Cisco MDS 9000 Family Secure Erase Configuration Guide
Secure Erase Appendix

Table Of Contents

Secure Erase CLI Command Reference

add-session vsan

add-step dynamic

add-step static

add-tgt vsan

add-vi vsan

empty

secure-erase abort job

secure-erase create algorithm

secure-erase create job

secure-erase create-vi vsan

secure-erase destroy algorithm

secure-erase destroy job

secure-erase destroy-vi vsan

secure-erase start job

secure-erase stop job

secure-erase validate job

show secure-erase algorithm

show secure-erase job

show secure-erase job detail

show secure-erase vsan


Secure Erase CLI Command Reference


The Cisco MDS Secure Erase provides CLI commands that support scripting and advanced operations.

This appendix contains a list of alphabetically arranged commands that are unique to Cisco MDS Secure Erase.

For information about other commands that apply to the Cisco MDS 9000 Family of multilayer directors and fabric switches, refer to the Cisco MDS 9000 Family CLI Configuration Guide.

add-session vsan

To add sessions to a job, use the add-session vsan command in configuration mode.

add-session vsan vsan-id pwwn tgt-pwwn all-luns | lun lun-id algorithm name/id

Syntax Description

vsan-id

Specifies the VSAN ID of the target.

pwwn tgt-pwwn

Specifies the pWWN of the target.

all-luns

Specifies all of the LUNs in the Secure Erase session.

lun lun-id

Specifies the LUN ID of the Secure Erase session.

algorithm name/id

Specifies the algorithm that should be used for the session.


Defaults

None.

Command Modes

Configuration Secure Erase job submode

Command History

Release
Modification

3.3(1a)

This command was introduced.


Usage Guidelines

None.

Examples

The following example shows how to add a VI to a specific Secure Erase job:

switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 job 1
switch(config-se-job)# add-session vsan 1 pwwn 20:04:00:a0:b8:16:92:18 all-luns algorithm 
RCMP

Related Commands

Command
Description

add-session job

Adds sessions to the job.


add-step dynamic

To add a dynamic pattern step to a specific algorithm, use the add-step dynamic command in configuration mode.

add-step dynamic [0 | 1]

Syntax Description

0

(Optional) Specifies that the pattern is generated using a random number generator.

1

(Optional) Specifies that the pattern is complimentary to the previous pattern.


Defaults

None.

Command Modes

Configuration Secure Erase algorithm submode

Command History

Release
Modification

3.3(1a)

This command was introduced.


Usage Guidelines

None.

Examples

The following example shows how to add a dynamic pattern step to a specific algorithm:

switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 algorithm 0
switch(config-se-algo)#
switch(config-se-algo)# add-step dynamic 0

Related Commands

Command
Description

add-step static

Adds static pattern step to a specific algorithm.


add-step static

To add a static pattern step to a specific algorithm, use the add-step static command in configuration mode.

add-step static pattern

Syntax Description

pattern

Specifies the static pattern step. The pattern is to write ranges from 1 to 512 bytes and can consist of only characters 0 to 9 and A to F.


Defaults

None.

Command Modes

Configuration Secure Erase algorithm submode

Command History

Release
Modification

3.3(1a)

This command was introduced.


Usage Guidelines

None.

Examples

The following example shows how to add a static step to a specific algorithm:

switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 algorithm 0
switch(config-se-algo)#
switch(config-se-algo)# add-step static 1

Related Commands

Command
Description

add-step dynamic

Adds a dynamic pattern step to a specific algorithm.


add-tgt vsan

To define target enclosure and add multiple target ports for a specific Secure Erase job, use the add-tgt vsan command in configuration mode.

add-tgt vsan vsan-id pwwn target port pwwn

Syntax Description

vsan-id

Specifies the VSAN ID of the target port added to a Secure Erase job.

pwwn target port pwwn

Specifies the port world-wide name (pWWN) of the target port.


Defaults

None.

Command Modes

Configuration Secure Erase job submode

Command History

Release
Modification

3.3(1a)

This command was introduced.


Usage Guidelines

The target ports added to a specific job can be part of a different VSAN. The Secure Erase application creates VIs in a specific VSAN.


Note VIs and targets from different VSANs can be added to a job. A storage array may have multiple storage ports belonging to a different VSAN. You can create one job for one storage array.


Examples

The following example shows how to define a target enclosure and add multiple target ports for a specific Secure Erase job:

switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 job 1
switch(config-se-job)# add-tgt vsan 1 pwwn 20:04:00:a0:b8:16:92:18

Related Commands

Command
Description

add-session vsans

Adds sessions to a job.

add-VI job

Adds a VI to a specific Secure Erase job.

secure-erase create job

Creates a Secure Erase job.


add-vi vsan

To add a VI to a specific Secure Erase job, use the add-vi vsan command in configuration mode.

add-vi vsan vsan-id all | pwwn VI pwwn

Syntax Description

vsan-id

Specifies the VSAN ID of the target where a VI exists.

all

Adds all the VSAN IDs of the target.

pwwn VI pwwn

Adds a specific VI in a given VSAN to the job.


Defaults

None.

Command Modes

Configuration Secure Erase job submode

Command History

Release
Modification

3.3(1a)

This command was introduced.


Usage Guidelines

You must add at least one VI in each VSAN where a Secure Erase target is present.

All VIs that are part of the same job and the VSAN must have same target view. The same set of targets and LUNs must be exposed for all VIs in the same VSAN.


Note VI-CPP can not be added to a job. To know the WWN of the VI-CPP, please run the show isapi virtual-nport database command on SSM module.


Examples

The following example shows how to add all VIs to a given Secure Erase job:

switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 job 1
switch(config-se-job)# add-vi vsan 1 all

The following example shows how to add a VI to a given Secure Erase job:
switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 job 1
switch(config-se-job)# add-vi vsan 1 pwwn 2c:0d:00:05:30:00:43:64

Related Commands

Command
Description

add-session job

Adds sessions to the job.

add-VI job

Adds a VI to a specific Secure Erase job.

secure-erase create job

Creates a Secure Erase job.


empty

To remove all steps of the user-configured algorithm, use the empty command in configuration mode.

empty

Syntax Description

This command has no arguements or keywords.

Defaults

None.

Command Modes

Configuration Secure Erase algorithm submode

Command History

Release
Modification

3.3(1a)

This command was introduced.


Usage Guidelines

None.

Examples

The following example shows how to remove all steps of the user-configured algorithm:

switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 algorithm 0
switch(config-se-algo)#
switch(config-se-algo)# empty

Related Commands

Command
Description

add-step dynamic

Adds a dynamic pattern step to a specific algorithm.

add-step static

Adds static pattern step to a specific algorithm.


secure-erase abort job

To abort a Secure Erase job, use the secure-erase abort job command in configuration mode.

secure-erase module-id abort job job-id

Syntax Description

module-id

Specifies the desired module number of the SSM on which Secure Erase is provisioned.

job-id

Specifies the job ID of the target.


Defaults

None.

Command Modes

Configuration mode

Command History

Release
Modification

3.3(1a)

This command was introduced.


Usage Guidelines

This command does not wait for the completion of current patterns. An aborted job cannot be restarted.

A job can be aborted only when it has one or more sessions in the running state.

Examples

The following example shows how to abort a Secure Erase job:

switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 abort job 1

Related Commands

Command
Description

secure-erase start job

Restarts all sessions in a job.

secure-erase stop job

Stops all sessions in a job.

secure-erase validate job

Validates a job in a session.


secure-erase create algorithm

To configure a Secure Erase algorithm on a specific slot of the intelligent linecard where Secure Erase is provisioned, use the secure-erase module create algorithm command in configuration mode.

secure-erase module module-id create algorithm algorithm-id

Syntax Description

module-id

Specifies the desired slot number of the intelligent linecard on which Secure Erase is provisioned.

algorithm-id

Specifies the algorithm ID. The range is 0 to 9.


Defaults

None.

Command Modes

Configuration mode

Command History

Release
Modification

3.3(1a)

This command was introduced.


Usage Guidelines

None.

Examples

The following example shows how to create a Secure Erase algorithm:

switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 create algorithm 3

Related Commands

Command
Description

secure-erase create-vi vsan

Creates a VI for a specific VSAN.


secure-erase create job

To create a Secure Erase job, use the secure-erase create job command in configuration mode.

secure-erase module module-id create job job-id

Syntax Description

module module-id

Specifies the desired module number of the Storage Services Module (SSM) on which Secure Erase is provisioned.

job-id

Specifies a unique number to identify a Secure Erase job. The range is 1 to 9999.

Note You will be prompted to choose a different ID if the job ID chosen already exists.


Defaults

None.

Command Modes

Configuration mode

Command History

Release
Modification

3.3(1a)

This command was introduced.


Usage Guidelines

A Secure Erase job contains the following information:

The target enclosure where Secure Erase needs to be performed. Multiple target ports spanning multiple VSANs can be a part of one target enclosure.

Multiple target ports, VIs, and Secure Erase sessions can be added. These target ports and VIs can be a part of different VSANs.

Examples

The following example shows how to create a Secure Erase job:

switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 create job 1

Related Commands

Command
Description

add-tgt job

Defines a target enclosure and adds multiple target ports for a specific Secure Erase job.


secure-erase create-vi vsan

To create a VI for a specific VSAN, use the secure-erase create-vi vsan command in configuration mode.

secure-erase module module-id create-vi vsan vsan-id

Syntax Description

module module-id

Specifies the desired slot number of the SSM on which Secure Erase is provisioned.

vsan-id

Specifies the VSAN ID of the target port being added.


Defaults

None.

Command Modes

Configuration mode

Command History

Release
Modification

3.3(1a)

This command was introduced.


Usage Guidelines

You do not need to provide the job ID because VIs can be used commonly across jobs.

Examples

The following example shows how to create VIs for a VSAN:

switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 create-vi vsan 1

Related Commands

Command
Description

create job

Creates a Secure Erase job.


secure-erase destroy algorithm

To destroy a Secure Erase algorithm, use the secure-erase destroy algorithm command in configuration mode.

secure-erase module module-id destroy algorithm algorithm-id

Syntax Description

module module-id

Displays the slot number of the SSM on which Secure Erase is provisioned.

algorithm-id

Displays the algorithm ID. The range is 0 to 9.


Defaults

None.

Command Modes

Configuration mode

Command History

Release
Modification

3.3(1a)

This command was introduced.


Usage Guidelines

None.

Examples

The following example shows how to destroy an algorithm:

switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 destroy algorithm 1

Related Commands

Command
Description

secure-erase destroy- vi vsan

Destroys a Secure Erase VSAN.


secure-erase destroy job

To destroy a Secure Erase job, use the secure-erase destroy job command in configuration mode.

secure-erase module-id destroy job job-id

Syntax Description

module-id

Specifies the desired module number of the SSM on which Secure Erase is provisioned.

job-id

Specifies the job ID of the target.


Defaults

None.

Command Modes

Configuration mode

Command History

Release
Modification

3.3(1a)

This command was introduced.


Usage Guidelines

This command destroys a Secure Erase job. A job can be destroyed only when there are no active sessions running.

Examples

The following example shows how to validate a Secure Erase job:

switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 destroy job 1

Related Commands

Command
Description

secure-erase start job

Starts all sessions in a job.

secure-erase stop job

Stops all sessions in a job.


secure-erase destroy-vi vsan

To destroy a VI for a specific VSAN, use the secure-erase destroy-vi vsan command in configuration mode.

secure-erase module module-id destroy-vi vsan vsan-id

Syntax Description

module module-id

Displays the slot number of the SSM on which Secure Erase is provisioned.

vsan-id

Displays the VSAN-ID of the target.


Defaults

None.

Command Modes

Configuration mode

Command History

Release
Modification

3.3(1a)

This command was introduced.


Usage Guidelines

None.

Examples

The following example shows how to destroy a VSAN:

switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 destroy-vi vsan 1

Related Commands

Command
Description

secure-erase destroy algorithm

Destroys a Secure Erase algorithm.


secure-erase start job

To restart all sessions in a job, use the secure-erase start job command in configuration mode.

secure-erase module module-id start job job-id

Syntax Description

module module-id

Specifies the desired module number of the SSM on which Secure Erase is provisioned.

job-id

Starts a specific job ID of the target.


Defaults

None.

Command Modes

Configuration mode

Command History

Release
Modification

3.3(1a)

This command was introduced.


Usage Guidelines

This command starts all sessions in a job. If the active sessions have reached the maximum limit, the remaining sessions are queued. The queued sessions start when one or more sessions are complete or aborted.

A job can be started only when it has one or more sessions in the stopped state or ready state.

Examples

The following example shows how to start a session in a Secure Erase job:

switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 start job 1

Related Commands

Command
Description

secure-erase stop job

Stops all sessions in a job.


secure-erase stop job

To stop all sessions in a job, use the secure-erase stop job command in configuration mode.

secure-erase module-id stop job job-id

Syntax Description

module-id

Specifies the desired module number of the SSM on which Secure Erase is provisioned.

job-id

Stops the specific job ID of the target.


Defaults

None.

Command Modes

Configuration mode

Command History

Release
Modification

3.3(1a)

This command was introduced.


Usage Guidelines

This command waits for the completion of the current pattern and pauses the pattern sequence. A stopped job can be restarted.

A job can be stopped only when it has one or more sessions in the running state.

Examples

The following example shows how to stop a session in a Secure Erase job:

switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 stop job 1

Related Commands

Command
Description

secure-erase start job

Restarts all sessions in a job.


secure-erase validate job

To validate a Secure Erase job, use the secure-erase validate job command in configuration mode.

secure-erase module-id validate job job-id

Syntax Description

module-id

Specifies the desired module number of the SSM on which Secure Erase is provisioned.

job-id

Specifies the job ID of the target.


Defaults

None.

Command Modes

Configuration mode

Command History

Release
Modification

3.3(1a)

This command was introduced.


Usage Guidelines

None

Examples

The following example shows how to validate a Secure Erase job:

switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 validate job 1

Related Commands

Command
Description

secure-erase abort job

Aborts a job in a session.

secure-erase start job

Restarts all sessions in a job.

secure-erase stop job

Stops all sessions in a job.


show secure-erase algorithm

To display the list of all Secure Erase algorithms, use the show secure-erase algorithm command.

show secure-erase module module-id algorithm algorithm name

Syntax Description

module module-id

Displays the slot number of the SSM on which Secure Erase is provisioned.

algorithm name

Displays the algorithm name.


Defaults

None.

Command Modes

Exec mode

Command History

Release
Modification

3.3(1a)

This command was introduced.


Usage Guidelines

None.

Examples

The following example displays the list of Secure Erase algorithms:

switch# show secure-erase module 4 algorithm name 1
switch# Algorithm : 1
Step 0: 
faa8bd6c1e838b6b9b0818f30d48f5eecc7e7f572d9d8ac50a9a78b73bf128eb7a71ff40a7c07f55dda1d31f87
5bca26b170d6b3c0735
55e06d6229f6a5dedeaa0583f0d1ebe28fca8a7cac936d6f0a453af4174fbbcba29f711047cb48e984a3c09751
9138a628bc6e662bd3d28237d09
1f68a8df05f50effc55390a12ee2c6
Step 1: 
05574293e17c749464f7e70cf2b70a11338180a8d262753af5658748c40ed714858e00bf583f80aa225e2ce078
a435d94e8f294c3f8ca
aa1f929dd6095a212155fa7c0f2e141d70357583536c9290f5bac50be8b044345d608eefb834b7167b5c3f68ae
6ec759d7439199d42c2d7dc82f6
e0975720fa0af1003aac6f5ed11d39
Step 2: 
123456789876543567890987654567123456789876543567890987654567123456789876543567890987654567
1234567898765435678
909876545671234567898765435678909876545671234567898765435678909876545671234567898765435678
909876545671234567898765435
678909876545671234567898765435

The following example displays all available Secure Erase algorithms on a module:

switch# show secure-erase module 4 algorithm 

Related Commands

Command
Description

show secure-erase job

Displays the contents of a particular Secure Erase job.


show secure-erase job

To display the contents of a particular job, use the show secure-erase job command.

show secure-erase module module-id job job-id

Syntax Description

module module-id

Displays the slot number of the SSM on which Secure Erase is provisioned.

job-id

Displays the unique number to identify a Secure Erase job.


Defaults

None.

Command Modes

Exec mode

Command History

Release
Modification

3.3(1a)

This command was introduced.


Usage Guidelines

None.

Examples

The following example displays the contents of a particular Secure Erase job:

switch# show secure-erase module 4 job 2

The following example displays the contents of all Secure Erase jobs configured on a module:

switch# show secure-erase module 16 job

Related Commands

Command
Description

show secure-erase algorithm

Displays the list of Secure Erase algorithms.


show secure-erase job detail

To display the contents of a particular job in detail, use the show secure-erase job detail command.

show secure-erase module module-id job job-id detail

Syntax Description

module module-id

Displays the slot number of the SSM on which Secure Erase is provisioned.

job-id

Displays the unique number to identify a Secure Erase job.


Defaults

None.

Command Modes

Exec mode

Command History

Release
Modification

3.3(1a)

This command was introduced.


Usage Guidelines

None.

Examples

The following example displays the contents of a Secure Erase job in a brief form:

switch# show secure-erase module 4 job 2 detail

Related Commands

Command
Description

show secure-erase job

Displays the contents of a Secure Erase job.


show secure-erase vsan

To display a list of all VIs in the VSAN, use the show secure-erase vsan command.

show secure-erase module module-id vsan vsan-id

Syntax Description

module module-id

Displays the slot number of the SSM on which Secure Erase is provisioned.

vsan-id

Displays the VSAN ID of the target.


Defaults

None.

Command Modes

Exec mode

Command History

Release
Modification

3.3(1a)

This command was introduced.


Usage Guidelines

None.

Examples

The following example displays the list of all VIs in the VSAN:

switch# show secure-erase module 4 vsan 1

Related Commands

Command
Description

show secure-erase algorithm

Displays the list of Secure Erase algorithms.

show secure-erase job

Displays the contents of a particular Secure Erase job.