Cisco MDS 9000 Family Cookbook, Release 1.x - Switch Management [Cisco MDS 9000 NX-OS and SAN-OS Software]

Table Of Contents

Switch Management

Saving the Switch Configuration

Copying Files to or from the MDS 9000 Switch

Managing Files on the Standby Supervisor Module

Upgrading MDS 9000 Switch Firmware

Upgrading Switch Firmware Using the CLI

Upgrading Switch Firmware Using Fabric Manager

Recovering a Password

Installing a License

Using the CLI to Install a License

Using Fabric Manager to Install a License

Copying Core Files from the MDS 9000 Switch

Configuring an NTP Server

Restoring a Fixed Switch Configuration

Preparing to Call Cisco TAC

Implementing Syslog

Switch Management

This chapter describes various tasks associated with managing a Cisco MDS 9000 switch and includes the following sections:

•Saving the Switch Configuration

•Copying Files to or from the MDS 9000 Switch

•Managing Files on the Standby Supervisor Module

•Upgrading MDS 9000 Switch Firmware

•Recovering a Password

•Installing a License

•Copying Core Files from the MDS 9000 Switch

•Configuring an NTP Server

•Restoring a Fixed Switch Configuration

•Preparing to Call Cisco TAC

•Implementing Syslog

Saving the Switch Configuration

Saving the configuration after making changes to the Cisco MDS 9000 switch is always a good idea. Whether creating users or configuring ports, the configuration should be saved so that if the switch is rebooted, the current configuration is reapplied to the switch. Optionally, the configuration should also be saved to a file server for purposes of archival, disaster recovery, or version control.

The MDS 9000 switch has two configuration files:

•The running-configuration file describes how the MDS 9000 switch is currently configured.

•The startup-configuration file is the configuration that will be applied to the switch the next time the switch is reloaded.

Both configuration files can be viewed using the show running-configuration command or show startup-configuration command.

Tip Commands that are listed in the running or startup configuration are valid CLI commands and can be used within the config terminal submode on the MDS 9000 switch. Adding conf t to the beginning of a file containing CLI commands derived from the running-configuration or the startup-configuration causes the shell to enter the config submode.

To save the running-configuration, copy it to the startup-configuration:
ca-9506# copy running-config startup-config
[########################################] 100%
To copy the startup-configuration to a remote server (in this example the server is SCP), modify the destination filename, by providing a filename to use on the file server (switch1.startupconfig.01182004).
ca-9506# copy startup-config scp://user@fileserver/switch1.startup.01182004
setmason@dino's password:
sysmgr_system.cfg    100% |*****************************| 16276       00:00
Now the file can be viewed in the switch1.startup.01182004 file.

Copying Files to or from the MDS 9000 Switch

You may need to move files to or from a Cisco MDS 9000 switch. The types of files you may need to move include log files, configuration files, or firmware files. There are two methods for copying files to or from the MDS 9000 switch: using the CLI (command-line interface) and using Fabric Manager.

The first procedure covers the CLI.

The CLI offers a broad range of protocols to use for copying to or from the MDS 9000 switch. Note that the MDS 9000 switch always acts as a client, such that an FTP/SCP/TFTP session always originates from the MDS 9000 switch and either pushes files to an external system or pulls files from an external system.

File Server: 172.22.36.10

File to be copied to the switch: /etc/hosts

The copy command supports four transfer protocols and 12 different sources for files.
ca-9506# copy ?
  bootflash:      Select source filesystem
  core:           Select source filesystem
  debug:          Select source filesystem
  ftp:            Select source filesystem
  licenses        Backup license files
  log:            Select source filesystem
  modflash:       Select source filesystem
  nvram:          Select source filesystem
  running-config  Copy running configuration to destination
  scp:            Select source filesystem
  sftp:           Select source filesystem
  slot0:          Select source filesystem
  startup-config  Copy startup configuration to destination
  system:         Select source filesystem
  tftp:           Select source filesystem
  volatile:       Select source filesystem
To use SCP (Secure copy) as the transfer mechanism, the syntax is as follows:

scp:[//[username@]server][/path]

To copy /etc/hosts from 172.22.36.10 using user1as the user and the destination filename hosts.txt, enter the following command:
switch# copy scp://user1@172.22.36.10/etc/hosts bootflash:hosts.txt
user1@172.22.36.10's password:
hosts                100% |*****************************|  2035    00:00
To back up the startup-configuration to a SFTP server, enter the following command:
switch# copy startup-config sftp://user1@172.22.36.10/MDS/startup-configuration.bak1
Connecting to 172.22.36.10...
User1@172.22.36.10's password:
switch#
Tip You should back up the startup-configuration to a server on a daily basis and before you make any changes. You can write a short script to run on the MDS 9000 switch to save your configuration and then back it up. The script needs to contain just two commands: copy running-configuration startup-configuration and copy startup-configuration tftp://server/name. To execute the script use: run-script filename.

Managing Files on the Standby Supervisor Module

Occasionally, a file may need to be copied to, copied off, or deleted from the supervisor module, or even deleted from the standby supervisor module. To do this, attach to the standby supervisor module and use the dir and delete commands.

Note This recipe is most often invoked when a firmware upgrade fails because there is not enough free bootflash: capacity on the standby supervisor for the firmware images.

To perform file copy functions from the supervisor module, follow these steps:

Step 1 Determine which supervisor module is the standby. In this case, it is module 6.
switch# show module
Mod  Ports  Module-Type                     Model              Status
---  -----  ------------------------------- ------------------ ------------
1    16     1/2 Gbps FC Module              DS-X9016           ok
2    16     1/2 Gbps FC Module              DS-X9016           ok
3    8      IP Storage Services Module      DS-X9308-SMIP      ok
4    0      Caching Services Module         DS-X9560-SMAP      ok
5    0      Supervisor/Fabric-1             DS-X9530-SF1-K9    active *
6    0      Supervisor/Fabric-1             DS-X9530-SF1-K9    ha-standby
Step 2 Connect to the standby supervisor using the attach command. Note how the prompt displays the word standby.
ca-9506# attach module 6
Attaching to module 6 ...
To exit type 'exit', to abort type '$.'
Cisco Storage Area Networking Operating System (SAN-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2004, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
Andiamo Systems, Inc. and/or other third parties and are used and
distributed under license. Some parts of this software are covered
under the GNU Public License. A copy of the license is available
at http://www.gnu.org/licenses/gpl.html.
ca-9506(standby)#
Step 3 List the files on the bootflash to be deleted.
ca-9506(standby)# dir bootflash:
   12330496     Jun 30 21:11:33 2004  boot-1-3-4a
       2035     Jun 17 16:30:18 2004  hosts.txt
   43705437     Jun 30 21:11:58 2004  isan-1-3-4a
      12288     Dec 31 17:13:48 1979  lost+found/
   12334592     Jun 23 17:02:16 2004  m9500-sf1ek9-kickstart-mz.1.3.4b.bin
   43687917     Jun 23 17:02:42 2004  m9500-sf1ek9-mz.1.3.4b.bin
         99     Apr 07 19:28:54 1980  security_cnv.log
Usage for bootflash://sup-local
  126340096 bytes used
   59745280 bytes free
  186085376 bytes total
Step 4 Delete the file with the delete command.
ca-9506(standby)# delete bootflash:hosts.txt
Step 5 To return to the active supervisor, type exit. The prompt also returns to the active supervisor prompt.
ca-9506(standby)# exit
rlogin: connection closed.
ca-9506#
Upgrading MDS 9000 Switch Firmware

To obtain new features and functionality for a Cisco MDS 9000 switch, you may need to upgrade the firmware. You can upgrade using either the CLI or the Fabric Manager.

Firmware images can be downloaded from the Cisco software center located at the following URL: http://www.cisco.com/public/sw-center/sw-stornet.shtml. A CCO login account is required to download all software images.

Tip On single supervisor MDS 9000 switches, like the 9100 and 9200 series, the switch will reboot. Therefore you should enable persistent FC ID and static domain IDs. For information on how to configure these values, see Configuring a Static Domain ID and Persistent FC ID .

In this procedure the firmware images have been downloaded from the Cisco website and are located on a local file server.

File server: testhost

System image: m9500-sf1ek9-mz.1.3.4b.bin

Kickstart image: m9500-sf1ek9-kickstart-mz.1.3.4b.bin

The location of the firmware images may either be on the switch's bootflash: file system or on another server accessible via FTP/TFTP/SFTP/SCP.

Upgrading Switch Firmware Using the CLI

To upgrade the firmware of an MDS 9000 switch using SCP, enter the following CLI commands:

Step 1 Determine what the upgrade impact will be on the system by using the show install all impact system command. This first optional command will also verify the image integrity as well as provide the details of the upgrade. This command does not actually perform the upgrade.
ca-9506# show install all impact system 
scp://setmason@testhost/tftpboot/rel/qa/1_3_4b/final/m95
00-sf1ek9-mz.1.3.4b.bin kickstart scp://setmason@testhost 
/tftpboot/rel/qa/1_3_4b/final/m9500-sf1ek9-kickstart-mz.1.3.4b.bin
For scp://setmason@testhost, please enter password:
For scp://setmason@testhost, please enter password:
Copying image from scp://setmason@testhost 
/tftpboot/rel/qa/1_3_4b/final/m9500-sf1ek9-kickstart-mz.1.3.4b.bin to 
bootflash:///m9500-sf1ek9-kickstart-mz.1.3.4b.bin.
[####################] 100% -- SUCCESS
Copying image from scp://setmason@testhost 
/tftpboot/rel/qa/1_3_4b/final/m9500-sf1ek9-mz.1.3.4b.bin to 
bootflash:///m9500-sf1ek9-mz.1.3.4b.bin.
[####################] 100% -- SUCCESS
Verifying image bootflash:///m9500-sf1ek9-kickstart-mz.1.3.4b.bin
[####################] 100% -- SUCCESS
Verifying image bootflash:///m9500-sf1ek9-mz.1.3.4b.bin
[####################] 100% -- SUCCESS
Extracting "slc" version from image bootflash:///m9500-sf1ek9-mz.1.3.4b.bin.
[####################] 100% -- SUCCESS
Extracting "ips" version from image bootflash:///m9500-sf1ek9-mz.1.3.4b.bin.
[####################] 100% -- SUCCESS
Extracting "svclc" version from image bootflash:///m9500-sf1ek9-mz.1.3.4b.bin.
[####################] 100% -- SUCCESS
Extracting "system" version from image bootflash:///m9500-sf1ek9-mz.1.3.4b.bin.
[####################] 100% -- SUCCESS
Extracting "kickstart" version from image bootflash:///m9500-sf1ek9-kickstart-mz
.1.3.4b.bin.
[####################] 100% -- SUCCESS
Extracting "loader" version from image bootflash:///m9500-sf1ek9-kickstart-mz.1.
3.4b.bin.
[####################] 100% -- SUCCESS
Compatibility check is done:
Module  bootable          Impact  Install-type  Reason
------  --------  --------------  ------------  ------
     1       yes  non-disruptive       rolling
     2       yes  non-disruptive       rolling
     3       yes  non-disruptive       rolling
     4       yes  non-disruptive       rolling
     5       yes  non-disruptive         reset
     6       yes  non-disruptive         reset
Other miscellaneous information for installation:
Module  info
------  ----------------------------------
Images will be upgraded according to following table:
Module       Image       Running-Version        New-Version  Upg-Required
------  ----------  --------------------  --------------------  ---------
     1         slc               1.3(4a)               1.3(4b)        yes
     1        bios      v1.1.0(10/24/03)      v1.0.8(08/07/03)         no
     2         slc               1.3(4a)               1.3(4b)        yes
     2        bios      v1.0.8(08/07/03)      v1.0.8(08/07/03)         no
     3         ips               1.3(4a)               1.3(4b)        yes
     3        bios      v1.0.8(08/07/03)      v1.0.8(08/07/03)         no
     4       svclc               1.3(4a)               1.3(4b)        yes
     4       svcsb               1.3(4m)               1.3(4m)         no
     4       svcsb                1.3(4)                1.3(4)         no
     4        bios      v1.1.0(10/24/03)      v1.0.8(08/07/03)         no
     5      system               1.3(4a)               1.3(4b)        yes
     5   kickstart               1.3(4a)               1.3(4b)        yes
     5        bios      v1.1.0(10/24/03)      v1.0.8(08/07/03)         no
     5      loader                1.2(2)                1.2(2)         no
     6      system               1.3(4a)               1.3(4b)        yes
     6   kickstart               1.3(4a)               1.3(4b)        yes
     6        bios      v1.1.0(10/24/03)      v1.0.8(08/07/03)         no
     6      loader                1.2(2)                1.2(2)         no
Step 2 Upgrade the firmware using the install all command and the appropriate file locations.
ca-9506# install all system scp://setmason@testhost/tftpboot/rel/qa/1_3_4b/final/m95
00-sf1ek9-mz.1.3.4b.bin kickstart scp://setmason@testhost 
/tftpboot/rel/qa/1_3_4b/final/m9500-sf1ek9-kickstart-mz.1.3.4b.bin
For scp://setmason@testhost, please enter password:
For scp://setmason@testhost, please enter password:
Copying image from scp://setmason@testhost 
/tftpboot/rel/qa/1_3_4b/final/m9500-sf1ek9-kickstart-mz.1.3.4b.bin to 
bootflash:///m9500-sf1ek9-kickstart-mz.1.3.4b.bin.
[####################] 100% -- SUCCESS
Copying image from scp://setmason@testhost 
/tftpboot/rel/qa/1_3_4b/final/m9500-sf1ek9-mz.1.3.4b.bin to 
bootflash:///m9500-sf1ek9-mz.1.3.4b.bin.
[####################] 100% -- SUCCESS
Verifying image bootflash:///m9500-sf1ek9-kickstart-mz.1.3.4b.bin
[####################] 100% -- SUCCESS
Verifying image bootflash:///m9500-sf1ek9-mz.1.3.4b.bin
[####################] 100% -- SUCCESS
Extracting "slc" version from image bootflash:///m9500-sf1ek9-mz.1.3.4b.bin.
[####################] 100% -- SUCCESS
Extracting "ips" version from image bootflash:///m9500-sf1ek9-mz.1.3.4b.bin.
[####################] 100% -- SUCCESS
Extracting "svclc" version from image bootflash:///m9500-sf1ek9-mz.1.3.4b.bin.
[####################] 100% -- SUCCESS
Extracting "system" version from image bootflash:///m9500-sf1ek9-mz.1.3.4b.bin.
[####################] 100% -- SUCCESS
Extracting "kickstart" version from image bootflash:///m9500-sf1ek9-kickstart-mz
.1.3.4b.bin.
[####################] 100% -- SUCCESS
Extracting "loader" version from image bootflash:///m9500-sf1ek9-kickstart-mz.1.
3.4b.bin.
[####################] 100% -- SUCCESS
Compatibility check is done:
Module  bootable          Impact  Install-type  Reason
------  --------  --------------  ------------  ------
     1       yes  non-disruptive       rolling
     2       yes  non-disruptive       rolling
     3       yes  non-disruptive       rolling
     4       yes  non-disruptive       rolling
     5       yes  non-disruptive         reset
     6       yes  non-disruptive         reset
Other miscellaneous information for installation:
Module  info
------  ----------------------------------
Images will be upgraded according to following table:
Module       Image       Running-Version        New-Version  Upg-Required
------  ----------  --------------------  --------------------  ---------
     1         slc               1.3(4a)               1.3(4b)        yes
     1        bios      v1.1.0(10/24/03)      v1.0.8(08/07/03)         no
     2         slc               1.3(4a)               1.3(4b)        yes
     2        bios      v1.0.8(08/07/03)      v1.0.8(08/07/03)         no
     3         ips               1.3(4a)               1.3(4b)        yes
     3        bios      v1.0.8(08/07/03)      v1.0.8(08/07/03)         no
     4       svclc               1.3(4a)               1.3(4b)        yes
     4       svcsb               1.3(4m)               1.3(4m)         no
     4       svcsb                1.3(4)                1.3(4)         no
     4        bios      v1.1.0(10/24/03)      v1.0.8(08/07/03)         no
     5      system               1.3(4a)               1.3(4b)        yes
     5   kickstart               1.3(4a)               1.3(4b)        yes
     5        bios      v1.1.0(10/24/03)      v1.0.8(08/07/03)         no
     5      loader                1.2(2)                1.2(2)         no
     6      system               1.3(4a)               1.3(4b)        yes
     6   kickstart               1.3(4a)               1.3(4b)        yes
     6        bios      v1.1.0(10/24/03)      v1.0.8(08/07/03)         no
     6      loader                1.2(2)                1.2(2)         no
Do you want to continue with the installation (y/n)?  [n] y
Install is in progress, please wait.
Syncing image bootflash:///m9500-sf1ek9-kickstart-mz.1.3.4b.bin to standby.
[####################] 100% -- SUCCESS
Syncing image bootflash:///m9500-sf1ek9-mz.1.3.4b.bin to standby.
[####################] 100% -- SUCCESS
Setting boot variables.
[####################] 100% -- SUCCESS
Performing configuration copy.
[####################] 100% -- SUCCESS
Module 5: Waiting for module online.
 -- SUCCESS
At this point, the switch performs a hitless supervisor switchover. A new Telnet/CLI session must be established to the new supervisor.

Note If the images fail to copy to the standby supervisor, there may be insufficient room for the new images and some old images or files may need to be removed. See Managing Files on the Standby Supervisor Module for a recipe on removing files from the standby supervisor.

Step 3 To view the status of the current upgrade from the new supervisor, enter the show install all status command.
switch# show install all status
This is the log of last installation.
Continue on installation process, please wait.
The login will be disabled until the installation is completed.
Module 5: Waiting for module online.
 -- SUCCESS
Module 1: Non-disruptive upgrading.
 -- SUCCESS
Module 2: Non-disruptive upgrading.
 -- SUCCESS
Module 3: Non-disruptive upgrading.
 -- SUCCESS
Module 4: Non-disruptive upgrading.
 -- SUCCESS
Install has been successful.
Upgrading Switch Firmware Using Fabric Manager

To upgrade the firmware of one or more MDS 9000 switches, leverage the interface of the Fabric Manager and follow these steps:

Step 1 Select the Software Install Wizard from the toolbar in Fabric Manager. (See Figure 2-1.)

Figure 2-1 Image Installation with Fabric Manager

Step 2 Choose the switches to upgrade and click Next. (See Figure 2-2.)

Figure 2-2 Choose Switches to Upgrade

Step 3 Specify the location of the firmware images. (See Figure 2-3.)

a. Enter the file information to transfer the file from the server to the switch.

b. If the files are to be downloaded during the install, also enter the path and filename of the images.

c. By checking the Skip Image Download check box, an upgrade can be performed using images that are already located on the supervisor's bootflash.

Figure 2-3 Specify Firmware Images

Step 4 Click Next.

Depending on the installation method (that is, already downloaded to bootflash or download during the install), the wizard may prompt for additional file locations. The fourth and final screen provides a summary and enables you to start the install. During the installation, a compatibility screen pops up and displays the same version compatibility information that was displayed in the CLI upgrade. You must click Yes to continue with the upgrade.

Note Unlike the CLI, the Fabric Manager maintains connectivity to the switch and provides detailed information during the entire upgrade sequence, without requiring you to manually reestablish connectivity to the switch during the supervisor switchover. If there is a failure, the last screen displays any reasons for a failed upgrade.

Recovering a Password

If there are no accounts accessible on the Cisco MDS 9000 switch that have either network-admin or user account creation privileges, you may have to perform a password recovery on the admin account if passwords are lost.

Warning This procedure requires console access to the switch and requires a reboot of the switch.

Tip It is possible for another CLI user with network-admin privileges to change the password of the admin user, which can alleviate reloading the switch.

To recover the admin account's password, follow these steps:

Step 1 If possible, save the current configuration by entering the copy-running config command on the switch:
switch# copy running-config startup-config
[########################################] 100%
Step 2 Connect a console cable to the active supervisor of the MDS 9000 switch. (See Figure 2-4 and Figure 2-5.)

Figure 2-4 Console Connection on an MDS 9500 Series Switch

Figure 2-5 Console Connection on an MDS 9200 Series Switch

Step 3 Attach the RS-232 end of the console cable to a PC.

Step 4 Configure Hyperterm or a similar terminal emulation software for 9600 baud, 8 data bits, no parity, 1 stop bit and no flow control. (See Figure 2-6.)

Figure 2-6 HyperTerm Terminal Settings

Step 5 Establish a connection to the switch if possible, at least enough to display the login prompt if no user accounts are available.

Step 6 For a multi-supervisor switch, MDS-9509 or MDS-9506, physically remove the standby supervisor. It is not necessary to remove it from the chassis, just enough so that it does not make contact with the backplane.

Step 7 Reboot the switch either by cycling the power or entering the reload command.

Step 8 Press Ctrl-] (when the switch begins its SAN-OS software boot sequence) to enter the switch(boot)# prompt.

Step 9 Enter configuration mode:
switchboot# config terminal
Step 10 Enter the admin-password <new password> command.
switch(boot-config)# admin-password temppassword
switch(boot-config)# exit
Step 11 Load the system image to finish the boot sequence.
switch(boot)# load bootflash: m9500-sf1ek9-mz.1.3.4b.bin
Step 12 Log in to the switch using the admin account and the temporary password.
switch login: admin
Password:
Cisco Storage Area Networking Operating System (SAN-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2004, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
Andiamo Systems, Inc. and/or other third parties and are used and
distributed under license. Some parts of this software are covered
under the GNU Public License. A copy of the license is available
at http://www.gnu.org/licenses/gpl.html.
switch#
Step 13 Change the admin password to a new permanent password.
ca-9506# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
ca-9506(config)# username admin password g05ox
Step 14 Save the configuration that includes the new password.
switch# copy running-config startup-config
[########################################] 100%
Installing a License

To install a license key, use either the CLI and or the Fabric Manager.

Using the CLI to Install a License

Step 1 Copy the license file to the bootflash of the supervisor.
switch# copy scp://user1@172.22.36.10/tmp/FM_Server.lic bootflash:FM_Server.lic
user1@172.22.36.10's password:
FM_Server.lic			   100% |*****************************|  2035    00:00
Step 2 Verify the license file.
switch# show license file FM_Server.lic
lic.lic:
SERVER this_host ANY
VENDOR cisco
INCREMENT FM_SERVER_PKG cisco 1.0 permanent uncounted \
       VENDOR_STRING=MDS HOSTID=VDH=FOX0713037X \
       NOTICE="<LicFileID>lic_template</LicFileID><LicLineID>0</LicLineID> \
        <PAK>dummyPak</PAK>" SIGN=D8CF07EA26C2
Step 3 Cross reference the switch's host-id (VDH=FOX0713037X) with that listed in the license file.
ca-9506# show license host-id
License hostid: VDH=FOX0713037X
Step 4 Install the license file.
switch# install license bootflash:FM_Server.lic
Installing license ..done
Step 5 Verify the license has been installed.
switch# show license
lic.lic:
SERVER this_host ANY
VENDOR cisco
INCREMENT FM_SERVER_PKG cisco 1.0 permanent uncounted \
       VENDOR_STRING=MDS HOSTID=VDH=FOX0713037X \
       NOTICE="<LicFileID>lic_template</LicFileID><LicLineID>0</LicLineID> \
        <PAK>dummyPak</PAK>" SIGN=D8CF07EA26C2
Step 6 Display a summary of the installed licenses by issuing the show license usage command.
switch# show license usage
Feature               Insta License Status Expiry Date Comments
                      lled  Count
-----------------------------------------------------------------
FM_SERVER_PKG          Yes      -   In use never       -
MAINFRAME_PKG          No       -   Unused             -
ENTERPRISE_PKG         Yes      -   In use never       -
SAN_EXTN_OVER_IP       Yes      2   In use never       -
SAN_EXTN_OVER_IP_IPS4  No       0   Unused             -
-----------------------------------------------------------------
Step 7 Display the features within a license package are being used by specifying the package name. In this case QoS is using the Enterprise package.
ca-9506# show license usage ENTERPRISE_PKG
Application
-----------
Qos Manager
-----------
Using Fabric Manager to Install a License

To install a license, follow these steps:

Step 1 Click the License Install icon in the main toolbar of Fabric Manager to launch the License Installation Wizard. You see the License Install Wizard dialog box. (See Figure 2-7.)

Figure 2-7 License Installation Wizard

Step 2 In the License Install Wizard dialog box, as shown in Figure 2-8, check the appropriate check box to specify how to install the keys based upon whether or not you have already obtained the license key files or if you have only a Product Authorization Key (PAK). If you have a PAK, then you can download the license file and install it from the Cisco website.

Figure 2-8 License Installation Method

Step 3 If the keys already exist on a server, enter the name and location of the license key files in the dialog box like the one in Figure 2-9.

Figure 2-9 License File Location

If the license files are not already available, and you only have the PAK numbers, then Fabric Manager can obtain the license files directly from Cisco.com. (See Figure 2-10.)

Figure 2-10 Install License Using PAK

At this point, the license keys can be installed and the licensable feature can be used.

Copying Core Files from the MDS 9000 Switch

If an MDS 9000 switch process crashes, it may create a core file which you can send to Cisco TAC for further troubleshooting. To copy a core file off of the MDS 9000 switch, follow these steps:

Step 1 Before copying a core file to another server, identify the PID of the core file:
switch# show cores
Module-num Process-name PID Core-create-time
---------- ------------ --- ----------------
5 		 	 fspf 			1524 		Jul 15 03:11
Step 2 Copy the core file using FTP, for example, with the following command syntax:
"core://<module-number>/<process-id>"
switch# copy core://5/1524 ftp://172.22.36.10/tmp/fspfcore
You can now send the file to Cisco TAC according to the directions you receive from a TAC engineer.

Configuring an NTP Server

Network Time Protocol (NTP) is a protocol used by devices to synchronize their internal clocks with other devices. The Cisco MDS 9000 switch can only be used as an NTP client and can talk to other NTP systems which are considered to have a higher stratum (or authority). NTP is hierarchical in nature such that the lower stratum numbers are closer to the source of the time authority. Devices that are at the same stratum can be configured as peers so that they can work together to determine the correct ime by making minute adjustments. Normally, the MDS 9000 switches are configured as peers, while a router or other dedicated machine is used as an NTP server.

Note NTP will not set the time zone (or offset from UTP) for the switch. You must manually set the time zone using, for example, Eastern Standard Time and Eastern Daylight-Savings Time:
clock timezone EST -5.0
clock summer-time EDT 1 Sunday Apr 02:00 5 Sunday Oct 02:00 60

The following example uses these IP addresses:

Switch #1 IP Address: 172.22.36.142

Switch #2 IP Address: 172.22.36.9

NTP Server: 171.69.16.26

To configure NTP for switch1, follow these steps:

Step 1 Enter configuration mode and add the NTP server.
switch1# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
switch1(config)# ntp server 171.69.16.26
Step 2 Add the NTP peer switch.
switch1(config)# ntp peer 172.22.36.9
switch1(config)# end
At this point, NTP is configured and the switch will slowly adjust to the new time.

Step 3 To view the NTP configuration, enter the show ntp peers command:
switch1# show ntp peers
--------------------------------------------------
  Peer IP Address               Serv/Peer
--------------------------------------------------
  171.69.16.26                  Server
  172.22.36.9                   Peer
Restoring a Fixed Switch Configuration

This procedure covers the process of backing up and restoring a switch configuration for one of the Cisco MDS 9000 Family switches that have a fixed configuration. These include the Cisco MDS 9216 and 9100 series fabric switches.

This procedure leverages the following resources:

•Old Switch: switch1: (172.22.36.8)

•New Switch: switch2

•File Server: host1

Note Only restore a switch configuration to a switch that has the exact same firmware version on it as was used to create the switch configuration. If an upgrade is required, restore the configuration, and then upgrade the firmware.

To restore a fixed switch configuration, follow these steps:

Step 1 Save the running configuration using the following command.
switch1# copy running-config startup-config
[########################################] 100%
Step 2 Copy the startup configuration to the file server using any of the available methods on the MDS 9000 switch, such as FTP, TFTP, SFTP, or SCP.
switch1# copy startup-config scp://user@host1/switch1.config
user@switch1's password:
sysmgr_system.cfg    100% |*****************************| 10938       00:00
switch1#
Step 3 Capture the port assignments using the fabric login (FLOGI) database. The database is used to verify that all of the cables are placed in the correct locations.
switch1# show flogi database
---------------------------------------------------------------------------
INTERFACE  VSAN    FCID            PORT NAME               NODE NAME
---------------------------------------------------------------------------
fc1/8      600   0x7c0007  50:05:07:63:00:ce:a2:27  50:05:07:63:00:c0:a2:27
fc1/13     1001  0xef0001  50:06:0e:80:03:4e:95:13  50:06:0e:80:03:4e:95:13
fc1/15     600   0x7c0004  50:06:0b:00:00:13:37:ae  50:06:0b:00:00:13:37:af
Note At this point, the old switch is no longer needed; its mgmt0 port should be disconnected from the LAN.

Step 4 Log on to the new switch using the console connection and clear the switch configuration. Do not run the setup script, if prompted. The write erase command will erase the switch configuration.
switch2# write erase
Warning: This command will erase the startup-configuration.
Do you wish to proceed anyway? (y/n)  [n] y
Step 5 Reload the switch.
switch2# reload
This command will reboot the system. (y/n)?  [n] y
When the switch comes up in its factory default mode and prompts for the Basic System Configuration Dialog, skip it because all the configuration options are contained in the startup configuration file of the old switch.

Step 6 Manually configure the IP address as follows.
switch2# config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch2(config)# int mgmt 0
switch2(config-if)# ip address 172.22.36.8 255.255.254.0
switch2(config-if)# no shut
Step 7 If interface (fc X/Y) based zoning is used, obtain the WWN for the new switch. Otherwise, skip this step.
switch2# show wwn switch
Switch WWN is 20:00:00:0d:ec:02:1d:40
Step 8 On the file server, make a copy of the configuration file and then open it in a text editor, such as Notepad or vi.

a. Remove the lines that contain the SNMP user accounts, as the encrypted passwords are tied to the MAC address of the chassis:
$ cp switch1.config switch1.config.orig
$ vi switch1.config
The user accounts are all grouped together and begin with snmp-server user:
snmp-server user admin network-admin auth md5 0x46694cac2585d39d3bc00c8a4c7d48a6
 localizedkey
snmp-server user guestadmin network-admin auth md5 0xcae40d254218747bc57ee1df348
26b51 localizedkey
b. If interface (fc X/Y) zoning was not used, skip this step. Otherwise, replace the WWN of the old switch in the zone member commands with the WWN of the new switch:
zone name Z_1 vsan 9
  member interface fc1/9 swwn 20:00:00:0d:ec:02:1d:40
c. Save and exit the configuration file.

Step 9 From the new switch, copy the modified configuration file from the file server onto the running configuration of the new switch. As the file is copied, it executes on the switch as the configuration is applied. The commands being applied are contained in single quotes. Any errors caused by applying the commands are displayed immediately after the error-causing command executes. The prompt changes to reflect the new switch name.
switch2# copy scp://user@host1/switch1.config running-config
user@host1's password:
switch1.config   100% |*****************************| 10938       00:00
Step 10 Save the configuration by copying startup-config to running-config.
switch1# copy running-config startup-config
[########################################] 100%:
Step 11 At this point, access the switch via the CLI and perform the following remaining items:

a. Recreate SNMP user accounts.

b. Remove the MDS 9000 switch entry from the host's known_hosts file, because the switch's public key is different.

c. Install license keys, if required.

Step 12 Move the cables from the old switch to the new switch, using the show flogi database command on the old switch as a reference to verify that each cable is in the correct location.

Step 13 Verify that all devices have logged in and that all features are running as they are supposed to be.

Step 14 Save the running-configuration to the startup-configuration with the copy running-config startup-config command.

Step 15 Reload the switch to verify that it boots correctly with the configuration.

Preparing to Call Cisco TAC

At some point, the administrator may need to contact the Cisco TAC or their OSM for some additional assistance. This section outlines the steps that the administrator should perform prior to contacting their next level of support, as this will reduce the amount of time needed to resolve the issue.

Step 1 Do not reload the line card or the switch until you have completed at least Step 2. Some logs and counters are kept in volatile storage and will not survive a reload.

Step 2 Collect switch information and configuration. Do this before the issue is resolved and after it is resolved. The following three methods of collecting switch information each provide the same information.

a. CLI: Configure the Telnet/SSH application to log the screen output to a text file and issue the show tech-support details command.

b. CLI: Issue the tac-pac <filename> command, as in this example:
tac-pac bootflash://showtech.switch1.

The tac-pac command redirects the output of a show tech-support details command to a file that you can then gzip. If no filename is specified, the file created is volatile:show_tech_out.gz. Copy the file off the MDS 9000 switch using the procedure described in Copying Files to or from the MDS 9000 Switch.

c. Fabric Manager: Choose Tools > Show tech support. Fabric manager can capture switch configuration information from multiple switches simultaneously. The file can be saved on the local PC.

Step 3 Capture the exact error codes:

a. If the error occurs in Fabric Manager, take a screen shot of the error. In Windows, use ALT+Print Screen to capture the active window, or press the Print Screen key to capture the entire desktop. Paste the screen capture into a new MSpaint.exe (or similar program) session.

b. Display the message log using the show logging log command or view the last X lines of the log using the show logging last lines command.

Step 4 Answer the following questions before placing a call to TAC:

a. In which switch, HBA, or storage port is the problem occurring? List MDS firmware, driver versions, operating systems versions and storage device firmware.

b. What is the network topology? (In Fabric Manager, choose Tools -> Show Tech. Save the map.)

c. Were any changes being made to the environment (zoning, adding line cards, upgrades) prior to or at the time of this event?

d. Are there other similarly configured devices that could have this problem but do not have it?

e. Where is this problematic device connected (MDS 9000 switch Z, interface x/y)?

f. When did this problem first occur?

g. When did this problem last occur?

h. How often does this problem occur?

i. How many devices have this problem?

j. Were any traces or debug outputs captured during the problem time? What troubleshooting steps have already been done? Were any of the following tools used?

–Fcanalyzer, PAA-2, Ethereal, local or remote SPAN

–CLI debug commands

–FC traceroute, FC ping

–FM/DM

Implementing Syslog

The syslog message server allows Cisco MDS 9000 switches to send a copy of the message log to a host for more permanent storage. Saving the logs in this way can be useful if the logs need to be examined over a long period of time or when the MDS 9000 switch is not accessible.

This example demonstrates how to configure a Cisco MDS 9000 switch to use the syslog facility on a Solaris platform. Although a Solaris host is being used, the syslog configuration on all UNIX and Linux systems is very similar.

Syslog uses the concept of a facility to determine how a message should be handled on the syslog server (the Solaris system in this example), and the message severity. Therefore, different message severities can be handled differently by the syslog server. They could be logged to different files or sent via e-mail to a particular user. Specifying a severity determines that all messages of that level and greater severity (lower number) will be acted upon.

Tip The MDS 9000 switch messages should be logged to a different file from the standard syslog file so that they cannot be confused with other non-MDS 9000 switch syslog messages. To prevent log messages from filling up the /filesystem directory, do not locate the log file on the /filesystem directory.

Syslog Client: switch1

Syslog Server: 172.22.36.211 (Solaris)

Syslog facility: local1

Syslog severity: notifications (level 5, the default)

File to log MDS messages to: /var/adm/MDS_logs

To configure a Cisco MDS 9000 switch to use the syslog facility on a Solaris platform, follow these steps:

Step 1 Configure the MDS 9000 switch using the config terminal command:
switch1# config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch1(config)# logging server 172.22.36.211 6 facility local1
Step 2 Display the configuration using the show logging server command:
switch1# show logging server
Logging server:                 enabled
{172.22.36.211}
        server severity:        notifications
        server facility:        local1
Step 3 Configure the syslog server:

a. Modify /etc/syslog.conf to handle local1 messages. For Solaris, there needs to be at least one tab between the facility.severity and the action (/var/adm/MDS_logs)
#Below is for the MDS 9000 logging
local1.notice                                   /var/adm/MDS_logs
b. Create the log file:
#touch /var/adm/MDS_logs
c. Restart syslogd:
# /etc/init.d/syslog stop
# /etc/init.d/syslog start
syslog service starting.
d. Verify syslog started:
# ps -ef |grep syslogd
    root 23508     1  0 11:01:41 ?        0:00 /usr/sbin/syslogd
Step 4 Test the syslog server by creating an event on the MDS 9000 switch. In this case, port fc1/2 was bounced and the following information was listed on the syslog server. Notice that the IP address of the switch is listed in brackets.
# tail -f /var/adm/MDS_logs
Sep 17 11:07:41 [172.22.36.142.2.2] : 2004 Sep 17 11:17:29 pacific: 
%PORT-5-IF_DOWN_INITIALIZING: %$VSAN 1%$ Interface fc1/2 is down (Initializing)
Sep 17 11:07:49 [172.22.36.142.2.2] : 2004 Sep 17 11:17:36 pacific: %PORT-5-IF_UP: 
%$VSAN 1%$ Interface fc1/2 is up in mode TE
Sep 17 11:07:51 [172.22.36.142.2.2] : 2004 Sep 17 11:17:39 pacific: 
%VSHD-5-VSHD_SYSLOG_CONFIG_I: Configuring console from pts/0 
(dhcp-171-71-49-125.cisco.com)

	Cisco MDS 9000 Family Cookbook, Release 1.x
	Switch Management
Cisco MDS 9000 Family Cookbook, Release 1.x Index Preface Account Management Switch Management Physical Interfaces Logical Interfaces VSANs Inter-VSAN Routing Zoning iSCSI FCIP	Download this chapter Switch Management Download the complete book Full Book PDF (PDF - 8 MB) Feedback Table Of Contents Switch Management Saving the Switch Configuration Copying Files to or from the MDS 9000 Switch Managing Files on the Standby Supervisor Module Upgrading MDS 9000 Switch Firmware Upgrading Switch Firmware Using the CLI Upgrading Switch Firmware Using Fabric Manager Recovering a Password Installing a License Using the CLI to Install a License Using Fabric Manager to Install a License Copying Core Files from the MDS 9000 Switch Configuring an NTP Server Restoring a Fixed Switch Configuration Preparing to Call Cisco TAC Implementing Syslog Switch Management This chapter describes various tasks associated with managing a Cisco MDS 9000 switch and includes the following sections: •Saving the Switch Configuration •Copying Files to or from the MDS 9000 Switch •Managing Files on the Standby Supervisor Module •Upgrading MDS 9000 Switch Firmware •Recovering a Password •Installing a License •Copying Core Files from the MDS 9000 Switch •Configuring an NTP Server •Restoring a Fixed Switch Configuration •Preparing to Call Cisco TAC •Implementing Syslog Saving the Switch Configuration Saving the configuration after making changes to the Cisco MDS 9000 switch is always a good idea. Whether creating users or configuring ports, the configuration should be saved so that if the switch is rebooted, the current configuration is reapplied to the switch. Optionally, the configuration should also be saved to a file server for purposes of archival, disaster recovery, or version control. The MDS 9000 switch has two configuration files: •The running-configuration file describes how the MDS 9000 switch is currently configured. •The startup-configuration file is the configuration that will be applied to the switch the next time the switch is reloaded. Both configuration files can be viewed using the show running-configuration command or show startup-configuration command. Tip Commands that are listed in the running or startup configuration are valid CLI commands and can be used within the config terminal submode on the MDS 9000 switch. Adding conf t to the beginning of a file containing CLI commands derived from the running-configuration or the startup-configuration causes the shell to enter the config submode. To save the running-configuration, copy it to the startup-configuration: ca-9506# copy running-config startup-config [########################################] 100% To copy the startup-configuration to a remote server (in this example the server is SCP), modify the destination filename, by providing a filename to use on the file server (switch1.startupconfig.01182004). ca-9506# copy startup-config scp://user@fileserver/switch1.startup.01182004 setmason@dino's password: sysmgr_system.cfg 100% \|***************************\| 16276 00:00 Now the file can be viewed in the switch1.startup.01182004 file. Copying Files to or from the MDS 9000 Switch You may need to move files to or from a Cisco MDS 9000 switch. The types of files you may need to move include log files, configuration files, or firmware files. There are two methods for copying files to or from the MDS 9000 switch: using the CLI (command-line interface) and using Fabric Manager. The first procedure covers the CLI. The CLI offers a broad range of protocols to use for copying to or from the MDS 9000 switch. Note that the MDS 9000 switch always acts as a client, such that an FTP/SCP/TFTP session always originates from the MDS 9000 switch and either pushes files to an external system or pulls files from an external system. File Server: 172.22.36.10 File to be copied to the switch: /etc/hosts The copy command supports four transfer protocols and 12 different sources for files. ca-9506# copy ? bootflash: Select source filesystem core: Select source filesystem debug: Select source filesystem ftp: Select source filesystem licenses Backup license files log: Select source filesystem modflash: Select source filesystem nvram: Select source filesystem running-config Copy running configuration to destination scp: Select source filesystem sftp: Select source filesystem slot0: Select source filesystem startup-config Copy startup configuration to destination system: Select source filesystem tftp: Select source filesystem volatile: Select source filesystem To use SCP (Secure copy) as the transfer mechanism, the syntax is as follows: scp:[//[username@]server][/path] To copy /etc/hosts from 172.22.36.10 using user1as the user and the destination filename hosts.txt, enter the following command: switch# copy scp://user1@172.22.36.10/etc/hosts bootflash:hosts.txt user1@172.22.36.10's password: hosts 100% \|*************************\| 2035 00:00 To back up the startup-configuration to a SFTP server, enter the following command: switch# copy startup-config sftp://user1@172.22.36.10/MDS/startup-configuration.bak1 Connecting to 172.22.36.10... User1@172.22.36.10's password: switch# Tip You should back up the startup-configuration to a server on a daily basis and before you make any changes. You can write a short script to run on the MDS 9000 switch to save your configuration and then back it up. The script needs to contain just two commands: copy running-configuration startup-configuration and copy startup-configuration tftp://**server/name. To execute the script use: run-script filename. Managing Files on the Standby Supervisor Module Occasionally, a file may need to be copied to, copied off, or deleted from the supervisor module, or even deleted from the standby supervisor module. To do this, attach to the standby supervisor module and use the dir and delete commands. Note This recipe is most often invoked when a firmware upgrade fails because there is not enough free bootflash: capacity on the standby supervisor for the firmware images. To perform file copy functions from the supervisor module, follow these steps: Step 1 Determine which supervisor module is the standby. In this case, it is module 6. switch# show module Mod Ports Module-Type Model Status --- ----- ------------------------------- ------------------ ------------ 1 16 1/2 Gbps FC Module DS-X9016 ok 2 16 1/2 Gbps FC Module DS-X9016 ok 3 8 IP Storage Services Module DS-X9308-SMIP ok 4 0 Caching Services Module DS-X9560-SMAP ok 5 0 Supervisor/Fabric-1 DS-X9530-SF1-K9 active * 6 0 Supervisor/Fabric-1 DS-X9530-SF1-K9 ha-standby Step 2 Connect to the standby supervisor using the attach command. Note how the prompt displays the word standby. ca-9506# attach module 6 Attaching to module 6 ... To exit type 'exit', to abort type '$.' Cisco Storage Area Networking Operating System (SAN-OS) Software TAC support: http://www.cisco.com/tac Copyright (c) 2002-2004, Cisco Systems, Inc. All rights reserved. The copyrights to certain works contained herein are owned by Andiamo Systems, Inc. and/or other third parties and are used and distributed under license. Some parts of this software are covered under the GNU Public License. A copy of the license is available at http://www.gnu.org/licenses/gpl.html. ca-9506(standby)# Step 3 List the files on the bootflash to be deleted. ca-9506(standby)# dir bootflash: 12330496 Jun 30 21:11:33 2004 boot-1-3-4a 2035 Jun 17 16:30:18 2004 hosts.txt 43705437 Jun 30 21:11:58 2004 isan-1-3-4a 12288 Dec 31 17:13:48 1979 lost+found/ 12334592 Jun 23 17:02:16 2004 m9500-sf1ek9-kickstart-mz.1.3.4b.bin 43687917 Jun 23 17:02:42 2004 m9500-sf1ek9-mz.1.3.4b.bin 99 Apr 07 19:28:54 1980 security_cnv.log Usage for bootflash://sup-local 126340096 bytes used 59745280 bytes free 186085376 bytes total Step 4 Delete the file with the delete command. ca-9506(standby)# delete bootflash:hosts.txt Step 5 To return to the active supervisor, type exit. The prompt also returns to the active supervisor prompt. ca-9506(standby)# exit rlogin: connection closed. ca-9506# Upgrading MDS 9000 Switch Firmware To obtain new features and functionality for a Cisco MDS 9000 switch, you may need to upgrade the firmware. You can upgrade using either the CLI or the Fabric Manager. Firmware images can be downloaded from the Cisco software center located at the following URL: http://www.cisco.com/public/sw-center/sw-stornet.shtml. A CCO login account is required to download all software images. Tip On single supervisor MDS 9000 switches, like the 9100 and 9200 series, the switch will reboot. Therefore you should enable persistent FC ID and static domain IDs. For information on how to configure these values, see Configuring a Static Domain ID and Persistent FC ID . In this procedure the firmware images have been downloaded from the Cisco website and are located on a local file server. File server: testhost System image: m9500-sf1ek9-mz.1.3.4b.bin Kickstart image: m9500-sf1ek9-kickstart-mz.1.3.4b.bin The location of the firmware images may either be on the switch's bootflash: file system or on another server accessible via FTP/TFTP/SFTP/SCP. Upgrading Switch Firmware Using the CLI To upgrade the firmware of an MDS 9000 switch using SCP, enter the following CLI commands: Step 1 Determine what the upgrade impact will be on the system by using the show install all impact system command. This first optional command will also verify the image integrity as well as provide the details of the upgrade. This command does not actually perform the upgrade. ca-9506# show install all impact system scp://setmason@testhost/tftpboot/rel/qa/1_3_4b/final/m95 00-sf1ek9-mz.1.3.4b.bin kickstart scp://setmason@testhost /tftpboot/rel/qa/1_3_4b/final/m9500-sf1ek9-kickstart-mz.1.3.4b.bin For scp://setmason@testhost, please enter password: For scp://setmason@testhost, please enter password: Copying image from scp://setmason@testhost /tftpboot/rel/qa/1_3_4b/final/m9500-sf1ek9-kickstart-mz.1.3.4b.bin to bootflash:///m9500-sf1ek9-kickstart-mz.1.3.4b.bin. [####################] 100% -- SUCCESS Copying image from scp://setmason@testhost /tftpboot/rel/qa/1_3_4b/final/m9500-sf1ek9-mz.1.3.4b.bin to bootflash:///m9500-sf1ek9-mz.1.3.4b.bin. [####################] 100% -- SUCCESS Verifying image bootflash:///m9500-sf1ek9-kickstart-mz.1.3.4b.bin [####################] 100% -- SUCCESS Verifying image bootflash:///m9500-sf1ek9-mz.1.3.4b.bin [####################] 100% -- SUCCESS Extracting "slc" version from image bootflash:///m9500-sf1ek9-mz.1.3.4b.bin. [####################] 100% -- SUCCESS Extracting "ips" version from image bootflash:///m9500-sf1ek9-mz.1.3.4b.bin. [####################] 100% -- SUCCESS Extracting "svclc" version from image bootflash:///m9500-sf1ek9-mz.1.3.4b.bin. [####################] 100% -- SUCCESS Extracting "system" version from image bootflash:///m9500-sf1ek9-mz.1.3.4b.bin. [####################] 100% -- SUCCESS Extracting "kickstart" version from image bootflash:///m9500-sf1ek9-kickstart-mz .1.3.4b.bin. [####################] 100% -- SUCCESS Extracting "loader" version from image bootflash:///m9500-sf1ek9-kickstart-mz.1. 3.4b.bin. [####################] 100% -- SUCCESS Compatibility check is done: Module bootable Impact Install-type Reason ------ -------- -------------- ------------ ------ 1 yes non-disruptive rolling 2 yes non-disruptive rolling 3 yes non-disruptive rolling 4 yes non-disruptive rolling 5 yes non-disruptive reset 6 yes non-disruptive reset Other miscellaneous information for installation: Module info ------ ---------------------------------- Images will be upgraded according to following table: Module Image Running-Version New-Version Upg-Required ------ ---------- -------------------- -------------------- --------- 1 slc 1.3(4a) 1.3(4b) yes 1 bios v1.1.0(10/24/03) v1.0.8(08/07/03) no 2 slc 1.3(4a) 1.3(4b) yes 2 bios v1.0.8(08/07/03) v1.0.8(08/07/03) no 3 ips 1.3(4a) 1.3(4b) yes 3 bios v1.0.8(08/07/03) v1.0.8(08/07/03) no 4 svclc 1.3(4a) 1.3(4b) yes 4 svcsb 1.3(4m) 1.3(4m) no 4 svcsb 1.3(4) 1.3(4) no 4 bios v1.1.0(10/24/03) v1.0.8(08/07/03) no 5 system 1.3(4a) 1.3(4b) yes 5 kickstart 1.3(4a) 1.3(4b) yes 5 bios v1.1.0(10/24/03) v1.0.8(08/07/03) no 5 loader 1.2(2) 1.2(2) no 6 system 1.3(4a) 1.3(4b) yes 6 kickstart 1.3(4a) 1.3(4b) yes 6 bios v1.1.0(10/24/03) v1.0.8(08/07/03) no 6 loader 1.2(2) 1.2(2) no Step 2 Upgrade the firmware using the install all command and the appropriate file locations. ca-9506# install all system scp://setmason@testhost/tftpboot/rel/qa/1_3_4b/final/m95 00-sf1ek9-mz.1.3.4b.bin kickstart scp://setmason@testhost /tftpboot/rel/qa/1_3_4b/final/m9500-sf1ek9-kickstart-mz.1.3.4b.bin For scp://setmason@testhost, please enter password: For scp://setmason@testhost, please enter password: Copying image from scp://setmason@testhost /tftpboot/rel/qa/1_3_4b/final/m9500-sf1ek9-kickstart-mz.1.3.4b.bin to bootflash:///m9500-sf1ek9-kickstart-mz.1.3.4b.bin. [####################] 100% -- SUCCESS Copying image from scp://setmason@testhost /tftpboot/rel/qa/1_3_4b/final/m9500-sf1ek9-mz.1.3.4b.bin to bootflash:///m9500-sf1ek9-mz.1.3.4b.bin. [####################] 100% -- SUCCESS Verifying image bootflash:///m9500-sf1ek9-kickstart-mz.1.3.4b.bin [####################] 100% -- SUCCESS Verifying image bootflash:///m9500-sf1ek9-mz.1.3.4b.bin [####################] 100% -- SUCCESS Extracting "slc" version from image bootflash:///m9500-sf1ek9-mz.1.3.4b.bin. [####################] 100% -- SUCCESS Extracting "ips" version from image bootflash:///m9500-sf1ek9-mz.1.3.4b.bin. [####################] 100% -- SUCCESS Extracting "svclc" version from image bootflash:///m9500-sf1ek9-mz.1.3.4b.bin. [####################] 100% -- SUCCESS Extracting "system" version from image bootflash:///m9500-sf1ek9-mz.1.3.4b.bin. [####################] 100% -- SUCCESS Extracting "kickstart" version from image bootflash:///m9500-sf1ek9-kickstart-mz .1.3.4b.bin. [####################] 100% -- SUCCESS Extracting "loader" version from image bootflash:///m9500-sf1ek9-kickstart-mz.1. 3.4b.bin. [####################] 100% -- SUCCESS Compatibility check is done: Module bootable Impact Install-type Reason ------ -------- -------------- ------------ ------ 1 yes non-disruptive rolling 2 yes non-disruptive rolling 3 yes non-disruptive rolling 4 yes non-disruptive rolling 5 yes non-disruptive reset 6 yes non-disruptive reset Other miscellaneous information for installation: Module info ------ ---------------------------------- Images will be upgraded according to following table: Module Image Running-Version New-Version Upg-Required ------ ---------- -------------------- -------------------- --------- 1 slc 1.3(4a) 1.3(4b) yes 1 bios v1.1.0(10/24/03) v1.0.8(08/07/03) no 2 slc 1.3(4a) 1.3(4b) yes 2 bios v1.0.8(08/07/03) v1.0.8(08/07/03) no 3 ips 1.3(4a) 1.3(4b) yes 3 bios v1.0.8(08/07/03) v1.0.8(08/07/03) no 4 svclc 1.3(4a) 1.3(4b) yes 4 svcsb 1.3(4m) 1.3(4m) no 4 svcsb 1.3(4) 1.3(4) no 4 bios v1.1.0(10/24/03) v1.0.8(08/07/03) no 5 system 1.3(4a) 1.3(4b) yes 5 kickstart 1.3(4a) 1.3(4b) yes 5 bios v1.1.0(10/24/03) v1.0.8(08/07/03) no 5 loader 1.2(2) 1.2(2) no 6 system 1.3(4a) 1.3(4b) yes 6 kickstart 1.3(4a) 1.3(4b) yes 6 bios v1.1.0(10/24/03) v1.0.8(08/07/03) no 6 loader 1.2(2) 1.2(2) no Do you want to continue with the installation (y/n)? [n] y Install is in progress, please wait. Syncing image bootflash:///m9500-sf1ek9-kickstart-mz.1.3.4b.bin to standby. [####################] 100% -- SUCCESS Syncing image bootflash:///m9500-sf1ek9-mz.1.3.4b.bin to standby. [####################] 100% -- SUCCESS Setting boot variables. [####################] 100% -- SUCCESS Performing configuration copy. [####################] 100% -- SUCCESS Module 5: Waiting for module online. -- SUCCESS At this point, the switch performs a hitless supervisor switchover. A new Telnet/CLI session must be established to the new supervisor. Note If the images fail to copy to the standby supervisor, there may be insufficient room for the new images and some old images or files may need to be removed. See Managing Files on the Standby Supervisor Module for a recipe on removing files from the standby supervisor. Step 3 To view the status of the current upgrade from the new supervisor, enter the show install all status command. switch# show install all status This is the log of last installation. Continue on installation process, please wait. The login will be disabled until the installation is completed. Module 5: Waiting for module online. -- SUCCESS Module 1: Non-disruptive upgrading. -- SUCCESS Module 2: Non-disruptive upgrading. -- SUCCESS Module 3: Non-disruptive upgrading. -- SUCCESS Module 4: Non-disruptive upgrading. -- SUCCESS Install has been successful. Upgrading Switch Firmware Using Fabric Manager To upgrade the firmware of one or more MDS 9000 switches, leverage the interface of the Fabric Manager and follow these steps: Step 1 Select the Software Install Wizard from the toolbar in Fabric Manager. (See Figure 2-1.) Figure 2-1 Image Installation with Fabric Manager Step 2 Choose the switches to upgrade and click Next. (See Figure 2-2.) Figure 2-2 Choose Switches to Upgrade Step 3 Specify the location of the firmware images. (See Figure 2-3.) a. Enter the file information to transfer the file from the server to the switch. b. If the files are to be downloaded during the install, also enter the path and filename of the images. c. By checking the Skip Image Download check box, an upgrade can be performed using images that are already located on the supervisor's bootflash. Figure 2-3 Specify Firmware Images Step 4 Click Next. Depending on the installation method (that is, already downloaded to bootflash or download during the install), the wizard may prompt for additional file locations. The fourth and final screen provides a summary and enables you to start the install. During the installation, a compatibility screen pops up and displays the same version compatibility information that was displayed in the CLI upgrade. You must click Yes to continue with the upgrade. Note Unlike the CLI, the Fabric Manager maintains connectivity to the switch and provides detailed information during the entire upgrade sequence, without requiring you to manually reestablish connectivity to the switch during the supervisor switchover. If there is a failure, the last screen displays any reasons for a failed upgrade. Recovering a Password If there are no accounts accessible on the Cisco MDS 9000 switch that have either network-admin or user account creation privileges, you may have to perform a password recovery on the admin account if passwords are lost. Warning This procedure requires console access to the switch and requires a reboot of the switch. Tip It is possible for another CLI user with network-admin privileges to change the password of the admin user, which can alleviate reloading the switch. To recover the admin account's password, follow these steps: Step 1 If possible, save the current configuration by entering the copy-running config command on the switch: switch# copy running-config startup-config [########################################] 100% Step 2 Connect a console cable to the active supervisor of the MDS 9000 switch. (See Figure 2-4 and Figure 2-5.) Figure 2-4 Console Connection on an MDS 9500 Series Switch Figure 2-5 Console Connection on an MDS 9200 Series Switch Step 3 Attach the RS-232 end of the console cable to a PC. Step 4 Configure Hyperterm or a similar terminal emulation software for 9600 baud, 8 data bits, no parity, 1 stop bit and no flow control. (See Figure 2-6.) Figure 2-6 HyperTerm Terminal Settings Step 5 Establish a connection to the switch if possible, at least enough to display the login prompt if no user accounts are available. Step 6 For a multi-supervisor switch, MDS-9509 or MDS-9506, physically remove the standby supervisor. It is not necessary to remove it from the chassis, just enough so that it does not make contact with the backplane. Step 7 Reboot the switch either by cycling the power or entering the reload command. Step 8 Press Ctrl-] (when the switch begins its SAN-OS software boot sequence) to enter the switch(boot)# prompt. Step 9 Enter configuration mode: switchboot# config terminal Step 10 Enter the admin-password <new password> command. switch(boot-config)# admin-password temppassword switch(boot-config)# exit Step 11 Load the system image to finish the boot sequence. switch(boot)# load bootflash: m9500-sf1ek9-mz.1.3.4b.bin Step 12 Log in to the switch using the admin account and the temporary password. switch login: admin Password: Cisco Storage Area Networking Operating System (SAN-OS) Software TAC support: http://www.cisco.com/tac Copyright (c) 2002-2004, Cisco Systems, Inc. All rights reserved. The copyrights to certain works contained herein are owned by Andiamo Systems, Inc. and/or other third parties and are used and distributed under license. Some parts of this software are covered under the GNU Public License. A copy of the license is available at http://www.gnu.org/licenses/gpl.html. switch# Step 13 Change the admin password to a new permanent password. ca-9506# config terminal Enter configuration commands, one per line. End with CNTL/Z. ca-9506(config)# username admin password g05ox Step 14 Save the configuration that includes the new password. switch# copy running-config startup-config [########################################] 100% Installing a License To install a license key, use either the CLI and or the Fabric Manager. Using the CLI to Install a License Step 1 Copy the license file to the bootflash of the supervisor. switch# copy scp://user1@172.22.36.10/tmp/FM_Server.lic bootflash:FM_Server.lic user1@172.22.36.10's password: FM_Server.lic 100% \|***************************\| 2035 00:00 Step 2 Verify the license file. switch# show license file FM_Server.lic lic.lic: SERVER this_host ANY VENDOR cisco INCREMENT FM_SERVER_PKG cisco 1.0 permanent uncounted \ VENDOR_STRING=MDS HOSTID=VDH=FOX0713037X \ NOTICE="<LicFileID>lic_template</LicFileID><LicLineID>0</LicLineID> \ <PAK>dummyPak</PAK>" SIGN=D8CF07EA26C2 Step 3 Cross reference the switch's host-id (VDH=FOX0713037X) with that listed in the license file. ca-9506# show license host-id License hostid: VDH=FOX0713037X Step 4 Install the license file. switch# install license bootflash:FM_Server.lic Installing license ..done Step 5 Verify the license has been installed. switch# show license lic.lic: SERVER this_host ANY VENDOR cisco INCREMENT FM_SERVER_PKG cisco 1.0 permanent uncounted \ VENDOR_STRING=MDS HOSTID=VDH=FOX0713037X \ NOTICE="<LicFileID>lic_template</LicFileID><LicLineID>0</LicLineID> \ <PAK>dummyPak</PAK>" SIGN=D8CF07EA26C2 Step 6 Display a summary of the installed licenses by issuing the show license usage command. switch# show license usage Feature Insta License Status Expiry Date Comments lled Count ----------------------------------------------------------------- FM_SERVER_PKG Yes - In use never - MAINFRAME_PKG No - Unused - ENTERPRISE_PKG Yes - In use never - SAN_EXTN_OVER_IP Yes 2 In use never - SAN_EXTN_OVER_IP_IPS4 No 0 Unused - ----------------------------------------------------------------- Step 7 Display the features within a license package are being used by specifying the package name. In this case QoS is using the Enterprise package. ca-9506# show license usage ENTERPRISE_PKG Application ----------- Qos Manager ----------- Using Fabric Manager to Install a License To install a license, follow these steps: Step 1 Click the License Install icon in the main toolbar of Fabric Manager to launch the License Installation Wizard. You see the License Install Wizard dialog box. (See Figure 2-7.) Figure 2-7 License Installation Wizard Step 2 In the License Install Wizard dialog box, as shown in Figure 2-8, check the appropriate check box to specify how to install the keys based upon whether or not you have already obtained the license key files or if you have only a Product Authorization Key (PAK). If you have a PAK, then you can download the license file and install it from the Cisco website. Figure 2-8 License Installation Method Step 3 If the keys already exist on a server, enter the name and location of the license key files in the dialog box like the one in Figure 2-9. Figure 2-9 License File Location If the license files are not already available, and you only have the PAK numbers, then Fabric Manager can obtain the license files directly from Cisco.com. (See Figure 2-10.) Figure 2-10 Install License Using PAK At this point, the license keys can be installed and the licensable feature can be used. Copying Core Files from the MDS 9000 Switch If an MDS 9000 switch process crashes, it may create a core file which you can send to Cisco TAC for further troubleshooting. To copy a core file off of the MDS 9000 switch, follow these steps: Step 1 Before copying a core file to another server, identify the PID of the core file: switch# show cores Module-num Process-name PID Core-create-time ---------- ------------ --- ---------------- 5 fspf 1524 Jul 15 03:11 Step 2 Copy the core file using FTP, for example, with the following command syntax: "core://<module-number>/<process-id>" switch# copy core://5/1524 ftp://172.22.36.10/tmp/fspfcore You can now send the file to Cisco TAC according to the directions you receive from a TAC engineer. Configuring an NTP Server Network Time Protocol (NTP) is a protocol used by devices to synchronize their internal clocks with other devices. The Cisco MDS 9000 switch can only be used as an NTP client and can talk to other NTP systems which are considered to have a higher stratum (or authority). NTP is hierarchical in nature such that the lower stratum numbers are closer to the source of the time authority. Devices that are at the same stratum can be configured as peers so that they can work together to determine the correct ime by making minute adjustments. Normally, the MDS 9000 switches are configured as peers, while a router or other dedicated machine is used as an NTP server. Note NTP will not set the time zone (or offset from UTP) for the switch. You must manually set the time zone using, for example, Eastern Standard Time and Eastern Daylight-Savings Time: clock timezone EST -5.0 clock summer-time EDT 1 Sunday Apr 02:00 5 Sunday Oct 02:00 60 The following example uses these IP addresses: Switch #1 IP Address: 172.22.36.142 Switch #2 IP Address: 172.22.36.9 NTP Server: 171.69.16.26 To configure NTP for switch1, follow these steps: Step 1 Enter configuration mode and add the NTP server. switch1# conf t Enter configuration commands, one per line. End with CNTL/Z. switch1(config)# ntp server 171.69.16.26 Step 2 Add the NTP peer switch. switch1(config)# ntp peer 172.22.36.9 switch1(config)# end At this point, NTP is configured and the switch will slowly adjust to the new time. Step 3 To view the NTP configuration, enter the show ntp peers command: switch1# show ntp peers -------------------------------------------------- Peer IP Address Serv/Peer -------------------------------------------------- 171.69.16.26 Server 172.22.36.9 Peer Restoring a Fixed Switch Configuration This procedure covers the process of backing up and restoring a switch configuration for one of the Cisco MDS 9000 Family switches that have a fixed configuration. These include the Cisco MDS 9216 and 9100 series fabric switches. This procedure leverages the following resources: •Old Switch: switch1: (172.22.36.8) •New Switch: switch2 •File Server: host1 Note Only restore a switch configuration to a switch that has the exact same firmware version on it as was used to create the switch configuration. If an upgrade is required, restore the configuration, and then upgrade the firmware. To restore a fixed switch configuration, follow these steps: Step 1 Save the running configuration using the following command. switch1# copy running-config startup-config [########################################] 100% Step 2 Copy the startup configuration to the file server using any of the available methods on the MDS 9000 switch, such as FTP, TFTP, SFTP, or SCP. switch1# copy startup-config scp://user@host1/switch1.config user@switch1's password: sysmgr_system.cfg 100% \|*************************\| 10938 00:00 switch1# Step 3 Capture the port assignments using the fabric login (FLOGI) database. The database is used to verify that all of the cables are placed in the correct locations. switch1# show flogi database --------------------------------------------------------------------------- INTERFACE VSAN FCID PORT NAME NODE NAME --------------------------------------------------------------------------- fc1/8 600 0x7c0007 50:05:07:63:00:ce:a2:27 50:05:07:63:00:c0:a2:27 fc1/13 1001 0xef0001 50:06:0e:80:03:4e:95:13 50:06:0e:80:03:4e:95:13 fc1/15 600 0x7c0004 50:06:0b:00:00:13:37:ae 50:06:0b:00:00:13:37:af Note At this point, the old switch is no longer needed; its mgmt0 port should be disconnected from the LAN. Step 4 Log on to the new switch using the console connection and clear the switch configuration. Do not run the setup script, if prompted. The write erase command will erase the switch configuration. switch2# write erase Warning: This command will erase the startup-configuration. Do you wish to proceed anyway? (y/n) [n] y Step 5 Reload the switch. switch2# reload This command will reboot the system. (y/n)? [n] y When the switch comes up in its factory default mode and prompts for the Basic System Configuration Dialog, skip it because all the configuration options are contained in the startup configuration file of the old switch. Step 6 Manually configure the IP address as follows. switch2# config terminal Enter configuration commands, one per line. End with CNTL/Z. switch2(config)# int mgmt 0 switch2(config-if)# ip address 172.22.36.8 255.255.254.0 switch2(config-if)# no shut Step 7 If interface (fc X/Y) based zoning is used, obtain the WWN for the new switch. Otherwise, skip this step. switch2# show wwn switch Switch WWN is 20:00:00:0d:ec:02:1d:40 Step 8 On the file server, make a copy of the configuration file and then open it in a text editor, such as Notepad or vi. a. Remove the lines that contain the SNMP user accounts, as the encrypted passwords are tied to the MAC address of the chassis: $ cp switch1.config switch1.config.orig $ vi switch1.config The user accounts are all grouped together and begin with snmp-server user: snmp-server user admin network-admin auth md5 0x46694cac2585d39d3bc00c8a4c7d48a6 localizedkey snmp-server user guestadmin network-admin auth md5 0xcae40d254218747bc57ee1df348 26b51 localizedkey b. If interface (fc X/Y) zoning was not used, skip this step. Otherwise, replace the WWN of the old switch in the zone member commands with the WWN of the new switch: zone name Z_1 vsan 9 member interface fc1/9 swwn 20:00:00:0d:ec:02:1d:40 c. Save and exit the configuration file. Step 9 From the new switch, copy the modified configuration file from the file server onto the running configuration of the new switch. As the file is copied, it executes on the switch as the configuration is applied. The commands being applied are contained in single quotes. Any errors caused by applying the commands are displayed immediately after the error-causing command executes. The prompt changes to reflect the new switch name. switch2# copy scp://user@host1/switch1.config running-config user@host1's password: switch1.config 100% \|*************************\| 10938 00:00 Step 10 Save the configuration by copying startup-config to running-config. switch1# copy running-config startup-config [########################################] 100%: Step 11 At this point, access the switch via the CLI and perform the following remaining items: a. Recreate SNMP user accounts. b. Remove the MDS 9000 switch entry from the host's known_hosts file, because the switch's public key is different. c. Install license keys, if required. Step 12 Move the cables from the old switch to the new switch, using the show flogi database command on the old switch as a reference to verify that each cable is in the correct location. Step 13 Verify that all devices have logged in and that all features are running as they are supposed to be. Step 14 Save the running-configuration to the startup-configuration with the copy running-config startup-config command. Step 15 Reload the switch to verify that it boots correctly with the configuration. Preparing to Call Cisco TAC At some point, the administrator may need to contact the Cisco TAC or their OSM for some additional assistance. This section outlines the steps that the administrator should perform prior to contacting their next level of support, as this will reduce the amount of time needed to resolve the issue. Step 1 Do not reload the line card or the switch until you have completed at least Step 2. Some logs and counters are kept in volatile storage and will not survive a reload. Step 2 Collect switch information and configuration. Do this before the issue is resolved and after it is resolved. The following three methods of collecting switch information each provide the same information. a. CLI: Configure the Telnet/SSH application to log the screen output to a text file and issue the show tech-support details command. b. CLI: Issue the tac-pac <filename> command, as in this example: tac-pac bootflash://showtech.switch1. The tac-pac command redirects the output of a show tech-support details command to a file that you can then gzip. If no filename is specified, the file created is volatile:show_tech_out.gz. Copy the file off the MDS 9000 switch using the procedure described in Copying Files to or from the MDS 9000 Switch. c. Fabric Manager: Choose Tools > Show tech support. Fabric manager can capture switch configuration information from multiple switches simultaneously. The file can be saved on the local PC. Step 3 Capture the exact error codes: a. If the error occurs in Fabric Manager, take a screen shot of the error. In Windows, use ALT+Print Screen to capture the active window, or press the Print Screen key to capture the entire desktop. Paste the screen capture into a new MSpaint.exe (or similar program) session. b. Display the message log using the show logging log command or view the last X lines of the log using the show logging last** lines command. Step 4 Answer the following questions before placing a call to TAC: a. In which switch, HBA, or storage port is the problem occurring? List MDS firmware, driver versions, operating systems versions and storage device firmware. b. What is the network topology? (In Fabric Manager, choose Tools -> Show Tech. Save the map.) c. Were any changes being made to the environment (zoning, adding line cards, upgrades) prior to or at the time of this event? d. Are there other similarly configured devices that could have this problem but do not have it? e. Where is this problematic device connected (MDS 9000 switch Z, interface x/y)? f. When did this problem first occur? g. When did this problem last occur? h. How often does this problem occur? i. How many devices have this problem? j. Were any traces or debug outputs captured during the problem time? What troubleshooting steps have already been done? Were any of the following tools used? –Fcanalyzer, PAA-2, Ethereal, local or remote SPAN –CLI debug commands –FC traceroute, FC ping –FM/DM Implementing Syslog The syslog message server allows Cisco MDS 9000 switches to send a copy of the message log to a host for more permanent storage. Saving the logs in this way can be useful if the logs need to be examined over a long period of time or when the MDS 9000 switch is not accessible. This example demonstrates how to configure a Cisco MDS 9000 switch to use the syslog facility on a Solaris platform. Although a Solaris host is being used, the syslog configuration on all UNIX and Linux systems is very similar. Syslog uses the concept of a facility to determine how a message should be handled on the syslog server (the Solaris system in this example), and the message severity. Therefore, different message severities can be handled differently by the syslog server. They could be logged to different files or sent via e-mail to a particular user. Specifying a severity determines that all messages of that level and greater severity (lower number) will be acted upon. Tip The MDS 9000 switch messages should be logged to a different file from the standard syslog file so that they cannot be confused with other non-MDS 9000 switch syslog messages. To prevent log messages from filling up the /filesystem directory, do not locate the log file on the /filesystem directory. Syslog Client: switch1 Syslog Server: 172.22.36.211 (Solaris) Syslog facility: local1 Syslog severity: notifications (level 5, the default) File to log MDS messages to: /var/adm/MDS_logs To configure a Cisco MDS 9000 switch to use the syslog facility on a Solaris platform, follow these steps: Step 1 Configure the MDS 9000 switch using the config terminal command: switch1# config terminal Enter configuration commands, one per line. End with CNTL/Z. switch1(config)# logging server 172.22.36.211 6 facility local1 Step 2 Display the configuration using the show logging server command: switch1# show logging server Logging server: enabled {172.22.36.211} server severity: notifications server facility: local1 Step 3 Configure the syslog server: a. Modify /etc/syslog.conf to handle local1 messages. For Solaris, there needs to be at least one tab between the facility.severity and the action (/var/adm/MDS_logs) #Below is for the MDS 9000 logging local1.notice /var/adm/MDS_logs b. Create the log file: #touch /var/adm/MDS_logs c. Restart syslogd: # /etc/init.d/syslog stop # /etc/init.d/syslog start syslog service starting. d. Verify syslog started: # ps -ef \|grep syslogd root 23508 1 0 11:01:41 ? 0:00 /usr/sbin/syslogd Step 4 Test the syslog server by creating an event on the MDS 9000 switch. In this case, port fc1/2 was bounced and the following information was listed on the syslog server. Notice that the IP address of the switch is listed in brackets. # tail -f /var/adm/MDS_logs Sep 17 11:07:41 [172.22.36.142.2.2] : 2004 Sep 17 11:17:29 pacific: %PORT-5-IF_DOWN_INITIALIZING: %$VSAN 1%$ Interface fc1/2 is down (Initializing) Sep 17 11:07:49 [172.22.36.142.2.2] : 2004 Sep 17 11:17:36 pacific: %PORT-5-IF_UP: %$VSAN 1%$ Interface fc1/2 is up in mode TE Sep 17 11:07:51 [172.22.36.142.2.2] : 2004 Sep 17 11:17:39 pacific: %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configuring console from pts/0 (dhcp-171-71-49-125.cisco.com)
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks