SN 5428-2. For the SN 5428, the telnet and ssh keywords were added, and the ip-route keyword now includes RIP settings.

Usage Guidelines

Table 13-1 describes the named system information that can be restored.

Table 13-1 Restore System Named System Information 

Named System Configuration	Description
cdp	Restore CDP configuration.
contactinfo	Restore administrator contact information.
ip-route	Restore the route table and RIP settings.
logging	Restore the routing rules in the storage router event message logging table. Restored rules are appended to the end of the table.
name-server	Restore DNS configuration.
ntp	Restore NTP server configuration.
remotelog	Restore IP address of host used for remote logging.
restrict	Restore the storage router restrict configuration.
snmp	Restore SNMP configuration.
software	Restore the default software download location and user name and password information for HTTP, proxy, and TFTP.
ssh	Restore the Secure Shell (SSH) configuration information.
telnet	Restores the session timeout value for Telnet and SSH management sessions.

Some system information that is saved when the save system command is issued is not available for restoration from a saved configuration file. Use the show savedconfig command to display the contents of the specified configuration file. The following configuration information is available for display but cannot be restored:

•Management and HA interface IP addresses

•Gigabit Ethernet interface configuration information

•Administrator mode and Monitor mode passwords

•HA configuration mode

Examples

The following example restores all restorable system configuration information (except the route table and the logging table) from the saved configuration file system_backup:

[SN5428-2A]# restore system all from system_backup

The following example restores the route table and RIP settings from the saved configuration file system_backup:

[SN5428-2A]# restore system ip-route from system_backup

[SN5428-2A]# restore system rip from system_backup

The following example restores the logging table from the saved configuration file system_backup:

[SN5428-2A]# restore system logging from system_backup

The following example restores the SNMP configuration information from the saved configuration file sys_SN5428-2A:

[SN5428-2A]# restore system snmp from sys_SN5428-2A

Related Commands

Commands	Description
delete savedconfig	Remove a saved configuration file from the storage router.
restore all	Restore the contents of the named configuration file into memory.
save all	Save all configuration information.
save system	Save selected system configuration information.
show savedconfig	List the contents of the savedconfig directory or the contents of the named configuration file.

restore vlan

To cause the specified VLAN to be copied from the named configuration file into persistent memory, use the restore vlan command. The configuration file must exist in the savedconfig directory. To display the contents of the savedconfig directory, issue the show savedconfig command.

---

Note If the storage router belongs to a cluster, the restored VLAN configuration information will automatically be propagated to other members of that cluster.

---

restore vlan {vid | all} from filename

Syntax Description

vid	The VLAN identification number.
all	Restore all VLAN definitions.
from filename	The name of the configuration file containing the information to be restored. This file must exist in the savedconfig directory.

Defaults

None.

Command Modes

Administrator.

Command History

Release	Modification
2.2.1	This command was introduced for the SN 5428.
3.2.1	This command was introduced for the SN 5428-2.

Usage Guidelines

If the VLAN currently exists, the restore vlan command overwrites existing configuration information with the information from the named configuration file. The restore vlan command also restores the VTP configuration information.

---

Note In a cluster environment, VLAN management functions are handled by a single storage router. To determine which storage router is performing VLAN management functions, issue the show cluster command. If you issue a restore vlan command from a storage router that is not performing VLAN management functions, the CLI displays an informational message with the name of the node that is currently handling those functions. Refer to the appropriate Cisco Storage Router Software Configuration Guide for your storage router model for more information about operating the storage router in a cluster.

---

Examples

The following example restores VLAN 100 from the vlanBackup file:

[SN5428-2A]# restore vlan 100 from vlanBackup

Related Commands

Command	Description
save vlan	Save configuration information for the named VLAN or all VLANs
scsirouter serverif	Assign a Gigabit Ethernet interface, IP address, and optionally a VLAN to the named SCSI routing instance.
show savedconfig	List the contents of the savedconfig directory or the contents of the named configuration file.
show vlan	Display configuration and operational information for the specified VLAN or all VLANs.
slp findattrs	Display configuration and operational information for VTP.
vlan	Configure a non-VTP VLAN on the storage router.
vtp domain	Assign a VTP domain name to the storage router.
vtp mode	Configure the storage router to operate in client or transparent VTP mode.

restrict

To close access to the specified interface via the named service, use the restrict command. To allow access via the named service, use the no form of this command.

restrict all [service]

restrict interface {service | all}

no restrict all [service]

no restrict interface {service | all}

Syntax Description

interface	Restrict access to the specified interface. See Table 13-2 in the Usage Guidelines section for a list of interface names.
service	Restrict access via the specified service or protocol. See Table 13-3 in the Usage Guidelines section for a list of service names.
all	Restrict all interfaces or all services.

Defaults

The following are factory default settings:

•FTP using port 21 is restricted on all interfaces.

•HTTP using port 80 is allowed on the management and HA interfaces. It is restricted on the Gigabit Ethernet interfaces.

•Remote login (rlogin) using port 513 is restricted on all interfaces.

•SNMP using port 161 is allowed on the management interface only. It is restricted on the HA and Gigabit Ethernet interfaces.

•SSH using port 22 is allowed on the management interface only. It is restricted on the HA and Gigabit Ethernet interfaces.

•SSL using port 443 is restricted on all interfaces.

•Telnet using port 23 is allowed on the management interface only. It is restricted on the HA and Gigabit Ethernet interfaces.

Command Modes

Administrator.

Command History

Release	Modification
2.2.1	This command was introduced for the SN 5428.
2.3.1	The ssl service keyword was added.
2.5.1	The ssh service keyword was added.
3.2.1	This command was introduced for the SN 5428-2. For the SN 5428, access via HTTP can now be restricted on the management and HA interfaces.

Usage Guidelines

Use the restrict command to restrict unauthorized access to storage router interfaces. Use the show restrict command to display the current interface and service restrictions.

You can restrict access on the interfaces listed in Table 13-2.

Table 13-2 restrict interface 

Interface Keyword	Description
ge?	The Gigabit Ethernet interfaces (including all logical interfaces created by associating a VLAN with a Gigabit Ethernet IP address for a SCSI routing instance). All services are restricted on the Gigabit Ethernet interfaces by default.
ha	The HA interface. This interface is open to HTTP by default.
mgmt	The management interface. This interface is open to Telnet, HTTP, SNMP and SSH by default.

You can restrict access to the storage router interfaces by the services or protocols, shown in Table 13-3.

Table 13-3 restrict interface service 

Service Keyword	Description
ftp	File Transfer Protocol. FTP access is restricted on all interfaces, by default.
http	Hypertext Transfer Protocol. HTTP access is available on the management and HA interfaces, by default.
rlogin	Remote login on port 513. If rlogin is enabled for an interface, the setting is only valid until the storage router is restarted. The rlogin setting is not retained across a storage router restart; rlogin returns to a restricted state for all interfaces. Note Rlogin is designed for debug purposes and should be used under the guidance of a Cisco Technical Support professional.
ssh	Secure Shell. SSH can be used as a replacement for Telnet and remote login. SSH is enabled on the management interface by default; it is restricted on all other interfaces. Note The SSH service is started, by default. Use the no ssh enable command to stop the SSH service (disabling access via SSH) without changing the restrict settings.
snmp	Simple Network Management Protocol. SNMP is enabled on the management interface by default.
ssl	Secure Socket Layer. SSL is restricted on all interfaces by default.
telnet	Telnet. Telnet access is enabled on the management interface by default; it is restricted on all other interfaces. Note The Telnet server is started by default. Use the no telnet enable command to stop the Telnet server (disabling access via Telnet) without changing the restrict settings.

To access the GUI using an SSL connection, enable SSL on the appropriate interface and change the URL to use "https" instead of "http."

To completely disable the GUI, restrict HTTP access to all interfaces.

Examples

The following example restricts HTTP access to the management interface, preventing access to the web-based GUI from this interface:

[SN5428-2A]# restrict mgmt http

The following example restricts Telnet access to the HA interface:

[SN5428-2A]# restrict ha telnet

The following example restricts access to all interfaces via FTP.

[SN5428-2A]# restrict all ftp

The following example enables SSL on the management interface.

[SN5428-2A]# no restrict mgmt ssl

The following example enables SSH on the Gigabit Ethernet interface, ge1:

[SN5428-2A]# no restrict ge1 ssh

Related Commands

Command	Description
restrict console	Enable or disable password checking on the console interface.
show restrict	Display configurable security settings for the storage router interfaces.
ssh enable	Enable SSH and start the SSH service.
ssh keygen	Generate a Secure Shell (SSH) public and private key pair for the storage router.
telnet enable	Enable Telnet and start the Telnet server.

restrict console

To enable password checking on the storage router console interface, use the restrict console command. The Administrator mode and Monitor mode passwords will be required when accessing the storage router via a console connected to the EIA/TIA-232 port. To disable password checking on the console interface, use the no form of this command.

restrict console

no restrict console

Syntax Description

This command has no arguments or keywords.

Defaults

Passwords are disabled on the console interface.

Command Modes

Administrator.

Command History

Release	Modification
2.2.1	This command was introduced for the SN 5428.
3.2.1	This command was introduced for the SN 5428-2.

Usage Guidelines

Use this command if you need to restrict access to the console interface.

Examples

The following example enables password checking on the console interface:

[SN5428-2A]# restrict console

Related Commands

Command	Description
restrict	Secure access to storage router interfaces by communications protocols and services.
show restrict	Display configurable security settings for the storage router interfaces.