Table Of Contents
A Commands
aaa accounting logsize
aaa accounting default
aaa authentication login
aaa authentication dhchap default
aaa authentication iscsi default
aaa group server
active equals saved
arp
attach module
A Commands
The commands in this chapter apply to the Cisco MDS 9000 Family of multilayer directors and fabric switches. All commands are shown here in alphabetical order regardless of command mode. See the "Command Modes" section to determine the appropriate mode for each command. For more information, refer to the Cisco MDS 9000 Family Configuration Guide.
•aaa accounting logsize
•aaa accounting default
•aaa authentication login
•aaa authentication dhchap default
•aaa authentication iscsi default
•aaa group server
•active equals saved
•arp
•attach module
aaa accounting logsize
Use the aaa accounting logsize command to set the size of the local accounting log file. Use the no form of the command to revert to the default logsize 15000 bytes.
aaa accounting logsize integer
no aaa accounting logsize
Syntax Description
aaa accounting
|
Configures accounting methods
|
logsize
|
Configures local accounting log file size (in bytes).
|
integer
|
Sets the size limit of the local accounting log file in bytes from 0 to 35000.
|
Defaults
15,000
Command Modes
Configuration mode.
Command History
This command was introduced in Cisco MDS SAN-OS Release 1.0(2).
Usage Guidelines
None.
Examples
The following example shows the log file size configured at 29000 bytes.
switch(config)# aaa accounting logsize 29000
Related Commands
Command
|
Description
|
show accounting logsize
|
Displays the configured log size.
|
show accounting log
|
Displays the entire log file.
|
aaa accounting default
Use the aaa accounting default command to configure the accounting method. Use the no form of the command to revert to the default local accounting.
aaa accounting default {group group-name [none] | none} | local [none] | none}
no aaa accounting default {group group-name [none] | none} | local [none] | none}
Syntax Description
group group-name
|
Specifies the group authentication method. The group name is a maximum of 127 characters.
|
local
|
Specifies the local authentication method.
|
none
|
No authentication, everyone permitted.
|
Defaults
Local accounting.
Command Modes
Configuration mode.
Command History
This command was modified in Cisco MDS SAN-OS Release 1.3(1).
Usage Guidelines
Specify the currently configured command preceded by a no in order to revert to the factory default.
Examples
The following example enables accounting to be performed using remote TACACS+ servers which are member of the group called TacServers, followed by the local accounting method.
switch(config)# aaa accounting default group TacServer
The following example turns off accounting.
switch(config)# aaa accounting default none
The following example reverts to the local accounting (default).
switch(config)# no aaa accounting default group TacServer
Related Commands
Command
|
Description
|
show aaa accounting
|
Displays the configured accounting methods.
|
aaa authentication login
To configure the authentication method for a login, use the aaa authentication login command in configuration mode. Use the no form of this command to revert to local authentication.
aaa authentication login {default {group group-name [none] | none} | local [none] | none} |
console {group-name [none] | none} | local [none] | none}| error-enable}
no aaa authentication login {default {group group-name [none] | none} | local [none] | none} |
console {group-name [none] | none} | local [none] | none}| error-enable}
Syntax Description
default
|
Configures the default method.
|
console
|
Configures the console authentication login method.
|
group group-name
|
Specifies the group name. The group name is a maximum of 127 characters.
|
local
|
Specifies the local authentication method.
|
none
|
No authentication, everyone permitted.
|
error-enable
|
Configures login error message display enable.
|
Defaults
local user name authentication.
Command Modes
Configuration mode.
Command History
This command was modified in Cisco MDS SAN-OS Release 1.3(1).
Usage Guidelines
Use the console option to override the console login method.
Specify the currently configured command preceded by a no in order to revert to the factory default.
Examples
The following example enables all login authentication to be performed using remote TACACS+ servers which are member of the group called TacServers, followed by the local login method.
switch(config)# aaa authentication login default group TacServer
The following example enables console authentication to use the group called TacServers, followed by the local login method.
switch(config)# aaa authentication login console group TacServer
The following example turns off password validation.
switch(config)# aaa authentication login default none
The following example reverts to the local authentication method (default).
switch(config)# no aaa authentication login default group TacServer
Related Commands
Command
|
Description
|
show aaa authentication
|
Displays the configured authentication methods.
|
aaa authentication dhchap default
To configure DHCHAP authentication method, use the aaa authentication dhchap default command in configuration mode. Use the no form of this command to revert to factory defaults.
aaa authentication dhchap default {group group-name [none] | none} | local [none] | none}}
no aaa authentication dhchap default {group group-name [none] | none} | local [none] | none}
Syntax Description
group group-name
|
Specifies the group name authentication method. The group name is a maximum of 127 characters.
|
local
|
Specifies local user name authentication (default).
|
none
|
Specifies no authentication.
|
Defaults
local user name authentication.
Command Modes
Configuration mode.
Command History
This command was introduced in Cisco MDS SAN-OS Release 1.3(1).
Usage Guidelines
The local option disables other authentication methods and configures local authentication to be used exclusively.
Specify the currently configured command preceded by a no in order to revert to the factory default.
Examples
The following example enables all DHCHAP authentication to be performed using remote TACACS+ servers which are member of the group called TacServers, followed by the local authentication.
switch(config)# aaa authentication dhchap default group TacServer
The following example reverts to the local authentication method (default).
switch(config)# no aaa authentication dhcahp default group TacServer
Related Commands
Command
|
Description
|
show aaa authentication
|
Displays the configured authentication methods.
|
aaa authentication iscsi default
To configure iSCSI authentication method, use the aaa authentication iscsi default command in configuration mode. Use the no form of this command to negate the command or revert to factory defaults.
aaa authentication iscsi default {group group-name [none] | none} | local [none] | none}}
no aaa authentication iscsi default {group group-name [none] | none} | local [none] | none}}
Syntax Description
group group-name
|
Specifies the group name. The group name is a maximum of 127 characters.
|
local
|
Specifies local user name authentication (default).
|
none
|
Specifies no authentication.
|
Defaults
Local user name authentication.
Command Modes
Configuration mode.
Command History
This command was modified in Cisco MDS SAN-OS Release 1.3(1).
Usage Guidelines
The local option disables other authentication methods and configures local authentication to be used exclusively.
Specify the currently configured command preceded by a no in order to revert to the factory default.
Examples
The following example enables all iSCSI authentication to be performed using remote TACACS+ servers which are member of the group called TacServers, followed by the local authentication.
switch(config)# aaa authentication iscsi default group TacServer
The following example reverts to the local authentication method (default).
switch(config)# no aaa authentication iscsi default group TacServer
Related Commands
Command
|
Description
|
show aaa authentication
|
Displays the configured authentication methods.
|
aaa group server
To configure one or more independent server groups, use the aaa group server command in configuration mode. Use the no form of this command to remove the server group.
aaa group server {radius | tacacs+} group-name
server server-name
no server server-name
no aaa group server {radius | tacacs+} group-name
Syntax Description
radius
|
Specifies the RADIUS server group.
|
tacacs+
|
Specifies the TACACS+ server group.
|
group-name
|
Identifies the specified group of servers with a user-defined name. The name is limited to 64 alphanumeric characters.
|
server server-name
|
Specifies the server name to add or remove from the server group.
|
Defaults
None.
Command Modes
Configuration.
Command History
This command was introduced in Cisco MDS SAN-OS Release 1.3(1).
Usage Guidelines
You can configure these server groups at any time but they only take effect when you apply them to a AAA service using the aaa authentication login or the aaa accounting commands.
Examples
You can configure these server groups at any time but they only take effect when you apply them to a AAA service using the aaa authentication or the aaa accounting commands.
switch(config)# aaa group server tacacs+ TacacsServer1
switch(config-tacacs+)# server ServerA
switch(config-tacacs+)# exit
switch(config)# aaa group server radius RadiusServer19
switch(config-radius)# server ServerB
switch(config-radius)# no server ServerZ
Related Commands
Command
|
Description
|
show aaa groups
|
Displays all configured server groups.
|
show radius-server groups
|
Displays configured RADIUS server groups
|
show tacacs-server groups
|
Displays configured TACACS server groups
|
active equals saved
Enable the active equals saved command to automatically write any changes to the block, prohibit or port address name to the IPL file. To disable the configuration or to revert to factory defaults, use the no form of the command.
active equals saved
no active equals saved
Syntax Description
This command has no other arguments or keywords.
Defaults
Disabled.
Command Modes
FICON configuration submode.
Command History
This command was introduced in Cisco MDS SAN-OS Release 1.3(1).
Usage Guidelines
Enabling active equals saved ensures that you do not have to perform the copy running-config startup-config command to save the FICON configuration as well as the running configuration. If your switch or fabric consists of multiple FICON-enabled VSANs, and one of these VSANs has active equals saved enabled, changes made to the non-FICON configuration causes all FICON-enabled configurations to be saved to the IPL file.
Refer to the Cisco MDS 9000 Family Configuration Guide for further information.
Examples
The following example enables the automatic save feature for a VSAN.
switch(config)# ficon vsan 2
switch(config-ficon)# active equals saved
The following example disables the automatic save feature for this VSAN.
switch(config-ficon)# no active equals saved
Related Commands
Command
|
Description
|
copy running-config startup-config
|
Saves the running configuration to the startup configuration.
|
ficon vsan vsan-id
|
Enables FICON on the specified VSAN.
|
show ficon
|
Displays configured FICON details.
|
arp
To enable the Address Resolution Protocol (ARP) for the switch, use the arp command.To disable the Address Resolution Protocol (ARP) for the switch, use the no arp command.
arp hostname
no arp hostname
Syntax Description
hostname
|
Name of the host. Maximum length is 20 characters.
|
Defaults
Enabled.
Command Modes
Configuration mode.
Command History
This command was introduced in Cisco MDS SAN-OS Release 1.0(2).
Usage Guidelines
None.
Examples
The following example disables the Address Resolution Protocol configured for the host with the IP address 10.1.1.1.
switch(config)# no arp 10.1.1.1
Related Commands
Command
|
Description
|
show arp
|
Displays the ARP table.
|
clear arp
|
Deletes a specific entry or all entries from the ARP table.
|
attach module
To connect to a specific module, use the attach module command in EXEC mode.
attach module slot-number
Syntax Description
slot-number
|
Specifies slot number of the module to which to connect.
|
Command Modes
EXEC.
Command History
This command was introduced in Cisco MDS SAN-OS Release 1.0(2).
Usage Guidelines
You can use the attach module command to view the standby supervisor module information, but you cannot configure the standby supervisor module using this command.
You can also use the attach module command on the switching module portion of the Cisco MDS 9216 supervisor module, which resides in slot 1 of this two-slot switch.
To disconnect, use the exit command at the module-number# prompt, or type $. to forcibly abort the attach session.
Examples
The following example connects to the module in slot 2. Note that after you connect to the image on the module using the attach module command, the prompt changes to module-number#.
Attaching to module 1 ...
To exit type 'exit', to abort type '$.'
Related Commands
Command
|
Description
|
exit
|
Disconnects from the module.
|
show module
|
Displays the status of a module.
|