|
Table Of Contents
Cisco MDS 9000 Family Release Notes
for Cisco MDS SAN-OS Release 2.1(2b)Determining the Software Version
Performing a Disruptive Upgrade on a Single Supervisor MDS Family Switch
New Features in Cisco MDS SAN-OS Release 2.1(2b)
14/2-Port Multiprotocol Services Module
Cisco Product Security Overview
Reporting Security Problems in Cisco Products
Cisco Product Security Overview
Reporting Security Problems in Cisco Products
Obtaining Technical Assistance
Cisco Technical Support & Documentation Website
Definitions of Service Request Severity
Obtaining Additional Publications and Information
Cisco MDS 9000 Family Release Notes
for Cisco MDS SAN-OS Release 2.1(2b)
Release Date: September 28, 2005
Text Part Number: OL-7411-04 S0
This document describes the caveats and limitations for switches in the Cisco MDS 9000 Family. Use this document in conjunction with documents listed in the "Related Documentation" section.
Note Release notes are sometimes updated with new information on restrictions and caveats. Refer to the following website for the most recent version of the Cisco MDS 9000 Family Release Notes: http://www.cisco.com/en/US/products/hw/ps4159/ps4358/prod_release_notes_list.html
Table 1 shows the on-line change history for this document.
Table 1 Online History Change
Revision Date DescriptionA0
09/28/2005
Created release notes
B0
09/30/2005
Added NASB information to the Limitations and Restrictions section.
C0
11/03/2005
Added DDTS CSCeh69186
D0
11/17/2005
Added DDTS CSCsc53604
E0
12/07/2005
Added DDTS CSCsc31424, CSCsc46451, and CSCsc28722
F0
12/13/2005
Added DDTS CSCsc72994
G0
12/30/2005
Added DDTS CSCei91968
H0
2/17/2006
Added DDTS CSCeh51924, CSCsb90192, CSCsc16506, CSCsc23435, CSCsc24966, CSCsc57865, CSCsc68084, CSCsc97070, and CSCsc98796
Added limitation for iSCSI proxy initiators
I0
5/26/2006
Added DDTS CSCeg12962, CSCeg33121, CSCeg84871, CSCeh30951, CSCeh70232, CSCei02126, CSCei36082, CSCei55208, CSCei79457, CSCsc46451, CSCsc75056, CSCsd47064, CSCsd79954, CSCeg53114, CSCei57342, CSCei58652, CSCei71686, CSCei86399, CSCei91676, CSCej08751, CSCsb89732, CSCsc09732, CSCsc20106, CSCsc33788, CSCsc40012, CSCsc48919, CSCsc60283, CSCsc93936, CSCsd07246, CSCsd12831, CSCsd29338, CSCsd30165, CSCsd34882, CSCsd53429, CSCsd58774, CSCsd60578, CSCsd71701, CSCsd72822, CSCsd73494, CSCsd76429, CSCsd81725, CSCsd82449, CSCsd89872, and CSCsd94718
J0
06/06/2006
Removed DDTS CSCed16845
K0
08/07/2006
Removed DDTS CSCeg33121, CSCeg12962, CSCeg84871, CSCeg90336, CSCeh04183, CSCeh30951, CSCeh52973, CSCeh70232, CSCeh93109, CSCei10774, CSCei36082, CSCei55208, CSCei55341, CSCec31365, CSCeg12383, CSCeg53114, CSCeg55238, CSCeh34828, CSCei48889, CSCei83322, CSCei91676, CSCej08751, CSCin92870, CSCin95789, CSCsd71701.
Added DDTS CSCse84811
L0
08/18/2006
Added DDTS CSCse89151
M0
09/05/2006
Added DDTS CSCsd78967 and CSCse88606.
N0
09/13/2006
Added DDTS CSCsf21970
O0
11/08/2006
Added DDTS CSCin95789, CSCsd81137, CSCse70275, CSCse71420, CSCsf96043, CSCsg12020, and CSCsg15392.
P0
02/23/2007
Added DDTS CSCse99087, CSCsg03171, CSCsg62359, and CSCsh27840.
Q0
03/26/2007
Added DDTS CSCsd41578 and added a Workaround for DDTS CSCsd58774.
R0
04/04/2007
Added the section "Performing a Disruptive Upgrade on a Single Supervisor MDS Family Switch".
S0
08/24/2007
Added DDTS CSCsd83775.
Contents
This document includes the following sections:
•New Features in Cisco MDS SAN-OS Release 2.1(2b)
•Cisco Product Security Overview
•Obtaining Technical Assistance
•Obtaining Additional Publications and Information
Introduction
The Cisco MDS 9000 Family of multilayer directors and fabric switches offers intelligent fabric-switching services that realize maximum performance while ensuring high reliability levels. These switches combine robust and flexible hardware architecture with multiple layers of network and storage management intelligence. This powerful combination enables highly available, scalable storage networks that provide advanced security and unified management features.
The Cisco MDS 9000 Family provides intelligent networking features such as multiprotocol and multitransport integration, virtual SANs (VSANs), advanced security, sophisticated debug analysis tools, and unified SAN management.
System Requirements
This section describes the system requirements for Cisco MDS SAN-OS Release 2.1(2b) and includes the following topics:
•Determining the Software Version
Components Supported
Table 2 lists the software and hardware components supported by the Cisco MDS 9000 Family.
Note To use the Cisco Storage Services Enabler package, Cisco MDS SAN-OS Release 1.3(5) or later must be installed on the MDS switch.
Table 2 Cisco MDS 9000 Family Supported Software and Hardware Components
Component Part Number Description Applicable ProductSoftware
M95S1K9-2.1.2B
MDS 9500 Supervisor/Fabric-I, SAN-OS software.
MDS 9500 Series only
M92S1K9-2.1.2B
MDS 9216 Supervisor/Fabric-I, SAN-OS software.
MDS 9200 Series only
M91S1K9-2.1.2B
MDS 9100 Supervisor/Fabric-I, SAN-OS software.
MDS 9100 Series only
License
M9500ENT1K9
Enterprise package.
MDS 9500 Series
M9200ENT1K9
Enterprise package.
MDS 9200 Series
M9100ENT1K9
Enterprise package.
MDS 9100 Series
M9500FIC1K9
Mainframe package.
MDS 9500 Series
M9200FIC1K9
Mainframe package.
MDS 9200 Series
M9100FIC1K9
Mainframe package.
MDS 9100 Series
M9500FMS1K9
Fabric Manager Server package.
MDS 9500 Series
M9200FMS1K9
Fabric Manager Server package.
MDS 9200 Series
M9100FMS1K9
Fabric Manager Server package.
MDS 9100 Series
M9500EXT1K9
SAN Extension over IP package for IPS-8 module.
MDS 9500 Series
M9200EXT1K9
SAN Extension over IP package for IPS-8 module.
MDS 9200 Series
M9500EXT14K9
SAN Extension over IP package for IPS-4 module.
MDS 9500 Series
M9200EXT14K9
SAN Extension over IP package for IPS-4 module.
MDS 9200 Series
M9500EXT12K9
SAN Extension over IP package for MPS 14+2 module.
MDS 9500 Series
M9200EXT12K9
SAN Extension over IP package for MPS 14+2 module.
MDS 9200 Series
M9500SSE1K9
Storage Services Enabler package.
MDS 9500 Series with ASM or SSM
M9200SSE1K9
Storage Services Enabler package.
MDS 9200 Series with ASM or SSM
Chassis
DS-C9509
MDS 9509 director, base configuration (9-slot modular chassis includes 7 slots for switching modules and 2 slots for supervisor modules—SFPs1 sold separately).
MDS 9509 only
DS-C9506
MDS 9506 director (6-slot modular chassis includes 4 slots for switching modules and 2 slots for supervisor modules—SFPs sold separately).
MDS 9506 only
DS-C9216-K9
MDS 9216 16-port semi-modular fabric switch (includes 16 1-Gbps/2-Gbps Fibre Channel ports, power supply, and expansion slot—SFPs sold separately).
MDS 9216 only
DS-C9216A-K9
MDS 9216A 16-port semi-modular fabric switch (includes 16 1-Gbps/2-Gbps Fibre Channel ports, power supply, and expansion slot—SFPs sold separately).
MDS 9216A only
DS-C9216i-K9
MDS 9216i 16-port semi-modular fabric switch (includes 14 1-Gbps/2-Gbps Fibre Channel ports, 2 Gigabit Ethernet ports, power supply, and expansion slot—SFPs sold separately).
MDS 9216i only
DS-C9120-K9
MDS 9120 fixed configuration, non-modular, fabric switch (includes 4 full rate ports and 16 host-optimized ports).
MDS 9120 only
DS-C9140-K9
MDS 9140 fixed configuration (non-modular) fabric switch (includes 8 full rate ports and 32 host-optimized ports).
MDS 9140 only
Supervisor modules
DS-X9530-SF1-K9
MDS 9500 Supervisor/Fabric-I, module.
MDS 9500 Series only
Switching modules
DS-X9016
MDS 9000 16-port 1-Gbps/2-Gbps Fibre Channel module (SFPs sold separately).
MDS 9500 Series and 9200 Series
DS-X9032
MDS 9000 32-port 1-Gbps/2-Gbps Fibre Channel module (SFPs sold separately).
Services modules
DS-X9308-SMIP
8-port Gigabit Ethernet IP Storage Services module.
DS-X9304-SMIP
4-port Gigabit Ethernet IP Storage Services module.
DS-X9032-SMV
32-port Fibre Channel Advanced Services Module (ASM).
DS-X9032-SSM
MDS 9000 32-port 1-Gbps/2-Gbps Fibre Channel Storage Services Module (SSM).
DS-X9560-SMC
Caching Services Module (CSM).
DS-X9302-14K9
14-port Fibre Channel/2-port Gigabit Ethernet Multiprotocol Services (MPS-14/2) module.
LC-type fiber-optic SFP
DS-SFP-FC-2G-SW
2-Gbps/1-Gbps Fibre Channel — short wavelength SFP.
MDS 9000 Family
DS-SFP-FC-2G-LW
2-Gbps/1-Gbps Fibre Channel — long wavelength SFP.
DS-SFP-FCGE-SW
1-Gbps Ethernet and 1-Gbps/2-Gbps Fibre Channel—short wavelength SFP.
DS-SFP-FCGE-LW
1-Gbps Ethernet and 1-Gbps/2-Gbps Fibre Channel — long wavelength SFP.
DS-SFP-GE-T
1-Gbps Ethernet SFP
CWDM2
CWDM-SFP-xxxx-2G
Gigabit Ethernet and 1-Gbps/2-Gbps Fibre Channel SFP LC interface xxxx nm, where xxxx = 1470, 1490, 1510, 1530, 1550, 1570, 1590, or 1610 nm.
MDS 9000 Family
CWDM-MUX-4
Add/drop multiplexer for four CWDM wavelengths.
CWDM-MUX-8
Add/drop multiplexer for eight CWDM wavelengths.
CWDM-CHASSIS-2
Two slot chassis for CWDM add/drop multiplexer(s).
Power supplies
DS-CAC-300W
300-W3 AC power supply.
MDS 9100 Series only
DS-CAC-845W
845-W AC power supply.
MDS 9200 Series only
DS-CAC-2500W
2500-W AC power supply.
MDS 9509 only
DS-CDC-2500W
2500-W DC power supply.
DS-CAC-4000W-US
4000-W AC power supply for US (cable attached).
DS-CAC-4000W-INT
4000-W AC power supply international (cable attached).
DS-CAC-1900W
1900-W AC power supply.
MDS 9506 only
DS-CDC-1900W
1900-W DC power supply.
CompactFlash
MEM-MDS-FLD512M
MDS 9500 supervisor CompactFlash disk, 512MB.
MDS 9500 Series only
Port analyzer adapter
DS-PAA-2
A standalone Fibre Channel-to-Ethernet adapter that allows for simple, transparent analysis of Fibre Channel traffic in a switched fabric.
MDS 9000 Family
CD-ROM
M90FM-CD-212=
MDS 9000 Management Software and Documentation CD-ROM, spare
MDS 9000 Family
1 SFP = small form-factor pluggable
2 CWDM = coarse wavelength division multiplexing
3 W = Watt
Determining the Software Version
Note We strongly recommend that you use the latest available software release supported by your vendor for all Cisco MDS 9000 Family products.
To determine the version of the Cisco MDS SAN-OS software currently running on a Cisco MDS 9000 Family switch using the CLI, log into the switch and enter the show version EXEC command.
To determine the version of the Cisco MDS SAN-OS software currently running on a Cisco MDS 9000 Family switch using the Fabric Manager, view the Switches tab in the Information pane, locate the switch using the IP address, logical name, or WWN, and check its version in the Release column.
Image Upgrade
The Cisco MDS SAN-OS software is designed for mission-critical high availability environments. To realize the benefits of nondisruptive upgrades on the Cisco MDS 9500 Directors, we highly recommend that you install dual supervisor modules.
You can nondisruptively upgrade to Cisco MDS SAN-OS Release 2.1(2b) from any SAN-OS software release beginning with Release 1.3(x). If you are running an older version of the SAN-OS, upgrade to Release 1.3(x) and then Release 2.1(2b).
When downgrading from Cisco MDS SAN-OS Release 2.1(2b) to Release 1.3(x), you might need to disable new features in Release 2.1(2b) for a nondisruptive downgrade. Issuing the install all command from the CLI, or using Fabric Manager to perform the downgrade enables the compatibility check. The check indicates that the downgrade is disruptive and the reason is "current running-config is not supported by new image."
Compatibility check is done:Module bootable Impact Install-type Reason------ -------- -------------- ------------ ------2 yes disruptive reset Current running-config is not supported by new image3 yes disruptive reset Current running-config is not supported by new image5 yes disruptive reset Current running-config is not supported by new image6 yes disruptive reset Current running-config is not supported by new imageAt a minimum, you need to disable the default device alias distribution feature using the no device-alias distribute command in global configuration mode. The show incompatibility system bootflash:1.3(x)_filename command determines which additional features need to be disabled.
Note Refer to the "Determining Software Compatibility" section of the Cisco MDS 9000 Family Configuration Guide for more details.
Performing a Disruptive Upgrade on a Single Supervisor MDS Family Switch
Cisco MDS SAN-OS software upgrades are disruptive on the following single supervisor Cisco MDS Family switches:
•MDS 9120 switch
•MDS 9140 switch
•MDS 9216i switch
If you are performing an upgrade on one of those switches, you should follow the nondisruptive upgrade path listed in this section, even though the upgrade is disruptive. Following the nondisruptive upgrade path ensures that the binary startup configuration remains intact.
If you do not follow the upgrade path, the binary startup configuration is deleted because it is not compatible with the new image, and the ASCII startup configuration file is applied when the switch comes up with the new upgraded image. When the ASCII startup configuration file is applied, there may be errors. Because of this, we recommend that you follow the nondisruptive upgrade path.
New Features in Cisco MDS SAN-OS Release 2.1(2b)
The new features for this release are the same as those listed in the Cisco MDS 9000 Family Release Notes for Cisco MDS SAN-OS Release 2.1(2).
Limitations and Restrictions
This section lists the limitations and restrictions for this release.
VSFN Compatibility
For the latest VSFN compatibility information, refer to the Cisco MDS SAN-OS Release Compatibility Matrix for VERITAS Storage Foundation for Networks Software.
IVR
All IVR enabled switches in a network must be either in NAT or non-NAT mode. Mixing the two modes is not supported. Ensure that a switch with IVR-NAT mode enabled never coexists in the network with another switch where IVR is enabled without NAT mode enabled.
While migrating from IVR non-NAT mode to NAT mode in Cisco MDS SAN-OS Release 2.1(1b), deactivate the IVR zoneset, disable IVR on all of the IVR enabled switches, then reenable IVR. Finally, enable NAT mode and then the IVR configurations. Note that migration between the non-NAT and NAT modes is disruptive to IVR traffic and the FCIDs of the IVR devices change in the exported VSANs.
While upgrading the SAN-OS images on IVR enabled switches, upgrade all of the IVR enabled switches to the new SAN-OS version before making any topology or configuration changes.
CFS distribution for IVR should be disabled on all IVR enabled switches before upgrading from Cisco MDS SAN-OS Release 2.0(x) to Releases 2.1(1b) or 2.1(2b). After upgrading all of the IVR-enabled switches to Cisco MDS SAN-OS Release 2.1(1b) or Release 2.1(2b), CFS distribution for IVR can be reenabled.
NASB
The NASB feature requires that the backup application load the tape drive with a compatible tape cartridge prior to configuring NASB in the backup VSAN.
14/2-Port Multiprotocol Services Module
The MPS-14/2 module does not support a MTU size greater than 8000 bytes. An attempt to set the MTU size greater than 8000 bytes will result in an error. Reset the MTU size value between 576 to 8000 bytes and issue the no shutdown command on the port for normal operation.
iSCSI Proxy Initiators
No more than 250 iSCSI proxy initiator sessions can be active on an IPS port.
Caveats
This section lists the open and resolved caveats for this release. Use Table 3 to determine the status of a particular caveat. In the table, "O" indicates an open caveat and "R" indicates a resolved caveat.
Resolved Caveats
•CSCei18449
Symptom: When upgrading from Cisco MDS SAN-OS Releases 2.1(1x) to 2.1(2x), in some circumstances, the SSM or ASM modules might not boot properly after the install all command is issued.
Workaround: Manually reload the SSM or ASM module.
•CSCei50818
Symptom: iSCSI hosts are unable to log in to the target storage arrays because of name server issues on the IPS blade.
Workaround: None.
•CSCei62511
Symptom: If the Cisco MDS 9020 switch has a large number of zones defined, the Fabric Manager will not display them because of buffering requirements.
Workaround: None.
•CSCei73996
Symptoms: Under certain circumstances, Fabric Manager shows cached zone members.
Workaround: None.
•CSCei79457
Symptom: The port manager process fails because of a NULL pointer access causing a system switchover during a long testing cycle.
Workaround: None.
•CSCei81840
Symptom: Even though FCIP IVR capability on a Cisco MDS 9216i switch is bundled with hardware at no extra charge, a switch running Cisco MDS SAN-OS Release 2.1(1a) or later might disable FCIP IVR functionality after the 120 days of enabling the feature. As a result, the Cisco MDS 9216i switch will stop routing traffic, such as IVR functionality, over the FCIP links. There are no issues if FCIP functionality is not enabled on the Cisco MDS 9216i switch.
Workaround: Contact your OSM and/or Cisco TAC to obtain and install SAN-OS version 2.1.2b. If you are unable to upgrade to SAN-OS 2.1.2b at this time, then work with your OSM's service organization to obtain and install a software fix.
•CSCei82417
Symptom: When multiple roles are configured on the switch, the SNMP process may consume more memory if the user logs in using the GUI with some VSAN restrictions.
Workaround: Use the network-admin role only, the CLI only, or two well defined roles, network-admin and network-operator.
•CSCei88345
Symptom: An Inter-Switch Link (ISL) flap resulting in fabric segmentation or a merge during or after an upgrade from Cisco MDS SAN-OS Release 2.0(x) to a later image where IVR is running might be disruptive. Some possible scenarios include:
–FCIP connection flapping during the upgrade process resulting in fabric segmentation or merge.
–ISL flap results in fabric segmentation or merge because of hardware issues or a software bug.
–ISL port becomes part of PCP results in fabric segmentation or merge because of a port flap.
If this problem occurs, syslogs indicate RDI failure and the flapped lSL could remain in a down state because of a domain overlap. This is caused by conflicts between the allowed domains list and the virtual domain requested through RDI.
Workaround: There are four distinct scenarios for which the workarounds are provided.
1. If you are running Cisco MDS SAN-OS Releases 1.3(X) or 2.0(X) with IVR enabled, we recommend upgrading to Release 2.0(2b). Please contact your OSM for 2.1(2b) availability.
2. If you have already upgraded some or all of your Cisco MDS SAN-OS switches from Cisco MDS SAN-OS Release 1.3(X) or 2.0(x) to Release SAN-OS 2.1(1a), 2.1(1b), or 2.1(2a), a scheduled downtime is required to perform the following steps:
a. Configure static domains for all switches in all VSANs where IVR is enabled. Configure the static domain the same as the running domain so that there is no change in domain IDs. Make sure that all domains are unique across all of the IVR VSANs. We recommend this step as a best practice for IVR-non-NAT mode.
Issue the fcdomain domain {id} static vsan {vsan id} command to configure the static domains.
Note Complete Step 2a for all switches before moving to Step 2b.
b. b. Issue the no ivr virtual-fcdomain-add vsan-ranges 1-4093 command to disable RDI mode on all IVR enabled switches. This can cause traffic disruption.
Note Complete Step 2b for all IVR enabled switches before moving to Step 2c.
c. Check the syslogs for any ISL that was brought down.
Example Syslog Error Messages 2005 Aug 31 21:52:04 switch %FCDOMAIN-2-EPORT_ISOLATED: %$VSAN 2005%$ Isolation of interface port-channel 52 (reason: unknown failure) 2005 Aug 31 21:52:04 switch %FCDOMAIN-2-EPORT_ISOLATED: %$VSAN 2005%$ Isolation of interface port-channel 51 (reason: domain ID assigment failure)d. Identify any switches isolated and issue the following commands for the affected switches:
switch(config)# vsan databaseswitch(config-vsan-db)# vsan {vsan ID} suspendswitch(config-vsan-db)# no vsan {vsan ID} suspende. e. Issue the ivr refresh command to perform an IVR refresh on all the IVR enabled switches.
f. f. Issue the copy running startup command to save the RDI mode in the startup configuration on all of the switches.
3. If you have already upgraded some or all of the switches from Cisco MDS SAN-OS Release 1.3(X) or 2.0(x) to Releases 2.1(1a), 2.1(1b), or 2.1(2a), with Interop-mode 2 or 3 enabled, issue the ivr refresh command to perform the IVR refresh on all the IVR enabled switches.
4. If you are adding new switches running Cisco MDS SAN-OS Releases SAN-OS 2.1 (1a), 2.1(1b), or 2.1 (2a) to your existing network running Releases 1.3(X) or 2.0 (X), disable RDI mode on your new switches before adding them to the existing network. Issue the no ivr virtual-fcdomain-add vsan-ranges 1-4093 command to disable RDI mode.
Note RDI mode should not be disabled for VSANs running in Interop-mode 2 or Interop-mode 3.
•CSCeh69186
Symptom: Fabric Manager might display a duplicate SAN.
Workaround: Uninstall the current Cisco SAN-OS release, and then install Cisco SAN-OS Release 2.1(2b) to remove the invalid data completely. Or upgrade to Cisco SAN-OS Release 2.1(2b), and then open a fabric without reloading from the database.
•CSCei67982
Symptoms: During an upgrade of a Cisco MDS 9000 Family switch with two or more MPS 14/2 modules, FCIP tunnels on multiple MPS 14/2 modules can be down at the same time. If a PortChannel with two FCIP tunnels on different 14+2 modules is used for redundancy, this redundancy can be lost. If IVR is running over these FCIP tunnels, IVR can lose remote devices as a result of loss of access over the FCIP-based PortChannel.
Workaround: Place other hitless upgradeable modules between the 14+2 modules to allow for more time between module upgrades and give the FCIP tunnels more time to stabilize.
•CSCei76309
Symptoms: Using the Software Install Wizard to install a mix of FabricWare and SANOS software will not work. Once you select SANOS (even if you unselect later), it removes the Fabricware ability.
Workaround: None.
•CSCei77038
Symptoms: If you use Device Manager to configure the radius server, the Cisco MDS 9020 switch does not send an authorization request to the server. When configured from the CLI, it works fine.
Workaround: None.
•CSCei78778
Symptom: If you restrict the user from changing interface parameters, the user might be able to change it in the running configuration using Device Manager until the changes are saved in the startup configuration.
Workaround: The SAN switch administrator can login in to Device Manager as a restricted user, change the switch port mode, then revert back to the previous mode, then exit Device Manager. This prompts the user to save the configuration to startup configuration, but it will fail or work based on the user roles. After this procedure, a restricted user may not be able to change the switchport mode.
•CSCei79457
Symptom: During a long testing cycle involving various tests, the port manager process failed due to a NULL pointer access causing a system switchover.
Workaround: None
Open Caveats
•CSCsd29338
Symptom: The port manager might crash and a switchover might occur when FICON is configured and the MDS switch is interoperating with a CNT device. This occurs when a port is UP, a link failure happens, and the remote node ID (RNID) retry timer is activated.
Workaround: None.
•CSCeh73149
Symptom: The VSAN suspend/resume operation facilitates network level reconfiguration and is not often used. In Cisco MDS SAN-OS Release 2.1(2), the command should not be used on a SANTap related VSAN.
Workaround: If VSAN suspend/resume must be used, first unprovision SANTap prior to using VSAN suspend/resume.
•CSCeh92604
Symptom: Enabling IVR-NAT on the same switch where write acceleration is enabled over a PortChannel of multiple FCIP links might result in frames from the source to the destination not transferring.
Workaround: Do not have all of the following on the same switch:
–IVR-NAT enabled
–PortChannel of multiple FCIP links that can potentially carry IVR-NAT traffic
–FCIP write acceleration enabled
However, any two of the above three configurations are supported on the same switch.
Note IVR in non-NAT mode can be configured with FCIP PortChannels and FCIP write acceleration on the same switch.
•CSCei02126
Symptom: If snmpTargetAddrName and snmpTargetParamsName are set to NULL in the SNMP host/target creation, then the SNMP process crashes and may cause a switchover to the standby supervisor module.
Workaround: When using third party tools or any other SNMP tool, set snmpTargetAddrName and snmpTargetParamsName to non-NULL values.
•CSCei18830
Symptom: Removing zones from an active zone set may generate a system message that the zone activation has failed because of an Accept Change Authorization (ACA) failure.
Workaround: None required. The IVR retries the activation and eventually the zone set activation succeeds.
•CSCei19822
Symptom: An active IVR zone set on the local switch is not propagated when the commit session contains any other configuration changes.
Workaround: For Release 2.1(2), perform an implicit commit without any changes. In the case of a merge failure and the IVR zone set is not active on remote switches but is active on a local switch, issue an implicit commit from the local switch to propagate the active zone set to the remote switches.
For releases prior to 2.1(2), the workaround is different. Add either a dummy member to an existing zone or add a dummy zone with dummy members to the currently active IVR zone set, and then reactivate the IVR zone set. Then issue the commit command, which will propagate the active zone set to other switches.
•CSCei40874
Symptom: If port 9001 is in use by another process, the database update for the previous release tables and data may hang.
Workaround: Edit the server.properties file in the bin directory and use another port. Alternatively, remove the process that opened port 9001.
•CSCei53783
Symptom: An iSCSI host cannot log in to one IPS port after many supervisor module switchovers.
Workaround: None.
•CSCsc16506
Symptom: The following syslog message is displayed:
Transmit Flow Control is seen for too longfollowed by link flap of the affected port. This applies only in E port mode and TE port mode of operation on Storage Services Modules (SSM) (DS-X9032-SSM) interfaces and occurs only when class-F packets are dropped due to a timeout condition. Typically, the packet timeout happens when there is serious congestion in the network, forcing the packets to stay in the switch for more than the timeout period.
Workaround: Avoid configuring in E port mode or TE port mode on the Fibre Channel interfaces.
•CSCsc46451
Symptom: CFS distribution may become inconsistent when a link flaps. One switch in the CFS distribution list may detect that a CFS peer has dropped from the fabric while the other CFS peers do not detect this. Subsequent CFS distributions result in incorrect updates to CFS peers.
Workaround: Use a switch where all other switches are reachable through CFS for IVR applications and follow these steps:
a. Issue the show ivr vsan-topology command and make sure that the switch auto topology is showing correct information.
b. Issue the ivr copy auto user command in EXEC mode to copy the current active topology to the user-configured topology.
Note The ivr copy auto user command should lock the database on all the remaining 10 IVR enabled switches.
c. Issue the ivr vsan-topology activate command to activate the copied user configured topology.
d. Type ivr commit to push the changes to all the remaining 10 IVR enabled switches.
After Step d, all the IVR enabled switches should have active user-configured topology with the same entries.
Using the switch where the problem exists with the auto topology output, follow these remaining steps:
e. Issue the no ivr distribute command to isolate the switch from any remaining CFS clouds with IVR. Use the show cfs merge status na ivr command on all remaining switches to ensure that the current switch is removed and the output contains just the local switch.
f. Issue the ivr distribute command to retrigger the CFS merge. After stabilization time, use the show cfs merge status na ivr command on each of the switches to verify the correct number of switches are shown.
Finally, reenable auto topology by issuing the ivr vsan-topo auto command, followed by the ivr commit command. After stabilization time (around 2 to 3 minutes), you should see that auto topology is consistent on all switches.
•CSCsc75056
Symptom: Installing an invalid license file may cause an MDS switch to reload.
Workaround: None.
•CSCsd41578
Symptom: When a port continuously flaps, the Fibre Channel process may crash and cause a supervisor switchover.
Workaround: Use a different port or check the host bus adapter (HBA) port.
•CSCsd47064
Symptom: The Forwarding Information Base (FIB) process may fail if an IVR zone set push from the Fabric Manager fails because of an SNMP timeout and various switches send conflicting active IVR zone sets.
Workaround: There are two ways to address the problem:
•Examine the output of the show interface mgmt 0 command to see if there is a duplex mismatch that may cause an SNMP timeout.
•Use the ivr distribute command to enable Cisco Fabric Services (CFS) distribution for IVR zone or zone sets and the topology through Inter-Switch Links (ISLs).
•CSCsd78967
Symptom: If you remove a port from a port channel or shutdown a member port of a port-channel, the ConnUnitPortStatus/State trap is not sent.
Workaround: None.
•CSCsd79954
Symptom: A VSAN that is connected to a McDATA switch with interop mode 1 participates in IVR. The VSAN has devices that are zoned for IVR with a device with domain IDs not within the 97 to 127 range. A loss of connectivity between the hosts and storage devices that are zoned for IVR and the devices in a normal zone might occur.
Workaround: None.
•CSCse89151
Symptom: If you have more than 800 zones in an active zoneset for a single VSAN, your MDS 9000 switch might reload if you move from basic zoning to enhanced zoning and then read the active zoneset information.
Workaround: Lower the number of zones in an active zoneset for a single VSAN to less than 800.
•CSCsh27840
Symptom: While using an FCIP link for remote SPAN, it is possible that the FCIP link may flap.
Workaround: Do not use FCIP links for Remote SPAN.
•CSCef56229
Symptom: If an iSCSI initiator is configured differently on multiple switches, iSNS might report more targets to the initiator than the initiator can access. An iSCSI initiator would get a target error if it attempts to establish a connection.
Workaround: None.
•CSCeg27584
Symptom: Creating a role that has VSAN policy as "deny" requires an Enterprise License on the switch. If such a role is created on a switch that does not have the license, the switch exhibits different behavior when distribution is turned on versus when distribution is turned off.
–If distribution is turned off, creation of the role is rejected.
–if distribution is turned on, creation of the role succeeds but the VSAN policy continues to be "permit."
Workaround: None.
•CSCeg37598
Symptom: The iSNS server might crash when iSCSI is disabled and iSNS is enabled using Fabric Manager.
Workaround: None.
•CSCeh33548
Symptom: Tape devices can only be accessed over an FCIP tunnel in a PortChannel with write acceleration enabled if SID/DID based load-balancing is used in the VSANs.
Workaround: Disable write acceleration or enable SID/DID based load-balancing in the VSANs if you have tape device traffic going over an FCIP tunnel in a PortChannel.
•CSCeh41099
Symptom: Protocol and port numbers, if specified in an IP ACL assigned to an IPSec profile (crypto map), will be ignored. In an interop between Microsoft's iSCSI initiator with IPSec encryption with Cisco MDS 9000 Series switches, if IPSec is configured in the Microsoft iSCSI initiator (also the IPSec/IKE initiator), the host IPSec implementation sends the following IPSec policy:
source IP - Host IP, dest IP - MDS IP,source port - any, dest port - 3260 (iSCSI), protocol - 6 (TCP).Upon receiving this policy, the protocol and port numbers are ignored and only the IP addresses for the IPSec policy are used. Thus, although iSCSI traffic is encrypted, non-iSCSI traffic (such as ICMP ping) sent by the Microsoft host in clear text will be dropped in the MDS port.
Workaround: None.
•CSCeh51924
Symptom: SNMP service might stop and restart because of a corrupted snmpTargetParamsEntry in the snmpTargetParamsTable. This corrupted entry is created when there is a null string in object snmpTargetParamsName as its index.
Workaround: Enter a name in the snmpTargetParamsName with at least one character when creating an snmpTargetParamsEntry.
•CSCeh75500
Symptom: A device that interfaces with SANTap may request SANTap to create a session for an ITL that was previously requested, and ITL checking is not robust.
Workaround: Have the device validate the ITL and ensure that it does not send a request for a duplicate ITL.
•CSCeh88814
Symptom: When SANTap is unprovisioned, the control virtual target (CVT) object is not getting cleaned up on the supervisor module.
Workaround: To ensure that cleanup occurs, the administrator should first issue the no santap module slot-number appl-vsan vsan-id command to clean up the CVT, and then unprovision SANTap.
•CSCei32317
Symptom: When configuring a remote SPAN (RSPAN), the Fibre Channel tunnel will not come up if it goes through more than one hop.
Workaround: Configure the Fibre Channel tunnel explicit-path option and list every IP hop between the source and destination.
•CSCei57342
Symptom: If a link is isolated because of a fabric-binding database mismatch, a reactivation of the corrected fabric-binding database may not initialize the ports.
Workaround: Use the shut command followed by the no shut command to manually disable and then enable the link.
•CSCei58652
Symptom: When a reconfigure fabric (RCF) frame occurs on a VSAN, the ports may be left in a state where the fabric binding is incorrect.
Workaround: None
•CSCei71686
Symptom: If iSCSI is enabled before FCIP, then the qos command that is configurable under a FCIP interface is not available as an option. The reverse is true as well. If FCIP is enabled first, then the qos command is not an option for iSCSI interfaces.
Workaround: None.
•CSCei86399
Symptom: A TACACS+ key that includes the less than (<) and greater than (>) characters fails when copied to an FTP server, and then copied back to the MDS switch.
Workaround: None.
•CSCei91968
Symptom: In a fabric with more than one switch, there is a possibility of CFS or syslog crashing because of a PSS-FULL condition. This happens because of leakage in the PSS records stored by the CFS module.
CFS internal distributions cause a PSS leakage during one of the following:
–An application registration/de-registration. (This is at the rate of 1 PSS records or 60 bytes per event.)
–-An ISL Link flap. (This is at the rate of 2 PSS records per CFS registered application. For 10 CFS registered applications, a 1000 flaps would cause a leak of about 1M.)
Application and Regular CFS distributions in a stable fabric do not result in PSS leakages.
Workaround: None. A switchover will help in cleaning up these records but the usage of the partition remains same (dev/shm partition). However, CFS will reuse the freed space for further PSS storage.
•CSCin95686
Symptom: The RRD graph in the Performance Manager does not refresh on a web client opened in Mozilla or Netscape.
Workaround: Do not use a proxy server or use the browser's Refresh button.
•CSCin95789
Symptom: When you configure Cisco Traffic Analyzer to capture traffic on one or more interfaces on a Windows platform, the configuration web page might not show that the interface has been selected for traffic capture even though traffic capture on that interface is enabled.
Workaround: Check the logs to clarify that the correct interface has been selected.
•CSCsb89732
Symptom: After an upgrade from SAN-OS Release 1.3(2a) to any release lower than SAN-OS Release 3.0(1), you may see errors like the following in the syslog file:
2005 Sep 15 17:36:55 coral %SYSMGR-3-CFGWRITE_SRVFAILED: Service "fcc" failed to store its configuration (error-id 0xFFFFFFFF).2005 Sep 15 17:36:56 coral %SYSMGR-2-CFGWRITE_ABORTED: Configuration copy aborted.2005 Sep 15 17:36:59 coral %SYSMGR-3-CFGWRITE_FAILED: Configuration copy failed (error-id 0x401E0000).2005 Sep 15 17:37:43 coral %SYSMGR-3-CFGWRITE_SRVFAILED: Service "fcc" failed to store its configuration (error-id 0xFFFFFFFF).2005 Sep 15 17:37:44 coral %SYSMGR-2-CFGWRITE_ABORTED: Configuration copy aborted.2005 Sep 15 17:37:47 coral %SYSMGR-3-CFGWRITE_FAILED: Configuration copy failed (error-id 0x401E0000).2005 Sep 15 17:38:31 coral %SYSMGR-3-CFGWRITE_SRVFAILED: Service "fcc" failed to store its configuration (error-id 0xFFFFFFFF).2005 Sep 15 17:38:32 coral %SYSMGR-2-CFGWRITE_ABORTED: Configuration copy aborted.2005 Sep 15 17:38:35 coral %SYSMGR-3-CFGWRITE_FAILED: Configuration copy failed (error-id 0x401E0000).Workaround: After the upgrade, issue the copy running-config startup-config command before issuing the show startup-config command.
If you have already encountered this issue, perform a stateful switchover, then issue the copy running-config startup-config command.
•CSCsb90192
Symptom: The CFS process crashes while processing a discovery response containing null data.
Workaround: None.
•CSCsc09732
Symptom: If there is a port software failure at the same time as a configuration change for an FCIP interface, the configuration change can fail and subsequent configuration and show commands will fail for that FCIP interface.
Workaround: None.
•CSCsc20106
Symptom: On a Cisco MDS 9020 Fabric Switch, Fabric Manager displays a 4-Gbps Inter-Switch Link (ISL) as a 3-Gbps ISL.
Workaround: None.
•CSCsc23435
Symptom: System logs an error due to a xbar-ASIC interface device 6 (overflow). The error results in packet loss and, potentially, the card going into a failure state.
The down-xbar interface ASIC (D-chip) has a mapping of hardware queues to software destination indexes (DIs).This table is initialized by hardware to map all queues to DI 0. The D-chip statically allocates packet buffers for each hardware queue during initialization. These buffers correspond to credits given to the central arbiter for the corresponding DI.
On line cards with FCIP interfaces, the binding of DIs is performed dynamically after initialization. This means that any hardware queues that have not yet been bound to a DI will actually be giving credits to the arbiter for DI 0.
In rare cases, the D-chip may fill up with packets causing an overflow condition and cause packets to be dropped and an error is be logged. If the condition persists for 1 second, the card goes into failure state.
The following hardware components are affected by this error:
•8-port Gigabit Ethernet IP Storage Services module (DS-X9308-SMIP)
•4-port Gigabit Ethernet IP Storage Services module (DS-X9304-SMIP)
•MPS-14/2 module (DS-X9302-14K9)
•MDS 9216i switch (DS-C9216i-K9)
Workaround: None.
•CSCsc24966
Symptom: The following commands can sometimes hang the terminal during execution:
•show tech-support commands
•tac-pac
Workaround: If you are connected through an SSH or Telnet session, shut down the session and restart a new one.
•CSCsc28722
Symptom: Upgrading from a Cisco SAN-OS Release 1.3(x) image to a Release 2.x image can disrupt ongoing traffic because spurious RSCNs are generated during the upgrade. Hosts that have registered for the RSCN, using SCR, will receive these spurious RSCNs and hence the disruption. However, upgrading from 2.0(x) to 2.1(x) will not disrupt any traffic.
Workaround: Using the following steps, suppress the RSCNs on a per interface basis during the upgrade using the rscn suppress interface fc x/y command.
Note This configuration must be removed right after the upgrade, otherwise Hosts that are registered for RSCN will never receive any RSCNs there on.
Note This configuration will go into the running config. Since the running config will be saved to the start-up config during upgrade, ensure that the configuration is removed and saved after upgrade.
a. Issue the show rscn scr-table command to identify the port registered for RSCN.
b. Issue the show flogi database command to identify the fc interface of the port.
c. Issue the (config #) rscn suppress interface fc x/y command to suppress on all required interfaces.
d. Begin the upgrade progress as you normally would.
e. Issue the (config #) no rscn suppress interface fcx/y command.
f. Issue the copy running start command.
•CSCsc31424
Symptom: Issuing a no shutdown command on an interface causes the following message to display:
fc1/1: (error) port channel config in progress - config not allowedThe following steps may reproduce the problem:
1. Remove a port from a PortChannel.
switch# config tswitch(config)# interface fc slot/portswitch(config-if)# no channel-group group-number2. Cause a system switchover.
switch(config-if)# endswitch# system switchover
Note This problem does not always occur.
Workaround:
1. Configure a new PortChannel and add the interface.
switch# config tswitch(config)# interface fc slot/portswitch(config-if)# channel-group group-numberWhere the PortChannel group-number does not exist.
2. Remove the new PortChannel.
switch(config-if)# exitswitch(config)# no interface port-channel group-number3. Disable the interface.
switch(config)# interface fc slot/portswitch(config-if)# no shutdown•CSCsc33788
Symptom: In rare circumstances, after you issue the install all command to upgrade an MDS switch, the upgrade may fail because the installer process fails. When this failure occurs, you may see a message like the following:
%CALLHOME-2-EVENT: SW_CRASH alert for service: installerThe installer failed to respond for 10 times. Exiting ...Unable to send exit to installer. Return code -1If you upgrade from 1.3(x) to 2.1 or from 2.0(x) to 2.1 and the upgrade fails, and if after the upgrade failure the supervisor modules are running the new software version, but some modules are running the older software version, then the next attempt to execute the install all command will trigger this problem.
You should not encounter this problem if you upgrade from 2.1 to a higher version.
Workaround: There are two ways to address this issue:
•To non-disruptively upgrade all modules that are running the older software version, issue the install module module-number image command.
•To disruptively upgrade the modules, issue the reload module module-number force-dnld command, or reinstall the module.
•CSCsc40012
Symptom: If you use Telnet or SSH to access an MDS switch, TACACS+ authentication with the domain or user name format does not work.
Workaround: None.
•CSCsc48919
Symptom: When a data path on a Storage Service Module (SSM) is congested, diagnostic frames that are delivered as best effort may be dropped. The Online Health Management System (OHMS) may bring down a Fibre Channel port on an SSM when congestion occurs and declare the port as failed.
Workaround: To work around this issue, enter the following command:
switch(config)# no system health module ssm-module-number loopback failure-action
•CSCsc53604
Symptom: In Cisco SAN-OS Release 2.1(2b), the power supplies on some Cisco MDS 9120 and Cisco MDS 9140 switches are flagged as unsupported. This generates a syslog message, a Call Home message, and a SNMP trap. Only certain power supplies with newer SEEPROM formats will trigger this problem.
Workaround: None. The power supplies continue to function normally and the unsupported message can be ignored. Or, upgrade to Cisco SAN-OS Release 2.1(2c).
•CSCsc57865
Symptom: A device alias cannot be renamed using Fabric Manager. Fabric Manager is polling the description of the device and not the name or alias for the device.
Workaround: Use the CLI to rename the device alias.
•CSCsc60283
Symptom: In rare circumstances, an MDS 9000 Family switch may start displaying the following error messages in the log, several times per second:
%KERN-1-SYSTEM_MSG: eepro100: wait_for_cmd_done timeout 0x801249d2 0xf0!When this situation occurs, Telnet access through the mgmt0 interface is impossible.
Workaround: None.
•CSCsc68084
Symptom: Fabric Manager generates the following exception in the Fabric Manager log when trying to activate a zone set:
java.util.AbstractList$Itr.remove(Unknown Source)This problem occurs under the following circumstances:
•You activate a new zone set in a VSAN using the Fabric Manager zoning dialog
•The existing active zone set is not null.
•One of the configured zones has a common zone member with one of the active zones (with the same zone name).
•CSCsc72994
Symptom: If a user does not have a Fabric Manager Server (FMS) license, a demo or trial license counter for enhanced FMS features starts even when FMS enhanced features are not configured. You might see the following message:
%LICMGR-3-LOG_LIC_NO_LIC: No license(s) present for feature FM_SERVER_PKG. Application(s) shutdown in 119 days.This might occur after upgrading to Cisco SAN-OS 2.1(2x). FMS status becomes InUsed although none of its features were or are actually used. This starts the 120 day evaluation period counter for FMS enhanced features.
Note This does not have any impact on using the FM/DM for managing the switch for basic feature operations.
Workaround: Install an FMS license.
•CSCsc93936
Symptom: When you attempt to copy a running configuration or startup configuration to a tftp server in a single step, the operation fails.
Workaround: Copy the configuration in two steps:
switch# copy running-config volatile:
switch# copy volatile: tftp:
•CSCsc97070
Symptom: The port software might fail if more than 250 iSCSI sessions are present on an IPS port configured for proxy initiator mode.
Workaround: Configure no more than 250 iSCSI sessions on an IPS port with proxy initiator mode configured.
•CSCsc98796
Symptom: If tape acceleration is enabled and the FCIP link is under a heavy load, an FCIP link can flap when a status frame is returned from the tape device with a check condition. This includes expected check condition status frames such as the early warning for end-of-media frames.
Workaround: None.
•CSCsd07246
Symptom: Following a successful login by a host, the show interface command lists an interface as "isolated due to port loopback." In Fabric Manager, the Device Manager shows the same information about the interface.
Workaround: None.
•CSCsd12831
Symptom: You might be unable to add or delete a specific user name through the command-line interface, although you can add or delete other user names with no problem. The user name in question does not display in the output of a show user-account command; even so, it cannot be added or deleted.
In this situation, you might see the following error message:
username <username> password 0 <passwd>Internal CLI error: Success error in messagingAuthentication token manipulation errorcould not change password for user:<username>no username <username>user not present{could not delete user <username>}Workaround: None.
•CSCsd30165
Symptom: On an MDS 9500 Series switch running Cisco SAN-OS Release 2.1(1b), the output of the show version command shows the wrong value for the last reset. This issue does not cause any operational problems on the switch. The output may look like the following:
kernel uptime is 137 days 3 hours 49 minute(s) 32 second(s)
Last reset at -447213060 usecs after Sun Mar 18 05:59:15 2018
Reason: Not defined
System version: Service: §"H
Workaround: None.
•CSCsd34882
Symptom: The SAN-OS software creates a syslog message after a configuration change through the command-line interface The syslog message looks like this:
switch# 2006 Feb 8 09:00:33 switch %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configuring console from pts/1 (dhcp-peg3-vl30-144-254-7-182.cisco.com)Using the Fabric Manager to make the same configuration change does not result in the same syslog message:
switch# 2006 Feb 8 09:00:56 switch %PORT-5-IF_DOWN_ADMIN_DOWN: %$VSAN 1%$ Interface fc1/5 is down (Administratively down)Workaround: None.
•CSCsd53429
Symptom: After you enter the ivr zone name command to configure a zone, the switch displays a message that may be misleading:
switch# config tEnter configuration commands, one per line. End with CNTL/Z.switch(config)# ivr zone name abc
fabric is locked for configuration. Please commit after configuration is done.switch(config-ivr-zone)#The message has been changed:
switch# config tEnter configuration commands, one per line. End with CNTL/Z.switch(config)# ivr zone name abc
fabric is now locked for configuration. Please 'commit' configuration when done.switch(config-ivr-zone)#Workaround: None.
•CSCsd58774
Symptom: The following configuration causes excessive data collisions and reduced throughput on the management port of an MDS switch Supervisor 1 module:
Management port configuration - Speed:100 Mbps, Duplex: Full
Switch port configuration - Speed: 100 Mbps, Duplex: FullResulting mode on management port - Speed: 100 Mbps, Duplex: Half
Resulting mode on switch port - Speed: 100 Mbps, Duplex: FullWorkaround: Because an MDS switch always autonegotiates the duplex mode and defaults to half duplex if the autonegotiation fails, you should configure the ports as follows:
Management port configuration - Speed: 100 Mbps, Duplex: Auto
Switchport configuration - Speed: Auto, Duplex: AutoResulting mode on management port - Speed: 100 Mbps, Duplex: Full
Resulting mode on switchport - Speed 100 Mbps, Duplex: Full•CSCsd60578
Symptom: The problem in FC Write Acceleration on the Storage Services module exhibited itself as a 10% to 15% performance drop once SCSI-Flows are established in both directions in relation to a {SCSI-Initiator, SCSI-Target} pair.
A bidirectional flow configuration may impact performance in a configuration where SCSI Flow is established for a given SCSI initiator SCSI target pair. For a SCSI flow in one direction, a given node in a SCSI initiator SCSI target pair acts as a SCSI initiator, and for the SCSI flow in the other direction, the same node as a SCSI target.
This problem applied only to Fibre Channel Write Acceleration on the Storage Services Module (SSM), and has been resolved in SAN-OS Release 3.0(1).
Workaround: None.
•CSCsd72822
Symptom: If a switch has multiple SSMs with the SCSI flow feature enabled, an SSM may fail to come up when you perform an upgrade or reload.
Workaround: Before attempting to upgrade or reload an SSM, remove SCSI flow provisioning. Once the SSM comes back up, enable SCSI flow provisioning again.
Follow these steps:
1. Issue the following command to remove the provisioning:
switch(config)# no ssm enable feature scsi-flow force module module-number
2. Issue the following command to upgrade the SSM:
switch# install all system bootflash:m9500-sf1ek9-mz.2.1.2d.bin kickstart bootflash:m9500-sf1ek9-kickstart-mz.2.1.2d.bin ssi bootflash:m9000-ek9-ssi-mz.2.1.2j.bin
3. Issue the following command to reenable the SCSI flow feature when the SSM comes back online:
switch(config)# ssm enable feature scsi-flow module module-number
4. If the ssm enable feature scsi-flow module command fails, verify that the SSM is online using the following command:
switch# show module
5. Once the SSM is online, issue the following command:
switch# reload module module-number
6. Repeat Step 3 to reenable the SCSI flow feature.
Note The force option should be used only in Step 1.
•CSCsd73494
Symptom: If an iSCSI port receives protocol data units (PDUs) for a write command after it has been aborted by a task management function (TMF), the buffers for these PDUs may be freed twice and this can lead to a port software failure on the iSCSI port.
Workaround: None.
•CSCsd76429
Symptom: FCIP tape acceleration causes a flap in the FCIP link when it receives duplicate CHECK CONDITION status frames from a tape device.
Workaround: Because there is no workaround when the tape drive is functioning in this manner, we recommend that you turn off FCIP tape acceleration.
•CSCsd81137
Symptom: Duplicate entries within an FC alias might cause an ISL isolation between your MDS 9000 switch and a Brocade switch.
Workaround: Remove duplicate entries from the Brocade switch and the link will come up.
•CSCsd81725
Symptom: If many iSCSI initiators issue writes with immediate or unsolicited data to the iSCSI interface, the result may be a buffer congestion condition that may in turn lead to a B2B credit issue on the FC ports. This may cause these ports to flap.
Workaround: None. This issue has been resolved.
•CSCsd82449
Symptom: Mode 1 FCIP compression performance degrades if the Fibre Channel frames received are 1 KB in size.
Workaround: None. This issue has been resolved.
•CSCsd83775
Symptom: A Fibre Channel Inter-Switch Link (ISL) does not come up and it displays a fabric binding database mismatch error when fabric binding is activated. Thi s problem may be seen when a supervisor switchover occurs or is performed and this ISL comes up. The fabric binding merge activity detects an incompatible database and fails to bring up the link because an incorrect domain ID is being used by the fabric binding module. The fabric binding module on the switch where the switchover occurs would have cleared its local domain ID and be using a domain ID of zero.
Workaround: Issue the fcdomain restart vsan vsan-id command in the VSANs of interest.
•CSCsd89872
Symptom: When using Cisco MDS SAN-OS Release 2.1(2e) or earlier to configure PortChannels, the following message may be displayed:
Last membership update failed: port-channel: required service is not responding (err_id 0x402B No portIf this issue occurs, any attempt to delete the PortChannel will fail and no additional operations can be performed on that specific PortChannel that gave the error.
Workaround: Upgrade from Cisco SAN-OS Release 2.1(2e) or earlier to Release 3.0(2a) to prevent the problem from occurring. If the problem has already occurred, an upgrade to Release 3.0(2a) will not correct the problem. Issue the write erase command and reboot the system to correct this problem.
•CSCsd94718
Symptom: In Fabric Manager, the local zone database is not synchronized.
Workaround: None.
•CSCse70275
Symptom: The Qlogic 2460 HBA fails to remote boot when it connects to a VT instantiated by SANTap on the SSM because the Qlogic 2460 BIOS sends a test ready unit with an invalid command reference number (CRN) and task attribute field. This same HBA can boot when SANTap and the SSM are not part of the configuration.
Workaround:Use the Qlogic 2340 HBA.
•CSCse71420
Symptom: If you have multiple switches with IVR, and there is a mismatch of IVR VSAN topology and IVR zones which were corrected later, you might get an error message in the logs %FSPF-3-IPC_PROC_ERR: Error in processing IPC message : Opcode = 68, Error code = 401a0013
Workaround: None.
•CSCse84811
Symptom: In a system with autocreate PortChannel configured, if there are multiple link flaps or configuration changes on a PortChannel, the PortChannel Manager process memory might run out causing the PortChannel Manager process to crash.
Workaround: Issue the write erase command and reload the switch.
•CSCse88606
Symptom: Setting a value higher than 4 for the maximum number of times a packet is retransmitted before TCP closes the connection might product unexpected results. This would occur during a link FCIP tunnel recovery after a short downtime.
Workaround: Configure the TCP maximum retransmissions to values between 1 and 4 only.
•CSCse99087
Symptom: A user called snmp-user can successfully log into an MDS switch through the CLI, but cannot log in through Fabric Manager or Device Manager. The login attempt fails with this error: SNMP: Unknown username
Workaround: None.
•CSCsf21970
Symptom: If you issue immediate, back-to-back commands to delete and then create FCIP interfaces, the internal port service might crash.
Workaround: Wait 5 seconds between the delete and the following create command for a given FCIP interface.
•CSCsf96043
Symptom:No alerts are issued for FCS errors on the sup-fc0 port even though it might affect Fibre Channel communication.
Workaround: None.
•CSCsg03171
Symptom: The dynamic port VSAN membership (DPVM) failed after the number of F ports exceeded 64 and a port flap occurred.
Workaround: Keep the number of F ports in a switch below 64.
•CSCsg12020
Symptom: If your switch is up for a long period of time, such as more than 100 days, zone set activation in Fabric Manager might not reflect the latest results and active-local differences may still be shown.
Workaround: Close and reopen Fabric Manager with the "Accelerate Discovery" option unchecked. This reflects the latest change, but might need to be done after every change.
•CSCsg15392
Symptom: If a Generation 1 module has any port that is administratively up, but operationally down when you upgrade from SAN-OS Release 2.x to either Release 3.0(1) or Release 3.0(2x), you might experience traffic disruption on that module.
Workaround: Use the shutdown command to shut all the ports operationally down and administratively up on all the Generation 1 modules before upgrading from SAN-OS Release 2.x to Release SAN-OS 3.0(x) or Release 3.0(2x). After the upgrade is complete, the ports can be brought to an administratively up state using the no shutdown command.
•CSCsg62359
Symptom: If a user attempts to log in using TACACS+ authentication to an MDS switch or an SSH server configured on the switch, the login might fail if password-authentication is the first login method the user tries.
Workaround: Use the keyboard-interactive method as the first login method for SSH.
Related Documentation
The documentation set for the Cisco MDS 9000 Family includes the following documents:
•Cisco MDS 9000 Family Release Notes for Cisco MDS SAN-OS Releases
•Cisco MDS 9000 Family Interoperability Support Matrix
•Cisco MDS SAN-OS Release Compatibility Matrix for IBM SAN Volume Controller Software for
•Cisco MDS 9000 Cisco MDS SAN-OS Release Compatibility Matrix for VERITAS Storage Foundation for Networks Software
•Cisco MDS SAN-OS Compatibility Matrix for Storage Service Interface Images
•Cisco MDS 9000 Family SSM Configuration Note
•Cisco MDS 9000 Family ASM Configuration Note
•Regulatory Compliance and Safety Information for the Cisco MDS 9000 Family
•Cisco MDS 9500 Series Hardware Installation Guide
•Cisco MDS 9200 Series Hardware Installation Guide
•Cisco MDS 9216 Switch Hardware Installation Guide
•Cisco MDS 9100 Series Hardware Installation Guide
•Cisco MDS 9020 Fabric Switch Hardware Installation Guide
•Cisco MDS 9000 Family Software Upgrade and Downgrade Guide
•Cisco MDS 9000 Family Configuration Guide
•Cisco MDS 9000 Family Command Reference
•Cisco MDS 9020 Fabric Switch Configuration Guide and Command Reference
•Cisco MDS 9000 Family Fabric Manager Configuration Guide
•Cisco MDS 9000 Family Fabric and Device Manager Online Help
•Cisco MDS 9000 Family SAN Volume Controller Configuration Guide
•Cisco MDS 9000 Family Quick Configuration Guide
•Cisco MDS 9000 Family Fabric Manager Quick Configuration Guide
•Cisco MDS 9000 Family MIB Quick Reference
•Cisco MDS 9020 Fabric Switch MIB Quick Reference
•Cisco MDS 9000 Family CIM Programming Reference
•Cisco MDS 9000 Family System Messages Reference
•Cisco MDS 9020 Fabric Switch System Messages Reference
•Cisco MDS 9000 Family Troubleshooting Guide
•Cisco MDS 9000 Family Port Analyzer Adapter 2 Installation and Configuration Note
•Cisco MDS 9000 Family Port Analyzer Adapter Installation and Configuration Note
For information on VERITAS Storage Foundation™ for Networks for the Cisco MDS 9000 Family, refer to the VERITAS website: http://support.veritas.com/
For information on IBM TotalStorage SAN Volume Controller Storage Software for the Cisco MDS 9000 Family, refer to the IBM TotalStorage Support website: http://www.ibm.com/storage/support/2062-2300/
Obtaining Documentation
Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation at this URL:
http://www.cisco.com/techsupport
You can access the Cisco website at this URL:
You can access international Cisco websites at this URL:
http://www.cisco.com/public/countries_languages.shtml
Product Documentation DVD
Cisco documentation and additional literature are available in the Product Documentation DVD package, which may have shipped with your product. The Product Documentation DVD is updated regularly and may be more current than printed documentation.
The Product Documentation DVD is a comprehensive library of technical product documentation on portable media. The DVD enables you to access multiple versions of hardware and software installation, configuration, and command guides for Cisco products and to view technical documentation in HTML. With the DVD, you have access to the same documentation that is found on the Cisco website without being connected to the Internet. Certain products also have .pdf versions of the documentation available.
The Product Documentation DVD is available as a single unit or as a subscription. Registered Cisco.com users (Cisco direct customers) can order a Product Documentation DVD (product number DOC-DOCDVD=) from Cisco Marketplace at this URL:
http://www.cisco.com/go/marketplace/
Ordering Documentation
Beginning June 30, 2005, registered Cisco.com users may order Cisco documentation at the Product Documentation Store in the Cisco Marketplace at this URL:
http://www.cisco.com/go/marketplace/
Nonregistered Cisco.com users can order technical documentation from 8:00 a.m. to 5:00 p.m. (0800 to 1700) PDT by calling 1 866 463-3487 in the United States and Canada, or elsewhere by calling 011 408 519-5055. You can also order documentation by e-mail at tech-doc-store-mkpl@external.cisco.com or by fax at 1 408 519-5001 in the United States and Canada, or elsewhere at 011 408 519-5001.
Documentation Feedback
You can rate and provide feedback about Cisco technical documents by completing the online feedback form that appears with the technical documents on Cisco.com.
You can send comments about Cisco documentation to bug-doc@cisco.com.
You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883We appreciate your comments.
Cisco Product Security Overview
Cisco provides a free online Security Vulnerability Policy portal at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
From this site, you can perform these tasks:
•Report security vulnerabilities in Cisco products.
•Obtain assistance with security incidents that involve Cisco products.
•Register to receive security information from Cisco.
A current list of security advisories and notices for Cisco products is available at this URL:
If you prefer to see advisories and notices as they are updated in real time, you can access a Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed from this URL:
http://www.cisco.com/en/US/products/products_psirt_rss_feed.html
Reporting Security Problems in Cisco Products
Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you might have identified a vulnerability in a Cisco product, contact PSIRT:
•Emergencies — security-alert@cisco.com
An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered nonemergencies.
•Nonemergencies — psirt@cisco.com
In an emergency, you can also reach PSIRT by telephone:
•1 877 228-7302
•1 408 525-6532
Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product to encrypt any sensitive information that you send to Cisco. PSIRT can work from encrypted information that is compatible with PGP versions 2.x through 8.x.
Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
The link on this page has the current PGP key ID in use.
Obtaining Documentation
Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation at this URL:
http://www.cisco.com/techsupport
You can access the Cisco website at this URL:
You can access international Cisco websites at this URL:
http://www.cisco.com/public/countries_languages.shtml
Product Documentation DVD
The Product Documentation DVD is a comprehensive library of technical product documentation on a portable medium. The DVD enables you to access multiple versions of installation, configuration, and command guides for Cisco hardware and software products. With the DVD, you have access to the same HTML documentation that is found on the Cisco website without being connected to the Internet. Certain products also have .PDF versions of the documentation available.
The Product Documentation DVD is available as a single unit or as a subscription. Registered Cisco.com users (Cisco direct customers) can order a Product Documentation DVD (product number DOC-DOCDVD= or DOC-DOCDVD=SUB) from Cisco Marketplace at this URL:
http://www.cisco.com/go/marketplace/
Ordering Documentation
Registered Cisco.com users may order Cisco documentation at the Product Documentation Store in the Cisco Marketplace at this URL:
http://www.cisco.com/go/marketplace/
Nonregistered Cisco.com users can order technical documentation from 8:00 a.m. to 5:00 p.m. (0800 to 1700) PDT by calling 1 866 463-3487 in the United States and Canada, or elsewhere by calling 011 408 519-5055. You can also order documentation by e-mail at tech-doc-store-mkpl@external.cisco.com or by fax at 1 408 519-5001 in the United States and Canada, or elsewhere at 011 408 519-5001.
Documentation Feedback
You can rate and provide feedback about Cisco technical documents by completing the online feedback form that appears with the technical documents on Cisco.com.
You can submit comments about Cisco documentation by using the response card (if present) behind the front cover of your document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883We appreciate your comments.
Cisco Product Security Overview
Cisco provides a free online Security Vulnerability Policy portal at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
From this site, you will find information about how to:
•Report security vulnerabilities in Cisco products.
•Obtain assistance with security incidents that involve Cisco products.
•Register to receive security information from Cisco.
A current list of security advisories, security notices, and security responses for Cisco products is available at this URL:
To see security advisories, security notices, and security responses as they are updated in real time, you can subscribe to the Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed. Information about how to subscribe to the PSIRT RSS feed is found at this URL:
http://www.cisco.com/en/US/products/products_psirt_rss_feed.html
Reporting Security Problems in Cisco Products
Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you have identified a vulnerability in a Cisco product, contact PSIRT:
•For Emergencies only — security-alert@cisco.com
An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered nonemergencies.
•For Nonemergencies — psirt@cisco.com
In an emergency, you can also reach PSIRT by telephone:
•1 877 228-7302
•1 408 525-6532
Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product (for example, GnuPG) to encrypt any sensitive information that you send to Cisco. PSIRT can work with information that has been encrypted with PGP versions 2.x through 9.x.
Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
The link on this page has the current PGP key ID in use.
If you do not have or use PGP, contact PSIRT at the aforementioned e-mail addresses or phone numbers before sending any sensitive material to find other means of encrypting the data.
Obtaining Technical Assistance
Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco Technical Support & Documentation website on Cisco.com features extensive online support resources. In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not have a valid Cisco service contract, contact your reseller.
Cisco Technical Support & Documentation Website
The Cisco Technical Support & Documentation website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, at this URL:
http://www.cisco.com/techsupport
Access to all tools on the Cisco Technical Support & Documentation website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:
http://tools.cisco.com/RPF/register/register.do
Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting a web or phone request for service. You can access the CPI tool from the Cisco Technical Support & Documentation website by clicking the Tools & Resources link under Documentation & Tools. Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by product ID or model name; by tree view; or for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.
Submitting a Service Request
Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL:
http://www.cisco.com/techsupport/servicerequest
For S1 or S2 service requests, or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.
To open a service request by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447For a complete list of Cisco TAC contacts, go to this URL:
http://www.cisco.com/techsupport/contacts
Definitions of Service Request Severity
To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.
Severity 1 (S1)—An existing network is down, or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operations are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.
Severity 3 (S3)—Operational performance of the network is impaired, while most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.
Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
•The Cisco Product Quick Reference Guide is a handy, compact reference tool that includes brief product overviews, key features, sample part numbers, and abbreviated technical specifications for many Cisco products that are sold through channel partners. It is updated twice a year and includes the latest Cisco offerings. To order and find out more about the Cisco Product Quick Reference Guide, go to this URL:
•Cisco Marketplace provides a variety of Cisco books, reference guides, documentation, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:
http://www.cisco.com/go/marketplace/
•Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:
•Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL:
•iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies learn how they can use technology to increase revenue, streamline their business, and expand services. The publication identifies the challenges facing these companies and the technologies to help solve them, using real-world case studies and business strategies to help readers make sound technology investment decisions. You can access iQ Magazine at this URL:
http://www.cisco.com/go/iqmagazine
or view the digital edition at this URL:
http://ciscoiq.texterity.com/ciscoiq/sample/
•Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:
•Networking products offered by Cisco Systems, as well as customer support services, can be obtained at this URL:
http://www.cisco.com/en/US/products/index.html
•Networking Professionals Connection is an interactive website for networking professionals to share questions, suggestions, and information about networking products and technologies with Cisco experts and other networking professionals. Join a discussion at this URL:
http://www.cisco.com/discuss/networking
•World-class networking training is available from Cisco. You can view current offerings at this URL:
http://www.cisco.com/en/US/learning/index.html
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0601R)
Copyright © 2004 - 2006 Cisco Systems, Inc. All rights reserved.