Cisco MDS 9000 Family Command Reference, Release 2.x
I Commands

Table Of Contents

I Commands

in-order-guarantee

initiator

install all

install license

install module bios

install module epld

install module loader

install ssi

interface

interface fc

interface fc-tunnel

interface fcip

interface gigabitethernet

interface iscsi

interface mgmt

interface port-channel

interface vsan

ip access-group

ip access-list

ip address (FCIP profile configuration submode)

ip address (interface configuration submode)

ip-compression

ip default-gateway

ip default-network

ip domain-list

ip domain-lookup

ip domain-name

ip name-server

ip route

ip routing

iscsi authentication

iscsi duplicate-wwn-check

iscsi enable

iscsi import target fc

iscsi initiator idle-timeout

iscsi initiator ip-address

iscsi initiator name

iscsi interface vsan-membership

iscsi save-initiator

iscsi virtual-target name

isns

isns distribute

isns esi retries

isns profile name

isns reregister

isns-server enable

ivr abort

ivr commit

ivr copy auto-topology user-configured-topology

ivr distribute

ivr enable

ivr fcdomain database autonomous-fabric-num

ivr nat

ivr refresh

ivr service-group name

ivr virtual-fcdomain-add

ivr vsan-topology

ivr vsan-topology database

ivr withdraw domain

ivr zone name

ivr zoneset


I Commands


The commands in this chapter apply to the Cisco MDS 9000 Family of multilayer directors and fabric switches. All commands are shown here in alphabetical order regardless of command mode. See the "About the CLI Command Modes" section to determine the appropriate mode for each command. For more information, refer to the Cisco MDS 9000 Family Configuration Guide.

in-order-guarantee

To enable in-order delivery, use the in-order-guarantee command in configuration mode. To disable in-order delivery, use the no form of the command.

in-order-guarantee [vsan vsan-id]

no in-order-guarantee [vsan vsan-id]

Syntax Description

vsan vsan-id

Specifies a VSAN ID. The range is 1 to 4093.


Defaults

Disabled.

Command Modes

Configuration mode.

Command History

Release
Modification

1.3(4)

This command was introduced.


Usage Guidelines

In-order delivery of data frames guarantees frame delivery to a destination in the same order that they were sent by the originator.

Examples

The following example shows how to enable in-order delivery for the entire switch.

switch# config terminal
switch(config) # in-order-guarantee

The following example shows how to disable in-order delivery for the entire switch.

switch(config)# no in-order-guarantee

The following example shows how to enable in-order delivery for a specific VSAN.

switch(config)# in-order-guarantee vsan 3452

The following example shows how to disable in-order delivery for a specific VSAN.

switch(config)# no in-order-guarantee vsan 101

Related Commands

Command
Description

show in-order-guarantee

Displays the in-order-guarantee status.


initiator

To configure the initiator version and address, use the initiator command IKE configuration submode. To revert to the default, use the no form of the command.

initiator version version address ip-address

no initiator version version address ip-address

Syntax Description

version

Specifies the protocol version number. The only valid value is 1.

address ip-address

Specifies the IP address for the IKE peer. The format is A.B.C.D.


Defaults

IKE version 2.

Command Modes

IKE configuration submode.

Command History

Release
Modification

2.0(1b)

This command was introduced.


Usage Guidelines

To use this command, the IKE protocol must be enabled using the crypto ike enable command.

Examples

The following example shows how initiator information for the IKE protocol.

switch# config terminal
switch(config)# crypto ike domain ipsec
switch(config-ike-ipsec)# initiator version 1 address 10.1.1.1

Related Commands

Command
Description

crypto ike domain ipsec

Enters IKE configuration mode.

crypto ike enable

Enables the IKE protocol.

show crypto ike domain ipsec

Displays IKE information for the IPsec domain.


install all

To upgrade all modules in any Cisco MDS 9000 family switch, use the install all command. This upgrade can happen nondisruptively or disruptively depending on the current configuration of your switch.

install all [{asm-sfn | kickstart | ssi | system} URL]

Syntax Description

asm-sfn filename

Upgrades the ASM image.

system

Upgrades the system image.

ssi

Upgrades the SSI image.

kickstart

Upgrades the kickstart image.

URL

The location URL of the source file to be installed.


The following table lists the aliases for URL.

bootflash:

Source location for internal bootflash memory.

slot0:

Source location for the CompactFlash memory or PCMCIA card.

volatile:

Source location for the volatile file system.

tftp:

Source location for a Trivial File Transfer Protocol (TFTP) network server. The syntax for this URL is tftp:[[//location]/directory]/filename.

ftp:

Source location for a File Transfer Protocol (FTP) network server. The syntax for this URL is ftp:[[//location]/directory]/filename.

sftp:

Source location for a Secure Trivial File Transfer Protocol (SFTP) network server. The syntax for this URL is sftp:[[//<username@>location]/directory]/filename.

scp:

Source location for a Secure Copy Protocol (SCP) network server. The syntax for this URL is scp:[[//location]/directory]/filename.

image-filename

The name of the source image file.


Defaults

None.

Command Modes

EXEC mode.

Command History

Release
Modification

1.0(3)

This command was introduced.

1.2(2)

Added the asm-sfn keyword and made all keywords optional.

2.0(1b)

Added the ssi keyword.


Usage Guidelines

The install all command upgrades all modules in any Cisco MDS 9000 Family switch.

To copy a remote file, specify the entire remote path exactly as it is.


Caution If a switchover is required when you issue the install all command from a Telnet or SSH session, all open sessions are terminated. If no switchover is required, the session remains unaffected. The software issues a self-explanatory warning at this point and provides the option to continue or terminate the installation.

See the Cisco MDS 9000 Family Configuration Guide for detailed procedures.

Examples

The following example displays the result of the install all command if the system and kickstart files are specified locally.

switch# install all sys bootflash:isan-1.3.1 kickstart bootflash:boot-1.3.1

Verifying image bootflash:/boot-1.3.1
[####################] 100% -- SUCCESS

Verifying image bootflash:/isan-1.3.1
[####################] 100% -- SUCCESS

Extracting "slc" version from image bootflash:/isan-1.3.1.
[####################] 100% -- SUCCESS

Extracting "ips" version from image bootflash:/isan-1.3.1.
[####################] 100% -- SUCCESS

Extracting "system" version from image bootflash:/isan-1.3.1.
[####################] 100% -- SUCCESS

Extracting "kickstart" version from image bootflash:/boot-1.3.1.
[####################] 100% -- SUCCESS

Extracting "loader" version from image bootflash:/boot-1.3.1.
[####################] 100% -- SUCCESS



Compatibility check is done:
Module  bootable          Impact  Install-type  Reason
------  --------  --------------  ------------  ------
     1       yes  non-disruptive       rolling
     2       yes      disruptive       rolling  Hitless upgrade is not supported
     3       yes      disruptive       rolling  Hitless upgrade is not supported
     4       yes  non-disruptive       rolling
     5       yes  non-disruptive         reset
     6       yes  non-disruptive         reset



Images will be upgraded according to following table:
Module       Image       Running-Version           New-Version  Upg-Required
------  ----------  --------------------  --------------------  ------------
     1         slc               1.3(2a)                1.3(1)           yes
     1        bios      v1.1.0(10/24/03)      v1.1.0(10/24/03)            no
     2         ips               1.3(2a)                1.3(1)           yes
     2        bios      v1.1.0(10/24/03)      v1.1.0(10/24/03)            no
     3         ips               1.3(2a)                1.3(1)           yes
     3        bios      v1.1.0(10/24/03)      v1.1.0(10/24/03)            no
     4         slc               1.3(2a)                1.3(1)           yes
     4        bios      v1.1.0(10/24/03)      v1.1.0(10/24/03)            no
     5      system               1.3(2a)                1.3(1)           yes
     5   kickstart               1.3(2a)                1.3(1)           yes
     5        bios      v1.1.0(10/24/03)      v1.1.0(10/24/03)            no
     5      loader                1.2(2)                1.2(2)            no
     6      system               1.3(2a)                1.3(1)           yes
     6   kickstart               1.3(2a)                1.3(1)           yes
     6        bios      v1.1.0(10/24/03)      v1.1.0(10/24/03)            no
     6      loader                1.2(2)                1.2(2)            no

Do you want to continue with the installation (y/n)?  [n] y

Install is in progress, please wait.

Syncing image bootflash:/boot-1.3.1 to standby.
[####################] 100% -- SUCCESS

Syncing image bootflash:/isan-1.3.1 to standby.
[####################] 100% -- SUCCESS
Jan 18 23:40:03 Hacienda %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configuring console from

Performing configuration copy.
[####################] 100% -- SUCCESS

Module 6: Waiting for module online.
|
Auto booting bootflash:/boot-1.3.1 bootflash:/isan-1.3.1...
Booting kickstart image: bootflash:/boot-1.3.1....
.....................................Image verification OK

Starting kernel...
INIT: version 2.78 booting
Checking all filesystems..r.r.. done.
Loading system software
Uncompressing system image: bootflash:/isan-1.3.1
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCC
INIT: Entering runlevel: 3


The following example displays the file output continuation of the install all command on the console 
of the standby supervisor module.
Hacienda(standby)#

Auto booting bootflash:/boot-1.3.1 bootflash:/isan-1.3.1...
Booting kickstart image: bootflash:/boot-1.3.1....
.....................................Image verification OK

Starting kernel...
INIT: version 2.78 booting
Checking all filesystems..r.r.. done.
Loading system software
Uncompressing system image: bootflash:/isan-1.3.1
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCC
INIT: Entering runlevel: 3


Continue on installation process, please wait.
The login will be disabled until the installation is completed.

Module 6: Waiting for module online.
Jan 18 23:43:02 Hacienda %PORT-5-IF_UP: Interface mgmt0 is up
Jan 18 23:43:19 Hacienda %LICMGR-3-LOG_LIC_NO_LIC: No license(s) present for feature 
FM_SERVER_PKG. Application(s) shutdown in 53 days.
Jan 18 23:43:19 Hacienda %LICMGR-3-LOG_LIC_NO_LIC: No license(s) present for feature 
ENTERPRISE_PKG. Application(s) shutdown in 50 days.
Jan 18 23:43:19 Hacienda %LICMGR-3-LOG_LIC_NO_LIC: No license(s) present for feature 
SAN_EXTN_OVER_IP. Application(s) shutdown in 50 days.
Jan 18 23:43:19 Hacienda %LICMGR-3-LOG_LICAPP_NO_LIC: Application port-security running 
without ENTERPRISE_PKG license, shutdown in 50 days
Jan 18 23:43:19 Hacienda %LICMGR-4-LOG_LICAPP_EXPIRY_WARNING: Application Roles evaluation 
license ENTERPRISE_PKG expiry in 50 days
Jan 18 23:44:54 Hacienda %BOOTVAR-5-NEIGHBOR_UPDATE_AUTOCOPY: auto-copy supported by 
neighbor, starting...

Module 1: Non-disruptive upgrading.
[#                   ]   0%Jan 18 23:44:56 Hacienda %MODULE-5-STANDBY_SUP_OK: Supervisor 5 
is standby
Jan 18 23:44:55 Hacienda %IMAGE_DNLD-SLOT1-2-IMG_DNLD_STARTED:  Module image download 
process. Please wait until completion...
Jan 18 23:45:12 Hacienda %IMAGE_DNLD-SLOT1-2-IMG_DNLD_COMPLETE:  Module image download 
process. Download successful.
Jan 18 23:45:48 Hacienda %MODULE-5-MOD_OK: Module 1 is online
[####################] 100% -- SUCCESS

Module 4: Non-disruptive upgrading.
[#                   ]   0%Jan 18 23:46:12 Hacienda %IMAGE_DNLD-SLOT4-2-IMG_DNLD_STARTED:  
Module image download process. Please wait until completion...
Jan 18 23:46:26 Hacienda %IMAGE_DNLD-SLOT4-2-IMG_DNLD_COMPLETE:  Module image download 
process. Download successful.
Jan 18 23:47:02 Hacienda %MODULE-5-MOD_OK: Module 4 is online
[####################] 100% -- SUCCESS

Module 2: Disruptive upgrading.
...
-- SUCCESS

Module 3: Disruptive upgrading.
...
 -- SUCCESS

Install has been successful.

MDS Switch
Hacienda login:

The following example displays the result of the install all command if the system and kickstart files are specified remotely.

switch# install all system 
scp://user@171.69.16.26/tftpboot/HKrel/qa/vegas/final/m9500-sf1ek9-mz.1.3.2a.bin kickstart 
scp://user@171.69.16.26/tftpboot/HKrel/qa/vegas/final/m9500-sf1ek9-kickstart-mz.1.3.2a.bin
For scp://user@171.69.16.26, please enter password:
For scp://user@171.69.16.26, please enter password:

Copying image from 
scp://user@171.69.16.26/tftpboot/HKrel/qa/vegas/final/m9500-sf1ek9-kickstart-mz.1.3.2a.bin 
to bootflash:///m9500-sf1ek9-kickstart-mz.1.3.2a.bin.
[####################] 100% -- SUCCESS

Copying image from 
scp://user@171.69.16.26/tftpboot/HKrel/qa/vegas/final/m9500-sf1ek9-mz.1.3.2a.bin to 
bootflash:///m9500-sf1ek9-mz.1.3.2a.bin.
[####################] 100% -- SUCCESS

Verifying image bootflash:///m9500-sf1ek9-kickstart-mz.1.3.2a.bin
[####################] 100% -- SUCCESS

Verifying image bootflash:///m9500-sf1ek9-mz.1.3.2a.bin
[####################] 100% -- SUCCESS

Extracting "slc" version from image bootflash:///m9500-sf1ek9-mz.1.3.2a.bin.
[####################] 100% -- SUCCESS

Extracting "ips" version from image bootflash:///m9500-sf1ek9-mz.1.3.2a.bin.
[####################] 100% -- SUCCESS

Extracting "system" version from image bootflash:///m9500-sf1ek9-mz.1.3.2a.bin.
[####################] 100% -- SUCCESS

Extracting "kickstart" version from image 
bootflash:///m9500-sf1ek9-kickstart-mz.1.3.2a.bin.
[####################] 100% -- SUCCESS

Extracting "loader" version from image bootflash:///m9500-sf1ek9-kickstart-mz.1.3.2a.bin.
[####################] 100% -- SUCCESS



Compatibility check is done:
Module  bootable          Impact  Install-type  Reason
------  --------  --------------  ------------  ------
     1       yes  non-disruptive       rolling
     2       yes      disruptive       rolling  Hitless upgrade is not supported
     3       yes  non-disruptive       rolling
     4       yes  non-disruptive       rolling
     5       yes  non-disruptive         reset
     6       yes  non-disruptive         reset
     7       yes  non-disruptive       rolling
     8       yes  non-disruptive       rolling
     9       yes      disruptive       rolling  Hitless upgrade is not supported


Images will be upgraded according to following table:
Module       Image       Running-Version           New-Version  Upg-Required
------  ----------  --------------------  --------------------  ------------
     1         slc                1.3(1)               1.3(2a)           yes
     1        bios      v1.1.0(10/24/03)      v1.0.8(08/07/03)            no
     2         ips                1.3(1)               1.3(2a)           yes
     2        bios      v1.1.0(10/24/03)      v1.0.8(08/07/03)            no
     3         slc                1.3(1)               1.3(2a)           yes
     3        bios      v1.1.0(10/24/03)      v1.0.8(08/07/03)            no
     4         slc                1.3(1)               1.3(2a)           yes
     4        bios      v1.1.0(10/24/03)      v1.0.8(08/07/03)            no
     5      system                1.3(1)               1.3(2a)           yes
     5   kickstart                1.3(1)               1.3(2a)           yes
     5        bios      v1.1.0(10/24/03)      v1.0.8(08/07/03)            no
     5      loader                1.2(2)                1.2(2)            no
     6      system                1.3(1)               1.3(2a)           yes
     6   kickstart                1.3(1)               1.3(2a)           yes
     6        bios      v1.1.0(10/24/03)      v1.0.8(08/07/03)            no
     6      loader                1.2(2)                1.2(2)            no
     7         slc                1.3(1)               1.3(2a)           yes
     7        bios      v1.1.0(10/24/03)      v1.0.8(08/07/03)            no
     8         slc                1.3(1)               1.3(2a)           yes
     8        bios      v1.1.0(10/24/03)      v1.0.8(08/07/03)            no
     9         ips                1.3(1)               1.3(2a)           yes
     9        bios      v1.1.0(10/24/03)      v1.0.8(08/07/03)            no

Do you want to continue with the installation (y/n)?  [n]

Related Commands

Command
Description

install module bios

Upgrades the supervisor or switching module BIOS.

install module loader

Upgrades the bootloader on the active or standby supervisor or modules.

show version

Displays software image version information.


install license

To program the supervisor or switching module BIOS, use the install license command.

install license [bootflash: | slot0: | volatile:] file-name

Syntax Description

bootflash:

Source location for the license file.

slot0:

Source location for the license file.

volatile:

Source location for the license file.

file-name

The name of the license file.


Defaults

None.

Command Modes

EXEC mode.

Command History

Release
Modification

1.2(1)

This command was introduced.


Usage Guidelines

If a target file name is provided after the source URL, the license file is installed with that name. Otherwise, the filename in the source URL is used. This command also verifies the license file before installing it.

Examples

The following example installs a file named license-file which resides in the bootflash: directory..

switch# install license bootflash:license-file

Related Commands

Command
Description

show license

Displays license information.


install module bios

To program the supervisor or switching module BIOS, use the install module bios command.

install module module-number bios {system [bootflash: | slot0: | volatile: | system-image]}

Syntax Description

module-number

From slot 1 to 9 in a Cisco MDS 9500 Series switch.
From slot 1 to 2 in a Cisco MDS 9200 Series switch.

system

Specifies the system image to use (optional). If system is not specified, the current running image is used.

bootflash:

Source location for internal bootflash memory

slot0:

Source location for the CompactFlash memory or PCMCIA card.

volatile:

Source location for the volatile file system.

system-image

The name of the system or kickstart image.


Defaults

None.

Command Modes

EXEC mode.

Command History

Release
Modification

1.0(3)

This command was introduced.


Usage Guidelines

If the BIOS is upgraded, you need to reboot to make the new BIOS effective. You can schedule the reboot at a convenient time so traffic will not be impacted.

The console baud rate automatically reverts to the default rate (9600) after any BIOS upgrade.

The URL is always the system image URL in the supervisor module, and points to the bootflash: or slot0: directories.

Examples

The following example shows how to perform a nondisruptive upgrade for the system.

switch# install module 1 bios 
Started bios programming .... please wait
###
BIOS upgrade succeeded for module 1

In this example, the switching module in slot 1 was updated.

install module epld

To upgrade the electrically programmable logical devices (EPLDs) module, use the install module epld command. This command is only for supervisor modules, not switching modules.

install module module-number epld [bootflash: |ftp: | scp: | sftp: | tftp: | volatile:]

Syntax Description

module-number

Enters the number for the standby supervisor modules or any other line card.

bootflash:

Source location for internal bootflash memory.

ftp

Local/Remote URI containing EPLD Image.

scp

Local/Remote URI containing EPLD Image.

sftp

Local/Remote URI containing EPLD Image.

tftp

Local/Remote URI containing EPLD Image.

volatile:

Source location for the volatile file system.


Defaults

None.

Command Modes

EXEC mode.

Command History

Release
Modification

1.2(1)

This command was introduced.


Usage Guidelines

Issue this command from the active supervisor module to update any other module.

If you forcefully upgrade a module that is not online, all EPLDs are forcefully upgraded. If the module is not present in the switch, an error is returned. If the module is present, the command process continues.

Do not insert or extract any modules while an EPLD upgrade or downgrade is in progress.

Examples

The following example upgrades the EPLDs for the module in slot 2.

switch# install module 2 epld scp://user@10.6.16.22/users/dino/epld.img

The authenticity of host '10.6.16.22' can't be established.
RSA1 key fingerprint is 55:2e:1f:0b:18:76:24:02:c2:3b:62:dc:9b:6b:7f:b7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.6.16.22' (RSA1) to the list of known hosts.
user@10.6.16.22's password:
epld.img             100% |*****************************|  1269 KB    00:00

Module Number                                      2
EPLD                            Curr Ver     New Ver
----------------------------------------------------
Power Manager                       0x06
XBUS IO                             0x07        0x08
UD chip Fix                         0x05
Sahara                              0x05        0x05

Module 2 will be powered down now!!
Do you want to continue (y/n) ? y
\ <------------------------------------------------------------progress twirl
Module 2 EPLD upgrade is successful

The following example forcefully upgrades the EPLDs for the module in slot 2.

switch# install module 2 epld scp://user@10.6.16.22/epld-img-file-path

Module 2 is not online, Do you want to continue (y/n) ? y
cchetty@171.69.16.22's password:
epld.img             100% |*****************************|  1269 KB    00:00
\ <------------------------------------------------------------progress twirl
Module 2 EPLD upgrade is successful

Related Commands

Command
Description

show version module number epld

Displays the current EPLD versions.

show version epld

Displays the available EPLD versions.


install module loader

To upgrade the bootloader on either the active or standby supervisor module, use the install module loader command. This command is only for supervisor modules, not switching modules.

install module module-number loader kickstart [bootflash: | slot0: | volatile: | kickstart-image]

Syntax Description

module-number

Enters the module number for the active or standby supervisor modules (only slot 5 or 6).

kickstart

Specifies the kickstart image to use.

bootflash:

Source location for internal bootflash memory

slot0:

Source location for the CompactFlash memory or PCMCIA card.

volatile:

Source location for the volatile file system.

kickstart-image

The name of the kickstart image.


Defaults

None.

Command Modes

EXEC mode.

Command History

Release
Modification

1.0(3)

This command was introduced.


Usage Guidelines

Before issuing the install module loader command, be sure to read the release notes to verify compatibility issues between the boot loader and the kickstart or system images.

If you install a loader version that is the same as the currently-installed version, the loader will not be upgraded. When both the current version and the installed version are the same, use the init system command to force a loader upgrade.

Examples

The following example shows how to perform a non disruptive upgrade for the system.

switch# install module 6 loader bootflash:kickstart_image

This example displays the command being issued on the standby supervisor module in slot 6.

Related Commands

Command
Description

show version

Verify the output before and after the upgrade.


install ssi

To perform a nondisruptive upgrade of the SSI image on an SSM, use the install ssi command.

install ssi {bootflash: | slot0: | modflash:}file-name module slot

Syntax Description

bootflash:

Source location for the SSI boot image file.

slot0:

Source location for the SSI boot image file.

modflash:

Source location for the SSI boot image file.

file-name

Specifies the SSI boot image file name.

module slot

Specifies the module slot number.


Defaults

None.

Command Modes

EXEC mode.

Command History

Release
Modification

2.1(2)

This command was introduced.


Usage Guidelines

You can use the install ssi command to upgrade or downgrade the SSI boot image if the SSM is only configured for Fibre Channel switching. If your SSM is configured for VSFN or Intelligent Storage Services, you must use the boot command to reconfigure the SSI boot variable and reload the module.

The install ssi command implicitly sets the SSI boot variable.

Examples

The following example installs the SSI boot image on the module in slot 2.

switch# install ssi bootflash:lm9000-ek9-ssi-mz.2.1.2.bin module 2

Related Commands

Command
Description

show boot

Displays the current contents of boot variables.

show module

Verifies the status of a module.

boot

Configures the boot variables.


interface

To configure an interface on the Cisco MDS 9000 Family of switches, use the interface command in configuration mode.

interface {cpp | fc | fc-tunnel | fcip | gigabitethernet | iscsi | mgmt | port-channel | svc | vsan}

Syntax Description

cpp

Configures a Control Plane Process (CPP) interface for the Advanced Services Module (ASM)—see the interface cpp command.

fc

Configures a Fiber Channel interface—see the interface fc command.

fc-tunnel

Configures a Fiber Channel link interface—see the interface fc-tunnel command.

fcip

Configures a Fibre Channel over IP (FCIP) interface—see the interface fcip command.

gigabitethernet

Configures a Gigabit Ethernet interface—see the interface gigabitethernet command.

iscsi

Configures an iSCSI interface—see the interface iscsi command.

mgmt

Configures a management interface—see the interface mgmt command.

port-channel

Configures a PortChannel interface—see the interface port-channel command.

svc

Configures a SAN Volume Controller (SVC) interface for the Caching Services Module (CSM)—see the interface svc command.

vsan

Configures a VSAN interface—see the interface vsan command.


Defaults

Disabled.

Command Modes

Configuration mode

Command History

Release
Modification

1.0(2)

This command was introduced.


Usage Guidelines

You can specify a range of interfaces by issuing a command with the following example format:

interface fc1/1 - 5 , fc2/5 - 7

The spaces are required before and after the dash ( - ) and before and after the comma ( , ).

Examples

The following example selects the mgmt 0 interface and enters interface configuration submode.

switch# config terminal
switch(config)# interface mgmt 0
switch(config-if)#

Related Commands

Command
Description

show interface

Displays an interface configuration for a specified interface.


interface fc

To configure a Fibre Channel interface on the Cisco MDS 9000 Family of switches, use the interface fc command in EXEC mode. To revert to defaults, use the no form of the command.

interface fc slot/port
channel-group {group-id [force] | auto}
fcdomain rcf-reject vsan vsan-id
fspf {cost link-cost vsan vsan-id | ficon portnumber portnumber | dead-interval seconds vsan vsan-id | hello-interval seconds vsan vsan-id | passive vsan vsan-id | retransmit-interval seconds vsan vsan-id}

interface fc slot/port
no channel-group {group-id [force] | auto}
no fcdomain rcf-reject vsan vsan-id
no fspf {cost link_cost vsan vsan-id | ficon portnumber portnumber | dead-interval seconds vsan vsan-id | hello-interval seconds vsan vsan-id | passive vsan vsan-id | retransmit-interval seconds vsan vsan-id}

Syntax Description

slot/port

Specifies a slot number and port number.

channel-group

Adds to or removes from a Port Channel.

group-id

Specifies a Port Channel group number from 1 to 128.

force

Forcefully adds a port.

auto

Enables autocreation of port channels.

fcdomain

Enters the interface submode.

rcf-reject

Configures the rcf-reject flag.

vsan vsan-id

Specifies the VSAN ID. The range is 1 to 4093.

fspf

Configures FSPF parameters.

cost link-cost

Configures FSPF link cost. The range is 1 to 65535.

dead-interval seconds

Configures FSPF dead interval in seconds. The range is 2 to 65535.

ficon

Configures FICON parameters.

portnumber portnumber

Configures the FICON port number for this interface.

hello-interval seconds

Configures FSPF hello-interval. The range is 1 to 65535.

passive

Enables or disables FSPF on the interface.

retransmit-interval seconds

Configures FSPF retransmit interface in seconds. The range is 1 to 65535.


Defaults

Disabled.

Command Modes

Configuration mode.

Command History

Release
Modification

1.0(2)

This command was introduced.

2.0(1b)

Added the auto option to the channel-group keyword.


Usage Guidelines

You can specify a range of interfaces by issuing a command with the following example format:

interfacespacefc1/1space-space5space,spacefc2/5space-space7

Refer to the Cisco MDS 9000 Family Configuration Guide for information on port number allocation.

Use the no shutdown command to enable the interface.

The channel-group auto command enables autocreation of port channels. If autocreation of port channels is enabled for an interface, you must first disable this configuration before downgrading to earlier software versions or before configuring the interface in a manually configured channel group.

Examples

The following example configures ports 1 to 4 in Fibre Channel interface 9.

switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# int fc9/1 - 4

The following example enables the Fibre Channel interface.

switch# config terminal
switch(config)# interface fc1/1
switch(config-if)# no shutdown

The following example assigns the FICON port number to the selected Fibre Channel interface.

switch# config terminal
switch(config)# interface fc1/1
switch(config-if)# ficon portnumber 15

Related Commands

Command
Description

show interface

Displays an interface configuration for a specified interface.

shutdown

Disables and enables an interface.


interface fc-tunnel

To configure a Fibre Channel tunnel and facilitate RSPAN traffic in the Cisco MDS 9000 Family of switches, use the interface fc-tunnel command. To remove a configured tunnel or revert to factory defaults, use the no form of the command.

interface fc-tunnel number
destination ip-address
explicit-path path-name
source ip-address]

no interface fc-tunnel number
no destination ip-address |
no explicit-path path-name
no source ip-address

no interface fc-tunnel number

Syntax Description

number

Specifies a tunnel ID range form 1 to 255.

destination ip-address

Maps the IP address of the destination switch

explicit-path path-name

Specifies a name for the explicit path. Maximum length is 16 alphanumeric characters.

source ip-address

Maps the IP address of the source switch


Defaults

None.

Command Modes

Configuration mode.

Command History

Release
Modification

1.2(1)

This command was introduced.


Usage Guidelines

None.

Examples

The following example initiates the FC tunnel (100) in the source switch (switch S).

switch(config)# config terminal
switch(config)# interface fc-tunnel 100
switch(config-if)#

The following example maps the IP address of the source switch (switch S) to the FC tunnel (100).

switchS(config-if)# source 10.10.10.1

The following example maps the IP address of the destination switch (switch D) to the FC tunnel (100).

switch(config-if)# destination 10.10.10.2

The following example enables traffic flow through this interface.

switch(config-if)# no shutdown

The following example references the configured path in the source switch (switch S).

switch# config t 
switch(config)# interface fc-tunnel 100
switch(config)# explicit-path Path1

Related Commands

Command
Description

show interface fc-tunnel

Displays an FC tunnel interface configuration for a specified interface.

fc-tunnel explicit-path

Configures a new or existing next-hop path.


interface fcip

To configure a Fibre Channel over IP Protocol (FCIP) interface on the Cisco MDS 9000 Family of switches, use the interface fcip command. To disable a FCIP interface, use the no form of the command.

interface fcip interface_number
bport
bport-keepalives
channel-group number [force]
fcdomain rcf-reject vsan vsan-id
ficon portnumber portnumber |
fspf {cost link-cost | dead-interval seconds | hello-interval seconds | passive | retransmit-interval seconds} vsan vsan-id
passive-mode
peer-info ipaddr ip-address [port number]
qos control control-value data data-value
special-frame peer-wwn pwwn-id
tcp-connections number
time-stamp [acceptable-diff number]
use-profile profile-id

interface fcip interface_number
no bport
no bport-keepalives
no channel-group number [force]
no fcdomain rcf-reject vsan vsan-id
no ficon portnumber portnumber
no fspf {cost link-cost | dead-interval seconds | hello-interval seconds | passive | retransmit-interval seconds} vsan vsan-id
no qos control-value data data-value
no passive-mode
no peer-info ipaddr ip-address [port number]
no special-frame peer-wwn pwwn-id
no tcp-connections number
no time-stamp [acceptable-diff number]
no use-profile profile-id

Syntax Description

interface-number

Configures the specified interface from 1 to 255.

bport

Sets the B port mode.

bport-keepalives

Sets the B port keepalive responses.

channel-group number

Specifies a PortChannel number from 1 to 128.

force

Forcefully adds a port.

fcdomain

Enters the fcdomain mode for this FCIP interface

rcf-reject

Configures the rcf-reject flag.

vsan vsan-id

Specifies a VSAN ID. The range is 1 to 4093.

fspf

Configures FSPF parameters.

cost link-cost

Enters FSPF link cost. The range is 1 to 65535

dead-interval seconds

Specifies the dead interval in seconds. The range is 1 to 65535.

ficon

Configures FICON parameters.

portnumber portnumber

Configures the FICON port number for this interface.

hello-interval seconds

Specifies FSPF hello-interval in seconds. The range is 1 to 65535.

passive

Enables or disables FSPF on the interface.

retransmit-interval

Specifies FSPF retransmit interface in seconds. The range is 1 to 65535.

passive-mode

Configures a passive connection.

peer-info

Configures the peer information.

ipaddr ip-address

Specifies the peer IP address.

port number

Specifies the peer port number. The range is 1 to 65535.

qos

Configures the differentiated services code point (DSCP) value to

mark all IP packets.

control control-value

Specifies the control value for DSCP.

data data-value

Specifies the data value for DSCP.

special-frame

Configures special frames.

peer-wwn pwwn-id

Specifies the peer WWN for special frames.

switchport

Configures switchport parameters.

tcp-connections number

Specifies the number of TCP connection attempts. Valid values are 1 or 2.

time-stamp

Configures time-stamp.

acceptable-diff number

Specifies the acceptable time difference for time-stamps. The range is 1 to 60000.

use-profile profile-id

Specifies the interface using an existing profile ID. The range is 1 to 255.


Defaults

Disabled

Command Modes

Configuration mode

Command History

Release
Modification

1.1(1)

This command was introduced.

1.3(1)

Added the ficon portnumber subcommand.

2.0(1b)

Added the qos subcommand.


Usage Guidelines

You can specify a range of interfaces by issuing a command with the following example format:

interface fcip1space-space5space,spacefcip10space-space12space

Refer to the Cisco MDS 9000 Family Configuration Guide for information on port number allocation.

Examples

The following example selects an FCIP interface and enters interface configuration submode.

switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# interface fcip 1
switch(config-if)#

The following example assigns the FICON port number to the selected FCIP interface.

switch# config terminal
switch(config)# interface fcip 51
switch(config-if)# ficon portnumber 234

Related Commands

Command
Description

show interface fcip

Displays an interface configuration for a specified FCIP interface.


interface gigabitethernet

To configure an Gigabit Ethernet interface on the Cisco MDS 9000 Family of switches, use the interface gigabitethernet command. To revert to the default values, use the no form of the command.

interface gigabitethernet slot/port
cdp enable
channel-group group-id [force]
isns profile-name

interface gigabitethernet slot/port
no cdp enable
no channel-group
no isns profile-name

Syntax Description

slot/port

Specifies a slot number and port number.

cdp enable

Enables Cisco Discovery Protocol (CDP) configuration parameters.

channel-group group-id

Adds to or removes from a PortChannel. The range is 1 to 128.

force

Forcefully adds a port.

isns profile-name

Specifies the profile name to tag the interface. Maximum length is 64 characters.


Defaults

Disabled.

Command Modes

Configuration mode.

Command History

Release
Modification

1.0(3a)

This command was introduced.

1.1(1a)

Added the channel-group subcommand.

1.3(1)

Added the isns subcommand.


Usage Guidelines

You can specify a range of interfaces by issuing a command with the following example format:

interface gigabitethernet1/1space-space2space,spacegigabitethernet3/1space-space2

Examples

The following example configures the Gigabit Ethernet interface at slot 4 port 1.

switch# config terminal
switch(config)# interface gigabitethernet 4/1 
switch(config-if)#

The following example enters a IP address and subnet mask for the selected Gigabit Ethernet interface.

switch(config-if)# ip address 10.1.1.100 255.255.255.0 

The following example changes the IP maximum transmission unit (MTU) value for the selected Gigabit Ethernet interface.

switch(config-if)# switchport mtu 3000

The following example creates a VR ID for the selected Gigabit Ethernet interface, configures the virtual IP address for the VR ID (VRRP group), and assigns a priority.

switch(config-if)# vrrp 100 
switch(config-if-vrrp)# address 10.1.1.100
switch(config-if-vrrp)# priority 10

The following example adds the selected Gigabit Ethernet interface to a channel group. If the channel group does not exist, it is created, and the port is shut down.

switch(config-if)# channel-group 10
gigabitethernet 4/1 added to port-channel 10 and disabled
please do the same operation on the switch at the other end of the port-channel, then do 
"no shutdown" at both ends to bring them up

Related Commands

Command
Description

show interface

Displays an interface configuration for a specified interface.


interface iscsi

To configure an iSCSI interface on the Cisco MDS 9000 Family of switches, use the interface iscsi command. To revert to default values, use the no form of the command.

interface iscsi slot/port
mode {pass-thru | store-and-forward}
tcp qos value

interface iscsi slot/port
no mode {pass-thru | store-and-forward | cut-thru}
no tcp qos value

no interface iscsi slot/port

Syntax Description

slot/port

Specifies a slot number and port number.

mode

Configures a forwarding mode.

pass-thru

Forwards one frame at a time.

store-and-forward

Forwards data in one assembled unit (default).

cut-thru

Forwards one frame at a time without waiting for the exchange to complete.

tcp qos value

Configures the differentiated services code point (DSCP)

value to apply to all outgoing IP packets. The range is 0 to 63.


Defaults

Disabled.

The TCP QoS default is 0.

The forwarding mode default is store-and-forward.

Command Modes

Configuration mode.

Command History

Release
Modification

1.3(1)

This command was introduced.

2.1(1)

Added the cut-thru option for the mode subcommand.


Usage Guidelines

To configure iSCSI interface, enable iSCSI using the iscsi enable command.

You can specify a range of interfaces by issuing a command with the following example format:
interface iscsi space fc1/1space-space5space,spacefc2/5space-space7

Examples

The following example enables the iSCSI feature.

switch# config t
switch(config)# iscsi enable

The following example enables the store-and-forward mode for iSCSI interfaces 9/1 to 9/4.

switch(config)# interface iscsi 9/1 - 4
switch(config-if)# mode store-and-forward

The following example reverts to using the default pass-thru mode for iSCSI interface 9/1.

switch(config)# interface iscsi 9/1
switch(config-if)# mode pass-thru 

Related Commands

Command
Description

iscsi enable

Enables iSCSI.

show interface

Displays an interface configuration for a specified interface.


interface mgmt

To configure a management interface on the Cisco MDS 9000 Family of switches, use the interface mgmt command in configuration mode.

interface mgmt number

Syntax Description

number

Specifies the management interface number which is 0.


Defaults

Disabled.

Command Modes

Configuration mode.

Command History

Release
Modification

1.0(2)

This command was introduced.


Usage Guidelines

When you try to shutdown a management interface(mgmt0), a follow-up message confirms your action before performing the operation. Use the force option to bypass this confirmation, if required.

Examples

The following example configures the management interface, displays the options available for the configured interface, and exits to configuration mode.

switch# config terminal
switch(config)#
switch(config)# interface mgmt 0
switch(config-if)# exit
switch(config)#

The following example shuts down the interface without using the force option:

switch# config terminal
switch(config)# interface mgmt 0
switch(config-if)# shutdown
Shutting down this interface will drop all telnet sessions.
Do you wish to continue (y/n)? y

The following example shuts down the interface using the force option:

switch# config terminal
switch(config)# interface mgmt 0
switch(config-if)# shutdown force
switch(config-if)# 

Related Commands

Command
Description

show interface mgmt

Displays interface configuration for specified interface.


interface port-channel

To configure a PortChannel interface on the Cisco MDS 9000 Family of switches, use the interface port-channel command.

interface port-channel number
channel mode active
fcdomain rcf-reject vsan vsan-id
fspf [cost link_cost | dead-interval seconds | ficon portnumber portnumber | hello-interval seconds | isns profile-name | passive | retransmit-interval seconds]

interface port-channel number
no channel mode active
no fcdomain rcf-reject vsan vsan-id
no fspf [cost link_cost | dead-interval seconds | ficon portnumber portnumber | hello-interval seconds | isns profile-name | passive | retransmit-interval seconds]

no interface port-channel number

Syntax Description

number

Enter PortChannel number. The range is 1 to 128.

channel mode active

Configures the channel mode for the PortChannel interface

fcdomain

Enter the interface submode

rcf-reject

Configure the rcf-reject flag

vsan

Specify the vsan range

vsan-id

The ID of the VSAN is from 1 to 4093.

fspf

Configure FSPF parameters

cost

Configure FSPF link cost

link_cost

Enter FSPF link cost 1-65535

dead-interval

Configure FSPF dead interval

seconds

Enter dead interval (in sec) 2-65535

ficon

Configures FICON parameters.

portnumber portnumber

Configures the FICON port number for this interface.

hello-interval

Configure FSPF hello-interval

seconds

Enter hello interval (in sec) 1-65535

isns

Tags this interface to the Internet Storage Name Service (iSNS) profile.

profile-name

SPecifies the profile name to tag the interface.

passive

Enable/disable FSPF on the interface

retransmit-interval

Configure FSPF retransmit interface

seconds

Enter retransmit interval (in sec) 1-65535


Defaults

Disabled

Command Modes

Configuration mode

Command History

Release
Modification

1.0(2)

This command was introduced.

1.3(1)

Added channel mode active subcommand.


Usage Guidelines

Refer to the Cisco MDS 9000 Family Configuration Guide for information on port number allocation.

Examples

The following example enters configuration mode and configures a PortChannel interface.

switch# config terminal
switch(config)# interface port-channel 32
switch(config-if)#

The following example assigns the FICON port number to the selected PortChannel port.

switch# config terminal
switch(config)# interface Port-channel 1
switch(config-if)# ficon portnumber 234

Related Commands

Command
Description

show interface

Displays interface configuration for specified interface.


interface vsan

To configure a VSAN interface on the Cisco MDS 9000 Family of switches, use the interface vsan command. To remove a VSAN interface, use the no form of the command.

interface vsan vsan-id

no interface vsan vsan-id

Syntax Description

vsan-id

Specifies the VSAN ID. The range is 1 to 4093.


Defaults

Disabled.

Command Modes

Configuration mode.

Command History

Release
Modification

1.0(2)

This command was introduced.


Usage Guidelines

None.

Examples

The following example selects a VSAN interface and enters interface configuration submode.

switch# config terminal
switch(config)# interface vsan 1
switch(config-if)#

Related Commands

Command
Description

show interface

Displays interface configuration for specified interface.


ip access-group

To create an access group to use an access list, use the ip access-group command in interface mode. Use the no form of this command to negate a previously issued command or revert to factory defaults.

ip access-group group-name [in | out]

Syntax Description

group-name

Specifies the IP access-group name. Maximum length is 64 alphanumeric characters and the text is case insensitive.

in

Specifies that the group is for ingress traffic.

out

Specifies that the group is for egress traffic.


Defaults

Groups are created for both ingress and egress traffic.

Command Modes

Interface mode.

Command History

Release
Modification

1.2(1)

This command was introduced.


Usage Guidelines

The access-group command controls access to an interface. Each interface can only be associated with one access list. The access group becomes active on creation.

We recommend creating all rules in an access list, before creating the access group that uses this access -list.

If you create an access group before an access-list, all packets in that interface are dropped, because the access list is empty.

The access-group configuration for the ingress traffic applies to both local and remote traffic. The access-group configuration for the egress traffic applies only to local traffic. You can create a different access-group for each type of traffic.

Examples

The following example creates an access group called aclPermit for both the ingress and egress traffic (default)

switch# config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# ip access-list aclPermit permit ip any any 
switch(config)# interface Gigabitethernet 3/1
switch(config-if)# ip access-group aclPermit 

The following example deletes the access group called aclPermit.

switch(config-if)# no ip access-group aclPermit 

The following example creates an access group called aclDenyTcp (if it does not already exist) for ingress traffic.

switch# config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# ip access-list aclDenyTcp deny tcp any any 
switch(config)# interface gigabitethernet 3/1
switch(config-if)# ip access-group aclDenyTcp in 

The following example deletes the access group called aclDenyTcp for ingress traffic.

switch(config-if)# no ip access-group aclDenyTcp in 

The following example creates an access group called aclPermitUdp (if it does not already exist) for local egress traffic.

switch# config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# ip access-list aclPermitUdp permit udp 192.168.32.0 0.0.7.255 any 
switch(config)# interface gigabitethernet 3/1
switch(config-if)# ip access-group aclPermitUdp out

The following example deletes the access group called aclPermitUdp for local egress traffic.

switch(config-if)# no ip access-group aclPermitUdp out

Related Commands

Command
Description

ip access-list

Configures IP access control lists.

show ip access-list

Displays the IP-ACL configuration information.


ip access-list

To configure IP access control lists (ACLs), use the ip access-list command in configuration mode. To negate a previously issued command or revert to factory defaults, use the no form of the command.

ip access-list list-name {deny | permit} ip-protocol
{src-addr src-wildcard}
{dest-addr dest-wildcard | operator port-value}
[operator port port-value]
[established | icmp-type icmp-value]
[
tos tos-value]
[
log-deny]

Syntax Description

list-name

Identifies the IP-ACL with an integer ranging from 1 to 256.

deny

Denies access if the conditions match.

permit

Provides access if the conditions match.

ip-protocol

Specifies the name or number (integer range from 0 to 255) of an IP protocol. The IP protocol name can be icmp, ip, tcp, or udp.

src-addr

Specifies the network from which the packet is sent. There are two ways to specify the source:

A 32-bit quantity in four-part, dotted-decimal format

A keyword any as an abbreviation for a destination and a destination-wildcard of 0.0.0.0 255.255.255.255

src-wildcard

Applies the wildcard bits to the source.

Each wildcard bit set to zero indicates that the corresponding bit position in the packet's IP address must exactly match the bit value in the corresponding position of the packet's ip address or it will not be considered a match to this access list. There are two ways to specify the destination wildcard:

A 32-bit quantity in four-part, dotted-decimal format

A keyword any as an abbreviation for a destination and a destination-wildcard of 0.0.0.0 255.255.255.255

dest-addr

Specifies the network from which the packet is sent. There are two ways to specify the destination:

A 32-bit quantity in four-part, dotted-decimal format

A keyword any as an abbreviation for a destination and a destination-wildcard of 0.0.0.0 255.255.255.255

dest-wildcard

Applies the wildcard bits to the destination. There are two ways to specify the destination wildcard:

A 32-bit quantity in four-part, dotted-decimal format

A keyword any as an abbreviation for a destination and a destination-wildcard of 0.0.0.0 255.255.255.255

operator

Compares source or destination ports and has the following options:
any = Any destination IP
eq = Equal source port
gt = Greater than and including source port
lt = Less than and including source port
range port = Source port range port-value

port port-value

Specifies the decimal number (ranging from 0 to 65535) or one of the following names to indicate a TCP or UDP port.

The TCP port names are: dns, ftp, ftp-data, http, ntp, radius, sftp, smtp, snmp, snmp-trap, ssh, syslog, tacacs-ds, telnet, wbem-http, wbem-https, and www.

The UDP port names are: dns, ftp, ftp-data, http, ntp, radius, sftp, smtp, snmp, snmp-trap, ssh, syslog, tacacs-ds, telnet, tftp, wbem-http, wbem-https, and www.

icmp-type icmp-value

Filters ICMP packets by ICMP message type. The range is 0 to 255. The types include: echo, echo-reply, redirect, time-exceeded, traceroute, and unreachable.

established

Indicates an established connection for the TCP protocol. A match occurs if the TCP datagram has the ACK, FIN, PSH, RST, SYN or URG control bits set. The non-matching case is that of the initial TCP datagram to form a connection.

tos tos-value

Filters packets by the following type of service level: normal-service (0), monetary-cost (1), reliability (2), throughput (4), and delay (8).

log-deny

Sends an information logging message to the console about the packet that is denied entry.


Defaults

Denied.

Command Modes

Configuration mode.

Command History

Release
Modification

1.2(1)

This command was introduced.


Usage Guidelines

Using the log-deny option at the end of the individual ACL entries shows the ACL number and whether the packet was permitted or denied, in addition to port-specific information. This option causes an information logging message about the packet that matches the dropped entry (or entries).

Examples

The following example configures the an IP-ACL called aclPermit and permits IP traffic from any source address to any destination address

switch# config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# ip access-list aclPermit permit ip any any 

The following example removes the IP-ACL called aclPermit.

switch(config-if)# no ip access-group aclPermit

The following example updates aclPermit to deny TCP traffic from any source address to any destination address.

switch# config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# ip access-list aclPermit deny tcp any any

The following example defines an IP-ACL that permits this network. Subtracting 255.255.248.0 (normal mask) from 255.255.255.255 yields 0.0.7.255.

switch# config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# ip access-list aclPermitUdp permit udp 192.168.32.0 0.0.7.255 any 

The following example permits all IP traffic from and to the specified networks.

switch# config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# ip access-list aclPermitIpToServer permit ip 10.1.1.0 0.0.0.255 172.16.1.0 
0.0.0.255 

The following example denies TCP traffic from 1.2.3.0 through source port 5 to any destination.

switch# config terminal
Enter configuration commands, one per line.  End with CNTL/
switch(config)# ip access-list aclDenyTcpIpPrt5 deny tcp 1.2.3.0 0.0.0.255 eq port 5 any

The following example removes this entry from the IP-ACL.

switch# config terminal
Enter configuration commands, one per line.  End with CNTL/
switch(config)# no ip access-list aclDenyTcpIpPrt5 deny tcp 1.2.3.0 0.0.0.255 eq port 5 
any

Related Commands

Command
Description

show ip access-list

Displays the IP-ACL configuration information.


ip address (FCIP profile configuration submode)

To assign the local IP address of a Gigabit Ethernet interface to the FCIP profile, use the ip address command. To remove the IP address, use the no form of the command.

ip address address

no ip address address

Syntax Description

address

Specifies the IP address.


Defaults

Disabled

Command Modes

FCIP profile configuration submode

Command History

Release
Modification

1.3(1)

This command was introduced.


Usage Guidelines

To create a FCIP profile, you must assign a local IP address of a Gigabit Ethernet interface to the FCIP profile.

Examples

The following example assigns the local IP address of a Gigabit Ethernet interface to the FCIP profile.

switch# config terminal
switch(config)# fcip profile 5
switch(config-profile)# ip address 10.5.1.1

Related Commands

Command
Description

show fcip profile

Displays information about the FCIP profile.

interface fcip interface_number use-profile profile-id

Configures the interface using an existing profile ID from 1 to 255.

show interface fcip

Displays an interface configuration for a specified FCIP interface.


ip address (interface configuration submode)

To assign an IP address to a Gigabit Ethernet interface, use the ip address command in interface configuration submode. To remove the IP address, us the no form of the command.

ip address address netmask

no ip address address netmask

Syntax Description

address

Specifies the IP address.

netmask

Specifies the network mask.


Defaults

None.

Command Modes

Interface configuration submode

Command History

Release
Modification

1.1(2)

This command was introduced.


Usage Guidelines

None.

Examples

The following example assigns an IP address to a Gigabit Ethernet interface.

switch# config terminal
switch(config)# interface gigabitethernet 1/2
switch(config-profile)# ip address 10.5.1.1 255.255.0.0

Related Commands

Command
Description

show fcip profile

Displays information about the FCIP profile.

interface fcip interface_number use-profile profile-id

Configures the interface using an existing profile ID from 1 to 255.

show interface fcip

Displays an interface configuration for a specified FCIP interface.


ip-compression

To enable compression on the FCIP link, use the ip-compression command in interface configuration submode. To disable compression, use the no form of the command.

ip-compression [auto | mode1 | mode2 | mode3]

no ip-compression [auto | mode1 | mode2 | mode3]

Syntax Description

auto

Enables automatic compression setting.

mode1

Enables fast compression for the following high bandwidth links:
— IPS-4 and IPS-8, less then 100 Mbps
— MPS-14/2, up to 1 Gbps

mode2

Enables moderate compression for medium bandwidth links less then 25 Mbps.

mode3

Enables compression for bandwidth links less then 10 Mbps.


Defaults

Disabled.

Command Modes

Interface configuration submode.

Command History

Release
Modification

1.3(1)

This command was introduced.

2.0(1b)

Changed the keywords from high-throughput and high-comp-ratio to mode1, mode2, and mode3.


Usage Guidelines

When no compression mode is entered in the command, the default is auto.

The FCIP compression feature introduced in Cisco SAN-OS Release 1.3 allows IP packets to be compressed on the FCIP link if this feature is enabled on that link. By default the FCIP compression is disabled. When enabled, the software defaults to using the auto mode (if a mode is not specified).

Cisco SAN-OS Release 2.0(1b) and later, you to configure FCIP compression using one of the following modes:

mode1 is a fast compression mode for high bandwidth links (> 25 Mbps)

mode2 is a moderate compression mode for moderately low bandwidth links (between 10 and 25 Mbps)

mode3 is a high compression mode for low bandwidth links (< 10 Mbps)

auto (default) mode picks the appropriate compression scheme based on the bandwidth of the link (the bandwidth of the link configured in the FCIP profile's TCP parameters)

The IP compression feature behavior differs between the IPS module(s) and the MPS-14/2 module—while mode2 and mode3 perform software compression in both modules, mode1 performs hardware-based compression in MPS-14/2 modules, and software compression in IPS-4 and IPS-8 modules.

In Cisco MDS SAN-OS Release 2.1(1a) and later, the auto mode option uses a combination of compression modes to effectively utilize the WAN bandwidth. The compression modes change dynamically to maximize the WAN bandwidth utilization.

Examples

The following example enables faster compression.

switch# config terminal
switch(config) interface fcip 1
switch(config-if)# ip-compression mode1

The following example enables automatic compression by default.

switch(config-if)# ip-compression

The following example disables compression.

switch(config-if)# no ip-compression

Related Commands

Command
Description

show interface fcip

Displays an interface configuration for a specified FCIP interface.


ip default-gateway

To configure the IP address of the default gateway, use the ip default-gateway command. To disable the IP address of the default gateway, use the no form of the command.

ip default-gateway destination-ip-address [interface cpp slot_number/processor-number/vsan-id]

no ip default-gateway destination-ip-address [interface cpp slot/processor-number/vsan-id]

Syntax Description

destination-ip-address

Specifies the IP address,

interface

Configures an interface.

cpp

Specifies a virtualization IPFC interface.

slot

Specifies a slot number of the ASM.

processor-number

Specifies the processor number for the IPFC interface. The current processor number is always 1.

vsan-id

Specifies the ID of the management VSAN. The range 1 to 4093.


Defaults

None.

Command Modes

Configuration mode.

Command History

Release
Modification

1.0(2)

This command was introduced.


Usage Guidelines

None.

Examples

The following examples configures the IP default gateway to 1.1.1.4.

switch# config terminal
switch(config)# ip default-gateway 1.1.1.4 

Related Commands

Command
Description

show ip route

Displays the IP address of the default gateway.


ip default-network

To configure the IP address of the default network, use the ip default-network command in configuration mode. To disable the IP address of the default network, use the no form of the command.

ip default-network ip-address

no ip default-network ip-address

Syntax Description

ip-address

Specifies the IP address of the default network.


Defaults

None.

Command Modes

Configuration mode.

Command History

Release
Modification

1.0(2)

This command was introduced.


Usage Guidelines

None.

Examples

The following examples configures the IP address of the default network to 1.1.1.4.

switch# config terminal
switch(config)# ip default-network 1.1.1.4 

ip domain-list

To configure the IP domain list, use the ip domain-list command in configuration mode. To disable the IP domain list, use the no form of the command.

ip domain-list domain-name

no ip domain-list domain-name

Syntax Description

domain-name

Specifies the domain name for the IP domain list. Maximum length is 80 characters.


Defaults

None.

Command Modes

Configuration mode.

Command History

Release
Modification

1.0(2)

This command was introduced.


Usage Guidelines

None.

Examples

The following example configures the IP domain list.

switch# config terminal
switch(config)# ip domain MyList

ip domain-lookup

To enable the DNS server lookup feature, use the ip domain-lookup command in configuration mode. Use the no form of this command to disable this feature.

ip domain-lookup

no ip domain-lookup

Syntax Description

This command has no arguments or keywords.

Defaults

None.

Command Modes

Configuration mode.

Command History

Release
Modification

1.0(2)

This command was introduced.


Usage Guidelines

Instead of IP addresses, you can configure the switch using meaningful names. The configured name automatically looks up the corresponding IP address.

Examples

The following example configures a DNS server lookup feature.

switch# config terminal
switch(config)# ip domain-lookup 

ip domain-name

To configure a domain name, use the ip domain-name command in configuration mode. To delete a domain name, use the no form of the command.

ip domain-name domain-name

no ip domain-name domain-name

Syntax Description

domain-name

Specifies the domain name.


Defaults

None.

Command Modes

Configuration mode.

Command History

Release
Modification

1.0(2)

This command was introduced.


Usage Guidelines

None.

Examples

The following example configures a domain name.

switch# config terminal
switch(config)# ip domain-name MyDomain

ip name-server

To configure a name server, use the ip name-server command in configuration mode. To disable this feature, use the no form of the command.

ip name-server ip-address

no ip name-server ip-address

Syntax Description

ip-address

Specifies the IP address for the name server.


Defaults

None.

Command Modes

Configuration mode.

Command History

Release
Modification

1.0(2)

This command was introduced.


Usage Guidelines

You can configure a maximum of six servers. By default, no server is configured.

Examples

The following example configure a name server with an IP address of 1.1.1.4.

switch# config terminal
switch(config)# ip name-server 1.1.1.4

The following example specifies the first address (15.1.0.1) as the primary server and the second address (15.2.0.0) as the secondary sever.

switch(config)# ip name-server 15.1.0.1 15.2.0.0 

The following example deletes the configured server(s) and reverts to factory default.

switch(config)# no ip name-server

ip route

To configure a static route, use the ip route command in configuration mode.

ip route ip-address subnet-mask [nexthop_ip-address] [interface {gigabitethernet slot /port | mgmt 0 | port-channel channel-id | vsan vsan-id} | distance distance-number]

no ip route ip-address subnet-mask [nexthop_ip-address] [interface {gigabitethernet slot /port | mgmt 0 | port-channel channel-id | vsan vsan-id} | distance distance-number]

Syntax Description

ip-address

Specifies the IP address for the route.

subnet-mask

Specifies the subnet mask for the route.

nexthop_ip-address

Specifies the IP address of the next hop switch.

interface

Configures the interface associated with the route.

gigabitethernet slot /port

Specifies a Gigabit Ethernet interface at a port and slot.

mgmt 0

Specifies the managment interface (mgmt 0).

port-channel channel-id

Specifies a PortChannel interface. The range is 1 to 128.

vsan vsan-id

Specifies a VSAN ID. The range is 1 to 4093.

distance distance-number

Specifies the distance metric for this route. It can be from 0 to 32766.


Defaults

None.

Command Modes

Configuration mode.

Command History

Release
Modification

1.0(2)

This command was introduced.


Usage Guidelines

None.

Examples

The following examples shows how to configure a static route.

switch# config terminal
switch(config)# IP route 10.0.0.0 255.0.0.0 20.20.20.10 distance 10 interface vsan 1

Related Commands

Command
Description

show ip route

Displays the IP address routes configured in the system.


ip routing

To enable the IP forwarding feature, use the ip routing command in configuration mode. To disable this feature, use the no form of the command.

ip routing

no ip routing

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled.

Command Modes

Configuration mode.

Command History

Release
Modification

1.0(2)

This command was introduced.


Usage Guidelines

None.

Examples

The following example enables the IP forwarding feature.

switch# config terminal
switch(config)# ip routing 

iscsi authentication

To configure the default authentication method for iSCSI, use the iscsi authentication command. To revert to the default, use the no form of the command.

iscsi authentication {chap | chap-none | none | username username password [0 | 7] password}

no iscsi authentication {chap | chap-none | none | username}

Syntax Description

chap-none

Configure either the CHAP or no authentication.

chap

Configures the Challenge Handshake Authentication Protocol (CHAP) authentication method.

none

Specifies that no authentication is required for the selected interface

username username

Assigns CHAP username to be used when switch is authenticated.

password

Configures the password for the username.

0

Specifies that the password is a cleartext CHAP password.

7

Specifies that the password is an encrypted CHAP password.

password

Specifies a password for the username.


Defaults

chap-none

The default password is a cleartext password.

Command Modes

Configuration mode

Command History

Release
Modification

1.1(1)

This command was introduced.

2.0(1b)

Added the username option.


Usage Guidelines

By default, the Cisco MDS 9000 Family switch accepts an iSCSI initiator with either no authentication or CHAP authentication. If CHAP authentication is always required, use the iscsi authentication chap command. If no authentication is always required, use the iscsi authentication none command.

Use the chap-none option to override the global configuration which might have been configured to allow only one option—either CHAP or none—not both.

Examples

The following example configures CHAP only for ISCSI authentication.

switch# config terminal
switch(config)# iscsi authentication chap

Related Commands

Command
Description

show iscsi global

Displays all iSCSI initiators configured by the user.


iscsi duplicate-wwn-check

To check the current running configuration for conflicts between iSCSI initiators' static WWN allocation and what the system thinks is available in its WWN pool, use the iscsi duplicate-wwn-check command in configuration mode.

iscsi duplicate-wwn-check

Syntax Description

This command has no arguments or keywords.

Defaults

None.

Command Modes

Configuration mode.

Command History

Release
Modification

2.1(2)

This command was introduced.


Usage Guidelines

Prior to Cisco MDS SAN-OS Release 2.1(2), WWNs assigned to static iSCSI initiators by the system can be inadvertently returned to the system when an upgrade fails or the system software is manually downgraded (that is, when you manually boot up an older Cisco MDS SAN-OS release without using the install all command). In these instances, the system can later assign those WWNs to other iSCSI initiators (dynamic or static) and cause conflicts.

As of Cisco MDS SAN-OS Release 2.1(2), you can use the iscsi duplicate-wwn-check command to check for and remove any configured WWNs that belong to the system.

Examples

The following example shows how to check the current running configuration for conflicts between iSCSI initiators' static WWN allocation and what the system thinks is available in its WWN pool.

switch# config terminal
Enter configuration command, one per line. End with CNTL/Z.
switch(config)# iscsi duplicate-wwn-check

List of Potential WWN Conflicts:
-------------------------------
Node : iqn.test-local-nwnn:1-local-pwwn:1
	nWWN : 22:03:00:0d:ec:02:cb:02
	pWWN : 22:04:00:0d:ec:02:cb:02

The following example shows how to remove the conflicting nWWN and pWWN.

switch(config)# iscsi initiator name iqn.test-local-nwwn:1-local-pwwn:1
switch(config-iscsi-init)# no static nWWN  22:03:00:0d:ec:02:cb:02
switch(config-iscsi-init)# no static pWWN  22:04:00:0d:ec:02:cb:02

Related Commands

Command
Description

iscsi initiator name

Assigns an iSCSI name and changes to iSCSI initiator configuration submode.

static

Assigns persistent WWNs to an iSCSI initiator in iSCSI initiator configuration submode.

show iscsi initiator

Displays information about configured iSCSI initiators.


iscsi enable

To enable the iSCSI feature in any Cisco MDS switch, issue the iscsi enable command. To disable this feature, use the no form of the command.

iscsi enable

no iscsi enable

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled

Command Modes

Configuration mode

Command History

Release
Modification

1.3(1)

This command was introduced.


Usage Guidelines

The configuration and verification commands for the iSCSI feature are only available when iSCSI is enabled on a switch. When you disable this feature, all related configurations are automatically discarded.

Examples

The following command enables the iSCSI feature.

switch(config)# iscsi enable

The following command disables the iSCSI feature (default).

switch(config)# no iscsi enable

iscsi import target fc

To allow dynamic mapping of Fibre Channel targets, use the iscsi import target fc command. To disable this feature, use the no form of the command.

iscsi import target fc

no iscsi import target fc

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled

Command Modes

Configuration mode

Command History

Release
Modification

1.1(1)

This command was introduced.


Usage Guidelines

This command directs iSCSI to dynamically import all Fibre Channel targets into iSCSI.

Examples

The following example allows dynamic mapping of Fibre Channel targets.

switch# config terminal
switch(config)# iscsi import target fc

The following example disables dynamic mapping of Fibre Channel targets.

switch(config)# no iscsi import target fc

Related Commands

Command
Description

show iscsi global

Displays all iSCSI initiators configured by the user..


iscsi initiator idle-timeout

To configure the iSCSI initiator idle timeout, use the iscsi initiator idle-timeout command. To revert to the default, use the no form of the command.

iscsi initiator idle-timeout seconds

no iscsi initiator idle-timeout seconds

Syntax Description

seconds

Specifies the timeout in seconds. The range is 0 to 3600.


Defaults

300 seconds

Command Modes

Configuration mode

Command History

Release
Modification

1.3

This command was introduced.


Usage Guidelines

When the idle timeout value is set to 0, the initiator information is cleared immediately after the last session from the initiator terminates.

Examples

The following example configures the iSCSI initiator idle timeout to 180 seconds.

switch# config terminal
switch(config)# iscsi initiator idle-timeout 180

The following example reverts the default value of 300 seconds.

switch# config terminal
switch(config)# no iscsi initiator idle-timeout 240

Related Commands

Command
Description

show iscsi global

Displays global iSCSI configuration information.


iscsi initiator ip-address

To assign persistent WWNs to an iSCSI initiator or assign an iSCSI initiator into VSANs other than the default VSAN, use the iscsi initiator ip-address command. To revert to the default, use the no form of the command.

iscsi initiator ip-address ipaddress
static {nwwn | pwwn} {wwn-id | system-assign number}
vsan vsan-id

iscsi initiator ip-address ipaddress
no static {nwwn | pwwn} {wwn-id | system-assign number}
no vsan vsan-id

no iscsi initiator ip-address ipaddress

Syntax Description

ipaddress

Specifies the initiator IP address.

nwwn

Configures the inititiator node WWN hex value.

pwwn

Configures the peer WWN for special frames.

wwn-id

Enters the pWWN or nWWN ID.

system-assign number

Generates the nWWN value automatically. The number ranges from 1 to 64.

vsan vsan-id

Specifies a VSAN ID. The range is 1 to 4093.


Defaults

Disabled.

Command Modes

Configuration mode

Command History

Release
Modification

1.1(1)

This command was introduced.


Usage Guidelines

Under a circumstance where an iSCSI initiator needs to have a persistent binding to FC WWNs, this command should be used. Also, an iSCSI initiator can be put into multiple VSANs. An iSCSI host can become a member of one or more VSANs.

Examples

The following command configures an iSCSI initiator. using the IP address of the initiator node.

switch(config)# iscsi initiator ip address 10.50.1.1

The following command deletes the configured iSCSI initiator.

switch(config)# no iscsi initiator ip address 10.5.0.0

The following command uses the switch's WWN pool to allocate the nWWN for this iSCSI initiator and keeps it persistent.

switch(config-(iscsi-init))# static nWWN system-assign

The following command assigns the user provided WWN as nWWN for the iSCSI initiator. You can only specify one nWWN for each iSCSI node.

switch(config-(iscsi-init))# nWWN 20:00:00:05:30:00:59:11 

The following command uses the switch's WWN pool to allocate two pWWNs for this iSCSI initiator and keeps it persistent.

switch(config-(iscsi-init))# static pWWN system-assign 2

The following command assigns the user provided WWN as pWWN for the iSCSI initiator.

switch(config-(iscsi-init))# pWWN 21:00:00:20:37:73:3b:20 

Related Commands

Command
Description

show iscsi initiator

Displays information about configured iSCSI initiators.


iscsi initiator name

To configure an iSCSI initiator name and change to iSCSI configuration mode, use the iscsi initiator name command. To revert to factory defaults, use the no form of the command.

iscsi initiator name name

no iscsi initiator name name

Syntax Description

name

Enters the initiator name to be used. The minimum length is 16 characters and maximum is 223 characters.


Defaults

Disabled

Command Modes

Configuration mode

Command History

Release
Modification

1.3(2)

This command was introduced.


Usage Guidelines

Under a circumstance where an iSCSI initiator needs to have a persistent binding to FC WWNs, this command should be used. Also, an iSCSI initiator can be put into multiple VSANs. An iSCSI host can become a member of one or more VSANs.

Examples

The following example configures an iSCSI initiator using the iSCSI name of the initiator node.

switch# config terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# iscsi initiator name iqn.1987-02.com.cisco.initiator

Related Commands

Command
Description

show iscsi initiator

Displays information about configured iSCSI initiators.


iscsi interface vsan-membership

To configure VSAN membership for iSCSI interfaces, use the iscsi interface vsan-membership command. Use the no form of this command to disable this feature or to revert to factory defaults.

iscsi interface vsan-membership

no iscsi interface vsan-membership

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled.

Command Modes

Configuration mode

Command History

Release
Modification

1.3(1)

This command was introduced.


Usage Guidelines

If the iscsi interface vsan-membership command is disabled, you will not be able to configure iSCSI VSAN membership

Examples

The following command enables the iSCSI interface VSAN membership.

switch# config terminal
switch(config)# iscsi interface vsan-membership

The following command disables the iSCSI interface VSAN membership (default).

switch(config)# no iscsi interface vsan-membership

Related Commands

Command
Description

show iscsi initiator

Displays information about configured iSCSI initiators.


iscsi save-initiator

To permanently save the automatically-assigned nWWN/pWWN mapping, use the iscsi save-initiator command.

iscsi save-initiator [ip-address ip-address | name name]

Syntax Description

ip-address ip-address

Specifies the initiator IP address.

name name

Specifies the initiator name to be used from 1 to 255 characters. The minimum length is 16 characters.


Defaults

If initiator name or IP address is not specified, the nWWN/pWWN mapping for all initiators becomes permanent.

Command Modes

Configuration mode

Command History

Release
Modification

1.3(1)

This command was introduced.


Usage Guidelines

After executing the iscsi save-initiator command, issue the copy running-config startup-config to save the nWWN/pWWN mapping across switch reboots.

Examples

The following example shows how to save the nWWN/pWWN mapping for all the initiators.

switch(config)# iscsi save-initiator

The following example shows how to save the nWWN/pWWN mapping for an initiator named iqn.1987-02.com.cisco.initiator.

switch(config)# iscsi save-initiator name iqn.1987-02.com.cisco.initiator

Related Commands

Command
Description

iscsi initiator

Configures an iSCSI initiator.

show iscsi initiator

Displays information about configured iSCSI initiators.


iscsi virtual-target name

To create a static iSCSI virtual target, use the iscsi virtual-target command. To revert to the default values, use the no form of the command.

iscsi virtual-target name name
advertise interface {gigabitethernet slot/port[.subinterface] | port-channel channel-id[.subinterface]}
all-initiator-permit
initiator {initiator-name | ip-address ipaddress [netmask]} permit
pwwn pwwn-id [fc-lun number iscsi-lun number [secondary-pwwn pwwn-id [sec-lun number]] | secondary-pwwn pwwn-id]
revert-primary-port
trespass

iscsi virtual-target name name
no advertise interface {gigabitethernet slot/port[.subinterface] | port-channel channel-id[.subinterface]}
no all-initiator-permit
no initiator {initiator-name | ip-address ipaddress [netmask]} permit
no pwwn pwwn-id [fc-lun number iscsi-lun number [secondary-pwwn pwwn-id [sec-lun number]] | secondary-pwwn pwwn-id]
no revert-primary-port
no trespass

no iscsi virtual-target name name

Syntax Description

name

Enters the virtual target name to be used. The minimum length is 16 characters and maximum of 223 bytes.

advertise interface

Advertises the virtual target name on the specified interface.

gigabitethernet slot/port[.subinterface]

Selects the Gigabit Ethernet interface or subinterface to configure.

port-channel channel-id[.subinterface]

Selects the Port Channel interface or subinterface to configure.

all-initiator-permit

Enables all iSCSI initiator access to this target.

initiator

Configures specific iSCSI initiator access to this target.

initiator-name

Specifies the iSCSI initiator name to be used access a specified target. Maximum length is 255 characters.

ip-address ip-address

Specifies the iSCSI initiator IP address.

ip-subnet

Specifies all initiators in the subnet.

permit

Permits access to the specified target.

pwwn pwwn-id

Specifies the peer WWN ID for special frames.

secondary-pwwn pwwn-id

Specifies the secondary pWWN ID.

fc-lun number

Specifies the Fibre Channel Logical Unit Number (LUN).

iscsi-lun number

Specifies the iSCSI virtual target number.

sec-lun number

Specifies the secondary Fibre Channel LUN.

trespass

Moves LUNs forcefully from one port to another.


Defaults

Disabled.

Command Modes

Configuration mode.

Command History

Release
Modification

1.1(1)

This command was introduced.

1.3(1)

Added revert-to-primary and trespass subcommands.


Usage Guidelines

This command is used to configure a static iSCSI target for access by iSCSI initiators. A virtual target may contain a subset of LUs of an FC target or one whole FC target.

Do not specify the LUN if you wish to map the whole Fibre Channel target to an iSCSI target. All Fibre Channel LUN targets are exposed to iSCSI.

One iSCSI target cannot contain more than one Fibre Channel target.

Examples

The follow example creates a static virtual target and enters ISCSI target configuration submode.

switch# config terminal
switch(config)# iscsi virtual-target name 0123456789ABDEFGHI
switch(config-iscsi-tgt)#

The following command advertises the virtual target only on the specified interface. By default, it is advertised on all interfaces in all IPS modules.

switch(config-iscsi-tgt)# advertise interface gigabitethernet 4/1

The following command maps a virtual target node to a Fibre Channel target.

switch(config-iscsi-tgt)# pWWN 26:00:01:02:03:04:05:06

The following command enters the secondary pWWN for the virtual target node.

switch(config-iscsi-tgt)# pWWN 26:00:01:02:03:04:05:06 secondary-pwwn 
66:00:01:02:03:04:05:02

Use the LUN option to map different Fibre Channel LUNs to different iSCSI virtual targets. If you have already mapped the whole Fibre Channel target, you will not be able to use this option.

switch(config-iscsi-tgt)# pWWN 26:00:01:02:03:04:05:06 fc-lun 0 iscsi-lun 0

The following command allows the specified iSCSI initiator node to access this virtual target. You can issue this command multiple times to allow multiple initiators.

switch(config-iscsi-tgt)# initiator iqn.1987-02.com.cisco.initiator1 permit

The following command prevents the specified initiator node from accessing virtual targets.

switch(config-iscsi-tgt)# no initiator iqn.1987-02.com.cisco.initiator1 permit

The following command allows the specified IP address to access this virtual target:

switch(config-iscsi-tgt)# initiator ip-address 10.50.1.1 permit

The following command prevents the specified IP address from accessing virtual targets:

switch(config-iscsi-tgt)# no initiator ip-address 10.50.1.1 permit

The following command allows all initiators in this subnetwork to access this virtual target:

switch(config-iscsi-tgt)# initiator ip-address 10.50.0.0 255.255.255.0 permit

The following command prevents all initiators in this subnetwork from accessing virtual targets:

switch(config-iscsi-tgt)# no initiator ip-address 10.50.0.0 255.255.255.0 permit

The following command allows all initiator nodes to access this virtual target.

switch(config-iscsi-tgt)# all-initiator-permit

The following command prevents any initiator node from accessing virtual targets.

switch(config-iscsi-tgt)# no all-initiator-permit

The following command configures a primary and secondary port and moves the LUNs from one port to the other using the trespass command.

switch# config terminal
switch(config)#	iscsi virtual-target name iqn.1987-02.com.cisco.initiator
switch(config-iscsi-tgt)# pwwn 50:00:00:a1:94:cc secondary-pwwn 50:00:00:a1:97:ac
switch(config-iscsi-tgt)# trespass

Related Commands

Command
Description

show iscsi virtual target

Displays information about iSCSI virtual targets.


isns

To tag a Gigabit Ethernet or PortChannel interface to an Internet Storage Name Service (iSNS) profile, use the isns command in interface configuration submode. To untag the interface, use the no form of the command.

isns profile-name

no isns profile-name

Syntax Description

profile-name

Specifies the iSNS profile name.


Defaults

Disabled.

Command Modes

Interface configuration submode.

Command History

Release
Modification

2.0(1b)

This command was introduced.


Usage Guidelines

To use this command, iSNS must be enabled using the isns-server enable command.

Use the isns reregister command in EXEC mode to reregister associated iSNS objects (tagged to an iSNS profile) with the iSNS server.

Examples

The following example shows how to tag a Gigabit Ethernet interface to an iSNS profile.

switch# config terminal
switch(config)# interface gigabitethernet 1/2
switch(config-if)# isns Profile1

The following example shows how to tag a PortChannel interface to an iSNS profile.

switch# config terminal
switch(config)# interface port-channel 2
switch(config-if)# isns Profile2

Related Commands

Command
Description

isns-server enable

Enables the iSNS server.

isns reregister

Reregisters the iSNS object.

show interface gigabitethernet

Displays configuration and status information for a specified Gigabit Ethernet interface.

show interface port-channel

Displays configuration and status information for a specified PortChannel interface.

show isns

Displays iSNS information.


isns distribute

To enable Cisco Fabric Services (CFS) distribution for Internet Storage Name Service (iSNS), use the isns distribute command. To disable this feature, use the no form of the command.

isns distribute

no isns distribute

Syntax Description

This command has no other arguments or keywords.

Defaults

Enabled.

Command Modes

Configuration mode.

Command History

Release
Modification

2.0(1b)

This command was introduced.


Usage Guidelines

To use this command, iSNS must be enabled using the isns-server enable command.

You can configure the pWWN and nWWN of iSCSI initiators and permit a group of iSCSI initiators to share a given nWWN/pWWN pair by using a proxy initiator. The number of iSCSI initiators that register with the iSNS server is more than the number of iSCSI targets that register with the iSNS server. To synchronize the iSCSI initiator entries across switches, you can distribute the iSCSI initiator configuration to iSNS servers across switches.

Examples

The following example shows how to initiate iSNS information distribution.

switch# config terminal
switch(config)# isns distribute

The following example shows how to cancel iSNS information distribution.

switch# config terminal
switch(config)# no isns distribute

Related Commands

Command
Description

isns-server enable

Enables the iSNS server.

show isns

Displays iSNS information.


isns esi retries

To configure the number of entity status inquiry (ESI) retry attempts, use the isns esi retries command in configuration mode. To revert to the default value, use the no form of the command.

isns esi retries number

no isns esi retries number

Syntax Description

number

Specifies the number of retries. The range is 0 to 10.


Defaults

3 retries.

Command Modes

Configuration mode.

Command History

Release
Modification

2.0(1b)

This command was introduced.


Usage Guidelines

To use this command, Internet Storage Name Service (iSNS) must be enabled using the isns-server enable command.

The iSNS client queries the ESI port at user-configured intervals. Receipt of a response indicates that the client is still alive. Based on the configured value, the interval specifies the number of failed tries before which the client is deregistered from the server.

Examples

The following example shows how change the ESI retries limit to eight.

switch# config terminal
switch(config)# isns esi retries 8

Related Commands

Command
Description

isns-server enable

Enables the iSNS server.

show isns

Displays iSNS information.


isns profile name

To create an Internet Storage Name Service (iSNS) profile and enter iSNS profile configuration submode, use the isns profile name command in configuration mode. To delete the iSNS profile, use the no form of the command.

isns profile name profile-name

no isns profile name profile-name

Syntax Description

profile-name

Specifies the profile name. Maximum length is 64 characters.


Defaults

None.

Command Modes

Configuration mode.

Command History

Release
Modification

1.3(1)

This command was introduced.


Usage Guidelines

To use this command, iSNS must be enabled using the isns-server enable command.

Examples

The following example shows how to specify an iSNS profile name and enter iSNS profile configuration submode.

switch# config terminal
switch(config)# isns profile name UserProfile
switch(config-isns-profile)#

Related Commands

Command
Description

server

Configures a server IP address in an iSNS profile.

show isns

Displays iSNS information.


isns reregister

To register all Internet Storage Name Service (iSNS) objects for an interface that is already tagged to an iSNS profile, use the isns register command.

isns reregister {gigabitethernet slot/number | port-channel channel-group}

Syntax Description

gigabitethernet slot/port

Specifies tagged Gigabit Ethernet interface slot and port.

port-channel channel-group

Specifies tagged PortChannel group. The range is 1 to 128.


Defaults

None.

Command Modes

EXEC mode.

Command History

Release
Modification

1.3(1)

This command was introduced.


Usage Guidelines

Use this command to reregister portals and targets with the iSNS server for a tagged interface.

Examples

The following command re-registers portal and targets for a tagged interface:

switch# isns reregister gigabitethernet 1/4

Related Commands

Command
Description

show isns profile

Displays details for configured iSNS profiles.



isns-server enable

To enable the Internet Storage Name Service (iSNS) server, use the isns-server enable command in configuration mode. To disable iSNS, use the no form of the command.

isns-server enable

no isns-server enable

Syntax Description

This command has no other arguments or keywords.

Defaults

Disabled.

Command Modes

Configuration mode.

Command History

Release
Modification

2.0(1b)

This command was introduced.


Usage Guidelines

Performing the isns-server enable command enables the commands used to configure iSNS.

Examples

The following example shows how to enable iSNS.

switch# config terminal
switch(config)# isns-server enable

The following example shows how to disable iSNS.

switch# config terminal
switch(config)# no isns-server enable

Related Commands

Command
Description

isns distribute

Enables iSNS distributed support.

isns esi retries

Configures ESI retry attempts.

isns profile name

Creates and configures iSNS profiles.

server

Configures iSNS server attributes.

show isns

Displays iSNS information.


ivr abort

To discard an Inter-VSAN Routing (IVR) CFS distribution session in progress, use the ivr abort command in configuration mode.

ivr abort

Syntax Description

This command has no other arguments or keywords.

Defaults

None.

Command Modes

Configuration mode.

Command History

Release
Modification

2.0(1b)

This command was introduced.


Usage Guidelines

None.

Examples

The following example shows how to discard an IVR CFS distribution session in progress.

switch# config terminal
switch(config)# ivr abort 

Related Commands

Command
Description

ivr distribute

Enables CFS distribution for IVR.

show ivr

Displays IVR CFS distribution status and other details.


ivr commit

To apply the pending configuration pertaining to the Inter-VSAN Routing (IVR) Cisco Fabric Services (CFS) distribution session in progress in the fabric, use the ivr commit command in configuration mode.

ivr commit

Syntax Description

This command has no other arguments or keywords.

Defaults

None.

Command Modes

Configuration mode.

Command History

Release
Modification

2.0(1b)

This command was introduced.


Usage Guidelines

None.

Examples

The following example shows how to apply an IVR configuration to the switches in the fabric.

switch# config terminal
switch(config)# ivr commit 

Related Commands

Command
Description

ivr distribute

Enables CFS distribution for IVR.

show ivr

Displays IVR CFS distribution status and other details.


ivr copy auto-topology user-configured-topology

To copy the automatically discovered Inter-VSAN Routing (IVR) VSAN topology into the user configured topology, use the ivr copy auto-topology user-configured-topology command in EXEC mode.

ivr copy auto-topology user-configured-topology

Syntax Description

This command has no arguments or keywords.

Defaults

None.

Command Modes

EXEC configuration mode.

Command History

Release
Modification

2.1(1a)

This command was introduced.


Usage Guidelines

After using the ivr copy auto-topology user-configured-topology command to copy the automatically discovered VSAN topology into the user configured topology you must use the ivr commit command to apply the pending configuration changes to the IVR topology using Cisco Fabric Services (CFS) distribution.

Examples

The following example copies the automatically discovered VSAN topology into the user configured topology.

switch# ivr copy auto-topology user-configured-topology 

Related Commands

Command
Description

ivr commit

Applies the changes to the IVR topology.

show ivr vsan topology

Displays the IVR VSAN topology configuration


ivr distribute

To enable Cisco Fabric Services (CFS) distribution for Inter-VSAN Routing (IVR), use the ivr distribute command. To disable this feature, use the no form of the command.

ivr distribute

no ivr distribute

Syntax Description

This command has no other arguments or keywords.

Defaults

Disabled.

Command Modes

Configuration mode.

Command History

Release
Modification

2.0(1b)

This command was introduced.


Usage Guidelines

None.

Examples

The following example shows how to enable IVR fabric distribution.

switch# config terminal
switch(config)# ivr distribute

Related Commands

Command
Description

ivr commit

Commits temporary IVR configuration changes to the active configuration.

show ivr

Displays IVR CFS distribution status and other details.


ivr enable

To enable the Inter-VSAN Routing (IVR) feature, use the ivr enable command in configuration mode. To disable this feature, use the no form of the command.

ivr enable

no ivr enable

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled.

Command Modes

Configuration mode.

Command History

Release
Modification

1.3(1)

This command was introduced.


Usage Guidelines

The IVR feature must be enabled in all edge switches in the fabric that participate in the IVR.

The configuration and display commands for the IVR feature are only available when IVR is enabled on a switch.

When you disable this configuration, all related configurations are automatically discarded.

Examples

The following command enters the configuration mode and enables the IVR feature on this switch.

switch# config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# ivr enable

Related Commands

Command
Description

show ivr

Displays IVR feature information.



ivr fcdomain database autonomous-fabric-num

To create IVR persistent FC IDs, use the ivr fcdomain database autonomous-fabric-num command. To delete the IVR fcdomain entry for a given AFID and VSAN, use the no form of the command.

ivr fcdomain database autonomous-fabric-num afid-num vsan vsan-id

no ivr fcdomain database autonomous-fabric-num afid-num vsan vsan-id

Syntax Description

afid-num

Specifies the current AFID. The range is 1 to 64.

vsan vsan-id

Specifies the current VSAN. The range is 1 to 4093.


Defaults

None.

Command Modes

Configuration mode.

Command History

Release
Modification

2.1(2)

This command was introduced.


Usage Guidelines

None.

Examples

The following example shows how to enter IVR fcdomain database configuration submode for AFID 10 and VSAN 20.

switch# config t
switch(config)# ivr fcdomain database autonomous-fabric-num 10 vsan 20
switch(config) fcdomain#

The following example shows how to delete all persistent FC ID database entries for AFID 10 and
VSAN 20.

switch# config t
switch(config)# no ivr fcdomain database autonomous-fabric-num 10 vsan 20

Related Commands

Command
Description

show ivr fcdomain database

Displays IVR fcdomain database entry information.


ivr nat

To explicitly enable Network Address Translation (NAT) functionality for Inter-VSAN Routing (IVR), use the ivr nat command in configuration mode. To disable this feature, use the no form of the command.

ivr nat

no ivr nat

Syntax Descriptionno ivr full-nat

This command has no arguments or keywords.

Defaults

Disabled.

Command Modes

Configuration mode.

Command History

Release
Modification

2.1(1a)

This command was introduced.


Usage Guidelines

The ivr nat command allows you to explicitly enable NAT functionality of IVR. Upgrading to SAN-OS Release 2.x from SAN-OS Release 1.3.x does not automatically enable the Fibre Channel NAT functionality. This command also allows you to continue to operate in non-NAT mode even in SAN-OS Release 2.x and later.


Note You might need to operate in non-NAT mode to support proprietary protocols that embed FCIDs in the frame payloads.


Examples

The following example shows how to explicitly enable NAT functionality for IVR.

switch# config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# ivr nat

Related Commands

Command
Description

show ivr

Displays IVR feature information.


ivr refresh

To refresh devices being advertised by Inter-VSAN Routing (IVR), use the ivr refresh command in EXEC mode.

ivr refresh

Syntax Descriptionno ivr full-nat

This command has no arguments or keywords.

Defaults

None.

Command Modes

EXEC mode.

Command History

Release
Modification

2.0(2)

This command was introduced.


Usage Guidelines

None.

Examples

The following example shows refresh devices being advertised by IVR.

switch# ivr refresh

Related Commands

Command
Description

ivr enable

Enables the Inter-VSAN Routing (IVR) feature.

ivr withdraw domain

Withdraws an overlapping virtual domain from a specified VSAN.


ivr service-group name

To configure an Inter-VSAN Routing (IVR) service group, use the ivr service-group name command in configuration mode. To disable this feature, use the no form of the command.

ivr service-group name service-group

no ivr service-group name service-group

Syntax Description

service-group

Specifies the service group name.


Defaults

Disabled.

Command Modes

Configuration mode.

Command History

Release
Modification

2.1(1a)

This command was introduced.


Usage Guidelines

In a complex network topology, you might only have a few IVR-enabled VSANs. To reduce the amount of traffic to non-IVR-enabled VSANs, you can configure a service group that restricts the traffic to the IVR-enabled VSANs. Only one service group allowed in a network. When a new IVR-enabled switch is added to the network, you must update the service group to include the new VSANs.

Before configuring an IVR service group, you must enable the following:

IVR using the ivr enable command

IVR distribution using the ivr distribute command

Automatic IVR topology discovery using the ivr vsan-topology auto command.

Using the autonomous-fabric-id (IVR service group configuration) command, you can restrict the IVR traffic to the AFIDs and VSANs configured in the service group.

Examples

The following example shows how to configure an IVR service group and change to IVR service group configuration mode.

switch# config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# ivr enable
switch(config)# ivr vsan-topology auto 
switch(config)# ivr service-group name serviceGroup1
switch(config-ivr-sg)# 

Related Commands

Command
Description

ivr enable

Enables the Inter-VSAN Routing (IVR) feature

ivr vsan-topology auto

Enables automatic discovery of the IVR topology.

show ivr

Displays IVR feature information.


ivr virtual-fcdomain-add

To add the Inter-VSAN Routing (IVR) virtual domains in a specific VSAN(s) to the assigned domains list in that VSAN, use the ivr virtual-fcdomain-add command. To delete the IVR virtual domains, use the no form of the command.

ivr virtual-fcdomain-add vsan-ranges vsan-range

no ivr virtual-fcdomain-add vsan-ranges vsan-range

Syntax Description

vsan-ranges vsan-range

Specifies the IVR VSANs or range of VSANs. The range of values for a VSAN ID is 1 to 4093.


Defaults

Disabled.

Command Modes

Configuration mode.

Command History

Release
Modification

1.3(4)

This command was introduced.


Usage Guidelines

Use the no ivr virtual-fcdomain-add command to remove the currently active domains from the fcdomain manager list in a specified VSAN.

Examples

The following command adds the IVR virtual domains in VSAN 1.

switch# config terminal
switch(config)# ivr virtual-fcdomain-add vsan-ranges 1 

The following command reverts to the factory default of not adding IVR virtual domains.

switch# config terminal
switch(config)# ivr virtual-fcdomain-add vsan-ranges 1 

Related Commands

Command
Description

show ivr virtual-fcdomain-add-status

Displays the configured VSAN topology for a fabric.

ivr withdraw domain

Removes overlapping domains.



ivr vsan-topology

To configure manual or automatic discovery of the Inter-VSAN Routing (IVR) topology, use the ivr vsan-topology command in configuration mode.

ivr vsan-topology {activate | auto}

Syntax Description

activate

Configures manual discovery of the IVR topology and disables automatic discovery mode.

auto

Configures automatic discovery of the IVR topology.


Defaults

Disabled.

Command Modes

Configuration mode.

Command History

Release
Modification

1.3(1)

This command was introduced.

2.1(1a)

Added auto keyword.


Usage Guidelines

To use this command you must first enable IVR using the ivr enable command and configure the IVR database using the ivr vsan-topology database command.


Caution Active IVR topologies cannot be deactivated. You can only switch to automatic topology discovery mode.

Examples

The following ivr vsan-topology activate command activates the VSAN topology database:

switch# config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# ivr enable
switch(config)# ivr vsan-topology database
switch(config-ivr-topology-db)# autonomous-fabric-id 1 switch 20:00:00:00:30:00:3c:5e 
vsan-ranges 2,2000
switch(config)# ivr vsan-topology activate

The following command enables VSAN topology database auto mode, which allows the switch to automatically discover the IVR topology.

switch(config)# ivr vsan-topology auto

Related Commands

Command
Description

ivr enable

Enables the Inter-VSAN Routing (IVR) feature.

autonomous-fabric-id (IVR topology database configuration)

Configure an autonomous phobic ID into the IVR topology database.

show ivr

Displays IVR feature information.


ivr vsan-topology database

To configure an Inter-VSAN Routing (IVR) topology database, use the ivr vsan-topology database command in configuration mode. To delete an IVR topology database, use the no form of the command.

ivr vsan-topology database

no ivr vsan-topology database

Syntax Description

This command has no arguments or keywords.

Defaults

None.

Command Modes

Configuration mode.

Command History

Release
Modification

1.3(1)

This command was introduced.


Usage Guidelines

To use this command you must first enable IVR using the ivr enable command.

You can have up to 64 VSANs (or 128 VSANs as of Cisco MDS SAN-OS Release 2.1(1a)) in an IVR topology. Specify the IVR topology using the following information:

The switch WWNs of the IVR-enabled switches.

A minimum of two VSANs to which the IVR-enabled switch belongs.

The autonomous fabric ID (AFID), which distinguishes two VSANs that are logically and physically separate, but have the same VSAN number. Cisco MDS SAN-OS Release 1.3(1) and later supports only one default AFID (AFID 1) and thus does not support non-unique VSAN IDs in the network. As of Cisco MDS SAN-OS Release 2.1(1a), you can specify up to 64 AFIDs.


Note The use of a single AFID does not allow for VSANs that are logically and physically separate but have the same VSAN number in an IVR topology.



Caution You can only configure a maximum of 128 IVR-enabled switches and 64 distinct VSANs (or 128 distinct VSANs as of Cisco MDS SAN-OS Release 2.1(1a)) in an IVR topology.

The no ivr vsan-topology database command only clears the configured database, not the active database. You can only delete the user-defined entries in the configured database. Auto mode entries only exist in the active database.

Examples

The following command enters configuration mode, enables the IVR feature, enters the VSAN topology database, and configures the pWWN-VSAN association for VSANs 2 and 2000:

switch# config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# ivr enable
switch(config)# ivr vsan-topology database
switch(config-ivr-topology-db)# autonomous-fabric-id 1 switch 20:00:00:00:30:00:3c:5e 
vsan-ranges 2,2000

Related Commands

Command
Description

ivr enable

Enables the Inter-VSAN Routing (IVR) feature.

autonomous-fabric-id (IVR topology database configuration)

Configure an autonomous phobic ID into the IVR topology database

show ivr

Displays IVR feature information.


ivr withdraw domain

To withdraw overlapping virtual domain from a specified VSAN, use the ivr withdraw domain command in EXEC mode.

ivr withdraw domain domain-id vsan vsan-id

Syntax Description

domain-id

Specifies the domain id. The range is 1 to 239.

vsan vsan-id

Specifies the VSAN ID. The range is 1 to 4093.


Defaults

None.

Command Modes

EXEC mode.

Command History

Release
Modification

1.3(4)

This command was introduced.


Usage Guidelines

When you enable the ivr virtual-fcdomain-add command, links may fail to come up due to overlapping virtual domain identifiers. If so, temporarily withdraw the overlapping virtual domain from that VSAN using the ivr withdraw domain command in EXEC mode.

Examples

The following command withdraws overlapping domains.

switch# ivr withdraw domain 10 vsan 20

Related Commands

Command
Description

show ivr virtual-fcdomain-add-status

Displays the configured VSAN topology for a fabric.


ivr zone name

To configure a zone for Inter-VSAN Routing (IVR), use the ivr zone name command. To disable a zone for IVR, use the no form of the command.

ivr zone name ivzs-name

no ivr zone name ivz-name

Syntax Description

ivz-name

Specifies the IVZ name. Maximum length is 59 characters.


Defaults

None.

Command Modes

Configuration mode.

Command History

Release
Modification

1.3(1)

This command was introduced.


Usage Guidelines

This command enters IVR zone configuration submode.

Examples

The following command enters the configuration mode, enables the IVR feature, creates an IVZ, and adds a pWWN-VSAN member.

switch# config terminal
switch(config)# ivr enable
switch(config)# ivr zone name Ivz_vsan2-3
switch(config-ivr-zone)# member pwwn 21:00:00:e0:8b:02:ca:4a vsan 3

Related Commands

Command
Description

show ivr

Displays IVR feature information.


ivr zoneset

To configure a zoneset for Inter-VSAN Routing (IVR), use the ivr zoneset command. To revert to the factory defaults, use the no form of the command.

ivr zoneset {activate name ivzs-name [force] | name ivzs-name}

no ivr zoneset {activate name ivzs-name [force] | name ivzs-name}

Syntax Description

activate

Activates a previously-configured IVZS.

force

Forces a IVZS activation

name ivzs-name

Specifies the IVZS name. Maximum length is 59 characters.


Defaults

None.

Command Modes

Configuration mode.

Command History

Release
Modification

1.3(1)

This command was introduced.


Usage Guidelines

This command enters IVR zoneset configuration submode.

Examples

The following command enters the configuration mode, enables the IVR feature, creates an IVZS, adds a IVZ member, and activates the IVZS.

switch# config terminal
switch(config)# ivr enable
switch(config)# ivr zoneset name Ivr_zoneset1
switch(config-ivr-zoneset)# member Ivz_vsan2-3 
switch(config-ivr-zoneset)# exit
switch(config)# ivr zoneset activate name IVR_ZoneSet1

Related Commands

Command
Description

show ivr

Displays IVR feature information.