Table Of Contents
Secure Erase CLI Command Reference
add-session vsan
add-step dynamic
add-step static
add-tgt vsan
add-vi vsan
empty
secure-erase abort job
secure-erase create algorithm
secure-erase create job
secure-erase create-vi vsan
secure-erase destroy algorithm
secure-erase destroy job
secure-erase destroy-vi vsan
secure-erase start job
secure-erase stop job
secure-erase validate job
show secure-erase algorithm
show secure-erase job
show secure-erase job detail
show secure-erase vsan
Secure Erase CLI Command Reference
The Cisco MDS Secure Erase provides CLI commands that support scripting and advanced operations.
This appendix contains a list of alphabetically arranged commands that are unique to Cisco MDS Secure Erase.
For information about other commands that apply to the Cisco MDS 9000 Family of multilayer directors and fabric switches, refer to the Cisco MDS 9000 Family CLI Configuration Guide.
add-session vsan
To add sessions to a job, use the add-session vsan command in configuration mode.
add-session vsan vsan-id pwwn tgt-pwwn all-luns | lun lun-id algorithm name/id
Syntax Description
vsan-id
|
Specifies the VSAN ID of the target.
|
pwwn tgt-pwwn
|
Specifies the pWWN of the target.
|
all-luns
|
Specifies all of the LUNs in the Secure Erase session.
|
lun lun-id
|
Specifies the LUN ID of the Secure Erase session.
|
algorithm name/id
|
Specifies the algorithm that should be used for the session.
|
Defaults
None.
Command Modes
Configuration Secure Erase job submode
Command History
Release
|
Modification
|
3.3(1a)
|
This command was introduced.
|
Usage Guidelines
None.
Examples
The following example shows how to add a VI to a specific Secure Erase job:
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 job 1
switch(config-se-job)# add-session vsan 1 pwwn 20:04:00:a0:b8:16:92:18 all-luns algorithm
RCMP
Related Commands
Command
|
Description
|
add-session job
|
Adds sessions to the job.
|
add-step dynamic
To add a dynamic pattern step to a specific algorithm, use the add-step dynamic command in configuration mode.
add-step dynamic [0 | 1]
Syntax Description
0
|
(Optional) Specifies that the pattern is generated using a random number generator.
|
1
|
(Optional) Specifies that the pattern is complimentary to the previous pattern.
|
Defaults
None.
Command Modes
Configuration Secure Erase algorithm submode
Command History
Release
|
Modification
|
3.3(1a)
|
This command was introduced.
|
Usage Guidelines
None.
Examples
The following example shows how to add a dynamic pattern step to a specific algorithm:
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 algorithm 0
switch(config-se-algo)# add-step dynamic 0
Related Commands
Command
|
Description
|
add-step static
|
Adds static pattern step to a specific algorithm.
|
add-step static
To add a static pattern step to a specific algorithm, use the add-step static command in configuration mode.
add-step static pattern
Syntax Description
pattern
|
Specifies the static pattern step. The pattern is to write ranges from 1 to 512 bytes and can consist of only characters 0 to 9 and A to F.
|
Defaults
None.
Command Modes
Configuration Secure Erase algorithm submode
Command History
Release
|
Modification
|
3.3(1a)
|
This command was introduced.
|
Usage Guidelines
None.
Examples
The following example shows how to add a static step to a specific algorithm:
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 algorithm 0
switch(config-se-algo)# add-step static 1
Related Commands
Command
|
Description
|
add-step dynamic
|
Adds a dynamic pattern step to a specific algorithm.
|
add-tgt vsan
To define target enclosure and add multiple target ports for a specific Secure Erase job, use the add-tgt vsan command in configuration mode.
add-tgt vsan vsan-id pwwn target port pwwn
Syntax Description
vsan-id
|
Specifies the VSAN ID of the target port added to a Secure Erase job.
|
pwwn target port pwwn
|
Specifies the port world-wide name (pWWN) of the target port.
|
Defaults
None.
Command Modes
Configuration Secure Erase job submode
Command History
Release
|
Modification
|
3.3(1a)
|
This command was introduced.
|
Usage Guidelines
The target ports added to a specific job can be part of a different VSAN. The Secure Erase application creates VIs in a specific VSAN.
Note VIs and targets from different VSANs can be added to a job. A storage array may have multiple storage ports belonging to a different VSAN. You can create one job for one storage array.
Examples
The following example shows how to define a target enclosure and add multiple target ports for a specific Secure Erase job:
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 job 1
switch(config-se-job)# add-tgt vsan 1 pwwn 20:04:00:a0:b8:16:92:18
Related Commands
Command
|
Description
|
add-session vsans
|
Adds sessions to a job.
|
add-VI job
|
Adds a VI to a specific Secure Erase job.
|
secure-erase create job
|
Creates a Secure Erase job.
|
add-vi vsan
To add a VI to a specific Secure Erase job, use the add-vi vsan command in configuration mode.
add-vi vsan vsan-id all | pwwn VI pwwn
Syntax Description
vsan-id
|
Specifies the VSAN ID of the target where a VI exists.
|
all
|
Adds all the VSAN IDs of the target.
|
pwwn VI pwwn
|
Adds a specific VI in a given VSAN to the job.
|
Defaults
None.
Command Modes
Configuration Secure Erase job submode
Command History
Release
|
Modification
|
3.3(1a)
|
This command was introduced.
|
Usage Guidelines
You must add at least one VI in each VSAN where a Secure Erase target is present.
All VIs that are part of the same job and the VSAN must have same target view. The same set of targets and LUNs must be exposed for all VIs in the same VSAN.
Note VI-CPP can not be added to a job. To know the WWN of the VI-CPP, please run the show isapi virtual-nport database command on SSM module.
Examples
The following example shows how to add all VIs to a given Secure Erase job:
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 job 1
switch(config-se-job)# add-vi vsan 1 all
The following example shows how to add a VI to a given Secure Erase job:
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 job 1
switch(config-se-job)# add-vi vsan 1 pwwn 2c:0d:00:05:30:00:43:64
Related Commands
Command
|
Description
|
add-session job
|
Adds sessions to the job.
|
add-VI job
|
Adds a VI to a specific Secure Erase job.
|
secure-erase create job
|
Creates a Secure Erase job.
|
empty
To remove all steps of the user-configured algorithm, use the empty command in configuration mode.
empty
Syntax Description
This command has no arguements or keywords.
Defaults
None.
Command Modes
Configuration Secure Erase algorithm submode
Command History
Release
|
Modification
|
3.3(1a)
|
This command was introduced.
|
Usage Guidelines
None.
Examples
The following example shows how to remove all steps of the user-configured algorithm:
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 algorithm 0
switch(config-se-algo)# empty
Related Commands
Command
|
Description
|
add-step dynamic
|
Adds a dynamic pattern step to a specific algorithm.
|
add-step static
|
Adds static pattern step to a specific algorithm.
|
secure-erase abort job
To abort a Secure Erase job, use the secure-erase abort job command in configuration mode.
secure-erase module-id abort job job-id
Syntax Description
module-id
|
Specifies the desired module number of the SSM on which Secure Erase is provisioned.
|
job-id
|
Specifies the job ID of the target.
|
Defaults
None.
Command Modes
Configuration mode
Command History
Release
|
Modification
|
3.3(1a)
|
This command was introduced.
|
Usage Guidelines
This command does not wait for the completion of current patterns. An aborted job cannot be restarted.
A job can be aborted only when it has one or more sessions in the running state.
Examples
The following example shows how to abort a Secure Erase job:
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 abort job 1
Related Commands
Command
|
Description
|
secure-erase start job
|
Restarts all sessions in a job.
|
secure-erase stop job
|
Stops all sessions in a job.
|
secure-erase validate job
|
Validates a job in a session.
|
secure-erase create algorithm
To configure a Secure Erase algorithm on a specific slot of the intelligent linecard where Secure Erase is provisioned, use the secure-erase module create algorithm command in configuration mode.
secure-erase module module-id create algorithm algorithm-id
Syntax Description
module-id
|
Specifies the desired slot number of the intelligent linecard on which Secure Erase is provisioned.
|
algorithm-id
|
Specifies the algorithm ID. The range is 0 to 9.
|
Defaults
None.
Command Modes
Configuration mode
Command History
Release
|
Modification
|
3.3(1a)
|
This command was introduced.
|
Usage Guidelines
None.
Examples
The following example shows how to create a Secure Erase algorithm:
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 create algorithm 3
Related Commands
Command
|
Description
|
secure-erase create-vi vsan
|
Creates a VI for a specific VSAN.
|
secure-erase create job
To create a Secure Erase job, use the secure-erase create job command in configuration mode.
secure-erase module module-id create job job-id
Syntax Description
module module-id
|
Specifies the desired module number of the Storage Services Module (SSM) on which Secure Erase is provisioned.
|
job-id
|
Specifies a unique number to identify a Secure Erase job. The range is 1 to 9999.
Note You will be prompted to choose a different ID if the job ID chosen already exists.
|
Defaults
None.
Command Modes
Configuration mode
Command History
Release
|
Modification
|
3.3(1a)
|
This command was introduced.
|
Usage Guidelines
A Secure Erase job contains the following information:
•The target enclosure where Secure Erase needs to be performed. Multiple target ports spanning multiple VSANs can be a part of one target enclosure.
•Multiple target ports, VIs, and Secure Erase sessions can be added. These target ports and VIs can be a part of different VSANs.
Examples
The following example shows how to create a Secure Erase job:
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 create job 1
Related Commands
Command
|
Description
|
add-tgt job
|
Defines a target enclosure and adds multiple target ports for a specific Secure Erase job.
|
secure-erase create-vi vsan
To create a VI for a specific VSAN, use the secure-erase create-vi vsan command in configuration mode.
secure-erase module module-id create-vi vsan vsan-id
Syntax Description
module module-id
|
Specifies the desired slot number of the SSM on which Secure Erase is provisioned.
|
vsan-id
|
Specifies the VSAN ID of the target port being added.
|
Defaults
None.
Command Modes
Configuration mode
Command History
Release
|
Modification
|
3.3(1a)
|
This command was introduced.
|
Usage Guidelines
You do not need to provide the job ID because VIs can be used commonly across jobs.
Examples
The following example shows how to create VIs for a VSAN:
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 create-vi vsan 1
Related Commands
Command
|
Description
|
create job
|
Creates a Secure Erase job.
|
secure-erase destroy algorithm
To destroy a Secure Erase algorithm, use the secure-erase destroy algorithm command in configuration mode.
secure-erase module module-id destroy algorithm algorithm-id
Syntax Description
module module-id
|
Displays the slot number of the SSM on which Secure Erase is provisioned.
|
algorithm-id
|
Displays the algorithm ID. The range is 0 to 9.
|
Defaults
None.
Command Modes
Configuration mode
Command History
Release
|
Modification
|
3.3(1a)
|
This command was introduced.
|
Usage Guidelines
None.
Examples
The following example shows how to destroy an algorithm:
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 destroy algorithm 1
Related Commands
Command
|
Description
|
secure-erase destroy- vi vsan
|
Destroys a Secure Erase VSAN.
|
secure-erase destroy job
To destroy a Secure Erase job, use the secure-erase destroy job command in configuration mode.
secure-erase module-id destroy job job-id
Syntax Description
module-id
|
Specifies the desired module number of the SSM on which Secure Erase is provisioned.
|
job-id
|
Specifies the job ID of the target.
|
Defaults
None.
Command Modes
Configuration mode
Command History
Release
|
Modification
|
3.3(1a)
|
This command was introduced.
|
Usage Guidelines
This command destroys a Secure Erase job. A job can be destroyed only when there are no active sessions running.
Examples
The following example shows how to validate a Secure Erase job:
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 destroy job 1
Related Commands
Command
|
Description
|
secure-erase start job
|
Starts all sessions in a job.
|
secure-erase stop job
|
Stops all sessions in a job.
|
secure-erase destroy-vi vsan
To destroy a VI for a specific VSAN, use the secure-erase destroy-vi vsan command in configuration mode.
secure-erase module module-id destroy-vi vsan vsan-id
Syntax Description
module module-id
|
Displays the slot number of the SSM on which Secure Erase is provisioned.
|
vsan-id
|
Displays the VSAN-ID of the target.
|
Defaults
None.
Command Modes
Configuration mode
Command History
Release
|
Modification
|
3.3(1a)
|
This command was introduced.
|
Usage Guidelines
None.
Examples
The following example shows how to destroy a VSAN:
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 destroy-vi vsan 1
Related Commands
Command
|
Description
|
secure-erase destroy algorithm
|
Destroys a Secure Erase algorithm.
|
secure-erase start job
To restart all sessions in a job, use the secure-erase start job command in configuration mode.
secure-erase module module-id start job job-id
Syntax Description
module module-id
|
Specifies the desired module number of the SSM on which Secure Erase is provisioned.
|
job-id
|
Starts a specific job ID of the target.
|
Defaults
None.
Command Modes
Configuration mode
Command History
Release
|
Modification
|
3.3(1a)
|
This command was introduced.
|
Usage Guidelines
This command starts all sessions in a job. If the active sessions have reached the maximum limit, the remaining sessions are queued. The queued sessions start when one or more sessions are complete or aborted.
A job can be started only when it has one or more sessions in the stopped state or ready state.
Examples
The following example shows how to start a session in a Secure Erase job:
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 start job 1
Related Commands
Command
|
Description
|
secure-erase stop job
|
Stops all sessions in a job.
|
secure-erase stop job
To stop all sessions in a job, use the secure-erase stop job command in configuration mode.
secure-erase module-id stop job job-id
Syntax Description
module-id
|
Specifies the desired module number of the SSM on which Secure Erase is provisioned.
|
job-id
|
Stops the specific job ID of the target.
|
Defaults
None.
Command Modes
Configuration mode
Command History
Release
|
Modification
|
3.3(1a)
|
This command was introduced.
|
Usage Guidelines
This command waits for the completion of the current pattern and pauses the pattern sequence. A stopped job can be restarted.
A job can be stopped only when it has one or more sessions in the running state.
Examples
The following example shows how to stop a session in a Secure Erase job:
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 stop job 1
Related Commands
Command
|
Description
|
secure-erase start job
|
Restarts all sessions in a job.
|
secure-erase validate job
To validate a Secure Erase job, use the secure-erase validate job command in configuration mode.
secure-erase module-id validate job job-id
Syntax Description
module-id
|
Specifies the desired module number of the SSM on which Secure Erase is provisioned.
|
job-id
|
Specifies the job ID of the target.
|
Defaults
None.
Command Modes
Configuration mode
Command History
Release
|
Modification
|
3.3(1a)
|
This command was introduced.
|
Usage Guidelines
None
Examples
The following example shows how to validate a Secure Erase job:
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 validate job 1
Related Commands
Command
|
Description
|
secure-erase abort job
|
Aborts a job in a session.
|
secure-erase start job
|
Restarts all sessions in a job.
|
secure-erase stop job
|
Stops all sessions in a job.
|
show secure-erase algorithm
To display the list of all Secure Erase algorithms, use the show secure-erase algorithm command.
show secure-erase module module-id algorithm algorithm name
Syntax Description
module module-id
|
Displays the slot number of the SSM on which Secure Erase is provisioned.
|
algorithm name
|
Displays the algorithm name.
|
Defaults
None.
Command Modes
Exec mode
Command History
Release
|
Modification
|
3.3(1a)
|
This command was introduced.
|
Usage Guidelines
None.
Examples
The following example displays the list of Secure Erase algorithms:
switch# show secure-erase module 4 algorithm name 1
Step 0:
faa8bd6c1e838b6b9b0818f30d48f5eecc7e7f572d9d8ac50a9a78b73bf128eb7a71ff40a7c07f55dda1d31f87
5bca26b170d6b3c0735
55e06d6229f6a5dedeaa0583f0d1ebe28fca8a7cac936d6f0a453af4174fbbcba29f711047cb48e984a3c09751
9138a628bc6e662bd3d28237d09
1f68a8df05f50effc55390a12ee2c6
Step 1:
05574293e17c749464f7e70cf2b70a11338180a8d262753af5658748c40ed714858e00bf583f80aa225e2ce078
a435d94e8f294c3f8ca
aa1f929dd6095a212155fa7c0f2e141d70357583536c9290f5bac50be8b044345d608eefb834b7167b5c3f68ae
6ec759d7439199d42c2d7dc82f6
e0975720fa0af1003aac6f5ed11d39
Step 2:
123456789876543567890987654567123456789876543567890987654567123456789876543567890987654567
1234567898765435678
909876545671234567898765435678909876545671234567898765435678909876545671234567898765435678
909876545671234567898765435
678909876545671234567898765435
The following example displays all available Secure Erase algorithms on a module:
switch# show secure-erase module 4 algorithm
Related Commands
Command
|
Description
|
show secure-erase job
|
Displays the contents of a particular Secure Erase job.
|
show secure-erase job
To display the contents of a particular job, use the show secure-erase job command.
show secure-erase module module-id job job-id
Syntax Description
module module-id
|
Displays the slot number of the SSM on which Secure Erase is provisioned.
|
job-id
|
Displays the unique number to identify a Secure Erase job.
|
Defaults
None.
Command Modes
Exec mode
Command History
Release
|
Modification
|
3.3(1a)
|
This command was introduced.
|
Usage Guidelines
None.
Examples
The following example displays the contents of a particular Secure Erase job:
switch# show secure-erase module 4 job 2
The following example displays the contents of all Secure Erase jobs configured on a module:
switch# show secure-erase module 16 job
Related Commands
Command
|
Description
|
show secure-erase algorithm
|
Displays the list of Secure Erase algorithms.
|
show secure-erase job detail
To display the contents of a particular job in detail, use the show secure-erase job detail command.
show secure-erase module module-id job job-id detail
Syntax Description
module module-id
|
Displays the slot number of the SSM on which Secure Erase is provisioned.
|
job-id
|
Displays the unique number to identify a Secure Erase job.
|
Defaults
None.
Command Modes
Exec mode
Command History
Release
|
Modification
|
3.3(1a)
|
This command was introduced.
|
Usage Guidelines
None.
Examples
The following example displays the contents of a Secure Erase job in a brief form:
switch# show secure-erase module 4 job 2 detail
Related Commands
Command
|
Description
|
show secure-erase job
|
Displays the contents of a Secure Erase job.
|
show secure-erase vsan
To display a list of all VIs in the VSAN, use the show secure-erase vsan command.
show secure-erase module module-id vsan vsan-id
Syntax Description
module module-id
|
Displays the slot number of the SSM on which Secure Erase is provisioned.
|
vsan-id
|
Displays the VSAN ID of the target.
|
Defaults
None.
Command Modes
Exec mode
Command History
Release
|
Modification
|
3.3(1a)
|
This command was introduced.
|
Usage Guidelines
None.
Examples
The following example displays the list of all VIs in the VSAN:
switch# show secure-erase module 4 vsan 1
Related Commands
Command
|
Description
|
show secure-erase algorithm
|
Displays the list of Secure Erase algorithms.
|
show secure-erase job
|
Displays the contents of a particular Secure Erase job.
|