Guest

Cisco MDS 9000 NX-OS and SAN-OS Software

Cisco MDS 9000 Family Release Notes for Cisco MDS SAN-OS Release 2.1(1a)

 Feedback

Table Of Contents

Cisco MDS 9000 Family Release Notes
for Cisco MDS SAN-OS Release 2.1(1a)

Contents

Introduction

System Requirements

Components Supported

Determining the Software Version

Image Upgrade

Performing a Disruptive Upgrade on a Single Supervisor MDS Family Switch

New Features in Cisco MDS SAN-OS Release 2.1(1a)

CFS Enhancements

Distributed Configuration Copy

Enhance IP Compression Auto Mode

iSCSI Immediate Data

Limit of iSCSI Connections Increased

IVR Enhancements

Adding IVR Virtual Domains

IVR NAT

IVR LUN Zoning

IVR VSAN Topology

IVR Zoning QoS

Service Groups

Autonomous Fabric ID

Inter-VSAN Zones (IVZ)

Multiple Filter Commands

Network-Accelerated Serverless Backup

SANTap

VSFN Support on SSM

Fabric Manager Enhancements

Device Manager Enhancements

Limitations and Restrictions

iSNS

iSCSI

Caveats

Resolved Caveats

Open Caveats

Related Documentation

Obtaining Documentation

Cisco.com

Documentation DVD

Ordering Documentation

Documentation Feedback

Cisco Product Security Overview

Reporting Security Problems in Cisco Products

Obtaining Technical Assistance

Cisco Technical Support Website

Submitting a Service Request

Definitions of Service Request Severity

Obtaining Additional Publications and Information


Cisco MDS 9000 Family Release Notes
for Cisco MDS SAN-OS Release 2.1(1a)


Release Date: April 6, 2005

Text Part Number: OL-7411-01 C2

This document describes the caveats and limitations for switches in the Cisco MDS 9000 Family. Use this document in conjunction with documents listed in the "Related Documentation" section.


Note Release notes are sometimes updated with new information on restrictions and caveats. Refer to the following website for the most recent version of the Cisco MDS 9000 Family Release Notes: http://www.cisco.com/en/US/products/hw/ps4159/ps4358/prod_release_notes_list.html


Table 1 shows the on-line change history for this document.

Table 1 On-Line History Change

Revision
Date
Description

A0

4/6/2005

Created release notes

B0

4/12/2005

Added DDTS CSCeh04183 

C0

4/13/2005

Added DDTS CSCeg81089

D0

4/26/2005

Added iSNS information to the Limitations and Restrictions section

E0

5/3/2005

Added DDTS CSCeg82721 and CSCeh65824

F0

5/9/2005

Added the Adding IVR Virtual Domains information

G0

5/18/2005

Added DDTS CSCeh92604 and CSCeh42252

H0

5/24/2005

Added DDTS CSCeg66225

I0

5/31/2005

Added DDTS CSCeh96928

J0

06/01/2005

Added DDTS CSCeg24199 and CSCeh92843

K0

06/06/2005

Changed the state of DDTS CSCeh92843

L0

06/23/2005

Added DDTS CSCei25319

M0

08/04/2005

Added DDTS CSCed57251, CSCeh61610, CSCeh64080, CSCec31365, CSCeg20932, CSCeg53114, CSCeh19639, CSCeh52280, CSCeh56143, CSCeh82490, CSCeh83514, CSCeh87985, CSCeg90336, CSCeh52973, CSCeh87930, CSCeh90270, CSCeh93625, CSCei01431, CSCeh73101, CSCei29086, CSCeh39705, CSCeh49483, CSCeh70727, CSCeh71865, CSCeh73149, CSCeh85768, CSCeh87930, CSCeh90270, CSCeh91293, CSCeh93109, CSCeh95139, CSCei02196, CSCei18837, CSCeh08307, CSCeh79330, CSCeh82166, CSCei08541, CSCei22596, CSCei31020, and CSCin81851

Added iSCSI information to the Limitations and Restrictions section.

N0

08/05/2005

Added DDTS CSCeh41099

O0

08/11/2005

Added DDTS CSCeh70232

P0

08/22/2005

Removed DDTS CSCeh61610

Q0

08/23/2005

Added DDTS CSCeh61610

R0

09/20/2005

Added DDTS CSCei88345

S0

11/03/2005

Added DDTS CSCeh69186

T0

12/07/2005

Added DDTS CSCsc31424

U0

12/30/2005

Added DDTS CSCei91968

V0

02/22/2006

Added DDTS CSCsc23435

WO

05/26/2006

Removed DDTS CSCeh52973

Added DDTS CSCeg33121, CSCsd29338, CSCeg12962, CSCeg84871, CSCeh04183, CSCeh30951, CSCeh70232, CSCei10774, CSCei19822, CSCei36082, CSCei79457, CSCei48889, CSCei57342, CSCei58652, CSCei67982, CSCei86399, CSCei91676, CSCej08751, CSCin92870, CSCin95789, CSCsc09732,CSCsc33788, CSCsc48919, CSCsc97070, CSCsd34882, CSCsd71701, and CSCsd76429

X0

06/06/2006

Removed DDTS CSCed16845

Y0

09/05/2006

Added DDTS CSCsd78967

Z0

09/13/2006

Added DDTS CSCsf21970

A1

11/07/2006

Added DDTS CSCsg15392

B1

02/23/2007

Added DDTS CSCse99087, CSCsg03171, and CSCsh27840.

C1

04/04/2007

Added the section "Performing a Disruptive Upgrade on a Single Supervisor MDS Family Switch".

C2

08/24/2007

Added DDTS CSCsd83775.


Contents

This document includes the following sections:

Introduction

System Requirements

Image Upgrade

New Features in Cisco MDS SAN-OS Release 2.1(1a)

Limitations and Restrictions

Caveats

Related Documentation

Obtaining Documentation

Documentation Feedback

Cisco Product Security Overview

Obtaining Technical Assistance

Obtaining Additional Publications and Information

Introduction

The Cisco MDS 9000 Family of multilayer directors and fabric switches offers intelligent fabric-switching services that realize maximum performance while ensuring high reliability levels. These switches combine robust and flexible hardware architecture with multiple layers of network and storage management intelligence. This powerful combination enables highly available, scalable storage networks that provide advanced security and unified management features.

The Cisco MDS 9000 Family provides intelligent networking features such as multiprotocol and multitransport integration, virtual SANs (VSANs), advanced security, sophisticated debug analysis tools, and unified SAN management.

System Requirements

This section describes the system requirements for Cisco MDS SAN-OS Release 2.1(1a) and includes the following topics:

Components Supported

Determining the Software Version

Components Supported

Table 2 lists the software and hardware components supported by the Cisco MDS 9000 Family.


Note To use the Cisco Storage Services Enabler package, Cisco MDS SAN-OS Release 1.3(5) or later must be installed on the MDS switch.


Table 2 Cisco MDS 9000 Family Supported Software and Hardware Components  

Component
Part Number
Description
Applicable Product

Software

M95S1K9-2.1.1

MDS 9500 Supervisor/Fabric-I, SAN-OS software.

MDS 9500 Series only

M92S1K9-2.1.1

MDS 9216 Supervisor/Fabric-I, SAN-OS software.

MDS 9200 Series only

M91S1K9-2.1.1

MDS 9100 Supervisor/Fabric-I, SAN-OS software.

MDS 9100 Series only

License

M9500ENT1K9

Enterprise package.

MDS 9500 Series

M9200ENT1K9

Enterprise package.

MDS 9200 Series

M9100ENT1K9

Enterprise package.

MDS 9100 Series

M9500FIC1K9

Mainframe package.

MDS 9500 Series

M9200FIC1K9

Mainframe package.

MDS 9200 Series

M9100FIC1K9

Mainframe package.

MDS 9100 Series

M9500FMS1K9

Fabric Manager Server package.

MDS 9500 Series

M9200FMS1K9

Fabric Manager Server package.

MDS 9200 Series

M9100FMS1K9

Fabric Manager Server package.

MDS 9100 Series

M9500EXT1K9

SAN Extension over IP package for IPS-8 module.

MDS 9500 Series

M9200EXT1K9

SAN Extension over IP package for IPS-8 module.

MDS 9200 Series

M9500EXT14K9

SAN Extension over IP package for IPS-4 module.

MDS 9500 Series

M9200EXT14K9

SAN Extension over IP package for IPS-4 module.

MDS 9200 Series

M9500EXT12K9

SAN Extension over IP package for MPS 14+2 module.

MDS 9500 Series

M9200EXT12K9

SAN Extension over IP package for MPS 14+2 module.

MDS 9200 Series

M9500SSE1K9

Storage Services Enabler package.

MDS 9500 series with ASM or SSM

M9200SSE1K9

Storage Services Enabler package.

MDS 9200 series with ASM or SSM

Chassis

DS-C9509

MDS 9509 director, base configuration (9-slot modular chassis includes 7 slots for switching modules and 2 slots for supervisor modules—SFPs1 sold separately).

MDS 9509 only

DS-C9506

MDS 9506 director (6-slot modular chassis includes 4 slots for switching modules and 2 slots for supervisor modules—SFPs sold separately).

MDS 9506 only

DS-C9216-K9

MDS 9216 16-port semi-modular fabric switch (includes 16 1-Gbps/2-Gbps Fibre Channel ports, power supply, and expansion slot—SFPs sold separately).

MDS 9216 only

DS-C9216A-K9

MDS 9216A 16-port semi-modular fabric switch (includes 16 1-Gbps/2-Gbps Fibre Channel ports, power supply, and expansion slot—SFPs sold separately).

MDS 9216A only

DS-C9216i-K9

MDS 9216i 16-port semi-modular fabric switch (includes 14 1-Gbps/2-Gbps Fibre Channel ports, 2 Gigabit Ethernet ports, power supply, and expansion slot—SFPs sold separately).

MDS 9216i only

DS-C9120-K9

MDS 9120 fixed configuration, non-modular, fabric switch (includes 4 full rate ports and 16 host-optimized ports).

MDS 9120 only

DS-C9140-K9

MDS 9140 fixed configuration (non-modular) fabric switch (includes 8 full rate ports and 32 host-optimized ports).

MDS 9140 only

Supervisor modules

DS-X9530-SF1-K9

MDS 9500 Supervisor/Fabric-I, module.

MDS 9500 Series only

Switching modules

DS-X9016

MDS 9000 16-port 1-Gbps/2-Gbps Fibre Channel module (SFPs sold separately).

MDS 9500 Series and 9200 Series

DS-X9032

MDS 9000 32-port 1-Gbps/2-Gbps Fibre Channel module (SFPs sold separately).

Services modules

DS-X9308-SMIP

8-port Gigabit Ethernet IP Storage Services module.

DS-X9304-SMIP

4-port Gigabit Ethernet IP Storage Services module.

DS-X9032-SMV

32-port Fibre Channel Advanced Services Module (ASM).

DS-X9032-SSM

MDS 9000 32-port 1-Gbps/2-Gbps Fibre Channel Storage Services Module (SSM).

DS-X9560-SMC

Caching Services Module (CSM).

DS-X9302-14K9

14-port Fibre Channel/2-port Gigabit Ethernet Multiprotocol Services (MPS-14/2) module.

LC-type fiber-optic SFP

DS-SFP-FC-2G-SW

2-Gbps/1-Gbps Fibre Channel — short wavelength SFP.

MDS 9000 Family

DS-SFP-FC-2G-LW

2-Gbps/1-Gbps Fibre Channel — long wavelength SFP.

DS-SFP-FCGE-SW

1-Gbps Ethernet and 1-Gbps/2-Gbps Fibre Channel—short wavelength SFP.

DS-SFP-FCGE-LW

1-Gbps Ethernet and 1-Gbps/2-Gbps Fibre Channel — long wavelength SFP.

CWDM2

CWDM-SFP-xxxx-2G

Gigabit Ethernet and 1-Gbps/2-Gbps Fibre Channel SFP LC interface xxxx nm, where xxxx = 1470, 1490, 1510, 1530, 1550, 1570, 1590, or 1610 nm.

MDS 9000 Family

CWDM-MUX-4

Add/drop multiplexer for four CWDM wavelengths.

CWDM-MUX-8

Add/drop multiplexer for eight CWDM wavelengths.

CWDM-CHASSIS-2

Two slot chassis for CWDM add/drop multiplexer(s).

Power supplies

DS-CAC-300W

300-W3 AC power supply.

MDS 9100 Series only

DS-CAC-845W

845-W AC power supply.

MDS 9200 Series only

DS-CAC-2500W

2500-W AC power supply.

MDS 9509 only

DS-CDC-2500W

2500-W DC power supply.

DS-CAC-4000W-US

4000-W AC power supply for US (cable attached).

DS-CAC-4000W-INT

4000-W AC power supply international (cable attached).

DS-CAC-1900W

1900-W AC power supply.

MDS 9506 only

DS-CDC-1900W

1900-W DC power supply.

CompactFlash

MEM-MDS-FLD512M

MDS 9500 supervisor CompactFlash disk, 512MB.

MDS 9500 Series only

Port analyzer adapter

DS-PAA-2

A standalone Fibre Channel-to-Ethernet adapter that allows for simple, transparent analysis of Fibre Channel traffic in a switched fabric.

MDS 9000 Family

1 SFP = small form-factor pluggable

2 CWDM = coarse wavelength division multiplexing

3 W = Watt


Determining the Software Version


Note We strongly recommend that you use the latest available software release supported by your vendor for all Cisco MDS 9000 Family products.


To determine the version of the Cisco MDS SAN-OS software currently running on a Cisco MDS 9000 Family switch using the CLI, log into the switch and enter the show version EXEC command.

To determine the version of the Cisco MDS SAN-OS software currently running on a Cisco MDS 9000 Family switch using the Fabric Manager, view the Switches tab in the Information pane, locate the switch using the IP address, logical name, or WWN, and check its version in the Release column.

Image Upgrade

The Cisco MDS SAN-OS software is designed for mission-critical high availability environments. To realize the benefits of nondisruptive upgrades on the Cisco MDS 9500 Directors, we highly recommend that you install dual supervisor modules.

You can nondisruptively upgrade to Cisco MDS SAN-OS Release 2.1(1a) from any SAN-OS software release beginning with Release 1.3(x). If you are running an older version of the SAN-OS, upgrade to Release 1.3(x) and then Release 2.1(1a).

When downgrading from Cisco MDS SAN-OS Release 2.1(1a) to Release 1.3(x), you might need to disable new features in Release 2.1(1a) for a nondisruptive downgrade. Issuing the install all command from the CLI, or using Fabric Manager to perform the downgrade enables the compatibility check. The check indicates that the downgrade is disruptive and the reason is "current running-config is not supported by new image."

Compatibility check is done:
Module  bootable          Impact  Install-type  Reason
------  --------  --------------  ------------  ------
      2       yes      disruptive         reset  Current running-config is not 
supported by new image
      3       yes      disruptive         reset  Current running-config is not 
supported by new image
      5       yes      disruptive         reset  Current running-config is not 
supported by new image
      6       yes      disruptive         reset  Current running-config is not 
supported by new image

At a minimum, you need to disable the default device alias distribution feature using the no device-alias distribute command in global configuration mode. The show incompatibility system bootflash:1.3(x)_filename command determines which additional features need to be disabled.


Note Refer to the "Determining Software Compatibility" section of the Cisco MDS 9000 Family CLI Configuration Guide for more details.


Performing a Disruptive Upgrade on a Single Supervisor MDS Family Switch

Cisco MDS SAN-OS software upgrades are disruptive on the following single supervisor Cisco MDS Family switches:

MDS 9120 switch

MDS 9140 switch

MDS 9216i switch

If you are performing an upgrade on one of those switches, you should follow the nondisruptive upgrade path listed in this section, even though the upgrade is disruptive. Following the nondisruptive upgrade path ensures that the binary startup configuration remains intact.

If you do not follow the upgrade path, the binary startup configuration is deleted because it is not compatible with the new image, and the ASCII startup configuration file is applied when the switch comes up with the new upgraded image. When the ASCII startup configuration file is applied, there may be errors. Because of this, we recommend that you follow the nondisruptive upgrade path.

New Features in Cisco MDS SAN-OS Release 2.1(1a)

This section describes the new features introduced in this release. For more information about the features listed, refer to the documentation set listed in the "Related Documentation" section.


Note This release note is specific to this release. For the Cisco MDS SAN-OS Release 2.x documentation set, see the "Related Documentation" section.


CFS Enhancements

By default Cisco Fabric Services (CFS) is in the distribute mode. In the distribute mode, fabric-wide distribution is enabled. Applications can distribute data and configuration to all the CFS-capable switches in the fabric where the application exists.

In the no cfs distribute mode, fabric-wide distribution is disabled. CFS and the applications using CFS on that switch are isolated from the rest of the fabric even though there might be physical connectivity. All CFS operations are restricted to the particular switch. All the CFS commands continue to work much like a physically isolated switch.

The show cfs status command is an executive level command that shows whether CFS fabric distribution mode is enabled or disabled.

Distributed Configuration Copy

As of Cisco MDS SAN-OS Release 2.1(1a), you can use CFS to instruct the other switches in the fabric to save their configurations to their local NVRAM using the copy running-config startup-config fabric command.

Enhance IP Compression Auto Mode

The IP compression feature behavior differs between the IPS module(s) and the MPS-14/2 module—while mode2 and mode3 perform software compression in both modules, mode1 performs hardware-based compression in MPS-14/2 modules, and software compression in IPS-4 and IPS-8 modules.

As of Cisco MDS SAN-OS Release 2.1(1a), the auto mode option uses a combination of compression modes to effectively utilize the WAN bandwidth. The compression modes change dynamically to maximize the WAN bandwidth utilization.


Note The Cisco MDS 9216i Switch also supports the IP compression feature. The integrated supervisor module has the same hardware components that are available in the MPS-14/2 module.


iSCSI Immediate Data

Cisco MDS SAN-OS Release 2.1(1a) supports iSCSI immediate data and unsolicited data feature if the initiator requests it during the login negotiation phase. immediate data is iSCSI write data that is contained in the data segment of an iSCSI command PDU, such as the write command and write data together in one PDU. Unsolicited data is iSCSI write data that an initiator sends to the iSCSI target (MDS in our case) in an iSCSI data-out PDU without having to receive an explicit R2T (Ready to transfer) PDU from the target.

These two features help reduce I/O time for small write commands because it removes one round-trip between the initiator and the target for R2T PDU. The iSCSI target of the MDS switch allows up to
64 KB of unsolicited data per command. This is controlled by the FirstBurstLength parameter during iSCSI login negotiation phase.

Limit of iSCSI Connections Increased

In Cisco MDS SAN-OS Release 2.0, a limit of 200 iSCSI connections on each IPS/MPS 14/2 port was imposed. As of Cisco MDS SAN-OS Release 2.1(1a), the number of iSCSI connections on each IPS and MPS 14/2 por tis now up to 500 connections per port.

IVR Enhancements

This section describes the new IVR features for this release.

Adding IVR Virtual Domains

Cisco MDS SAN-OS Release 2.1(1) enables the addition of IVR virtual domains to the assigned domains list in remote VSANs by default. When adding IVR domains, all IVR virtual domains that are currently present in the fabric (and any virtual domain that is created in the future) will appear in the assigned domain list for that VSAN.

IVR NAT

IVR NAT allows you to set up IVR in a fabric without the need for a unique domain ID on every switch in the IVR path. When IVR NAT is enabled, the virtualized end device that appears in the native VSAN uses a virtual domain ID that is unique to the native VSAN.


Note IVR NAT requires Cisco MDS SAN-OS Release 2.1(1a) on all switches in the fabric.


IVR LUN Zoning

As of Cisco MDS SAN-OS Release 2.1(1a), IVR directly supports LUN zoning.

IVR VSAN Topology

IVR uses a configured IVR VSAN topology to determine how to route traffic between the initiator and the target across the fabric. You can configure this IVR VSAN topology manually on an IVR-enabled switch and distribute the configuration using CFS, or starting in Cisco MDS SAN-OS Release 2.1(1a), you can configure IVR topology in auto mode. This mode automatically builds the IVR VSAN topology and maintains the topology database when fabric reconfigurations occur. Auto mode distributes the IVR VSAN topology to IVR-enabled switches using CFS. Auto mode uses any user-configured IVR VSAN topology as a starting point for the VSAN topology database.

Using auto mode, you no longer need to manually update the IVR VSAN topology when reconfigurations occur in your fabric.


Note IVR topology auto mode requires Cisco MDS SAN-OS Release 2.1(1a) on all switches in the fabric.



Note IVR topology auto mode requires enabling CFS for IVR on all switches in the fabric.


IVR Zoning QoS

IVR zoning QoS can be configured separate from other zone attributes.

Service Groups

Cisco MDS SAN-OS Release 2.1(1a) introduces service groups as a way to limit the control traffic associated with distributing the IVR VSAN topology learned in auto mode. A services group lists fabric IDs and VSANs associated with that fabric ID. When the IVR configuration is distributed, CFS uses the service group to limit the number of switches to which it sends the new IVR VSAN topology database.


Note You must update the service group and distribute it using CFS whenever a fabric reconfiguration affects an IVR-enabled switch.


Autonomous Fabric ID

The autonomous fabric ID distinguishes segmented VSANS (that is, two VSANs that are logically and physically separate but have the same VSAN number). Cisco MDS SAN-OS Release 2.1(1a) introduces support for fabric IDs from 1 through 64. Fabric IDs are used in conjunction with auto mode to allow segmented VSANS in the IVR VSAN topology database. You can configure up to 64 fabric IDs.

The autonomous fabric ID can be configured individually for each switch and list of VSANs, or the default autonomous fabric ID can be configured for each switch.


Note Two VSANs with the same VSAN number but different fabric IDs are counted as two VSANs out of the total 128 VSANs allowed in the fabric.


Inter-VSAN Zones (IVZ)

As of Cisco MDS SAN-OS Release 2.1(1a), you can configure up to 2000 IVZs and 10,000 IVZ members on the switches in the network.

Multiple Filter Commands

Cisco MDS SAN-OS Release 2.1(1a) supports using multiple filters in the same show command output. This means you can use a combination of the available filters to format the output of any show command.


Note The maximum number of commands allowed is four. For example, a maximum of three filter commands or two filter commands and a redirection.


Cisco MDS SAN-OS Release 2.1(1a) also supports both filters and redirection in the same command. You can apply the required filters to the output of any command and save the output using the file redirection.

Network-Accelerated Serverless Backup

As of Cisco MDS SAN-OS Release 2.1(1a), the SSMs support Network-Accelerated Serverless Backup (NASB). Data movement in the fabric uses considerable processor cycles, which can cause client applications to slow down noticeably. Offloading data movement operations to a media server allows the client applications to run normally even during a backup operation. Media servers can further offload the data movement operation to NASB devices, which allows the media server to focus on the coordination functions needed to complete the backup.

SANTap

The SANTap feature allows third-party data storage applications, such as long distance replication and continuous backup, to be integrated into the SAN. The protocol-based interface offered by SANTap allows easy and rapid integration of the data storage service application because it delivers a loose coupling between the application and an ASM or SSM, thereby reducing the effort needed to integrate applications with the core services being offered by the ASM or SSM.

VSFN Support on SSM

VSFN can be configured on SSM.

Fabric Manager Enhancements

The Cisco MDS 9000 Family Fabric Manager supports:

IVR Wizard updated to support IVR NAT and auto-topology

Network-Accelerated Serverless Backup (NASB)

SANTap

Distributed configuration copy

Autonomous fabric ID

Performance Manager Top Ten Report Generation

Exporting Performance Manager reports in CSV format

Advanced and Simplified user interface modes

SNMP proxy mode to facilitate communications through a firewall

Device Manager Enhancements

The Cisco MDS 9000 Family Device Manager supports autonomous fabric ID.

Limitations and Restrictions

This section lists the limitations and restrictions for this release.

iSNS

The Internet storage name services (iSNS) server functionality supports only IP network topologies where all IP Storage Services (IPS) modules in the SAN are connected to the same IP network. The iSNS server assumes that if an iSNS client can reach one IPS port, it can also reach every other IPS port in the SAN.

iSCSI

iSCSI pass-thru forwarding mode requires Microsoft iSCSI driver version 2.0 and Cisco iSCSI driver version 4.2.1. There are no restrictions for iSCSI store-and-forward forwarding mode.

Caveats

This section lists the open and resolved caveats for this release. Use Table 3 to determine the status of a particular caveat. In the table, "O" indicates an open caveat and "R" indicates a resolved caveat.

Table 3 Release Caveats and Caveats Corrected Reference 

DDTS Number
Software Release (Open or Resolved)
2.0(4)
2.1(1a)

Severity 1

CSCeg33121

O

O

CSCsd29338

O

O

Severity 2

CSCed57251

O

O

CSCeh04183

 

R

CSCeg07339

O

R

CSCeg11095

O

R

CSCeg12962

O

O

CSCeg20932

O

O

CSCeg53114

O

O

CSCeg66015

 

R

CSCeg82721

O

R

CSCeg84871

O

O

CSCeg90336

O

O

CSCeh29872

 

O

CSCeh39705

 

O

CSCeh40138

O

O

CSCeh41378

O

R

CSCeh46899

 

R

CSCeh47017

 

R

CSCeh49026

 

R

CSCeh49483

 

O

CSCeh61610

O

O

CSCeh70232

 

O

CSCeh70727

 

O

CSCeh71865

 

O

CSCeh73149

 

O

CSCeh85768

 

O

CSCeh87930

O

O

CSCeh90270

O

O

CSCeh91293

 

O

CSCeh92604

 

O

CSCeh93109

 

O

CSCeh93625

O

O

CSCeh95139

 

O

CSCeh96928

O

O

CSCei01431

O

O

CSCei02196

 

O

CSCei10774

 

O

CSCei18837

 

O

CSCei19822

 

O

CSCei25319

O

O

CSCei36082

 

O

CSCei79457

 

O

CSCei88345

 

O

CSCsd78967

O

O

CSCsh27840

O

O

Severity 3

CSCec31365

O

O

CSCed14920

O

O

CSCef11644

O

O

CSCed20053

O

R

CSCef56229

O

O

CSCef87845

O

O

CSCef95611

O

R

CSCeg01551

O

O

CSCeg12383

O

O

CSCeg12962

O

O

CSCeg24199

O

R

CSCeg27584

O

O

CSCeg35694

O

R

CSCeg37200

O

R

CSCeg37598

O

O

CSCeg38506

O

R

CSCeg40856

O

O

CSCeg55238

O

O

CSCeg56197

O

R

CSCeg59937

 

R

CSCeg61535

O

R

CSCeg66225

O

R

CSCeg72539

 

O

CSCeg81089

O

R

CSCeg84853

 

O

CSCeg85146

 

O

CSCeh04183

 

O

CSCeh08307

 

O

CSCeh19639

O

O

CSCeh24387

O

R

CSCeh30951

 

O

CSCeh33448

 

O

CSCeh33548

 

O

CSCeh33814

 

O

CSCeh34275

O

O

CSCeh34828

 

O

CSCeh35859

 

O

CSCeh36025

 

O

CSCeh37066

 

O

CSCeh37220

 

R

CSCeh38055

 

O

CSCeh38123

 

O

CSCeh41099

O

O

CSCeh45321

O

R

CSCeh48138

O

R

CSCeh51392

O

R

CSCeh51924

O

O

CSCeh52280

O

O

CSCeh56143

O

O

CSCeh64080

O

O

CSCeh65824

O

O

CSCeh69186

 

O

CSCeh70232

 

CSCeh73101

O

O

CSCeh79330

 

O

CSCeh82166

 

O

CSCeh82490

O

O

CSCeh83514

O

O

CSCeh87985

O

O

CSCeh92843

 

O

CSCei08541

 

O

CSCei22596

 

O

CSCei29086

 

O

CSCei31020

 

O

CSCin81851

 

O

CSCei48889

 

O

CSCei57342

O

O

CSCei58652

O

O

CSCei67982

O

O

CSCei86399

 

O

CSCei91676

O

O

CSCei91968

O

O

CSCej08751

O

O

CSCin81851

O

R

CSCin84965

O

O

CSCin87497

 

O

CSCin92870

 

O

CSCin95789

 

O

CSCsc09732

O

O

CSCsc23435

 

O

CSCsc31424

O

O

CSCsc33788

O

O

CSCsc48919

O

O

CSCsc97070

 

O

CSCsd34882

 

O

CSCsd71701

 

O

CSCsd76429

 

O

CSCsd83775

O

O

CSCse99087

O

O

CSCsf21970

O

O

CSCsg03171

O

O

CSCsg15392

O

O

Severity 4

CSCeh27034

 

R

CSCeh42252

O

O


Resolved Caveats

CSCeh04183

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt). These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

Attacks that use ICMP "hard" error messages

Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks

Attacks that use ICMP "source quench" messages Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft. Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en

CSCeg07339

Symptom: The iSCSI/IPsec session may go down and come back up after a few hours if using Microsoft's implementation of IPsec in the iSCSI initiator software.

Workaround: None.

CSCeg11095

Symptom: Duplicate fabrics are opened under different SANs when the loadFromDB option is selected.

Workaround: Select Admin > Fabrics to remove the fabric, and then reopen it with the loadFromDB box deselected.

CSCei02196

Symptom: When a default zoning policy is permitted and there is no active zone set, packets may drop on Fx ports if there are a lot of Fx and Nx ports going up and down.

Workaround: Configure and activate a zone set.

CSCei10774

Symptom: Disabling QoS does not remove the QoS attribute from an IVR zone set, and subsequent activation of the IVR zone set does not succeed.

Workaround: Remove the QoS attribute from the IVR zone set, both active and configured, before disabling QoS.

CSCei18837

Symptom: If the standby supervisor and the line cards are reloaded simultaneously, the line cards do not come online and reach the OK state.

Workaround: Perform a reload at the switch level to recover from this problem.

CSCei19822

Symptom: An active IVR zone set on the local switch is not propagated when the commit session contains any other configuration changes.

Workaround: For Cisco SAN-OS Release 2.1(2) and later, perform an implicit commit without any changes. In the case of a merge failure and the IVR zone set is not active on remote switches but is active on a local switch, issue an implicit commit from the local switch to propagate the active zone set to the remote switches.

For releases prior to Release 2.1(2), the workaround is different. Add either a dummy member to an existing zone or add a dummy zone with dummy members to the currently active IVR zone set, and then reactivate the IVR zone set. Then issue the commit command, which will propagate the active zone set to the other switches.

CSCeg12962

Symptom: Some hosts may not accept IKE tunnel creation from a Cisco MDS 9000 Family switch when an IKE session already exists in the switch. When this occurs, it may take more than the expected time for the IPsec session to come up. This scenario can happen when the Gigabit Ethernet interface on the switch fails and comes back up, or if you issue a VRRP switchover to a different switch.

Workaround: For a faster recovery, disconnect and reinitiate the iSCSI session from the host.

In Cisco SAN-OS Release 3.0(1), you can avoid this problem by configuring a TCP port number (in addition to an IP address mask) in the IP access list used by the IPsec crypto map.

CSCeg20932

Symptom: If an IPS module with operational FCIP PortChannels is reloaded, upgraded, or downgraded, the supervisor module may be reloaded causing the system to reboot.

Workaround: Before reloading, upgrading, or downgrading an IPS module, shut down all FCIP PortChannels on the line card.

CSCeg53114

Symptom: WWNs assigned to iSCSI initiators by the system can inadvertently be returned to the system when an upgrade fails or a manual downgrade is performed, such as when an older iSAN software version is booted up without using the install all command. In these scenarios, the system can later assign those WWNs again to other initiators, which causes conflicts. CSCei17870 is a duplicate of this caveat.

Workaround: None.

CSCeg66015

Symptom: If one of the following two events were to occur on a TL port, the TL port would in effect be not functional.

There is just one private device on the loop and it changes its arbitrated loop physical address (ALPA).

There is just one private device on the loop that removes its ALPA during loop init and adds it again later. The private devices do not show up in the flogi database and are not seen by other fabric devices.

Workaround: Issue a shut noshut command on the TL port to fix the problem.

CSCeg82721

Symptom: Under certain traffic patterns, the Gigabit Ethernet port can flap when auto compression mode is selected. This problem can also occur rarely even when compression mode 1 is selected.

Workaround: Use mode 2 or mode 3 compression mode if the maximum throughput required is less than 25 Mega bits/sec. There is no workaround if the throughput requirement is > 25 Mbps.

CSCeh41378

Symptom: If an MDS switch has more than one module that supports Ethernet ports, the Cisco Discovery Protocol (CDP) learns entries over both the Gigabit Ethernet ports and the mgmt0 port. Subsequently, if there is either a system switchover or a restart of the CDP process, CDP will lose neighbors learned over the Gigabit Ethernet ports. A side effect of this behavior is that the sh cdp neighbors interface <gig intf> command causes the CDP process to crash and results in either a switchover on a dual supervisor or a reload on a single supervisor. This problem does not occur as long as the MDS switch is populated with just one module that supports Ethernet ports. Any combination of two or more modules supporting Ethernet ports will cause the problem. In addition, in the case of the Cisco MDS 9216i a module that supports Ethernet ports along with the supervisor module in slot1 is susceptible to the problem.

Workaround: None. Disable CDP so it does not learn of any entries, thereby preventing a crash or switchover.

CSCeh46899

Symptom: The IPS port erroneously reports a check-condition SCSI response to the iSCSI host for a proprietary SCSI command 0xEF when the actual amount of data transfer does not match the transfer size requested in the SCSI command.

Workaround: None.

CSCeh47017

Symptom: In an arbitrated loop configuration, the loop reinitialization without bringing down the link may result in I/O failure (including FLOGI) from the loop devices connected to that port. This problem was observed with Uniwide/Xiotech storage systems configured in Active/Standby mode, where a set of devices were moved from an active arbitrated loop to standby arbitrated loop. The movement of devices was triggered by a hardware failure in the Uniwide storage system.

Workaround: Issue the shutdown/no shutdown command sequence to clear the problem.

CSCeh49026

Symptom: The application might report that the loop port is not up, however, the port is online and operational.

Workaround: Issue the shutdown/no shutdown command sequence to clear the problem.

CSCed20053

Symptom: On rare occasions, the install license command may fail due to the saved state of the switch configuration. This may occur after saving a remote configuration to the switch using the copy remote-url start-up command.

Workaround: Issue the copy ru st command. The install license command should work properly after that.

CSCef95611

Symptom: After a successful database merge, the show cfs merge status name application_name command output may not reflect the correct merge status. However, the merge operation remains successful.

Workaround: None. The correct status is displayed when you perform additional CFS operations.

CSCeg24199

Symptom: Your connection to the server might terminate during an upgrade/downgrade process if the client is detecting the server's status upon receiving events. If the client does not receive any events from the server for a certain amount of time, it assumes that the server is down and closes the connection. Fabric Manager timeouts have also been seen that do not coincide with upgrade/downgrade events.

Workaround: Remove the fabric and then reopen it.

CSCeg35694

Symptom: If you delete a fabric and then enable the LoadFromDB option while the fabric rediscovers it, there might be a delay in seeing the fabric in the Fabric Manager client.

Workaround: Do not enable the LoadFromDB option in the Fabric Open dialog box when rediscovering the fabric again.

CSCeg37200

Symptom: The Fabric Manager end-to-end connectivity tab does not display properly. The screen turns gray and a java.lang.nullPointerException can be found in the log.

Workaround: Close the dialog box and relaunch it.

CSCeg38506

Symptom: On Device Manager, select the port by right-clicking the port, selecting monitor, and choosing any category such as traffic, protocol, or link errors. The counters displayed for some of the fields such as "Rx Bytes" in traffic category, "Toolongs" in Frame error category etc. are not accurate. Some of the individual counters are not presented correctly. The problem is seen intermittently.

Workaround: The statistics shown by the show interface command reflects the correct value.

CSCeg56197

Symptom: Configuring the CIM server with an invalid certificate will crash the CIM Server.

1. Create a self-certified key (xxxxxx.pem file) on an external server (we use a utility under Hi-Command).

2. Enter conf t to enter configuration mode.

3. Enter cimserver certificate xxxxxx.pem to install a certificate specified in the file named with a .pem extension.

4. Enter cimserver enablehttps to enable HTTPS (secure protocol).

5. Enter cimserver enable to enable the CIM server.

6. Enter Ctrl-z to quit.

Workaround: None

CSCeg59937

Symptom: When iSCSI and iSNS are simultaneously enabled, iSCSI may not be ready when iSNS attempts to initialize. In this situation, iSNS will exit with an error. Subsequent restart by the system manager will cause iSNS to come up.

Workaround: Enable iSCSI before enabling iSNS.

CSCeg61535

Symptom:The Telnet server may not be disabled even if you disable it through setup. A Telnet session will still work in the switch.

Workaround: Issue the no telnet server enable command in configuration mode to disable telnet after you log in to the switch.

CSCeg85146

Symptom: The show running command output shows the Callhome profile alert groups with an underscore ( _ ) rather than a dash ( - ). If the show running command in Cisco MDS SAN-OS Release 1.3.x shows Call Home profile with alert groups as an underscore ( _ ), then it will carry it over to the Release 2.x code and cannot be deleted. This occurs if the following alert groups have been configured:

cisco_tac

supervisor_hardware

linecard_hardware

Workaround: Before upgrading to Cisco MDS SAN-OS Release 2.x, issue the show running command and delete the following alert groups:

cisco_tac

supervisor_hardware

linecard_hardware

CSCeh04183

Symptom: A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of denial-of-service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and it is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

Attacks that use ICMP "hard" error messages.

Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks.

Attacks that use ICMP "source quench" messages.

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Workaround: Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.

CSCeh37220

Symptom: Enabling Fibre Channel write acceleration and/or FC SCSI-FLOW statistics services for MirrorView traffic may result in intermittent MirrorView port flapping, even though MirrorView pairs stay intact.

Workaround: Upgrade to Cisco MDS SAN-OS Release 2.1(1a).

CSCeh24387

Symptom: IBM Bladecentre HBAs connected to a Cisco MDS switch through the IBM Optical Pass-thru Module might not see storage attached to the Cisco MDS switch when running Cisco MDS SAN-OS Release 2.0(x). This happens when the target device and Bladecentre HBA share the same area ID portion of the FCID, or if there are multiple HBAs in the same zone and sharing the same ID.

Workaround: None

CSCeh45321

Symptom: In low round-trip time and low bandwidth configurations, the MDS TCP does not rate limit to the max bandwidth configured.

Workaround: To reduce the effect of exceeding the maximum bandwidth, the FCIP profile on both sides of the FCIP tunnel should be the following:

fcip profile X
tcp cwm burstsize 10
tcp max-jitter 0
tcp send-buffer-size 4000
tcp max-retransmission 8

CSCeh48138

Symptom: If the NetApp file server appliance is configured as an initiator performing a Network Data Management Protocol (NDMP) backup, then the fabric login (FLOGI) process on the MDS switch might terminate because of excessive LINIT requests.

This might happen if your N port or NL port uses extended link services to manage and control a public remote loop. The NetApp file server appliance configuration uses these services, namely LSTS and LINIT, which are documented in the Fibre Channel standards compliance (FC-FLA standard) specification.

Workaround: None.

CSCeh51392

Symptom: In an arbitrated loop configuration, the loop reinitialization without bringing down the link may result in I/O failure (including FLOGI) from the loop devices connected to that port. This problem exists in all 2.0.x releases.

This problem was observed with Uniwide storage systems configured in Active/Standby mode, where a set of devices were moved from an active arbitrated loop to standby arbitrated loop. The movement of devices was triggered by a hardware failure in the Uniwide storage system.

Workaround: Issue the shutdown then no shutdown command to clear the problem.

CSCei08541

Symptom: If there are two FCIP members in the PortChannel, while the traffic is running (at a 1-Gbps rate or any other large rate) bring up the second FCIP link (previously just one FCIP member is up), and you will see the total PortChannel throughput drop to about 10% of the previous number, and this low rate will last for about 25 seconds.

Workaround: None.

CSCei22596

Symptom: When a special frame is enabled for FCIP and FCIP is bound to an Ethernet channel, the IPS port may fail. The failure results if FCIP TCP connections need to be migrated to the peer core and then TCP on the new peer core must be initialized properly.

Workaround: Disable the special frame in FCIP.

CSCin81851

Symptom: A system switchover causes the boot variables to disappear from display in both the show running and show startup command outputs. However, the functionality is unaffected, and the boot variables are still set as displayed in the show boot command output.

Workaround: Issue the show boot command to verify the boot variables.

CSCeh27034

Symptom: The connUnitState object from draft-ietf-ipfc-fcmgmt-int-mib-04.my mib is now supported. This object provides overall state of the system

Workaround: None.

Open Caveats

CSCeg33121

Symptom: A small amount of memory in the IP configuration process leaks each time any of the following commands execute: show running-config, show startup-config, copy running-config startup-config. After repeated occurrences, the command fails to execute.

Workaround: None.

CSCsd29338

Symptom: The port manager might crash and a switchover might occur when FICON is configured and the MDS switch is interoperating with a CNT device. This occurs when a port is UP, a link failure happens, and the remote node ID (RNID) retry timer is activated.

Workaround: None

CSCed57251

Symptom: In some rare instances in Cisco MDS SAN-OS Release 1.3, 2.0, and 2.1(1), when the IP Storage Services (IPS) module restarted after a failure, VSAN membership information about iSCSI interfaces was lost. However, a configuration saved with the copy running-config startup command was not lost.

Workaround: None.

CSCeg84871

Symptom: When an iSCSI initiator logs in to a Gigabit Ethernet port number 1 on an IPS module in slot 1, the switch sends a login response with the value of the Target Session Identifying Handle (TSIH) field set to zero (0), which is an iSCSI protocol violation. This situation can also occur when an iSCSI initiator logs in to Ethernet PortChannel number 1. The Qlogic iSCSI initiator may verify the TSIH value and reject it.

Workaround: None.

CSCeg90336

Symptom: A user that you create in Fabric Manager or Device Manager cannot log in from the console. Release 2.1(2) fixes this problem. However, if a third-party application creates a user using SNMP, a new MIB is required for Release 3.0.

Workaround: Third-party applications should use SSH to connect to the MDS 9000 switch, and then use CLI commands to create the user account.

CSCeh29872

Symptom: The ICMP Path-MTU discovery might not work with IPsec depending upon the SPD policy that is created and where the ICMP error message is originated.

Workaround: Identify the path MTU and set it as the local interface MTU in the switch.

CSCeh39705

Symptom: iSCSI immediate and unsolicited data is not allowed to be used when the data digest is turned on.

Workaround: None.

CSCeh40138

Symptom: If an IVR-enabled fabric running Cisco MDS SAN-OS Release 2.0 is merged with an IVR-enabled fabric running Cisco MDS SAN-OS Release 2.1 in NAT-mode, then the IVR process on the 2.0 fabric may restart.

Workaround: Follow the IVR-NAT guideline of not mixing fabrics in IVR NAT and non-NAT modes. For example, upgrade the fabric running Cisco MDS SAN OS Release 2.0 to Cisco MDS SAN OS Release 2.1 and have NAT mode enabled on that fabric before merging with another fabric where the NAT mode is already on.

CSCeh49483

Symptom: Traffic stops flowing when a member, who is not the first member, of a non-trunking PortChannel in an IVR zone set is flapped.

Workaround: None.

CSCeh61610

Symptom: FCIP Write Acceleration does not work with certain storage replication subsystems.

Workaround: None.

CSCeh70232

Symptom: Under certain traffic patterns, the auto compression mode in MPS-14/2 modules can cause a packet buffer leak. This might lead to a drop in FCIP performance. A low free clusters count below 40000 in the output of the show ips stats buffer interface gigabitethernet x/y command indicates that the IPS port may potentially have hit this bug.

Workaround: Reload the MPS-14/2 module. Or use compression mode2 or mode3 to avoid the problem.

CSCeh70727

Symptom: When many iSCSI sessions go up or down simultaneously, such as when a line card fails, the amount of syslog messages generated can overwhelm the supervisor and cause a new iSCSI session login to be delayed.

Workaround: None.

CSCeh71865

Symptom: If two IPS ports on an IPS module are configured in the same IP subnet, but put on different LAN segments, external iSNS clients may not be able to connect to the iSNS server on the IPS port.

Workaround: Put the IPS ports in the same IP subnet on the same LAN segment.

CSCeh73149

Symptom: The VSAN suspend/resume operation facilitates network level reconfiguration and is not often used. In MDS SAN-OS Release 2.1(2), the command should not be used on SANTap related VSAN.

Workaround: If VSAN suspend/resume must be used, first unprovision SANTap prior to using VSAN suspend/resume.

CSCeh85768

Symptom: During an upgrade of the firmware on an IBM tape drive, the tape utility program may hang after it resets and performs loop initialization. The tape drive sends OPN, FLOGI, and CLS. The switch sends OPN and ACC, but does not send CLS, which causes the tape utility to hang while it waits for CLS.

Workaround: After the firmware is correctly upgraded on the tape drive, follow these steps:

Disable the switch port using the shut command.

Enable the switch port using the no shut command.

CSCeh87930

Symptom: A newly configured FCIP link may fail to come up when running on an MPS-14/2 module. This symptom may occur following an upgrade of Cisco MDS SAN-OS Release 2.0(1b) to Release 2.0(3) and the configuration of a new FCIP link.

In the log on the switch, you may see the following messages:

%PORT-5-IF_DOWN_ELP_FAILURE_ISOLATION: %$VSAN xyz%$ Interface fcipabc is down (Isolation due to ELP failure)
%PORT-5-IF_DOWN_OFFLINE: %$VSAN xyz%$ Interface fcipabc is down (Offline)
%PORT-5-IF_DOWN_NONE: %$VSAN xyz%$ Interface fcipabc is down (None)

VSAN xyz is the allowed VSAN number for the FCIP interface and interface fcipabc is the configured FCIP interface number.

Workaround: Reload the MPS-14/2 module using the reload module module-number command, where module-number is a specific module.

CSCeh90270

Symptom: Two MDS 9000 switches configured with an FCIP bridge port (B port) tunnel may have problems with multi-frame sequences. You may notice this problem activating large zone sets when the SFC frame times out.

Workaround: If the connection is between two MDS switches, then the B port configuration is not required and should not be used. If B port is a requirement, then reduce the zone set length by not distributing the full database, or useVSANs.

CSCeh91293

Symptom: The output from the fcping and traceroute commands shows an incorrect MDS 9000 switch and password for enclosure fabrics.

Workaround: None.

CSCeh92604

Symptom: Enabling IVR-NAT on the same switch where write acceleration is enabled over a PortChannel of multiple FCIP links might result in frames from the source to destination not transferring.

Workaround: Do not have the following on the same switch:

a. IVR-NAT enabled

b. PortChannel of multiple FCIP links that can potentially carry IVR-NAT traffic

c. FCIP write acceleration

However, any two of the above three configurations are supported on the same switch.


Note IVR in non-NAT mode can be configured with FCIP port channels and FCIP write acceleration on the same switch.


CSCeh93109

Symptom: When SANTap is unprovisioned without the appliance first deleting objects it had previously created, SANTap may have problems if the session objects are present.

Workaround: The appliance must delete all objects first before SANTap is unprovisioned.

CSCeh93625

Symptom: The line cards shut down after the supervisor module fails.

Workaround: Remove the failed supervisor module and reinsert the line card. Or enter the no poweroff module slot command in Exec mode on the switch, where slot is the slot number of the module that failed.

CSCeh95139

Symptom: If a Fibre Channel target goes offline while an iSCSI login is occurring, the IPS port will terminate the TCP session, but it will not return a login response PDU to the iSCSI initiator. As a result, some iSCSI initiators wait up to 30 seconds before they try to log in again.

Workaround: None.

CSCeh96928

Symptom: If your switch port is configured in auto speed (switchport speed auto) and auto mode (switchport mode auto), the switch-port fails to establish a link with the device connected through Emulex HBA LP8000 and remains in link-failure state. The problem occurs with the following combination of HBA, Driver, Firmware, and OS configured at 1 Gbps.

Workaround: Configure the switch port speed to 1 Gbps (switchport speed 1000) to support the Emulex HBA LP8000.

CSCei01431

Symptom: An FCIP interface stays in the initializing state if it is part of a PortChannel and it is removed with the no fcip enable command.

Workaround: Remove the PortChannel that the FCIP interface previously belonged to.

CSCeg20932

Symptom: If an IPS module with operational FCIP PortChannels is reloaded, upgraded, or downgraded, the supervisor module may be reloaded causing the system to reboot.

Workaround: Before reloading, upgrading, or downgrading an IPS module, shut down all FCIP PortChannels on the line card.

CSCei25319

Symptom: An error message in the log file occurs because the platform manager component passes the wrong parameter while responding to a SNMP query. In some cases, this results in the query not being responded to.

Workaround: Perform a refresh on Device Manager to clear the problem.

CSCei36082

Symptom: A Brocade 3850 switch running 4.4.0c code in interop mode or a Bladecenter with a Brocade module running 4.4.1a code will fail upon receiving a SW-RSCN frame from an MDS 9000 Family switch that was generated as a result of a FC-4 registration from an HBA to a name server on the MDS switch.

When an FC-4 registration from an HBA to a name server on an MDS 9000 Family switch occurs, the switch generates a SW-RSCN with the switch event as NO_INFO(0x00), which is compliant with Fibre Channel standards. However, the Brocade switch expects a SW-RSCN with the switch event as ONLINE(0x01) upon FC-4 registration.

Workaround: Brocade is fixing this problem.

In the interim, you can use a new hidden command that when configured, allows the SW-RSCN frame that is sent during name server registration to carry the event ONLINE(0x01), instead of NO_INFO(0x00). You can configure this command only in interop mode 1.

To enable this feature, enter the following command:

switch(config)# rscn restrict swrscn-event vsan 1

To disable this feature, enter the following command:

switch(config)# no rscn restrict swrscn-event vsan 1

CSCei79457

Symptom: During a long test cycle involving multiple tests, the port manager process failed due to a NULL pointer access causing a system switchover.

Workaround: None.

CSCei88345

Symptom: An Inter-Switch Link (ISL) flap resulting in fabric segmentation or a merge during or after an upgrade from Cisco MDS SAN-OS Release 2.0(x) to a later image where IVR is running might be disruptive. Some possible scenarios include:

FCIP connection flapping during the upgrade process resulting in fabric segmentation or merge.

ISL flap results in fabric segmentation or merge because of hardware issues or a software bug.

ISL port becomes part of PCP results in fabric segmentation or merge because of a port flap.

If this problem occurs, syslogs indicate RDI failure and the flapped lSL could remain in a down state because of a domain overlap. This is caused by conflicts between the allowed domains list and the virtual domain requested through RDI.

Workaround: There are four distinct scenarios for which the workarounds are provided.

1. If you are running Cisco MDS SAN-OS Releases 1.3(X) or 2.0(X) with IVR enabled, we recommend upgrading to Release 2.0(2b). Please contact your OSM for 2.1(2b) availability.

2. If you have already upgraded some or all of your Cisco MDS SAN-OS switches from Cisco MDS SAN-OS Release 1.3(X) or 2.0(x) to Release SAN-OS 2.1(1a), 2.1(1b), or 2.1(2a), a scheduled downtime is required to perform the following steps:

a. Configure static domains for all switches in all VSANs where IVR is enabled. Configure the static domain the same as the running domain so that there is no change in domain IDs. Make sure that all domains are unique across all of the IVR VSANs. We recommend this step as a best practice for IVR-non-NAT mode.

Issue the fcdomain domain {id} static vsan {vsan id} command to configure the static domains.


Note Complete Step 2a for all switches before moving to Step 2b.


b. b. Issue the no ivr virtual-fcdomain-add vsan-ranges 1-4093 command to disable RDI mode on all IVR enabled switches. This can cause traffic disruption.


Note Complete Step 2b for all IVR enabled switches before moving to Step 2c.


c. Check the syslogs for any ISL that was brought down.

Example Syslog Error Messages
2005 Aug 31 21:52:04 switch %FCDOMAIN-2-EPORT_ISOLATED: %$VSAN 2005%$ Isolation of 
interface port-channel 52 (reason: unknown failure)
2005 Aug 31 21:52:04 switch %FCDOMAIN-2-EPORT_ISOLATED: %$VSAN 2005%$ Isolation of 
interface port-channel 51 (reason: domain ID assignment failure)

d. Identify any switches isolated and issue the following commands for the affected switches:

switch(config)# vsan database
switch(config-vsan-db)# vsan { vsan ID} suspend
switch(config-vsan-db)# no vsan { vsan ID} suspend

e. Issue the ivr refresh command to perform an IVR refresh on all the IVR enabled switches.

f. Issue the copy running startup command to save the RDI mode in the startup configuration on all of the switches.

3. If you have already upgraded some or all of the switches from Cisco MDS SAN-OS Release 1.3(X) or 2.0(x) to Releases 2.1(1a), 2.1(1b), or 2.1(2a), with Interop-mode 2 or 3 enabled, issue the ivr refresh command to perform the IVR refresh on all the IVR enabled switches.

4. If you are adding new switches running Cisco MDS SAN-OS Releases SAN-OS 2.1 (1a), 2.1(1b), or 2.1 (2a) to your existing network running Releases 1.3(X) or 2.0 (X), disable RDI mode on your new switches before adding them to the existing network. Issue the no ivr virtual-fcdomain-add vsan-ranges 1-4093 command to disable RDI mode.


Note RDI mode should not be disabled for VSANs running in Interop-mode 2 or Interop-mode 3.


CSCsc23435

Symptom: System logs an error due to a xbar-ASIC interface device 6 (overflow). The error results in packet loss and, potentially, the card going into a failure state.

The down-xbar interface ASIC (D-chip) has a mapping of hardware queues to software destination indexes (DIs).This table is initialized by hardware to map all queues to DI 0. The D-chip statically allocates packet buffers for each hardware queue during initialization. These buffers correspond to credits given to the central arbiter for the corresponding DI.

On line cards with FCIP interfaces, the binding of DIs is performed dynamically after initialization. This means that any hardware queues that have not yet been bound to a DI will actually be giving credits to the arbiter for DI 0.

In rare cases, the D-chip may fill up with packets causing an overflow condition and cause packets to be dropped and an error is be logged. If the condition persists for 1 second, the card goes into failure state.

The following hardware components are affected by this error:

8-port Gigabit Ethernet IP Storage Services module (DS-X9308-SMIP)

4-port Gigabit Ethernet IP Storage Services module (DS-X9304-SMIP)

MPS-14/2 module (DS-X9302-14K9)

MDS 9216i switch (DS-C9216i-K9)

Workaround: None.

CSCsd78967

Symptom: If you remove a port from a port channel or shutdown a member port of a port-channel, the ConnUnitPortStatus/State trap is not sent.

Workaround: None.

CSCsh27840

Symptom: While using an FCIP link for remote SPAN, it is possible that the FCIP link may flap.

Workaround: Do not use FCIP links for Remote SPAN.

CSCec31365

Symptom: When IVR is enabled, the Fabric-Device Management Interface information is not transferred across VSANs for IVR devices.

Workaround: None.

CSCed14920

Symptom: During a switch upgrade, a SAN Volume Controller (SVC) node may not save its entire state under rare circumstances. This results in that node not being part of the cluster after the switch upgrade. Verify this symptom by issuing the show nodes local command at the svc-config prompt—the command output displays the following information:

The cluster state of the affected SVC node is unconfigured.

The node state of the affected SVC node is free.

Workaround: Manually remove the SVC node from the cluster and then add the node back into the cluster. Refer to the Cisco MDS 9000 Family SAN Volume Controller Configuration Guide for procedural details.

CSCef11644

Symptom: VPN 4.0.1 does not work with large SNMP PDU packets.

Workaround: Upgrade to VPN 4.0.5.

CSCef56229

Symptom: If an iSCSI initiator is configured differently on multiple switches, iSNS might report more targets to the initiator than the initiator can access. An iSCSI initiator would get a target error if it attempts to establish a connection.

Workaround: None.

CSCef87845

Symptom: The CFS merge status as shown by the show cfs merge status name app-name command output may not reflect the correct merge status on certain switches while two fabrics are merging.

CFS merge is a protocol that runs between a designated switch in either fabric. Other switches do not participate in the merge process. While a merge is happening, the switches not merging do not reflect this, only the designated switches have the correct information. Once the merge is done, all switches would show the correct status. Usually, the merge completes in a very short time and this behavior is unlikely to be noticed.

Workaround: None.

CSCeg01551

Symptom: If you issue a dpvm commit command, the DPVM application implicitly activates the existing configuration database. The configuration database is activated only when the dpvm commit command is explicitly issued after the dpvm activate command.

Workaround: None.

CSCeg12383

Symptom: On rare occasions, the PortChannels with FCIP interface members fail to come up when the switch reboots. This happens when the startup configuration has a default switchport trunk mode setting that does not match the configured trunk mode for PortChannel members (FCIP interfaces). Also, the startup configuration shows any explicit switchport trunk mode setting for the PortChannel.

Workaround: Reconfigure the switchport trunk mode on the PortChannel.

CSCeg12962

Symptom: Some hosts may not accept IKE tunnel creation from Cisco MDS 9000 Family switches when an IKE session already exists in the switch. In such cases it may take more than the expected time for the IPsec session to come up. This scenario can happen when the Gigabit Ethernet interface on the switch fails and comes back up or if you issue a VRRP switchover to a different switch.

Workaround: For a faster recovery, disconnect and reinitiate the iSCSI session from the host.

CSCeg27584

Symptom: Creating a role that has VSAN policy as "deny" requires an Enterprise License on the switch. If such a role is created on a switch that does not have the license, the switch exhibits different behavior when distribution is turned on versus when distribution is turned off.

1) If distribution is turned off, creation of the role is rejected.

2) If distribution is turned on, creation of the role succeeds but the VSAN policy continues to be "permit"

Workaround: None.

CSCeg37598

Symptom: The iSNS server might crash when iSCSI is disabled and iSNS is enabled using Fabric Manager.

Workaround: None.

CSCeg40856

Symptom: In Fabric Manager, a null pointer exception error message might result in a zone merge recovery on an already recovered fabric.

Workaround: Close the dialog box and relaunch it.

CSCeg55238

Symptom: Files created using fcanalyzer local command cannot be copied or viewed. FC analyzer runs as root and the files that it creates are created with the owner as root. The correct filecreate masks are not set when the file is created and so no user other than root can read/copy the file.

Workaround: None

CSCeh69186

Symptom: Fabric Manager might display a duplicate SAN.

Workaround: Uninstall the current Cisco SAN-OS release, and then install Cisco SAN-OS Release 2.1(2b) to remove the invalid data completely. Or upgrade to Cisco SAN-OS Release 2.1(2b), and then open a fabric without reloading from the database.

CSCeh70232

Symptom: Under certain traffic patterns, the auto compression mode in a MPS-14/2 module can cause a packet buffer leak. This leak eventually leads to a drop in FCIP performance. A symptom of this bug is the low free clusters count in the output displayed by the show ips stats command. If the free clusters are below 40,000, then the IPS port may have encountered this issue.

Workaround: You can avoid this problem by using one of the other compression modes: mode2 or mode3. However, once an IPS port gets into this state, reload the module.

CSCeg72539

Symptom: iSNS server functionality may not restore iSCSI initiator node detail properly after a system switchover. Under this circumstance, iSNS server will not respond correctly to DevGetNext request from an iSNS client. This problem does not happen consistently.

Workaround: None

CSCeg66225

Symptom: Password recovery might fail if you use the copy <config-url> startup command to save the switch configuration, or if you boot a system image that is older than the image you used to store the configuration and did not use the install all command. The following message might display in syslog or on the console during the process of password recovery.

<<%ASCII-CFG-2-ACFG_CONFIGURATION_APPLY_ERROR>>

Workaround: Issue the write erase command from the switchboot prompt.


Note Using the write erase command will erase the configuration. You must reapply the configuration, if externally stored, after the switch login.


CSCeg81089

Symptom: A Windows host running Hummingbird 10 with Connectivity Secure Shell 9, cannot use SSH to connect to an MDS switch running Cisco MDS SAN-OS Releases 2.0(x)using the same host configuration as was used when connecting to an MDS switch running 1.3(x) code.The host will display the error, "Authentication Failed, no more shared authentication methods".

Workaround: Reconfigure the client to use "keyboard-interactive" instead of "password" for authentication. To do this, go to tunnel profile settings, select Security Settings>Authentication. Ensure the "keyboard interactive" is the method used, "password" might be the currently configured method. Or upgrade to Cisco MDS SAN-OS Release 2.1(1a).

CSCeg84853

Symptom: If two fabrics merge, one with automatic VSAN topology and the other configured VSAN topology, and if the autonomous fabric ID assignment as per the user configured topology is not the same as the autonomous fabric ID assignment in the autonomous fabric ID table then sometimes the IVR zone set activation keeps waiting for the switch with the lowest WWW to modify the AFID table to correct the misconfiguration.

Workaround: Issue the clear ivr session command to clear the IVR session and reactivate the IVR zone set followed by the ivr commit command.

CSCeh08307

Symptom: The Fabric Manager server does not filter VSANs by each client's VSAN scope.

Workaround: None.

CSCeh19639

Symptom: Alias for a down endport is not shown and is referenced by its pwwn in the Edit FullZoneset screen of the Fabric Manager rather than the fcalias name. This does not affect the functionality of adding those members to the zones either in Fabric Manager or in the CLI.

Workaround: None.

CSCeh30951

Symptom: The IPS manager process may terminate and restart when a user changes the iSCSI forwarding mode from cut-through mode to a different mode.

Workaround: None.

CSCeh33448

Symptom: The show version image command does not support the use of modflash:.

Workaround: Copy the image back to the supervisor to execute the show version image command.

CSCeh33548

Symptom: Tape devices can only be accessed over an FCIP tunnel in a PortChannel with write acceleration enabled if SID/DID based load-balancing is used in the VSANs.

Workaround: Disable write acceleration or enable SID/DID based load-balancing in the VSANs if you have tape device traffic going over a FCIP tunnel in a Port Channel.

CSCeh33814

Symptom: The RMON_ALERT e-mail does not send the variable or any information about what alarm is triggered.

Workaround: None.

CSCeh34275

Symptom: iSCSI initiators do not advertise their iqn names on Interop VSAN Fibre Channel name server (FCNS). Fabric Manager will not display them.

Workaround: None.

CSCeh34828

Symptom: If there are active IVR zones with the QoS attribute, then QoS should not be disabled (for example, with the no qos enable command or through Fabric Manager).

Workaround: Before disabling QoS, QoS attributes from the active IVR zones should be removed and then the resultant IVR zone set should be reactivated.

CSCeh35859

Symptom: After a process restart or merging with several fabrics simultaneously, the IVR zoneset activation process might hang in the "ready to advertise" state.

Workaround: Clear the IVR session by issuing the clear ivr session command and then reactivate the IVR zoneset by issuing the ivr zoneset activate name < name> force" followed by the ivr commit command.

CSCeh36025

Symptom: iSNS server continues giving a list of iSCSI targets that are in the VSAN of an iSCSI interface even after iSCSI VSAN membership feature is disabled.

Workaround: Explicitly put all iscsi interfaces in VSAN 1 before disabling iscsi interface vsan-membership.

CSCeh37066

Symptom: If you have an SSM with Fibre Channel write acceleration enabled, flapping a port during heavy I/Os causes the DPP software to drain all the pending I/Os. If the draining process takes too long, it can result in timeouts for reconfiguration of the affected SCSI flows.

Workaround: After port flapping is done, disable the scsi-flow features and re-enable them.

CSCeh38055

Symptom: In the running-configuration output, the zoneset activate name zoneset_name vsan vsan command appears after the ivr zoneset activate name zoneset_name command. Hence, if a saved running-configuration is applied, then IVR zone set activation without the force option would fail if there is no active regular zone set when the ivr zoneset activate command is issued from the running configuration.

Workaround: Issue the ivr zoneset activate name <name> force command one more time followed by ivr commit.

CSCeh38123

Symptom: If IVR NAT mode is enabled, avoid IVR zone members within transit VSANs. In rare cases, IVR devices might not be able to communicate with each other when the IVR zone set has members in transit VSANs and when there are multiple parallel transit VSANs.

Workaround: None.

CSCeh41099

Symptom: Protocol and port numbers, if specified in a IP ACL assigned to a IPSec profile (crypto map), will be ignored.

The interop between Microsoft's iSCSI initiator with IPSec encryption with Cisco MDS 9000 Series switches. If IPSec is configured in the Microsoft iSCSI initiator (also the IPSec/IKE initiator), the host IPSec implementation sends the following IPSec policy:

source IP - Host IP, dest IP - MDS IP, 
source port - any, dest port - 3260 (iSCSI), protocol - 6 (TCP).

Upon receiving the above policy, the protocol and port numbers are ignored and only the IP addresses for the IPSec policy are used. Thus, although iSCSI traffic is encrypted, non-iSCSI traffic (such as ICMP ping) sent by the Microsoft Host in cleartext will be dropped in the MDS port.

Workaround: None.

CSCeh51924

Symptom: A corrupted entry is created in the snmpTargetParamsTable when a user creates an entry with NULL string in object snmpTargetParamsName as its index. The SNMP service may stop and restart.

Workaround: None. To avoid similar problems, enter a name in snmpTargetParamsName with at least one character when creating a snmpTargetParamsEntry.

CSCeh52280

Symptom: A corrupted license file installs on an MDS 9000 switch without errors.

Workaround: None.

CSCeh56143

Symptom: A Fabric Manager zone migration wizard causes a Telnet session to hang when a non-MDS switch is present.

Workaround: None.

CSCeh64080

Symptom: Following an upgrade from Release 1.1 to Release 1.3 or higher, with persistent FC ID enabled, the FC IDs for the storage arrays may get changed after a link flap.

Workaround: None.

CSCeh65824

Symptom: If you install an SSM and boot it with either the VSFN or SSI Image, the Enterprise License grace period starts.

Workaround: None.

CSCeh73101

Symptom: When you perform a nondisruptive upgrade from Release 1.3(x) to 2.0(x), and then issue the show running-config command, the switch displays the wrong user. The user shown will be inconsistent with the user shown when you issue the show user-account command.

Workaround: Recreate the user.

CSCeh79330

Symptom: Exception logs occur on a syslog verification. These are caused by repacking the fm.jar and fmserver.jar files. The Device Manager now requires the fmserver.jar file for a syslog RMI registry inquiry.

Workaround: None.

CSCeh82166

Symptom: MDS switches in SAN islands appear under several logical domain SANs.

Workaround: None.

CSCeh82490

Symptom: An MDS 9000 switch running SAN-OS 2.0(1b) can potentially send excessive Call Home messages due to a malfunctioning line card that acts as if it were being inserted and removed repeatedly.

Workaround: None.

CSCeh83514

Symptom: After upgrading to Release 2.0, it is no longer possible to create, modify, or delete the admin role.

Workaround: Before upgrading to Release 2.0, create the admin role.

CSCeh87985

Symptom: When no role is associated with a user, SNMP fails when the no role name admin command is issued to delete the admin role. The SNMP user (admin) has no roles assigned, which causes the failure when there is an attempt to delete a specific role.

Workaround: Associate at least one role (group) to the user by executing the snmp-server user username [group-name] command in configuration mode.

CSCeh92843

Symptom: If FC data-in frames for an iSCSI read command are lost between the FC target and an MDS switch with an IPS linecard but the MDS receives a good SCSI status frame from the target, the MDS switch can send an iSCSI status PDU with the wrong Status Sequence Number (StatSN) to the iSCSI host causing it to reset the TCP connection to the MDS switch.

Workaround: None.

CSCei29086

Symptom: Following the installation of a third-party syslog server to a PC running Fabric Manager and Device Manager, the third-party syslog server takes ownership of the PC's IP address as the syslog server. As a result, the MDS switch is no longer able to act as the syslog server.

You can see the error message "java.lang.NullPointerException" if you verify syslog on the MDS switch through Device Manager by choosing Logs > Syslog > Verify.

If you uninstall the third-party software and verify syslog again with Logs > Syslog > Verify, you see the error message "Can't connect to FM server."

Workaround: To allow the MDS 9000 switch to be the syslog server, follow these steps:

1. Stop or uninstall the third-party syslog server.

2. Stop Fabric Manager and Fabric Manager Web Services thought Windows by right-clicking My Computer > Manage > Services and Applications > Services.

3. Restart Fabric Manager.

CSCei31020

Symptom: If more than one path is configured for an explicit path, the running configuration shows one path, even when there are other paths. If the explicit path is not used for any FC-tunnel interface, then there is no problem.

Workaround: Copy the running configuration to a network file or onto bootflash. Manually add the paths that are present in the running configuration to the files.

CSCei32317

Symptom: When configuring a remote SPAN (RSPAN), the Fibre Channel tunnel will not come up if it goes through more than one hop.

Workaround: Configure the Fibre Channel tunnel explicit-path option and list every IP hop between the source and destination.

CSCei48889

Symptom: LTO-1 tape drives in certain tape libraries cannot be used with the NASB feature. When multiple initiators (such as backup host and NASB engine) issue SCSI write commands, the tape drives respond with a SCSI CHECK CONDITION with Sense - 0x03 and ASC/ASCQ = 0x3b/0x00. They do not handle the transition from the host initiator to the NASB engine initiator. In general, this is an issue for all NASB solutions with this tape drive and library combination.

Workaround: None.

CSCei57342

Symptom: If a link is isolated because of a fabric-binding database mismatch, a reactivation of the corrected fabric-binding database may not initialize the ports.

Workaround: Use the shut command followed by the no shut command to manually disable then enable the link.

CSCei58652

Symptom: When a reconfigure fabric (RCF) frames occurs on a VSAN, the ports may be left in a state where the fabric binding is incorrect.

Workaround: None.

CSCei67982

Symptom: During an upgrade of an MDS switch with two or more MPS-14/2 modules, FCIP tunnels on multiple MPS-14/2 modules can be down at the same time. If a PortChannel of two FCIP tunnels on different MPS-14/2 modules is used for redundancy, the redundancy can be lost. If IVR is running over these FCIP tunnels, IVR can lose remote devices as a result of loss of access over the FCIP based PortChannel.

Workaround: Place other modules on which you can perform a hitless upgrade between the MPS-14/2 modules to allow for more time between module upgrade and to give the FCIP tunnels more time to stabilize. To recover access over the FCIP based PortChannel, reactivate the IVR zone set by adding a dummy zone with two dummy members.

CSCei86399

Symptom: A TACACS+ key that includes the less than (<) and greater than (>) characters fails when copied to an ftp server, and then copied back to the MDS switch.

Workaround: None. This issue has been resolved.

CSCei91676

Symptom: If iSCSI virtual targets are configured with more than 50 LUN maps, then erroneous overlapping LUN map system messages appear when the iSCSI initiator is not allowed to log in to these iSCSI virtual targets.

Workaround: Limit the number of configured LUN maps for an iSCSI virtual target to fewer than 50 LUNs.

CSCei91968

Symptom: In a fabric with more than one switch, there is a possibility of CFS or syslog crashing because of a PSS-FULL condition. This happens because of leakage in the PSS records stored by the CFS module.

CFS internal distributions cause a PSS leakage during one of the following:

An application registration/de-registration. (This is at the rate of 1 PSS records or 60 bytes per event.)

-An ISL Link flap. (This is at the rate of 2 PSS records per CFS registered application. For 10 CFS registered applications, a 1000 flaps would cause a leak of about 1M.)

Application and Regular CFS distributions in a stable fabric do not result in PSS leakages.

Workaround: None. A switchover will help in cleaning up these records but the usage of the partition remains same (dev/shm partition). However, CFS will reuse the freed space for further PSS storage.

CSCej08751

Symptom: A Linux host with an iSCSI driver can see only the first eight Logical Units (LUs) of a configured iSCSI virtual target with more than eight LUN maps configured.

Workaround: None.

CSCin84965

Symptom: The clear auto-learned entries command is not distributed over CFS by DPVM/CFS even if CFS distribution is enabled for the modules. Therefore, the command takes effect only at the local switch.

Workaround: None. You must issue the clear auto-learned entries command at every switch to clear all auto-learned entries in the fabric.

CSCin87497

Symptom: Cisco MDS SAN-OS Release 2.1(1a) does not support in order delivery (IOD) for QoS attribute changes in IVR traffic. However, QoS for IVR traffic is supported, along with IOD for IVR traffic in all other cases.

Workaround: None.

CSCin92870

Symptom: The Fabric Manager Server does not automatically handle a fabric merge and split. As a result, you many see duplicate fabrics in the database and the web client.

Workaround: Close all fabrics from the Fabric Manager Server and then reopen the new fabric.

CSCin95789

Symptom: When you configure Cisco Traffic Analyzer to capture traffic on one or more interfaces on a Windows platform, the configuration web page might not show that the interface has been selected for traffic capture even though traffic capture on that interface is enabled.

Workaround: Check the logs to clarify that the correct interface has been selected.

CSCsc09732

Symptom: If there is a port software failure at the same time as a configuration change for an FCIP interface, the configuration change can fail and subsequent configuration and show commands will fail for that FCIP interface.

Workaround: None.

CSCsc31424

Symptom: Issuing the no shutdown command on a port produces this error:

fc1/1: (error) port channel config in progress - config not allowed

You can reproduce the problem by removing a port from a port channel and then perform a system switchover. However, the problem does not always occur with these steps.

Workaround: Use the channel-group X command where port channel X, to configure a new port channel and add the port to it. Then use the no interface port-channel X command to remove the newly created port channel. The no shutdown command will now be accepted on the port.

CSCsc33788

Symptom: In rare circumstances, after you issue the install all command to upgrade an MDS switch, the upgrade may fail because the installer process fails. When this occurs, you may see a message like the following:

%CALLHOME-2-EVENT: SW_CRASH alert for service: installer
The installer failed to respond for 10 times. Exiting ...
Unable to send exit to installer. Return code -1

If you upgrade from 1.3(x) to 2.1 or from 2.0(x) to 2.1 and the upgrade fails, and if after the upgrade failure the supervisor modules are running the new software version, but some modules are running the older software version, then the next attempt to execute the install all command will trigger this problem.

You should not encounter this problem if you upgrade from 2.1 to a higher version.

Workaround: There are two ways to address this issue:

To non-disruptively upgrade all modules that are running the older software version, issue the install module module-number image command.

To disruptively upgrade the modules, issue the reload module module-number force-dnld command, or reinstall the module.

CSCsc48919

Symptom: When a data path on a Storage Service Module (SSM) is congested, diagnostic frames that are delivered as best effort may be dropped. The Online Health Management System (OHMS) may bring down a Fibre Channel port on an SSM when congestion occurs and declare the port as failed.

Workaround: To work around this issue, enter the following command:

switch(config)# no system health module ssm-module-number loopback failure-action

CSCsc97070

Symptom: In Cisco SAN-OS Release 2.1, if more than 250 iSCSI sessions are present on an IPS services module port with proxy initiator mode configured, a port software failure may occur.

Workaround: Limit the maximum number of sessions on an IPS services module port with proxy initiator mode to 250.

In SAN-OS Release 3.0(1), the session limit has increased to 500 sessions per IPS services module port in both transparent and proxy initiator mode.

CSCsd34882

Symptom: The SAN-OS software creates a syslog message after a configuration change through the command-line interface The syslog message looks like this:

switch# 2006 Feb 8 09:00:33 switch %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configuring console 
from pts/1 (dhcp-peg3-vl30-144-254-7-182.cisco.com) 

Using the Fabric Manager to make the same configuration change does not result in the same syslog message:

switch# 2006 Feb 8 09:00:56 switch %PORT-5-IF_DOWN_ADMIN_DOWN: %$VSAN 1%$ Interface 
fc1/5 is down (Administratively down) 

Workaround: None.

CSCsd71701

Symptom: When performing a switchover, upgrade, or downgrade, logs may be incorrectly synced between supervisor modules. As a consequence, the syslog process is left with some inconsistencies that may cause one or more of the following symptoms:

A process may fail while displaying logs for a show logging command. After three failures of the syslog process, the switch forces a switchover.

Certain small sections of the log may appear out of order, either preceded by or followed by broken log lines, or both. For example, a few lines referring to 2006 Jan 17 may appear embedded between other log lines that refer to 2006 Jan 20, with a broken line before and after the entry.

Null characters (ASCII code 0) may appear in the log. These characters cause empty lines to be displayed when using the show logging command and appreciably slow down the log output over slow console connections.

Workaround. None.

CSCsd76429

Symptom: FCIP tape acceleration causes a flap in the FCIP link when it receives duplicate CHECK CONDITION status frames from a tape device.

Workaround: Because there is no workaround when the tape drive is functioning in this manner, we recommend that you turn off FCIP tape acceleration.

CSCsd83775

Symptom: A Fibre Channel Inter-Switch Link (ISL) does not come up and it displays a fabric binding database mismatch error when fabric binding is activated. Thi s problem may be seen when a supervisor switchover occurs or is performed and this ISL comes up. The fabric binding merge activity detects an incompatible database and fails to bring up the link because an incorrect domain ID is being used by the fabric binding module. The fabric binding module on the switch where the switchover occurs would have cleared its local domain ID and be using a domain ID of zero.

Workaround: Issue the fcdomain restart vsan vsan-id command in the VSANs of interest.

CSCse99087

Symptom: A user called snmp-user can successfully log into an MDS switch through the CLI, but cannot log in through Fabric Manager or Device Manager. The login attempt fails with this error: SNMP: Unknown username

Workaround: None.

CSCsf21970

Symptom: If you issue immediate, back-to-back commands to delete and then create FCIP interfaces, the internal port service might crash.

Workaround: Wait 5 seconds between the delete and the following create command for a given FCIP interface.

CSCsg03171

Symptom: The dynamic port VSAN membership (DPVM) failed after the number of F ports exceeded 64 and a port flap occurred.

Workaround: Keep the number of F ports in a switch below 64.

CSCsg15392

Symptom: If a Generation 1 module has any port that is administratively up, but operationally down when you upgrade from SAN-OS Release 2.x to either Release 3.0(1) or Release 3.0(2x), you might experience traffic disruption on that module.

Workaround: Use the shutdown command to shut all the ports operationally down and administratively up on all the Generation 1 modules before upgrading from SAN-OS Release 2.x to Release SAN-OS 3.0(x) or Release 3.0(2x). After the upgrade is complete, the ports can be brought to an administratively up state using the no shutdown command.

CSCeh42252

Symptom: If you try to configure SSH key for any of the non-local user- accounts, in some rare cases you might see a core dump on standby.

Workaround: First delete the non-local user-account and create it again so that it becomes a local user-account. Then perform any type of configuration for that user-account. User should not perform configuration operations on non- local user-accounts. Non-local user-accounts can be created due to users getting authenticated using RADIUS/TACACS+ server.

Related Documentation

The documentation set for the Cisco MDS 9000 Family includes the following documents:

Cisco MDS 9000 Family Release Notes for Cisco MDS SAN-OS Releases

Cisco MDS 9000 Family Interoperability Support Matrix

Cisco MDS SAN-OS Release Compatibility Matrix for IBM SAN Volume Controller Software for Cisco MDS 9000

Cisco MDS SAN-OS Release Compatibility Matrix for VERITAS Storage Foundation for Networks Software

Cisco MDS SAN-OS Compatibility Matrix for Storage Service Interface Images

Regulatory Compliance and Safety Information for the Cisco MDS 9000 Family

Cisco MDS 9500 Series Hardware Installation Guide

Cisco MDS 9200 Series Hardware Installation Guide

Cisco MDS 9216 Switch Hardware Installation Guide

Cisco MDS 9100 Series Hardware Installation Guide

Cisco MDS 9000 Family Software Upgrade and Downgrade Guide

Cisco MDS 9000 Family Configuration Guide

Cisco MDS 9000 Family Command Reference

Cisco MDS 9000 Family Fabric Manager Configuration Guide

Cisco MDS 9000 Family Fabric and Device Manager Online Help

Cisco MDS 9000 Family SAN Volume Controller Configuration Guide

Cisco MDS 9000 Family MIB Quick Reference

Cisco MDS 9000 Family CIM Programming Reference

Cisco MDS 9000 Family System Messages Reference

Cisco MDS 9000 Family Troubleshooting Guide

Cisco MDS 9000 Family Port Analyzer Adapter 2 Installation and Configuration Note

Cisco MDS 9000 Family Port Analyzer Adapter Installation and Configuration Note

For information on VERITAS Storage Foundation™ for Networks for the Cisco MDS 9000 Family, refer to the VERITAS website: http://support.veritas.com/

For information on IBM TotalStorage SAN Volume Controller Storage Software for the Cisco MDS 9000 Family, refer to the IBM TotalStorage Support website: http://www.ibm.com/storage/support/2062-2300/

Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

Cisco.com

You can access the most current Cisco documentation at this URL:

http://www.cisco.com/univercd/home/home.htm

You can access the Cisco website at this URL:

http://www.cisco.com

You can access international Cisco websites at this URL:

http://www.cisco.com/public/countries_languages.shtml

Documentation DVD

Cisco documentation and additional literature are available in a Documentation DVD package, which may have shipped with your product. The Documentation DVD is updated regularly and may be more current than printed documentation. The Documentation DVD package is available as a single unit.

Registered Cisco.com users (Cisco direct customers) can order a Cisco Documentation DVD (product number DOC-DOCDVD=) from the Ordering tool or Cisco Marketplace.

Cisco Ordering tool:

http://www.cisco.com/en/US/partner/ordering/

Cisco Marketplace:

http://www.cisco.com/go/marketplace/

Ordering Documentation

You can find instructions for ordering documentation at this URL:

http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm

You can order Cisco documentation in these ways:

Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Ordering tool:

http://www.cisco.com/en/US/partner/ordering/

Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 1 800 553-NETS (6387).

Documentation Feedback

You can send comments about technical documentation to bug-doc@cisco.com.

You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:

Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Cisco Product Security Overview

Cisco provides a free online Security Vulnerability Policy portal at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

From this site, you can perform these tasks:

Report security vulnerabilities in Cisco products.

Obtain assistance with security incidents that involve Cisco products.

Register to receive security information from Cisco.

A current list of security advisories and notices for Cisco products is available at this URL:

http://www.cisco.com/go/psirt

If you prefer to see advisories and notices as they are updated in real time, you can access a Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed from this URL:

http://www.cisco.com/en/US/products/products_psirt_rss_feed.html

Reporting Security Problems in Cisco Products

Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you might have identified a vulnerability in a Cisco product, contact PSIRT:

Emergencies — security-alert@cisco.com

Nonemergencies — psirt@cisco.com


Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product to encrypt any sensitive information that you send to Cisco. PSIRT can work from encrypted information that is compatible with PGP versions 2.x through 8.x.

Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one that has the most recent creation date in this public key server list:

http://pgp.mit.edu:11371/pks/lookup?search=psirt%40cisco.com&op=index&exact=on


In an emergency, you can also reach PSIRT by telephone:

1 877 228-7302

1 408 525-6532

Obtaining Technical Assistance

For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, Cisco Technical Support provides 24-hour-a-day, award-winning technical assistance. The Cisco Technical Support Website on Cisco.com features extensive online support resources. In addition, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not hold a valid Cisco service contract, contact your reseller.

Cisco Technical Support Website

The Cisco Technical Support Website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, 365 days a year, at this URL:

http://www.cisco.com/techsupport

Access to all tools on the Cisco Technical Support Website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:

http://tools.cisco.com/RPF/register/register.do


Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting a web or phone request for service. You can access the CPI tool from the Cisco Technical Support Website by clicking the Tools & Resources link under Documentation & Tools. Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by product ID or model name; by tree view; or for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.


Submitting a Service Request

Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco TAC engineer. The TAC Service Request Tool is located at this URL:

http://www.cisco.com/techsupport/servicerequest

For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco TAC engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.

To open a service request by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447

For a complete list of Cisco TAC contacts, go to this URL:

http://www.cisco.com/techsupport/contacts

Definitions of Service Request Severity

To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.

Severity 1 (S1)—Your network is "down," or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Severity 3 (S3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:

http://www.cisco.com/go/marketplace/

Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:

http://www.ciscopress.com

Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL:

http://www.cisco.com/packet

iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies learn how they can use technology to increase revenue, streamline their business, and expand services. The publication identifies the challenges facing these companies and the technologies to help solve them, using real-world case studies and business strategies to help readers make sound technology investment decisions. You can access iQ Magazine at this URL:

http://www.cisco.com/go/iqmagazine

Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:

http://www.cisco.com/ipj

World-class networking training is available from Cisco. You can view current offerings at this URL:

http://www.cisco.com/en/US/learning/index.html