Table Of Contents

P Commands

passive-mode

peer-info ipaddr

periodic-inventory notification

permit (IPv6-ACL configuration)

phone-contact

ping

policy

port

port-channel persistent

port-license

port-monitor activate

port-monitor enable

port-monitor name

port-security

port-security abort

port-security commit

port-security database

port-security distribute

port-security enable

port-track enable

port-track force-shut

port-track interface

port-type

portaddress

power redundancy-mode

poweroff module

priority

purge fcdomain fcid

purge module

pwc

pwd

pwwn (DPVM database configuration submode)

pwwn (fcdomain database configuration submode)

pwwn (SDV virtual device configuration submode)

P Commands

---

The commands in this chapter apply to the Cisco MDS 9000 Family of multilayer directors and fabric switches. All commands are shown here in alphabetical order regardless of command mode. See "About the CLI Command Modes" section on page 1-3 to determine the appropriate mode for each command. For more information, refer to the Cisco MDS 9000 Family CLI Configuration Guide.

passive-mode

To configure the required mode to initiate an IP connection, use the passive-mode command. To enable passive mode for the FCIP interface, use the no form of the command.

passive-mode

no passive-mode

Syntax Description

This command has no keywords or arguments.

Defaults

Disabled

Command Modes

Interface configuration submode.

Command History

Release	Modification
1.1(1)	This command was introduced.

Usage Guidelines

Access this command from the switch(config-if)# submode.

By default, the active mode is enabled to actively attempt an IP connection.

If you enable the passive mode, the switch does not initiate a TCP connection and merely waits for the peer to connect to it.

Examples

The following example enables passive mode on an FCIP interface.

switch# config terminal

switch(config)# interface fcip 1

switch(config-if)# passive-mode

Related Commands

Command	Description
show interface fcip	Displays an interface configuration for a specified FCIP interface.

peer-info ipaddr

To configure the peer information for the FCIP interface, use the peer-info ipaddr command. To remove the peer information for the FCIP interface, use the no form of the command.

peer-info ipaddr address [port number]

no peer-info ipaddr address [port number]

Syntax Description

ipaddr address	Configures the peer IP address.
port number	Configures a peer port. The range is 1 to 65535.

Defaults

None.

Command Modes

Interface configuration submode.

Command History

Release	Modification
1.1(1)	This command was introduced.

Usage Guidelines

Access this command from the switch(config-if)# submode.

The basic FCIP configuration uses the peer's IP address to configure the peer information. You can also use the peer's port number, port profile ID, or port WWN to configure the peer information. If you do not specify a port, the default 3225 port number is used to establish connection.

Examples

The following command assigns an IP address to configure the peer information. Since no port is specified, the default port number, 3225, is used.

switch# config terminal

switch(config)# interface fcip 10

switch(config-if)# peer-info ipaddr 10.1.1.1

The following command deletes the assigned peer port information.

switch(config-if)# no peer-info ipaddr 10.10.1.1 

The following command assigns the IP address and sets the peer TCP port to 3000. The valid port number range is from 0 to 65535.

switch(config-if)# peer-info ipaddr 10.1.1.1 port 3000

The following command deletes the assigned peer port information.

switch(config-if)# no peer-info ipaddr 10.1.1.1 port 2000

Related Commands

Command	Description
show interface fcip	Displays an interface configuration for a specified FCIP interface.

periodic-inventory notification

To enable the periodic inventory notification message dispatches, use the periodic-inventory notification command Call Home configuration submode. To revert to the default state, use the no form of the command.

periodic-inventory notification [interval days]

no periodic-inventory notification

Syntax Description

interval days

Specifies the notification interval. The range is 1 to 30.

Defaults

Disabled.

The initial default interval is 7 days.

Command Modes

Call Home configuration submode.

Command History

Release	Modification
2.0(x)	This command was introduced.

Usage Guidelines

None.

Examples

The following example shows how to enable periodic inventory notification and use the default interval.

switch# config terminal

switch(config)# callhome

switch(config-callhome)# periodic-inventory notification

The following example shows how to enable periodic inventory notification and set the interval to
10 days.

switch# config terminal

switch(config)# callhome

switch(config-callhome)# periodic-inventory notification interval 10

Related Commands

Command	Description
callhome	Enters Call Home configuration submode.
show callhome	Displays Call Home configuration information.

permit (IPv6-ACL configuration)

To configure permit conditions for an IPv6 access control list (ACL), use the permit command in IPv6-ACL configuration submode. To remove the conditions, use the no form of the command.

permit {ipv6-protocol-number | ipv6}
{source-ipv6-prefix/prefix-length | any | host source-ipv6-address}
{dest-ipv6-prefix/prefix-length | any | host dest-ipv6-address}
[log-deny]

permit icmp
{source-ipv6-prefix/prefix-length | any | host source-ipv6-address}
{dest-ipv6-prefix/prefix-length | any | host dest-ipv6-address}
[icmp-type [icmp-code]]
[log-deny]

permit tcp
{source-ipv6-prefix/prefix-length | any | host source-ipv6-address}
[source-port-operator source-port-number |
range source-port-number source-port-number]
{dest-ipv6-prefix/prefix-length | any | host dest-ipv6-address}
[dest-port-operator dest-port-number |
range dest-port-number dest-port-number]
[established] [log-deny]

permit udp
{source-ipv6-prefix/prefix-length | any | host source-ipv6-address}
[source-port-operator source-port-number |
range source-port-number source-port-number]
{dest-ipv6-prefix/prefix-length | any | host dest-ipv6-address}
[dest-port-operator dest-port-number |
range dest-port-number dest-port-number]
[log-deny]

no permit {ipv6-protocol-number | ipv6 | icmp | tcp | udp}

Syntax Description

ipv6-protocol-number	Specifies an IPv6 protocol number. The range is 0 to 255.
ipv6	Applies the ACL to any IPv6 packet.
source-ipv6-prefix/ prefix-length	Specifies a source IPv6 network or class of networks. The format is X:X:X::X/n.
any	Applies the ACL to any source or destination prefix.
host source-ipv6-address	Applies the ACL to the specified source IPv6 host address. The format is X:X:X::X.
dest-ipv6-prefix/prefix- length	Specifies a destination IPv6 network or class of networks. The format is X:X:X::X/n.
host dest-ipv6-address	Applies the ACL to the specified destination IPv6 host address. The format is X:X:X::X.
log-deny	For packets that are dropped, creates an informational log message about the packet that matches the entry. The message includes the input interface.
icmp	Applies the ACL to any Internet Control Message Protocol (ICMP) packet.
icmp-type	Specifies an ICMP message type. The range is 0 to 255.
icmp-code	Specifies an ICMP message code. The range is 0 255.
tcp	Applies the ACL to any TCP packet.
source-port-operator	Specifies an operand that compares the source ports of the specified protocol. The operands are lt (less than), gt (greater than), and eq (equals).
source-port-number	Specifies the port number of a TCP or UDP port. The number can be from 0 to 65535. A range requires two port numbers.
udp	Applies the ACL to any UDP packet.
dest-port-operator	Specifies an operand that compares the destination ports of the specified protocol. The operands are lt (less than), gt (greater than), and eq (equals).
dest-port-operator	Specifies the port number of a TCP or UDP port. The number can be from 0 to 65535. A range requires two port numbers.
range	Specifies a range of ports to compare for the specified protocol.
established	Indicates an established connection, which is defined as a packet whole SYN flag is not set.

Defaults

None.

Command Modes

IPv6-ACL configuration submode.

Command History

Release	Modification
3.0(1)	This command was introduced.

Usage Guidelines

The following guidelines can assist you in configuring an IPv6-ACL. For complete information, refer to the Cisco MDS 9000 Family CLI Configuration Guide.

•You can apply IPv6-ACLs to VSAN interfaces, the management interface, Gigabit Ethernet interfaces on IPS modules and MPS-14/2 modules, and Ethernet PortChannel interfaces. However, if IPv6-ACLs are already configured in a Gigabit Ethernet interface, you cannot add this interface to a Ethernet PortChannel group.

---

Caution Do not apply IPv6-ACLs to just one member of a PortChannel group. Apply IPv6-ACLs to the entire channel group.

---

•Use only the TCP or ICMP options when configuring IPv6-ACLs on Gigabit Ethernet interfaces.

•Configure the order of conditions accurately. Because the IPv6-ACL filters are applied sequentially to the IP flows, the first match determines the action taken. Subsequent matches are not considered. Be sure to configure the most important condition first. If no conditions match, the software drops the packet.

Examples

The following example configures an IPv6-ACL called List, enters IPv6-ACL submode, and adds an entry that permits IPv6 traffic from any source address to any destination address.

switch# config terminal

switch(config)# ipv6 access-list List1

sswitch(config-ipv6-acl)# permit tcp any any

The following example removes a permit condition set for any destination prefix on a specified UDP host.

switch# config terminal

switch(config)# ipv6 access-list List1

switch(config-ipv6-acl)# no permit udp host 2001:db8:200d::4000 any

The following example removes the IPv6-ACL called List1 and all its entries.

switch# config terminal

switch(config)# no ipv6 access-list List1

Related Commands

Command	Description
ipv6 access-list	Configures an IPv6 ACL and enters IPv6-ACL configuration submode.
deny	Configures deny conditions for an IPv6 ACL.

phone-contact

To configure the telephone contact number with the Call Home function, use the phone-contact command in Call Home configuration submode. To disable this feature, use the no form of the command.

phone-contact number

no phone-contact number

Syntax Description

number

(Optional) Configures the customer's phone number. Allows up to 17 alphanumeric characters in international phone format. Note Do not use spaces. Use the + prefix before the number.

Defaults

None.

Command Modes

Call Home configuration submode.

Command History

Release	Modification
1.0(2)	This command was introduced.

Usage Guidelines

None.

Examples

The following example shows how to configure the telephone contact number with the Call Home function.

switch# config terminal

Enter configuration commands, one per line.  End with CNTL/Z.

switch(config)# callhome

switch(config-callhome)# phone-contact +1-800-123-4567

Related Commands

Command	Description
callhome	Configures the Call Home function.
callhome test	Sends a dummy test message to the configured destination(s).
show callhome	Displays configured Call Home information.

ping

To diagnose basic network connectivity, use the ping command in EXEC mode.

ping [ipv6] [{host-name | ip-address} [count repeat-count] [interface {gigabitethernet slot/port | mgmt number | port-channel number | vsan vsan-id}] [size size [timeout timeout]]

Syntax Description

ipv6	Sends IPv6 echo messages.
host-name	Specifies the host name of system to ping. Maximum length is 64 characters.
ip-address	Specifies the address of the system to ping.
count repeat-count	Specifies the repeat count. The range is 0 to 64.
interface	Specifies the interface on which the ping packets are to be sent.
gigabitethernet slot/port	Specifies a Gigabit Ethernet slot and port number.
mgmt number	Specifies the management interface.
port-channel number	Specifies a PortChannel number. The range is 1 to 256.
vsan vsan-id	Specifies a VSAN ID. The range is 1 to 4093.
size size	Specifies the size. The range is 10 to 2000.
timeout timeout	Specifies the timeout. The range is 1 to 10.

Defaults

Prompts for input fields.

Command Modes

EXEC mode.

Command History

Release	Modification
1.0(2)	This command was introduced.
3.0(1)	Added the ipv6 argument.

Usage Guidelines

The ping (Packet Internet Groper) program sends an echo request packet to an address, and then awaits a reply. The ping output can help you evaluate path-to-host reliability, delays over the path, and whether the host can be reached or is functioning.

Verify connectivity to the TFTP server using the ping command.

To abnormally terminate a ping session, type the Ctrl-C escape sequence.

Examples

The following example pings the system 192.168.7.27.

switch# ping 192.168.7.27

PING 192.168.7.27 (192.168.7.27): 56 data bytes

64 bytes from 192.168.7.27: icmp_seq=0 ttl=255 time=0.4 ms

64 bytes from 192.168.7.27: icmp_seq=1 ttl=255 time=0.2 ms

64 bytes from 192.168.7.27: icmp_seq=2 ttl=255 time=0.2 ms

64 bytes from 192.168.7.27: icmp_seq=3 ttl=255 time=0.2 ms

--- 192.168.7.27 ping statistics ---

13 packets transmitted, 13 packets received, 0% packet loss

round-trip min/avg/max = 0.2/0.2/0.4 ms

The following command shows the prompts that appear when you enter the ping command without an IP address.

switch# ping

Target IP address: 10.2.2.4

Repeat count [5]: 4

Datagram size [100]: 5

Timeout in seconds [2]: 1

Extended commands [n]: 3

PING 10.2.2.4 (10.2.2.4) 5(33) bytes of data.

--- 10.2.2.4 ping statistics ---

4 packets transmitted, 0 received, 100% packet loss, time 3017ms

policy

To enter IKE policy configuration and configure a policy for the IKE protocol, use the policy command in IKE configuration submode. To delete the policy, use the no form of the command.

policy priority

no policy priority

Syntax Description

priority

Specifies the priority for the IKE policy. The range is 1 to 255, where 1 is the high priority and 255 is the lowest.

Defaults

None.

Command Modes

IKE configuration submode.

Command History

Release	Modification
2.0(x)	This command was introduced.

Usage Guidelines

To use this command, the IKE protocol must be enabled using the crypto ike enable command.

Examples

The following example shows how to configure a policy priority number for the IKE protocol.

switch# config terminal

switch(config)# crypto ike domain ipsec

switch(config-ike-ipsec)# policy 1

switch(config-ike-ipsec-policy)#

Related Commands

Command	Description
crypto ike domain ipsec	Enters IKE configuration mode.
crypto ike enable	Enables the IKE protocol.
show crypto ike domain ipsec	Displays IKE information for the IPsec domain.

port

To assign the TCP port number of a Gigabit Ethernet interface to the FCIP profile or a listener peer port for a ISCSI interface, use the port command. Use the no form of the command to negate the command or revert to factory defaults.

port number

no port number

Syntax Description

port number

Configures a peer port. The range is 1 to 65535.

Defaults

Disabled

Command Modes

Fcip profile configuration submode.

Interface configuration submode.

Command History

Release	Modification
1.1(1)	This command was introduced.

Usage Guidelines

Associates the profile with the assigned local port number. If a port number is not assigned for a FCIP profile, the default TCP port 3225 is used.

Examples

The following example configures port 5000 on FCIP interface 5.

switch# config terminal

switch(config)# fcip profile 5

switch(config-profile)# port 5000

The following example configures port 4000 on ISCSI interface 2/1.

switch# config terminal

switch(config)# interface iscsi 2/1

switch(config-profile)# port 4000

Related Commands

Command	Description
show fcip profile	Displays information about the FCIP profile.
interface fcip interface_number use-profile profile-id	Configures the interface using an existing profile ID from 1 to 255.
show interface fcip	Displays an interface configuration for a specified FCIP interface.

port-channel persistent

To convert an autocreated PortChannel to a persistent PortChannel, use the port-channel persistent command in EXEC mode.

port-channel port-channel-id persistent

Syntax Description

port-channel-id

Specifies the port channel ID. The range is 1 to 128.

Defaults

None.

Command Modes

EXEC mode.

Command History

Release	Modification
2.0(x)	This command was introduced.

Usage Guidelines

This command is not reversible. A user-created channel group cannot be converted to an autocreated channel group.When the port-channel persistent command is applied to an autocreated channel group, the channel group number does not change and the member ports properties change to those of a user-created channel group. The channel mode remains active.

Examples

The following example shows how to change the properties of an autocreated channel group to a persistent channel group.

switch# port-channel 10 persistent

Related Commands

Command	Description
port-channel protocol	Enables the PortChannel protocol.
show interface port-channel	Displays PortChannel interface information.
show port-channel	Displays PortChannel information.

port-license

To make a port eligible or ineligible to acquire a port activation license on a Cisco MDS 9124 switch, use the port-license command.

port-license acquire

no port-license acquire

Syntax Description

acquire

Grants a license to a port.

Defaults

None.

Command Modes

Interface configuration submode.

Command History

Release	Modification
3.1(1)	This command was introduced.

Usage Guidelines

If a port already has a license, then no action is taken and the port-license command returns successfully. If a license is unavailable, then the port will remain unlicensed.

---

Note This command is supported on the Cisco MDS 9124 switch only.

---

Examples

The following example shows how to make a port eligible to acquire a license.

switch# config t

switch (config)# interface fc1/1

switch (config-if)# port-license

The following example shows how to acquire a license for a port, and then copies the configuration to the startup configuration so that the new licensing configuration is maintained.

switch# config t

switch(config)# interface fc1/1

switch(config-if)#

switch(config-if)# port-license acquire

switch(config-if)# end

switch# copy running-config startup-config

Related Commands

Command	Description
show port-licenses	Displays port licensing information for a Cisco MDS 9124 switch.

port-monitor activate

To activate the specified port monitor policy, use port-monitor activate command. To deactivate the policy, use the no form of the command.

port-monitor activate [name]

no port-monitor activate [name]

Syntax Description

name	Name of RMON port policy.

Defaults

None.

Command Modes

Configuration mode.

Command History

Release	Modification
3.4(1)	This command was introduced.

Usage Guidelines

If no name is given, the port-monitor activates the default policy. Presently one policy is activated on one port type. Two policies can be active but on different port-types. If the specified policy is not active, it is a redundant operation.

Examples

The following example shows how to activate the port monitor default policy:

switch(config)# port-monitor activate 

switch(config)#

The following example shows how to activate the port monitor cisco policy:

switch(config)# port-monitor activate Cisco 

switch(config)#

Related Commands

Command	Description
show port-monitor	Displays all port monitor policies.

port-monitor enable

To enable the user to activate or deactivate policies, use the port-monitor enable command. To disable port monitor policies, use the no form of the command.

port-monitor enable

no port-monitor enable

Syntax Description

This command has no arguments or keywords.

Defaults

None.

Command Modes

Configuration mode.

Command History

Release	Modification
3.4(1)	This command was introduced.

Usage Guidelines

None.

Examples

The following example shows how to enable port monitor:

switch(config)# port-monitor enable

switch(config)# no port-monitor enable

Related Commands

Command	Description
show port-monitor	Displays all port monitor policies.

port-monitor name

To display the counter details of the policy, use the port-monitor name command. To delete port monitor policy, use the no form of the command.

port-monitor name [string]

no port-monitor name [string]

Syntax Description

string

Displays the policy name.

Defaults

None.

Command Modes

Configuration mode.

Command History

Release	Modification
3.4(1)	This command was introduced.

Usage Guidelines

None.

Examples

The following example shows how to create a cisco policy name and to assign the default value:

switch# config t

Enter configuration commands, one per line. End with CNTL/Z.

switch(config)# port-monitor name cisco

switch(config-port-monitor)#

switch(config-port-monitor)# do show port-monitor cisco

Policy Name : cisco Status : Not Active

Port type : All Ports

Counter Threshold Interval Rising Threshold Falling Threshold Stat

------- --------- -------- ---------------- ------------------ ----

Link Loss Delta 60 5 1 Active

Sync Loss Delta 60 5 1 Active

Protocol Error Delta 60 1 0 Active

Signal Loss Delta 60 5 1 Active

Invalid Words Delta 60 1 0 Active

Invalid CRC's Delta 60 5 1 Active

RX Performance Delta 60 2147483648 524288000 Active

TX Performance Delta 60 2147483648 524288000 Active

State Change Delta 60 1 0 Active

-----------------------------------------------------------------------------

switch(config-port-monitor)#

Related Commands

Command	Description
show port-monitor	Displays all port monitor policies.

port-security

To configure port security features and reject intrusion attempts, use the port-security command in configuration mode. Use the no form of the command to negate the command or revert to factory defaults.

port-security
{activate vsan vsan-id [force | no-auto-learn] |
auto-learn vsan vsan-id |
database vsan vsan-id {any-wwn | pwwn wwn | nwwn wwn | swwn wwn} [fwwn wwn | interface {fc slot/port | port-channel number} | swwn wwn [interface {fc slot/port | port-channel number}]]}

no port-security
{activate vsan vsan-id [force | no-auto-learn] |
auto-learn vsan vsan-id |
database vsan vsan-id {any-wwn | pwwn wwn | nwwn wwn | swwn wwn} [fwwn wwn | interface {fc slot/port | port-channel number} | swwn wwn [interface {fc slot/port | port-channel number}]]}

Syntax Description

activate	Activates a port security database for the specified VSAN and automatically enables auto-learn.
auto-learn	Enables auto-learning for the specified VSAN.
database	Enters the port security database configuration mode for the specified VSAN.
any-wwn	Specifies any WWN to login to the switch.
nwwn wwn	Specifies the node WWN as the Nx port connection.
pwwn wwn	Specifies the port WWN as the Nx port connection.
swwn wwn	Specifies the switch WWN as the xE port connection.
fwwn wwn	Specifies a fabric WWN login.
interface	Specifies the device or switch port interface through which each device is connected to the switch.
fc slot/port	Specifies a Fibre Channel interface by the slot and port.
port-channel number	Specifies a PortChannel interface. The range is 1 to 128.
vsan vsan-id	Specifies the VSAN ID. The range is 1 to 4093.
force	Forces the database activation.
no-auto-learn	Disables the autolearn feature for the port security database.

Defaults

Disabled.

Command Modes

Configuration mode.

Command History

Release	Modification
1.2(1)	This command was introduced.
2.0(x)	Add the optional swwn keyword to the subcommands under the port-security database vsan command.

Usage Guidelines

When you activate the port security feature, the auto-learn option is also automatically enabled. You can choose to activate the port-security feature and disable autolearn using the port-security activate vsan number no-auto-learn command. In this case, you need to manually populate the port security database by individually securing each port.

If the auto-learn option is enabled on a VSAN, you cannot activate the database for that VSAN without the force option.

Examples

The following example activates the port security database for the specified VSAN, and automatically enables autolearning.

switch# config terminal

switch(config)# port-security activate vsan 1

The following example deactivates the port security database for the specified VSAN, and automatically disables auto-learn.

switch# config terminal

switch(config)# no port-security activate vsan 1

The following example disables the auto-learn feature for the port security database in VSAN 1.

switch# config terminal

switch(config)# port-security activate vsan 1 no-auto-learn

The following example enables auto-learning so the switch can learn about any device that is allowed to access VSAN 1. These devices are logged in the port security active database.

switch# config terminal

switch(config)# port-security auto-learn vsan 1

The following example disables auto-learning and stops the switch from learning about new devices accessing the switch. Enforces the database contents based on the devices learnt up to this point.

switch# config terminal

switch(config)# no port-security auto-learn vsan 1

The following example enters the port security database mode for the specified VSAN.

switch# config terminal

switch(config)# port-security database vsan 1

switch(config-port-security)#

The following example configures any WWN to login through the specified interfaces.

switch(config-port-security)# any-wwn interface fc1/1 - fc1/8

The following example configures the specified pWWN to only log in through the specified fWWN.

switch(config-port-security)# pwwn 20:11:00:33:11:00:2a:4a fwwn 20:81:00:44:22:00:4a:9e

The following example deletes the specified pWWN configured in the previous step.

switch(config-port-security)# no pwwn 20:11:00:33:11:00:2a:4a fwwn 
20:81:00:44:22:00:4a:9e

The following example configures the specified pWWN to only log in through the specified sWWN.

switch(config-port-security)# pwwn 20:11:00:33:11:00:2a:4a swwn 20:00:00:0c:85:90:3e:80

The following example deletes the specified pWWN configured in the previous step.

switch(config-port-security)# no pwwn 20:11:00:33:11:00:2a:4a swwn 
20:00:00:0c:85:90:3e:80

The following example configures the specified nWWN to log in through the specified fWWN.

switch(config-port-security)# nwwn 26:33:22:00:55:05:3d:4c fwwn 20:81:00:44:22:00:4a:9e

The following example configures the specified pWWN to login through any port on the local switch.

switch(config-port-security)# pwwn 20:11:33:11:00:2a:4a:66

The following example configures the specified sWWN to only login through PortChannel 5.

switch(config-port-security)# swwn 20:01:33:11:00:2a:4a:66 interface port-channel 5

The following example configures any WWN to log in through the specified interface.

switch(config-port-security)# any-wwn interface fc3/1

The following example deletes the wildcard configured in the previous step.

switch(config-port-security)# no any-wwn interface fc2/1

The following example deletes the port security configuration database from the specified VSAN.

switch# config terminal

switch(config)# no port-security database vsan 1

switch(config)# 

The following example forces the VSAN 1 port security database to activate despite conflicts.

switch(config)# port-security activate vsan 1 force

Related Commands

Command	Description
show port-security database	Displays configured port security information.

port-security abort

To discard the port security Cisco Fabric Services (CFS) distribution session in progress, use the port-security abort command in configuration mode.

port-security abort vsan vsan-id

Syntax Description

vsan vsan-id

Specifies the VSAN ID. The range is 1 to 4093.

Defaults

None.

Command Modes

Configuration mode.

Command History

Release	Modification
2.0(x)	This command was introduced.

Usage Guidelines

None.

Examples

The following example shows how to discard a port security CFS distribution session in progress.

switch# config terminal

switch(config)# port-security abort vsan 33

Related Commands

Command	Description
port-security distribute	Enables CFS distribution for port security.
show port-security	Displays port security information.

port-security commit

To apply the pending configuration pertaining to the port security Cisco Fabric Services (CFS) distribution session in progress in the fabric, use the port-security commit command in configuration mode.

port-security commit vsan vsan-id

Syntax Description

vsan vsan-id

Specifies the VSAN ID. The range is 1 to 4093.

Defaults

None.

Command Modes

Configuration mode.

Command History

Release	Modification
2.0(x)	This command was introduced.

Usage Guidelines

None.

Examples

The following example shows how to commit changes to the active port security configuration.

switch# config terminal

switch(config)# port-security commit vsan 13

Related Commands

Command	Description
port-security distribute	Enables CFS distribution for port security.
show port-security	Displays port security information.

port-security database

To copy the port security database or to view the difference within the port security database, use the port-security database command in EXEC mode.

port-security database {copy | diff {active | config}} vsan vsan-id

Syntax Description

port-security	Activates a port security database for the specified VSAN and automatically enables auto-learn.
database	Enters the port security database configuration mode for the specified VSAN.
copy	Copies the active database to the configuration database.
diff	Provides the difference between the active and configuration port security database.
active	Writes the active database to the configuration database.
config	Writes the configuration database to the active database.
vsan vsan-id	Specifies the VSAN ID. The ranges is 1 to 4093.

Defaults

None.

Command Modes

EXEC mode.

Command History

Release	Modification
1.2(1)	This command was introduced.

Usage Guidelines

If the active database is empty, the port-security database is empty.

Use the port-security database diff active command to resolve conflicts.

Examples

The following example copies the active to the configured database.

switch# port-security database copy vsan 1

The following example provides the differences between the active database and the configuration database.

switch# port-security database diff active vsan 1

The following example provides information on the differences between the configuration database and the active database.

switch# port-security database diff config vsan 1

Related Commands

Command	Description
port-security database	Copies and provides information on the differences within the port security database.
show port-security database	Displays configured port security information.

port-security distribute

To enable Cisco Fabric Services (CFS) distribution for port security, use the port-security distribute command. To disable this feature, use the no form of the command.

port-security distribute

no port-security distribute

Syntax Description

This command has no other arguments or keywords.

Defaults

Disabled.

Command Modes

Configuration mode.

Command History

Release	Modification
1.0(2)	This command was introduced.

Usage Guidelines

Before distributing the Fibre Channel timer changes to the fabric, the temporary changes to the configuration must be committed to the active configuration using the port-security commit command.

Examples

The following example shows how to distribute the port security configuration to the fabric.

switch# config terminal

switch(config)# port-security distribute

Related Commands

Command	Description
port-security commit	Commits the port security configuration changes to the active configuration.
show port-security	Displays port security information.

port-security enable

To enable port security, use the port-security enable command in configuration mode. To disable port security, use the no form of the command.

port-security enable

no port-security enable

Syntax Description

This command has no other arguments or keywords.

Defaults

Disabled.

Command Modes

Configuration mode.

Command History

Release	Modification
2.0(x)	This command was introduced.

Usage Guidelines

Issuing the port-security enable command enables the other commands used to configure port security.

Examples

The following example shows how to enable port security.

switch# config terminal

switch(config)# port-security enable

The following example shows how to disable port security.

switch# config terminal

switch(config)# no port-security enable

Related Commands

Command	Description
show port-security	Displays port security information.

port-track enable

To enable port tracking for indirect errors, use the port-track enable command in configuration mode. To disable this feature, use the no form of the command.

port-track enable

no port-track enable

Syntax Description

This command has no other arguments or keywords.

Defaults

Disabled.

Command Modes

Configuration mode.

Command History

Release	Modification
2.0(x)	This command was introduced.

Usage Guidelines

The software brings the linked port down when the tracked port goes down. When the tracked port recovers from the failure and comes back up again, the tracked port is also brought up automatically (unless otherwise configured).

Examples

The following example shows how to enable port tracking.

switch# config terminal

switch(config)# port-track enable

The following example shows how to disable port tracking.

switch# config terminal

switch(config)# no port-track enable

Related Commands

Command	Description
show interface fc	Displays configuration and status information for a specified Fibre Channel interface.
show interface port-channel	Displays configuration and status information for a specified PortChannel interface.

port-track force-shut

To force a shutdown of a tracked port, use the port-track force-shut command in interface configuration submode. To reenable the port tracking, use the no form of the command.

port-track force-shut

no port-track force-shut

Syntax Description

This command has no other arguments or keywords.

Defaults

None.

Command Modes

Interface configuration submode.

Command History

Release	Modification
2.0(x)	This command was introduced.

Usage Guidelines

Use the port-track force-shut to keep the linked port down, even though the tracked port comes back up. You must explicitly bring the port up when required using the no port-track force-shut command.

Examples

The following example shows how to force the shutdown of an interface and the interfaces that it is tracking.

switch# config terminal

switch(config)# interface fc 1/2

switch(config-if)# no port-track force-shut

Related Commands

Command	Description
port-track enable	Enables port tracking.
show interface fc	Displays configuration and status information for a specified Fibre Channel interface.
show interface port-channel	Displays configuration and status information for a specified PortChannel interface.

port-track interface

To enable port tracking for specific interfaces, use the port-track interface command in interface configuration submode. To disable this feature, use the no form of the command.

port-track interface {fc slot/port | fcip port | gigabitethernet slot/port | port-channel port}
[vsan vsan-id]

no port-track interface {fc slot/port | fcip port | gigabitethernet slot/port | port-channel port}
[vsan vsan-id]

Syntax Description

fc slot/port	Specifies a Fibre Channel interface.
fcip port	Specifies a FCIP interface.
gigabitethernet slot/port	Specifies a Gigabit Ethernet interface.
port-channel port	Specifies a PortChannel interface. The range is 1 to 128.
vsan vsan-id	Specifies a VSAN ID. The range is 1 to 4093.

Defaults

None.

Command Modes

Interface configuration submode.

Command History

Release	Modification
2.0(x)	This command was introduced.

Usage Guidelines

When the ports that an interface is tracking goes down, the interface also goes down. When the tracked port comes backup, the linked interface also comes back up. Use the port-track force-shut command to keep the linked interface down.

Examples

The following example shows how to enable port tracking for specific interfaces.

switch# config terminal

switch(config)# interface fc 1/2

switch(config-if)# port-track interface port-channel 2

switch(config-if)# port-track interface fcip 5

Related Commands

Command	Description
port-track enable	Enables port tracking.
port-track force-shut	Forcefully shuts an interface for port tracking.
show interface fc	Displays configuration and status information for a specified Fibre Channel interface.
show interface port-channel	Displays configuration and status information for a specified PortChannel interface.

port-type

To configure port type policies, use port-type command. To disable port type policies, use the no form of the command.

port-type {all | trunks | access-Ports}

no port-type {all | trunks | access-Ports}

Syntax Description

access ports	Configures only access ports.
all	Configures both trunk ports and access ports.
trunks	Configures only trunk ports.

Defaults

None.

Command Modes

Configuration mode.

Command History

Release	Modification
3.4(1)	This command was introduced.

Usage Guidelines

The default policy uses its own internal port type, which is the same as all ports.

Examples

The following example shows how to configure port monitoring for access ports:

switch# config t

Enter configuration commands, one per line. End with CNTL/Z.

switch(config)# port-monitor name cisco

switch(config-port-monitor)# port-type access-port

trying to get name

name is cisco

sending port type access

switch(config-port-monitor)#

The following example shows how to configure port monitoring for all ports:

switch(config-port-monitor)# port-type all

trying to get name

name is cisco

sending port type all

switch(config-port-monitor)#

The following example shows how to configure port monitoring for trunk ports:

switch(config-port-monitor)# port-type trunks

trying to get name

name is cisco

sending port type trunks

switch(config-port-monitor)#

Related Commands

Command	Description
show port-monitor	Displays all port monitor policies.

portaddress

To enable the FICON feature in a specified VSAN, use the ficon vsan command in configuration mode. To disable the feature or to revert to factory defaults, use the no form of the command.

portaddress portaddress
block
name string
prohibit portaddress portaddress

portaddress portaddress
no block
no name string
no prohibit portaddress portaddress

Syntax Description

portnumber	Specifies the FICON port number for this interface. The range is 0 to 254.
block	Blocks a port address.
name string	Configures a name for the port address. Maximum length is 24 characters.
prohibit portaddress	Prohibit communication with a portaddress.

Defaults

None.

Command Modes

FICON configuration submode.

Command History

Release	Modification
1.3(1)	This command was introduced.

Usage Guidelines

The shutdown/no shutdown port state is independent of the block/no block port state. If a port is shutdown, unblocking that port will not initialize the port.

You cannot block or prohibit CUP port (0XFE).

If you prohibit ports, the specified ports are prevented from communicating with each other. Unimplemented ports are always prohibited.

Examples

The following example disables a port address and retains it in the operationally down state.

switch# config terminal

switch(config)# ficon vsan 2

switch(config-ficon)# portaddress 1 

switch(config-ficon-portaddr)# block

The following example enables the selected port address and reverts to the factory default of the port address not being blocked.

switch(config-ficon-portaddr)# no block

The following example prohibits port address 1 in VSAN 2 from talking to ports 3.

switch(config-ficon-portaddr)# prohibit portaddress 3

The following example removes port address 5 from a previously-prohibited state.

switch(config-ficon-portaddr)# no prohibit portaddress 5

The following example assigns a name to the port address.

switch(config-ficon-portaddr)# name SampleName

The following example deletes a previously configured port address name.

switch(config-ficon-portaddr)# no name SampleName

Related Commands

Command	Description
show ficon	Displays configured FICON details.

power redundancy-mode

To configure the capacity of the power supplies on the Cisco MDS 9500 Family of switches, use the power redundancy-mode command in configuration mode. Use the no form of the command to negate the command or revert to factory defaults.

power redundancy-mode {combined [force] | redundant}

no power redundancy-mode {combined [force] | redundant}

Syntax Description

combined	Configures power supply redundancy mode as combined.
force	Forces combined mode without prompting.
redundant	Configures power supply redundancy mode as redundant.

Defaults

Redundant mode.

Command Modes

Configuration mode.

Command History

Release	Modification
1.0(2)	This command was introduced.

Usage Guidelines

•If power supplies with different capacities are installed in the switch, the total power available differs based on the configured mode:

•In redundant mode, the total power is the lesser of the two power supply capacities. This reserves enough power to keep the system powered on in case of a power supply failure. This is the recommended or default mode.

•In combined mode, the total power is twice the lesser of the two power supply capacities. In case of a power supply failure, the entire system could be shut down, depending on the power usage at that time.

•When a new power supply is installed, the switch automatically detects the power supply capacity. If the new power supply has a capacity that is lower than the current power usage in the switch and the power supplies are configured in redundant mode, the new power supply will be shut down.

•When you change the configuration from combined to redundant mode and the system detects a power supply that has a capacity lower than the current usage, the power supply is shut down. If both power supplies have a lower capacity than the current system usage, the configuration is not allowed.

Examples

The following examples demonstrate how the power supply redundancy mode could be set.

switch(config)# power redundancy-mode combined

WARNING: This mode can cause service disruptions in case of a power supply failure. 
Proceed ? [y/n] y

switch(config)# power redundancy-mode redundant 

Related Commands

Command	Description
show environment power	Displays status of power supply modules, power supply redundancy mode, and power usage summary.
copy running-config startup-config	Copies all running configuration to the startup configuration.

poweroff module

To power off individual modules in the system, use the poweroff module command in configuration mode. Use the no form of this command to power up the specified module.

poweroff module slot

no poweroff module slot

Syntax Description

slot	Specifies the slot number for the module.

Defaults

None.

Command Modes

Configuration mode.

Command History

Release	Modification
1.0(2)	This command was introduced.

Usage Guidelines

Use the poweroff module command to power off individual modules. The poweroff module command cannot be used to power off supervisor modules.

Examples

The following example powers off and powers up module 1.

switch# config terminal

switch(config)# poweroff module 1

switch(config)#

switch(config)# no poweroff module 1

switch(config)# 

Related Commands

Command	Description
show module	Displays information for a specified module.
copy running-config startup-config	Copies all running configuration to the startup configuration.

priority

To configure the priority in a QoS policy map class, use the priority command in QoS policy class map configuration submode. To disable this feature, use the no form of the command.

priority {high | low | medium}

no priority {high | low | medium}

Syntax Description

high	Configures the frames matching the class-map as high priority.
low	Configures the frames matching the class-map as low priority. The default.
medium	Configures the frames matching the class-map as medium priority.

Defaults

The default priority is low.

Command Modes

QoS policy map class configuration submode.

Command History

Release	Modification
1.3(1)	This command was introduced.

Usage Guidelines

Before you can configure the priority in a QoS policy map class you must first:

•Enable the QoS data traffic feature using the qos enable command.

•Configure a QoS class map using the qos dwrr-q command.

•Configure a QoS policy map using the qos policy-map command.

•Configure a QoS policy map class using the class command.

Examples

The following example shows how to select the QoS policy class-map1 and configure the frame priority as high.

switch(config-pmap)# class class-map1

switch(config-pmap-c)# priority high 

Operation in progress. Please check class-map parameters

switch(config-pmap-c)# 

Related Commands

Command	Description
qos enable	Enables the QoS data traffic feature on the switch.
qos class-map	Configures a QoS class map.
qos policy-map	Configure a QoS policy map.
class	Configure a QoS policy map class.
show qos	Displays the current QoS settings.

purge fcdomain fcid

To purge persistent FCIDs, use the purge fcdomain fcid command in EXEC mode.

purge fcdomain fcid vsan vsan-id

Syntax Description

vsan vsan-id

Indicates that FCIDs are to be purged for a VSAN ID. The range is 1 to 4093.

Defaults

None.

Command Modes

EXEC mode.

Command History

Release	Modification
1.0(2)	This command was introduced.

Usage Guidelines

None.

Examples

The following example shows how to purge all dynamic, unused FCIDs in VSAN 4

switch# purge fcdomain fcid vsan 4

switch#

The following example shows how to purge all dynamic, unused FCIDs in VSANs 4, 5, and 6.

switch# purge fcdomain fcid vsan 3-5

switch#

purge module

To delete configurations in the running configuration for nonexistent modules, use the purge module command in EXEC mode.

purge module slot running-config

Syntax Description

slot	Specifies the module slot number.
running-config	Purges the running configuration from the specified module.

Defaults

None.

Command Modes

EXEC mode.

Command History

Release	Modification
1.1(1)	This command was introduced.

Usage Guidelines

This command cannot be issued on a supervisor module.

Examples

The following example displays the output of the purge module command issued on the module in slot 8.

switch# purge module 8 running-config

switch#

pwc

To view your present working context (PWC), use the pwc command in any mode.

pwc

Syntax Description

This command has no arguments or keywords.

Defaults

None.

Command Modes

All.

Command History

Release	Modification
3.0(1)	This command was introduced.

Usage Guidelines

None.

Examples

The following example shows the present working context.

switch# config t

switch(config)# islb initiator ip-address 120.10.10.2

switch(config-islb-init)# pwc

(config t) -> (islb initiator ip-address 120.10.10.2)

Related Commands

Command	Description
pwd	Displays the current directory location.

pwd

To display the current directory location, use the pwd command in EXEC mode.

pwd

Syntax Description

This command has no keywords or arguments.

Defaults

None.

Command Modes

EXEC mode.

Command History

Release	Modification
1.0(2)	This command was introduced.

Usage Guidelines

None.

Examples

The following example changes the directory and displays the current directory.

switch# cd bootflash:logs

switch# pwd

bootflash:/logs

Related Commands

Command	Description
cd	Changes the current directory to the specified directory.
dir	Displays the contents of a directory.

pwwn (DPVM database configuration submode)

To add a device to a dynamic port VSAN membership (DPVM) database using the pWWN, use the pwwn command in DPVM database configuration submode. To remove a device from a DPVM database using the pWWN, use the no form of the command.

pwwn pwwn-id vsan vsan-id

no pwwn pwwn-id vsan vsan-id

Syntax Description

pwwn-id	Specifies the port WWN ID. The format is hh:hh:hh:hh:hh:hh:hh, where h is a hexadecimal number.
vsan vsan-id	Specifies the VSAN ID. The range is 1 to 4093.

Defaults

None.

Command Modes

DPVM database configuration submode.

Command History

Release	Modification
2.0(x)	This command was introduced.

Usage Guidelines

To use this command, DPVM must be enabled using the dpvm enable command.

Examples

The following example shows how to add an entry to the DPVM database.

switch# config terminal

switch(config)# dpvm database

switch(config-dpvm-db)# pwwn 11:22:33:44:55:66:77:88 vsan 1

The following example shows how to delete an entry from the DPVM database.

switch(config-dpvm-db)# no pwwn 11:22:33:44:55:66:77:88 vsan 1

Related Commands

Command	Description
dpvm database	Configures the DPVM database.
show dpvm	Displays DPVM database information.

pwwn (fcdomain database configuration submode)

To map a pWWN to a persistent FC ID for IVR, use the pwwn command in IVR fcdomain database configuration submode. To remove the mapping for the pWWN, use the no form of the command.

pwwn pwwn-id fc-id

no pwwn pwwn-id

Syntax Description

pwwn-id	Specifies the pWWN ID. The format is hh:hh:hh:hh:hh:hh:hh:hh, where h is a hexadecimal number.
fc-id	Specifies the FC ID of the device.

Defaults

None.

Command Modes

fcdomain database configuration submode.

Command History

Release	Modification
2.1(2)	This command was introduced.

Usage Guidelines

Only one FC ID can be mapped to a pWWN.

Examples

The following example shows how to map the pWWN to the persistent FC ID.

switch# config t

switch(config)# ivr fcdomain database autonomous-fabric-num 10 vsan 20

switch(config-fcdomain)# native-autonomous-fabric-num 20 native-vsan 30 domain 15

switch(config-fcdomain-fcid)# pwwn 11:22:33:44:55:66:77:88 0x123456

The following example shows how to remove the mapping between the pWWN and the FC ID.

switch# config t

switch(config)# ivr fcdomain database autonomous-fabric-num 10 vsan 20

switch(config-fcdomain)# native-autonomous-fabric-num 20 native-vsan 30 domain 15

switch(config-fcdomain-fcid)# no pwwn 11:22:33:44:55:66:77:88

Related Commands

Command	Description
ivr fcdomain database autonomous-fabric-num	Creates IVR persistent FC IDs.
native-autonomous-fabric-num	Creates an IVR persistent FC ID database entry.
show ivr fcdomain database	Displays IVR fcdomain database entry information.

pwwn (SDV virtual device configuration submode)

To add a pWWN to a virtual device, use the pwwn command in SDV virtual device configuration submode. To remove a pWWN from a virtual device, usethe no form of the command.

pwwn pwwn-name [primary]

no pwwn pwwn-name [primary]

Syntax Description

pwwn-name	Specifies the pWWN of a real device. The format is hh:hh:hh:hh:hh:hh:hh:hh, where h is a hexadecimal number.
primary	Configures the virtual device as a real device.

Defaults

None.

Command Modes

SDV virtual device configuration submode.

Command History

Release	Modification
3.1(2)	This command was introduced.

Usage Guidelines

None.

Examples

The following example shows how to add a pWWN to a virtual device.

switch# config terminal

Enter configuration commands, one per line. End with CNTL/Z.

switch(config)# sdv virtual-device name sqa2 vsan 1

switch(config-sdv-virt-dev)# pwwn 21:00:00:04:cf:cf:45:40

Related Commands

Command	Description
sdv enable	Enables or disables SAN device virtualization.
show sdv statistics	Displays SAN device virtualization statistics.