Cisco MDS 9000 Family Command Reference, Release 1.3 (from Release 1.3(1) through Release 1.3(6))
A Commands
Download this chapter
A CommandsA Commands
Download the complete book
Full Book PDFFull Book PDF (PDF - 6 MB)
 Feedback

Table Of Contents

A Commands

aaa accounting logsize

aaa accounting default

aaa authentication login

aaa authentication dhchap default

aaa authentication iscsi default

aaa group server

active equals saved

arp

attach module


A Commands

The commands in this chapter apply to the Cisco MDS 9000 Family of multilayer directors and fabric switches. All commands are shown here in alphabetical order regardless of command mode. See the "Command Modes" section to determine the appropriate mode for each command. For more information, refer to the Cisco MDS 9000 Family Configuration Guide.

aaa accounting logsize

aaa accounting default

aaa authentication login

aaa authentication dhchap default

aaa authentication iscsi default

aaa group server

active equals saved

arp

attach module

aaa accounting logsize

Use the aaa accounting logsize command to set the size of the local accounting log file. Use the no form of the command to revert to the default logsize 15000 bytes.

aaa accounting logsize integer

no aaa accounting logsize

Syntax Description

aaa accounting

Configures accounting methods

logsize

Configures local accounting log file size (in bytes).

integer

Sets the size limit of the local accounting log file in bytes from 0 to 35000.


Defaults

15,000

Command Modes

Configuration mode.

Command History

This command was introduced in Cisco MDS SAN-OS Release 1.0(2).

Usage Guidelines

None.

Examples

The following example shows the log file size configured at 29000 bytes. 

switch# config t

switch(config)# aaa accounting logsize 29000

Related Commands

Command
Description

show accounting logsize

Displays the configured log size.

show accounting log

Displays the entire log file.


aaa accounting default

Use the aaa accounting default command to configure the accounting method. Use the no form of the command to revert to the default local accounting.

aaa accounting default {group group-name [none] | none} | local [none] | none}

no aaa accounting default {group group-name [none] | none} | local [none] | none}

Syntax Description

group group-name

Specifies the group authentication method. The group name is a maximum of 127 characters.

local

Specifies the local authentication method.

none

No authentication, everyone permitted.


Defaults

Local accounting.

Command Modes

Configuration mode.

Command History

This command was modified in Cisco MDS SAN-OS Release 1.3(1).

Usage Guidelines

Specify the currently configured command preceded by a no in order to revert to the factory default.

Examples

The following example enables accounting to be performed using remote TACACS+ servers which are member of the group called TacServers, followed by the local accounting method. 

switch# config t 

switch(config)# aaa accounting default group TacServer

The following example turns off accounting. 

switch(config)# aaa accounting default none

The following example reverts to the local accounting (default). 

switch(config)# no aaa accounting default group TacServer

Related Commands

Command
Description

show aaa accounting

Displays the configured accounting methods.


aaa authentication login

To configure the authentication method for a login, use the aaa authentication login command in configuration mode. Use the no form of this command to revert to local authentication.

aaa authentication login {default {group group-name [none] | none} | local [none] | none} |
console {group-name [none] | none} | local [none] | none}| error-enable}

no aaa authentication login {default {group group-name [none] | none} | local [none] | none} |
console {group-name [none] | none} | local [none] | none}| error-enable}

Syntax Description

default

Configures the default method.

console

Configures the console authentication login method.

group group-name

Specifies the group name. The group name is a maximum of 127 characters.

local

Specifies the local authentication method.

none

No authentication, everyone permitted.

error-enable

Configures login error message display enable.


Defaults

local user name authentication.

Command Modes

Configuration mode.

Command History

This command was modified in Cisco MDS SAN-OS Release 1.3(1).

Usage Guidelines

Use the console option to override the console login method.

Specify the currently configured command preceded by a no in order to revert to the factory default.

Examples

The following example enables all login authentication to be performed using remote TACACS+ servers which are member of the group called TacServers, followed by the local login method. 

switch# config t	

switch(config)# aaa authentication login default group TacServer

The following example enables console authentication to use the group called TacServers, followed by the local login method. 

switch(config)# aaa authentication login console group TacServer

The following example turns off password validation. 

switch(config)# aaa authentication login default none

The following example reverts to the local authentication method (default). 

switch(config)# no aaa authentication login default group TacServer

Related Commands

Command
Description

show aaa authentication

Displays the configured authentication methods.


aaa authentication dhchap default

To configure DHCHAP authentication method, use the aaa authentication dhchap default command in configuration mode. Use the no form of this command to revert to factory defaults.

aaa authentication dhchap default {group group-name [none] | none} | local [none] | none}}

no aaa authentication dhchap default {group group-name [none] | none} | local [none] | none}

Syntax Description

group group-name

Specifies the group name authentication method. The group name is a maximum of 127 characters.

local

Specifies local user name authentication (default).

none

Specifies no authentication.


Defaults

local user name authentication.

Command Modes

Configuration mode.

Command History

This command was introduced in Cisco MDS SAN-OS Release 1.3(1).

Usage Guidelines

The local option disables other authentication methods and configures local authentication to be used exclusively.

Specify the currently configured command preceded by a no in order to revert to the factory default.

Examples

The following example enables all DHCHAP authentication to be performed using remote TACACS+ servers which are member of the group called TacServers, followed by the local authentication. 

switch# config t

switch(config)# aaa authentication dhchap default group TacServer

The following example reverts to the local authentication method (default). 

switch(config)# no aaa authentication dhcahp default group TacServer

Related Commands

Command
Description

show aaa authentication

Displays the configured authentication methods.


aaa authentication iscsi default

To configure iSCSI authentication method, use the aaa authentication iscsi default command in configuration mode. Use the no form of this command to negate the command or revert to factory defaults.

aaa authentication iscsi default {group group-name [none] | none} | local [none] | none}}

no aaa authentication iscsi default {group group-name [none] | none} | local [none] | none}}

Syntax Description

group group-name

Specifies the group name. The group name is a maximum of 127 characters.

local

Specifies local user name authentication (default).

none

Specifies no authentication.


Defaults

Local user name authentication.

Command Modes

Configuration mode.

Command History

This command was modified in Cisco MDS SAN-OS Release 1.3(1).

Usage Guidelines

The local option disables other authentication methods and configures local authentication to be used exclusively.

Specify the currently configured command preceded by a no in order to revert to the factory default.

Examples

The following example enables all iSCSI authentication to be performed using remote TACACS+ servers which are member of the group called TacServers, followed by the local authentication. 

switch# config t

switch(config)# aaa authentication iscsi default group TacServer

The following example reverts to the local authentication method (default). 

switch(config)# no aaa authentication iscsi default group TacServer

Related Commands

Command
Description

show aaa authentication

Displays the configured authentication methods.


aaa group server

To configure one or more independent server groups, use the aaa group server command in configuration mode. Use the no form of this command to remove the server group.

aaa group server {radius | tacacs+} group-name
server server-name
no server server-name

no aaa group server {radius | tacacs+} group-name

Syntax Description

radius

Specifies the RADIUS server group.

tacacs+

Specifies the TACACS+ server group.

group-name

Identifies the specified group of servers with a user-defined name. The name is limited to 64 alphanumeric characters.

server server-name

Specifies the server name to add or remove from the server group.


Defaults

None.

Command Modes

Configuration.

Command History

This command was introduced in Cisco MDS SAN-OS Release 1.3(1).

Usage Guidelines

You can configure these server groups at any time but they only take effect when you apply them to a AAA service using the aaa authentication login or the aaa accounting commands.

Examples

You can configure these server groups at any time but they only take effect when you apply them to a AAA service using the aaa authentication or the aaa accounting commands. 

switch# config t

switch(config)# aaa group server tacacs+ TacacsServer1

switch(config-tacacs+)# server ServerA

switch(config-tacacs+)# exit

switch(config)# aaa group server radius RadiusServer19

switch(config-radius)# server ServerB

switch(config-radius)# no server ServerZ

Related Commands

Command
Description

show aaa groups

Displays all configured server groups.

show radius-server groups

Displays configured RADIUS server groups

show tacacs-server groups

Displays configured TACACS server groups


active equals saved

Enable the active equals saved command to automatically write any changes to the block, prohibit or port address name to the IPL file. To disable the configuration or to revert to factory defaults, use the no form of the command.

active equals saved

no active equals saved

Syntax Description

This command has no other arguments or keywords.

Defaults

Disabled.

Command Modes

FICON configuration submode.

Command History

This command was introduced in Cisco MDS SAN-OS Release 1.3(1).

Usage Guidelines

Enabling active equals saved ensures that you do not have to perform the copy running-config startup-config command to save the FICON configuration as well as the running configuration. If your switch or fabric consists of multiple FICON-enabled VSANs, and one of these VSANs has active equals saved enabled, changes made to the non-FICON configuration causes all FICON-enabled configurations to be saved to the IPL file.

Refer to the Cisco MDS 9000 Family Configuration Guide for further information.

Examples

The following example enables the automatic save feature for a VSAN. 

switch(config)# ficon vsan 2

switch(config-ficon)# active equals saved

The following example disables the automatic save feature for this VSAN. 

switch(config-ficon)# no active equals saved

Related Commands

Command
Description

copy running-config startup-config

Saves the running configuration to the startup configuration.

ficon vsan vsan-id

Enables FICON on the specified VSAN.

show ficon

Displays configured FICON details.


arp

To enable the Address Resolution Protocol (ARP) for the switch, use the arp command.To disable the Address Resolution Protocol (ARP) for the switch, use the no arp command.

arp hostname

no arp hostname

Syntax Description

hostname

Name of the host. Maximum length is 20 characters.


Defaults

Enabled.

Command Modes

Configuration mode.

Command History

This command was introduced in Cisco MDS SAN-OS Release 1.0(2).

Usage Guidelines

None.

Examples

The following example disables the Address Resolution Protocol configured for the host with the IP address 10.1.1.1. 

switch(config)# no arp 10.1.1.1

switch(config)#

Related Commands

Command
Description

show arp

Displays the ARP table.

clear arp

Deletes a specific entry or all entries from the ARP table.


attach module

To connect to a specific module, use the attach module command in EXEC mode.

attach module slot-number

Syntax Description

slot-number

Specifies slot number of the module to which to connect.


Command Modes

EXEC.

Command History

This command was introduced in Cisco MDS SAN-OS Release 1.0(2).

Usage Guidelines

You can use the attach module command to view the standby supervisor module information, but you cannot configure the standby supervisor module using this command.

You can also use the attach module command on the switching module portion of the Cisco MDS 9216 supervisor module, which resides in slot 1 of this two-slot switch.

To disconnect, use the exit command at the module-number# prompt, or type $. to forcibly abort the attach session.

Examples

The following example connects to the module in slot 2. Note that after you connect to the image on the module using the attach module command, the prompt changes to module-number#. 

switch# attach module 1

Attaching to module 1 ...

To exit type 'exit', to abort type '$.' 

module-1# exit

switch#

Related Commands

Command
Description

exit

Disconnects from the module.

show module

Displays the status of a module.