 Feedback
|
Table Of Contents
Cisco MDS 9000 Family Release Notes
for Cisco MDS SAN-OS Release 2.0(1b)Determining the Software Version
New Features in Cisco MDS SAN-OS Release 2.0(1b)
Cisco MDS 9216i Multiprotocol Fabric Switch
Cisco MDS 9216A Multilayer Fabric Switch
14/2-Port Multiprotocol Services Module
Storing the Last Core to Flash
The snmp-server enable traps Command
Upgrading to Cisco MDS SAN-OS Release 2.0(1b) from Release 1.3(4a)
Port Mode for IBM FAStT 500 Storage System
Fabric Manager/Device Manager Support on Windows2003
Cisco Product Security Overview
Reporting Security Problems in Cisco Products
Obtaining Technical Assistance
Cisco Technical Support Website
Definitions of Service Request Severity
Obtaining Additional Publications and Information
Cisco MDS 9000 Family Release Notes
for Cisco MDS SAN-OS Release 2.0(1b)
Release Date: October 22, 2004
Text Part Number: OL-6249-01 Rev. F1
This document describes the caveats and limitations for switches in the Cisco MDS 9000 Family. Use this document in conjunction with documents listed in the "Related Documentation" section.
Note
Releases notes are sometimes updated with new information on restrictions and caveats. Refer to the following website for the most recent version of the Cisco MDS 9000 Family Release Note: http://www.cisco.com/en/US/products/hw/ps4159/ps4358/prod_release_notes_list.html
Table 1 shows the on-line change history for this document.
Table 1 On-Line History Change
A0
10/22/2004
Release notes created
B0
11/05/2004
Table 2 caption revised
Table 3 correctly referenced in the Caveats sectionC0
11/09/2004
Added SSE license information
D0
11/17/2004
Added DDTS CSCeg23889, image upgrade references, and FC ID information
E0
11/30/2004
Added Fabric Manager/Device Manager Support on Windows2003 information
F0
12/15/2004
Added DDTS CSCeg53094
G0
12/22/2004
Added DDTS CSCeg59198, CSCeg61535, and CSCeg58996
H0
01/14/2005
Added DDTS CSCef74578, CSCef82882, CSCef94903, CSCeg05450, CSCeg09210, CSCeg37598, CSCeg44018, CSCeg46989, CSCeg56197.
I0
02/17/2005
Added DDTS CSCef83504
J0
02/28/2005
Added DDTS CSCeg85146 and CSCin81851
K0
03/15/2005
Added DDTS CSCeh21199, CSCef56229
L0
03/24/2005
Added DDTS CSCed20053, CSCef65409, CSCef70000, CSCeg13762, CSCeg17593, CSCeg18886, CSCeg20292, CSCeg30690, CSCeg33732CSCin81760.
Changed severity of DDTS CSCeg44018.
M0
04/12/2005
Added DDTS CSCeg07325, CSCeh44216, CSCeh49026, CSCeh51924
N0
04/13/2005
Added DDTS CSCeg81089
O0
5/3/2005
Added DDTS CSCeh65824
P0
5/19/2005
Removed DDTS CSCeh44216
Q0
5/24/2005
Added DDTS CSCeg66225 and CSCeh42252
R0
5/31/2005
Added DDTS CSCeh96928
S0
06/01/2005
Added DDTS CSCeg24199
T0
06/23/2005
Added DDTS CSCei25319
U0
07/29/2005
Added DDTS CSCed57251, CSCeh61610, CSCeh64080, CSCec31365, CSCeg20932, CSCeg53114, CSCeg66225, CSCeh19639, CSCeh52280, CSCeh56143, CSCeh82490, CSCeh83514, and CSCeh87985
V0
08/05/2005
Added DDTS CSCeh41099
W0
08/22/2005
Removed DDTS CSCeh61610
X0
08/23/2005
Added DDTS CSCeh61610
Y0
10/14/2005
Modified DDTS CSCeg07325
Z0
12/07/2005
Added DDTS CSCsc31424
A1
12/30/2005
Added DDTS CSCei91968
B1
05/02/2006
Added DDTS CSCeg33121, CSCei67982, CSCei91676, and CSCsc33788
C1
06/06/2006
Removed DDTS CSCed16845
D1
9/05/2006
Added DDTS CSCsd78967
E1
9/13/2006
Added DDTS CSCsf21970
F1
02/23/2007
Added DDTS CSCsg03171 and CSCsh27840.
Contents
This document includes the following sections:
•
•
•
•
Introduction
The Cisco MDS 9000 Family of multilayer directors and fabric switches offers intelligent fabric-switching services that realize maximum performance while ensuring high reliability levels. These switches combine robust and flexible hardware architecture with multiple layers of network and storage management intelligence. This powerful combination enables highly available, scalable storage networks that provide advanced security and unified management features.
The Cisco MDS 9000 Family provides intelligent networking features such as multiprotocol and multitransport integration, virtual SANs (VSANs), advanced security, sophisticated debug analysis tools, and unified SAN management.
System Requirements
This section describes the system requirements for Cisco MDS SAN-OS Release 2.0(1b) and includes the following topics:
•
Components Supported
Table 2 lists the software and hardware components supported by the Cisco MDS 9000 Family.
Note
Table 2 Cisco MDS 9000 Family Supported Software and Hardware Components
Software
M95S1K9-2.0.1
MDS 9500 Supervisor/Fabric-I, SAN-OS software.
MDS 9500 Series only
M92S1K9-2.0.1
MDS 9216 Supervisor/Fabric-I, SAN-OS software.
MDS 9200 Series only
M91S1K9-2.0.1
MDS 9100 Supervisor/Fabric-I, SAN-OS software.
MDS 9100 Series only
License
M9500SSE1K9
Storage services enabler package
MDS 9500 series with ASM
M9500SSE1K9
Storage services enabler package
MDS 9200 series with ASM
Chassis
DS-C9509
MDS 9509 director, base configuration (9-slot modular chassis includes 7 slots for switching modules and 2 slots for supervisor modules—SFPs sold separately).
MDS 9509 only
DS-C9506
MDS 9506 director (6-slot modular chassis includes 4 slots for switching modules and 2 slots for supervisor modules—SFPs sold separately).
MDS 9506 only
DS-C9216-K9
MDS 9216 16-port semi-modular fabric switch (includes 16 1-Gbps/2-Gbps Fibre Channel ports, power supply, and expansion slot—SFPs sold separately).
MDS 9216 only
DS-C9216A-K9
MDS 9216A 16-port semi-modular fabric switch (includes 16 1-Gbps/2-Gbps Fibre Channel ports, power supply, and expansion slot—SFPs sold separately).
MDS 9216A only
DS-C9216i-K9
MDS 9216i 16-port semi-modular fabric switch (includes 14 1-Gbps/2-Gbps Fibre Channel ports, 2 Gigabit Ethernet ports, power supply, and expansion slot—SFPs sold separately.
MDS 9216i only
DS-C9120-K9
MDS 9120 fixed configuration, non-modular, fabric switch (includes 4 full rate ports and 16 host-optimized ports).
MDS 9120 only
DS-C9140-K9
MDS 9140 fixed configuration (non-modular) fabric switch (includes 8 full rate ports and 32 host-optimized ports).
MDS 9140 only
Supervisor modules
DS-X9530-SF1-K9
MDS 9500 Supervisor/Fabric-I, module.
MDS 9500 Series only
Switching modules
DS-X9016
MDS 9000 16-port 2-Gbps/1-Gbps Fibre Channel module (SFPs sold separately).
MDS 9500 Series and 9200 Series
DS-X9032
MDS 9000 32-port 2-Gbps/1-Gbps Fibre Channel module (SFPs sold separately).
Services modules
DS-X9308-SMIP
8-port Gigabit Ethernet IP Storage Services module.
DS-X9304-SMIP
4-port Gigabit Ethernet IP Storage Services module.
DS-X9032-SMV
32-port Fibre Channel Advanced Services Module (ASM).
DS-X9560-SMC
Caching Services Module (CSM).
DS-X9302-14K9
14-port Fibre Channel/2-port Gigabit Ethernet Multiprotocol Services (MPS-14/2) module.
LC-type fiber-optic SFP1
DS-SFP-FC-2G-SW
2-Gbps/1-Gbps Fibre Channel — short wave SFP.
MDS 9000 Family
DS-SFP-FC-2G-LW
2-Gbps/1-Gbps Fibre Channel — long wave SFP.
DS-SFP-FCGE-SW
1-Gbps Ethernet and 2-Gbps/1-Gbps Fibre Channel—short wave SFP.
DS-SFP-FCGE-LW
1-Gbps Ethernet and 2-Gbps/1-Gbps Fibre Channel — long wave SFP.
CWDM2
CWDM-SFP-xxxx-2G
Gigabit Ethernet and 2-Gbps/1-Gbps Fibre Channel SFP LC interface xxxx nm, where xxxx = 1470, 1490, 1510, 1530, 1550, 1570, 1590, or 1610 nm.
MDS 9000 Family
CWDM-MUX-4
Add/drop multiplexer for four CWDM wavelengths.
CWDM-MUX-8
Add/drop multiplexer for eight CWDM wavelengths.
CWDM-CHASSIS-2
Two slot chassis for CWDM add/drop multiplexer(s).
Power supplies
DS-CAC-300W
300-W3 AC power supply.
MDS 9100 Series only
DS-CAC-845W
845-W AC power supply.
MDS 9200 Series only
DS-CAC-2500W
2500-W AC power supply.
MDS 9509 only
DS-CDC-2500W
2500-W DC power supply.
DS-CAC-4000W-US
4000-W AC power supply for US (cable attached).
DS-CAC-4000W-INT
4000-W AC power supply international (cable attached).
DS-CAC-1900W
1900-W AC power supply.
MDS 9506 only
DS-CDC-1900W
1900-W DC power supply.
CompactFlash
MEM-MDS-FLD512M
MDS 9500 supervisor CompactFlash disk, 512MB.
MDS 9500 Series only
Port analyzer adapter
DS-PAA-2
A standalone Fibre Channel-to-Ethernet adapter that allows for simple, transparent analysis of Fibre Channel traffic in a switched fabric.
MDS 9000 Family
1 SFP = small form-factor pluggable
2 CWDM = coarse wavelength division multiplexing
3 W = Watt
Determining the Software Version
Note
To determine the version of the Cisco MDS SAN-OS software currently running on a Cisco MDS 9000 Family switch using the CLI, log into the switch and enter the show version EXEC command.
To determine the version of the Cisco MDS SAN-OS software currently running on a Cisco MDS 9000 Family switch using the Fabric Manager, view the Switches tab in the information pane, locate the switch, using the IP address, logical name, or WWN, and check its version in the Release column.
Image Upgrade
The Cisco MDS SAN-OS software is designed for mission-critical high availability environments. To realize the benefits of nondisruptive upgrades on the Cisco MDS 9500 Directors, we highly recommend that you install dual supervisor modules.
You can nondisruptively upgrade to Cisco MDS SAN-OS Release 2.0(1b) from any SAN-OS software release beginning with Release 1.3(x). If you are running an older version of SAN-OS, upgrade to Release 1.3(x) and then Release 2.0(1b).
When downgrading from Cisco MDS SAN-OS Release 2.0(1b) to release 1.3(x), you might need to disable new features in release 2.0(1b) for a nondisruptive downgrade. Issuing the install all command from the CLI, or using Fabric Manager to perform the downgrade, enables the compatibility check which will indicate that the downgrade will be disruptive and the reason will be "current running-config is not supported by new image".
Compatibility check is done:Module bootable Impact Install-type Reason------ -------- -------------- ------------ ------2 yes disruptive reset Current running-config is not supported by new image3 yes disruptive reset Current running-config is not supported by new image5 yes disruptive reset Current running-config is not supported by new image6 yes disruptive reset Current running-config is not supported by new imageAt a minimum, you need to disable the default device alias distribution feature using the no device-alias distribute command in global configuration mode. The show incompatibility system bootflash:1.3(x)_filename command determines which additional features need to be disabled.
Note
New Features in Cisco MDS SAN-OS Release 2.0(1b)
Cisco MDS SAN-OS Release 2.0(1b) is a major release for switches in the Cisco MDS 9000 Family. See the "Caveats" section for details on closed and outstanding caveats and limitations.
Note
The following new features are introduced in Release 2.0(1b):
•
•
•
•
•
•
Cisco MDS 9216i Multiprotocol Fabric Switch
Cisco MDS 9216i multiprotocol fabric switches contain one fixed integrated supervisor module with 14 Fibre Channel ports, 2 IP ports that can support FCIP and iSCSI protocols simultaneously, and an expansion slot that can support up to 32 additional ports (for a total of 48 ports).
The Cisco MDS 9216i switch shares a consistent software architecture with the Cisco MDS 9500 Series in a semi-modular chassis and consists of the following major hardware components:
•
•
•
•
•
–
–
–
–
Refer to the Cisco MDS 9200 Series Hardware Installation Guide.
Cisco MDS 9216A Multilayer Fabric Switch
Cisco MDS 9216A multilayer fabric switches contain one fixed integrated supervisor module with 16 Fibre Channel ports and an expansion slot that can support up to 32 additional ports (for a total of 48 ports).
The Cisco MDS 9216 Switch and the Cisco MDS 9216A Switch share a consistent software architecture with the Cisco MDS 9500 Series in a semi-modular chassis and consists of the following major hardware components:
•
•
•
•
•
–
–
–
–
Refer to the Cisco MDS 9200 Series Hardware Installation Guide.
14/2-Port Multiprotocol Services Module
The 14/2-port Multiprotocol Services (MPS-14/2) module allows you to use FCIP and iSCSI features. It integrates seamlessly into the Cisco MDS 9000 Family, and supports the full range of features available on other switching modules, including VSANs, security, and traffic management. The MPS-14/2 module has 14 Fibre Channel ports and two Gigabit Ethernet ports.
Refer to the Cisco MDS 9200 Series Hardware Installation Guide or the Cisco MDS 9500 Series Hardware Installation Guide.
Graceful Shutdown
As of Release 2.0(1b), the Cisco MDS SAN-OS software implicitly performs a graceful shutdown in response to either of the following actions:
•
•
A graceful shutdown ensures that no frames are lost when the interface is shutting down. When a shutdown is triggered either by you or the Cisco MDS SAN-OS software, the switches connected to the shutdown link coordinate with each other to ensure that all frames in the ports are safely sent through the link before shutting down. This enhancement reduces the chance of frame loss.
Refer to the Cisco MDS 9000 Family Configuration Guide.
Cisco Fabric Services
The Cisco MDS SAN-OS software uses the Cisco Fabric Services (CFS) infrastructure to enable efficient database distribution and to foster device flexibility. It simplifies SAN provisioning by automatically distributing configuration information to all switches in a fabric. The following Cisco MDS SAN-OS features use the CFS infrastructure:
•
•
•
•
•
•
•
•
•
•
•
Refer to the Cisco MDS 9000 Family Configuration Guide.
Dynamic VSANs
Port VSAN membership on the switch is assigned on a port-by-port basis. By default each port belongs to the default VSAN.
As of Cisco MDS SAN-OS Release 2.0(1b), you can dynamically assign VSAN membership to ports by assigning VSANs based on the device WWN. This method is referred to as the Dynamic Port VSAN Membership (DPVM) feature. DPVM offers flexibility and eliminates the need to reconfigure the VSAN to maintain fabric topology when a host or storage device connection is moved between two Cisco MDS switches. It retains the configured VSAN regardless of where a device is connected or moved.
Refer to the Cisco MDS 9000 Family Configuration Guide.
Enhanced Zoning
As of Cisco MDS SAN-OS Release 2.0(1b), the zoning feature is enhanced to be compliant with FC-GS-4 and FC-SW-3. Both standards support the basic zoning and the enhanced zoning functionalities.
Refer to the Cisco MDS 9000 Family Configuration Guide.
Zone-Based Traffic Priority
As of Cisco SAN-OS Release 2.0(1b), the zoning feature provides an additional segregation mechanism to prioritize select zones in a fabric and set up access control between devices. Using this feature, you can configure the Quality of Service (QoS) priority as a zone attribute. You can assign the QoS traffic priority attribute to be high, medium, or low. By default, zones with no specified priority are implicitly assigned a low priority. Zone-based QoS can only be implemented in Cisco MDS 9000 Family switches running Cisco MDS SAN-OS Release 2.0(1b) or later.
Refer to the Cisco MDS 9000 Family Configuration Guide.
Device Alias Distribution
As of Cisco SAN-OS Release 2.0(1b), all switches in the Cisco MDS 9000 Family offer a new alias distribution feature called Distributed Device Alias Services (device alias). In Release 1.3 and earlier, aliases were distributed on a per VSAN basis. Using this new, enhanced service, you now have the option to distribute device alias names on a fabric-wide basis.
Refer to the Cisco MDS 9000 Family Configuration Guide.
Switch Security
Management security in any switch in the Cisco MDS 9000 Family provides security to all management access methods including the command-line interface (CLI) or Simple Network Management Protocol (SNMP). CLI security options also apply to the Cisco MDS Fabric Manager and Device Manager.
•
Prior to Release 2.0(1b), if a user was previously configured in one database and not the other, the user can continue using that account.
Prior to upgrading to Release 2.0(1b), if the user was present in the SNMP database and the CLI database, then the set of roles assigned to this user in Release 2.0(1b) will include the union of both sets of roles.
•
•
•
Refer to the Cisco MDS 9000 Family Configuration Guide.
Network Security
The IP Security (IPsec) Protocol is a framework of open standards that provides data confidentiality, data integrity, and data authentication between participating peers. It is developed by the Internet Engineering Task Force (IETF). IPsec provides security services at the IP layer, including protecting one or more data flows between a pair of hosts, between a pair of security gateways, or between a security gateway and a host.
IPsec uses the Internet Key Exchange (IKE) protocol to handle protocol and algorithm negotiation and to generate the encryption and authentication keys to be used by IPsec. While IKE can be used with other protocols, its initial implementation is with the IPsec protocol. IKE provides authentication of the IPsec peers, negotiates IPsec security associations, and establishes IPsec keys.
Refer to the Cisco MDS 9000 Family Configuration Guide.
PortChannel Protocol
The PortChannel Protocol expands the PortChannel functional model in Cisco MDS switches. Each switch uses the information received from the peer ports along with its local configuration and operational values to decide if it should be part of a PortChannel.
The PortChannel feature now includes a new mode (ACTIVE) and a new protocol (autocreation).
Refer to the Cisco MDS 9000 Family Configuration Guide.
ACTIVE Mode
You can configure each PortChannel with a channel group mode parameter to determine the PortChannel protocol behavior for all member ports in this channel group. In the ACTIVE mode, the member ports initiate the PortChannel protocol negotiation with peer port(s) regardless of the channel group mode of the peer port.
The default ON mode is backward compatible with the existing implementation of PortChannels in releases prior to Release 2.0(1b), where the channel group mode is implicitly assumed to be ON. In Cisco MDS SAN-OS Release 1.3 and earlier, the only available PortChannel mode was ON.
Autocreation
As of Cisco SAN-OS Release 2.0(1b), a protocol to exchange PortChannel configurations is available in all Cisco MDS switches. The autocreation mode enables ISLs with compatible parameters to automatically form channel groups without manual intervention.
Port Tracking
The Port Tracking feature is unique to the Cisco MDS 9000 Family of switches. This feature uses information about the operational state of the link to initiate a failure in the link that connects the edge device. This process of converting the indirect failure to a direct failure triggers a faster recovery process. When enabled, the port tracking feature brings down the configured links based on the failed link and forces the traffic to be redirected to another redundant link.
Refer to the Cisco MDS 9000 Family Configuration Guide.
Call Home
As of Cisco SAN-OS Release 2.0(1b), the Call Home feature provides message throttling capabilities, periodic inventory messages, port syslog messages, and RMON alert messages.
Refer to the Cisco MDS 9000 Family Configuration Guide.
SAN Extension Tuner
The SAN extension tuner (SET) feature is unique to the Cisco MDS 9000 Family of switches. This feature helps you optimize FCIP performance by generating SCSI I/O commands and directing such traffic to a specific virtual target. You can specify the size of the test I/O transfers and how many concurrent I/Os to generate while testing. The SET reports the resulting I/Os per second (IOPS) and I/O latency, which helps you determine the number of concurrent I/Os needed to maximize FCIP throughput.
Refer to the Cisco MDS 9000 Family Configuration Guide.
Command Scheduler
The Cisco MDS command scheduler feature helps you schedule configuration and maintenance jobs in any switch in the Cisco MDS 9000 Family. This feature is available in the Cisco SAN-OS Release 2.0(1b) software. You can use this feature to schedule jobs on a one-time basis or periodically.
Refer to the Cisco MDS 9000 Family Configuration Guide.
Initial Setup Changes
The questions in the initial set up routine and the order in which they appear is enhanced to reflect the various changes in the Cisco SAN-OS Release 2.0(1b) software.
Refer to the Cisco MDS 9000 Family Configuration Guide.
Extended BB_Credits
The BB_credits feature allows you to configure up to 255 receive buffers. This number is insufficient for long haul links. To facilitate BB_credits for long haul links, the extended BB_credits flow control mechanism allows you to configure up to 3,500 receive BB_credits on a Fibre Channel port. The extended BB_credit configuration takes precedence over the receive BB_credit and performance buffer configurations.
Refer to the Cisco MDS 9000 Family Configuration Guide.
Link Initialization WWN Usage
Exchange Link Protocol (ELP) and Exchange Fabric Protocol (EFP) use WWNs during link initialization. The usage details differ based on the Cisco SAN-OS software release:
•
•
–
–
•
–
–
This link initialization change between Cisco SAN-OS releases is implicit and does not require any configuration.
Refer to the Cisco MDS 9000 Family Configuration Guide.
Multicast Compliance
Prior to Cisco SAN-OS Release 2.0(1b), the principal switch to compute the multicast tree. Now, to interoperate with other vendor switches (following FC-SW3 guidelines), the Cisco SAN-OS software uses the lowest domain switch as the root to compute the multicast tree in interop mode.
Refer to the Cisco MDS 9000 Family Configuration Guide.
FC ID Enhancements
The FC ID feature is enhanced as described in this section.
Refer to the Cisco MDS 9000 Family Configuration Guide.
Persistence by Default
To preserve the FC IDs in your configuration, verify that the persistent Fibre Channel ID (FC ID) feature is enable before rebooting. As of SAN-OS Release 2.0(1b), this feature is enabled by default. In earlier releases, the default is disabled. For more information on persistent FC ID, see the Persistent FC IDs section in the Cisco MDS 9000 Family Configuration Guide.
Allocation for HBAs
To conserve the number of FC IDs used, Cisco MDS 9000 Family switches use a special FC ID allocation scheme.
In Cisco SAN-OS Release 1.3 and earlier, a full area is allocated to host bus adapters (HBAs). This allocation isolates them to an area and they are listed with their pWWN during a fabric login. The allocated FC IDs are cached persistently and are still available in Cisco SAN-OS Release 2.0(1b).
To allow further scalability for switches with numerous ports, the Cisco SAN-OS Release 2.0(1b) software maintains a list of HBAs, identified by their company IDs (also known as Organizational Unit Identifier, or OUI), that use the pWWN during a fabric log in. A full area is allocated to N ports with company IDs that are listed and for the others, a single FC ID is allocated. Irrespective of the kind (whole area or single) of FC ID allocated, the FC ID entries remain persistent.
Changed Term from FCOT to SFP
As of Cisco SAN-OS Release 2.0(1b), the term FCOT (Fibre Channel optical transmitter), is replaced by the term SFP (small form-factor pluggable), in the Cisco SAN-OS software and in the documentation.
Refer to the Cisco MDS 9000 Family Configuration Guide.
IP-ACL Enhancements
In Cisco SAN-OS Release 1.3 and earlier, you could only apply IP-ACLs to VSAN interfaces and the management interface. As of Cisco SAN-OS Release 2.0(1b), you can also apply IP-ACLs to Gigabit Ethernet interfaces (IPS modules) and Ethernet PortChannel interfaces.
If IP-ACLs are already configured in a Gigabit Ethernet interface, you cannot add this interface to a Ethernet PortChannel group.
Do not apply IP-ACLs to only one member of a PortChannel group. Apply IP-ACLs to the entire channel group.
Refer to the Cisco MDS 9000 Family Configuration Guide.
Storing the Last Core to Flash
As of Cisco SAN-OS Release 2.0(1b), the last core dump (service core) is automatically saved to the Flash in the /mnt/pss/ partition before the switchover or reboot occurs. Three minutes after the supervisor module reboots, the saved last core is restored from the Flash partition (/mnt/pss) back to its original RAM location. This restoration is a background process and is not visible to the user.
Refer to the Cisco MDS 9000 Family Configuration Guide.
File System Enhancements
As of Cisco SAN-OS Release 2.0(1b), you can use the Tab key to complete schemes, servers, and file names available in the file system.
Refer to the Cisco MDS 9000 Family Configuration Guide.
RMON Configuration
As of Cisco SAN-OS Release 2.0(1b), you can configure RMON alarms and events by using the CLI.
Refer to the Cisco MDS 9000 Family Configuration Guide.
IP Storage
This section includes the following subsections:
Refer to the Cisco MDS 9000 Family Configuration Guide.
FCIP Tape Acceleration
Tapes are storage devices that store and retrieve user data sequentially. Applications that access tape drives normally have only one SCSI WRITE operation outstanding to it. This single command process limits the benefit of the write acceleration feature when using an FCIP tunnel over a long-distance WAN link. It impacts backup and archive performance because each SCSI WRITE operation does not complete until the host receives a good status response from the tape drive.
The FCIP tape acceleration feature is introduced in Cisco SAN-OS Release 2.0(1b) to improve tape backup and archive operations by allowing faster data streaming from the host to the tape over the WAN link.
FCIP Compression Enhancement
The FCIP compression feature is enhanced to support new compression modes
•
•
•
These three modes replace the high-throughput and high-comp-ratio modes available in Cisco SAN-OS Release 1.3.
When you upgrade from Cisco SAN-OS Release 1.3, the high-throughput configuration becomes mode 1 and the high-comp-ratio configuration becomes mode 3.
When you downgrade from Cisco SAN-OS Release 2.0(1b) to Cisco SAN-OS Release 1.3 release, all modes (mode 1, mode 2, and mode 3) in Cisco SAN-OS Release 2.0(1b) become high-throughput mode in Cisco SAN-OS Release 1.3.
iSNS Server
The iSNS server allows existing TCP/IP networks to function more effectively as storage area networks by automating the discovery, management, and configuration of iSCSI devices. It also provides device registration, state change notification, and remote domain discovery services.
Mutual CHAP Authentication
The IPS module supports a mechanism for the iSCSI initiator to authenticate the switch using the switch user name and password during the iSCSI CHAP authentication login.
Other IP Storage Changes
The following settings are enhanced in Cisco SAN-OS Release 2.0(1b):
•
•
•
•
•
New CLI Commands
Several new CLI commands support the new features in this software release. Other commands introduced or significantly enhanced in Release 2.0(1b) are addressed in this section.
Refer to the Cisco MDS 9000 Family Configuration Guide and the Cisco MDS 9000 Family Command Reference.
The show inventory Command
To view information on the field replaceable units (FRUs) in the switch, including product IDs, serial numbers, and version IDs, use the show inventory command.
The error-enabled Command
To enable the error-enabled message display, use the aaa authentication login error-enable command.
To disable the error-enabled message display, use the no aaa authentication login error-enable command.
To view the current display status, use the show aaa authentication login error-enable command.
The snmp-server enable traps Command
To enable a specific SNMP trap (for example, fcdomain traps) notification use the snmp-server enable traps fcdomain command.
To disable the specified SNMP trap notification use the no snmp-server enable traps fcdomain command.
The Extended ping Command
The ping command now provides additional options to verify the connectivity of a remote host or server. To specify these additional parameters, type ping at the CLI switch prompt and press Enter.
Deprecated Commands
The following commands are deprecated in Cisco SAN-OS Release 2.0(1b):
•
•
•
•
Fabric Manager Enhancements
The Cisco MDS 9000 Family Fabric Manager enhancements are as follows:
•
–
–
–
–
•
•
•
•
•
•
–
–
–
•
•
•
•
•
•
–
–
–
–
•
–
–
•
–
–
•
–
–
–
–
–
•
–
–
–
–
–
–
Device Manager Enhancements
The Cisco MDS 9000 Family Device Manager enhancements are as follows:
•
•
•
•
–
–
–
–
–
–
–
•
•
•
•
•
•
–
–
–
•
Refer to the Cisco MDS 9000 Fabric Manager Guide.
Limitations and Restrictions
The following limitations and restrictions apply to all switches in the Cisco MDS 9000 Family:
•
•
•
•
Upgrading to Cisco MDS SAN-OS Release 2.0(1b) from Release 1.3(4a)
This procedure applies to Fabric Manager and Device Manager applications using Cisco MDS SAN-OS Release 1.3(4a) software.
To upgrade a switch from 1.3(4a) to 2.0(1b), use Device Manager to copy the image files to bootflash and then use Fabric Manager to perform the upgrade.
To copy the image files from a server or PC to bootflash, follow these steps:
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
Note
[device>:][<partition>:]<file>
where <device> is a value obtained from the Flash device name,
<partition> is obtained from the Flash partition name
and <file> is any character string that does not have embedded colon characters.Step 10
To upgrade using Fabric Manager, use the Software Install Wizard. Software upgrades may be disruptive under the following conditions:
•
•
Note
To use the Software Install Wizard, follow these steps:
Step 1
You see the Software Install Wizard.
Step 2
You must select at least one switch to proceed. When finished, click Next.
Step 3
To use images that are already downloaded (the file is already on the bootflash), check the Skip Image Download check box.
Step 4
Step 5
You must select at least one image for each switch to proceed.
Note
Step 6
If you check version check before the upgrade process is started, a version check is done. This check provides information about the impact of the upgrade for each module on the switch. It also shows any HA-related incompatibilities that might result. You see a final dialog box at this stage, prompting you to confirm that this check should be performed.
Caution
Note
Refer to the Cisco MDS 9000 Fabric Manager Guide.
Temporary User Account
When you log in to a Cisco MDS switch successfully using the Fabric Manager or Device Manager through Telnet or SSH and if that switch is configured for AAA server-based authentication, a temporary SNMP user entry is automatically created with an expiry time of one day. The switch authenticates the SNMPv3 protocol data units (PDUs) with your Telnet/SSH login name as the SNMPv3 user are authenticated by the switch. The management station can temporarily use the Telnet/SSH login name as the SNMPv3 auth and priv passphrase. This temporary SNMP login is only allowed if you have one or more active MDS shell sessions. If you do not have an active session at any given time, your login is deleted and you cannot perform SNMP v3 operations.
Refer to the Cisco MDS 9000 Family Configuration Guide.
Deleting Roles
If a user only belongs to one of the newly-created roles and that role is subsequently deleted, then the user immediately defaults to the network-operator role.
Refer to the Cisco MDS 9000 Family Configuration Guide.
The localizedkey Option
Avoid using the localizedkey option when configuring an SNMP user from the CLI. The localized keys are not portable across devices as they contain device engine ID information. If a configuration file is copied to the device, the passwords may not be set correctly if the configuration file was generated at a different device. Explicitly configure the desired passwords after copying the configuration into the device. Passwords specified with the localizedkey option are limited to a 130 characters.
Refer to the Cisco MDS 9000 Family Configuration Guide.
Extended BB_Credit Support
The last two Fibre Channel ports (port 13 and port 14) and the two Gigabit Ethernet ports in the MPS-14/2 module and in the Cisco MDS 9216i Switch do not support the extended BB_credits feature.
Refer to the Cisco MDS 9000 Family Configuration Guide.
DPVM
The DPVM feature overrides any existing static port VSAN membership configuration. If a device is not configured for a specific VSAN, it continues to be part of the existing port VSAN.
If the VSAN corresponding to the dynamic port is deleted or suspended, the port is shut down.
Refer to the Cisco MDS 9000 Family Configuration Guide.
PortChannel Autocreation
When enabling autocreation, we recommend that you retain at least one interconnected port between the switches without any autocreation configuration. If all ports between two switches are configured with the autocreation feature at the same time, you may face a possible traffic disruption between these two switches as the ports are automatically disabled and reenabled when ports are added to an autocreated PortChannel.
Refer to the Cisco MDS 9000 Family Configuration Guide.
IP-ACL Support
Do not apply IP-ACLs to only one member of a PortChannel group. Apply IP-ACLs to the entire channel group.
If IP-ACLs are already configured in a Gigabit Ethernet interface, you cannot add this interface to a Ethernet PortChannel group.
Refer to the Cisco MDS 9000 Family Configuration Guide.
Port Mode for IBM FAStT 500 Storage System
If you are connecting IBM FAStT 500 storage system to Cisco MDS switches, configure the port mode as F instead of Fx or Auto.
Refer to the Cisco MDS 9000 Family Configuration Guide.
FCIP Links
If the FCIP write acceleration feature or the FCIP compression feature is enabled on an FCIP link, then switches in a fabric running Cisco MDS SAN-OS Release 1.3 will not be compatible with switches in the same fabric running Cisco MDS SAN-OS Release 2.0(1b).
If a Cisco MDS switch running Cisco MDS SAN-OS Release 1.3 is upgraded to Cisco MDS SAN-OS Release 2.0(1b) when FCIP compression or write acceleration is enabled, then an FCIP link failure will occur.
If the upgrade is performed using the Fabric Manager, then the FCIP link continues to remain in the failed state till the connected switches are upgraded.
To avoid this FCIP link failure, disable the write acceleration and the FCIP compression features before beginning the upgrade process.
Fabric Manager/Device Manager Support on Windows2003
Fabric manager/Device manager does not work properly with JRE version 1.4.2_03 on Windows 2003 operating system.
JRE version 1.4.2_05 has been found to work without any issues on Windows 2003.
Caveats
This section lists the caveats and corrected caveats for this release. Use Table 3 to determine the status of a particular caveat. In the table, "R" indicates a resolved caveat, and "O" indicates an open caveat.
Resolved Caveats
•
Symptom: A license installation failure occurs on the Cisco MDS 9216A switch running Cisco MDS SAN-OS software releases 1.3(2a), 1.3(4a) and 1.3(5).
Workaround: Upgrade to Cisco SAN-OS software releases 1.3(6), 2.0(1b) or later for successful license installation. If desired, the Cisco MDS 9216A switch can then be downgraded to releases 1.3(2a), 1.3(4a), or 1.3(5).
•
Symptom: SNMP daemon crashes periodically on a Cisco MDS 9000 Family switch running Release 1.3(4a). Issue the show process memory | include snmp commands at regular intervals to show the pattern of a memory increase.
Workaround: Upgrade to Cisco MDS SAN OS Release 1.3(6).
•
Symptom: The system does not recognize a CLI password containing the "$" character.
Workaround: Change your password to a different string that does not include the "$" character. For an admin user-account, you might have to perform the password-recovery procedure to reset the password.
•
Symptom: If multiple "get all next" queries are sent before receiving a response from the first one, some queries might be dropped as they overwhelm the name server buffers. Some arrays do this to improve performance, resulting in dropped queries.
Workaround: Upgrade to Cisco MDS SAN-OS Release 1.3(6).
•
Symptom: If you downgrade from Cisco MDS SAN-OS Release 1.3(5) to Release 1.3(4), then you might lose your per-VSAN in-order delivery configuration.
Workaround: Reconfigure your system with the per-VSAN in-order delivery configuration.
•
Symptom: A corrupted license file installs on an MDS 9000 switch without errors.
Workaround: None.
•
Symptom: A Fabric Manager zone migration wizard causes a Telnet session to hang when a non-MDS switch is present.
Workaround: None.
•
Symptom: Following an upgrade from Release 1.1 to Release 1.3 or higher, with persistent FC ID enabled, the FC IDs for the storage arrays may get changed after a link flap.
Workaround: None.
•
Symptom: If you install an SSM and boot it with either the VSFN or SSI Image, the Enterprise License grace period starts.
Workaround: None.
•
Symptom: In some rare cases, license features are disabled when the IP address on a management port is changed.
Workaround: None. Enable the license features again.
Open Caveats
•
Symptom: A small amount of memory in the IP configuration process leaks each time any of the following commands execute: show running-config, show startup-config, copy running-config startup-config. After repeated occurrences, the command fails to execute.
Workaround: None.
•
Symptom: In some rare instances in Cisco MDS SAN-OS Release 1.3, 2.0, and 2.1(1), when the IP Storage Services (IPS) module restarted after a failure, VSAN membership information about iSCSI interfaces was lost. However, a configuration saved with the copy running-config startup command was not lost.
Workaround: None.
•
Symptom: The IPsec feature supports 100 simultaneous encrypted tunnels for each Gigabit Ethernet interface. If you exceed this limit, the port fails.
Workaround: None.
•
Symptom: When you disable in-order delivery in a Cisco MDS 9000 Family switch, and if you change the default zone's priority in the presence of an active zoneset, then the packets with the old priority may arrive out of order.
Workaround: None.
•
Symptom: If you insert or reboot a standby supervisor while the active is in steady state, you may see the following message before the standby supervisor goes online under certain circumstances:
2004 Oct 4 20:45:39 sw172 %KERN-2-SYSTEM_MSG: do_xmit_sync_msgs() returned -70 (aipc): msg_id=0x2deeb, msg_num=1, data_size=60, msg_size=108, skb_size=170After issuing this message, the active supervisor module forces another reboot of the standby supervisor module and prints the following syslog message
%SYSMGR-2-SYNC_FAILURE_STANDBY_RESET).This double reboot takes a longer time for the standby supervisor module to go online. It does not impact the stability of the system. Once the standby supervisor is online, this problem cannot occur.
Workaround: None.
•
Symptom: When the nWWN of a device logged through a port is assigned a new VSAN, and when the DPVM database is activated, then the port does not move to the new VSAN.
Workaround: Disable and enable the interface.
•
Symptom: When the fabric is in the enhanced zoning mode and if a new inter-switch link (ISL) triggers a zone database merge failure, then the commands to export/import the zone database fail to bring up the link.
Workaround: Fix the databases and then bring up the links in the switches on either side of the link.
•
Symptom: While downgrading from Cisco MDS SAN-OS Release 2.0(1b) to Cisco MDS SAN-OS Release 1.3(x), if the CIM server is enabled, the Gigabit Ethernet ports may go down.
Workaround: Disable the CIM server when downgrading from 2.0(1b) to 1.3(x)
•
Symptom: The iSNS server fails if you disable the iSNS server when the initiator is configured on the local switch, registers with the remote switch, and logs into the available targets on both switches.
Workaround: None.
•
Symptom: If a new VSAN is added to the TE port channel after a hitless upgrade to Cisco MDS SAN-OS Release 2.0(1b), any new vsans brought up in this port channel will either not come up or will come up, but not carry any traffic. This will also appear in following situations after the upgrade to release 2.0(1b):
a.
b.
c.
Workaround: There are two workarounds for these issues:
a.
b.
•
Symptom: The iSCSI/IPSec session may go down and come back up after a few hours if using Microsoft's implementation of IPsec in the iSCSI initiator software.
Workaround: None.
•
Symptom: In some cases the FICON port attributes will show no attributes in Device Manager.
Workaround: None.
•
Symptom: Some hosts may not accept IKE tunnel creation from Cisco MDS switches when an IKE session already exists in the Cisco MDS switch. In such cases it may take more than the expected time for the IPsec session to come up. This scenario can happen when the Gigabit Ethernet interface on the Cisco MDS switch fails and comes back up or if you issue a VRRP switchover to a different Cisco MDS switch.
Workaround: For a faster recovery, disconnect and re-initiate the iSCSI session from the host.
•
Symptom: The zone server might fail to read its configuration because of some inconsistent values in its configuration during an upgrade.
Workaround: None. Upgrade to Cisco MDS SAN-OS Release 2.0(2b).
•
Symptom: If an IPS module with operational FCIP PortChannels is reloaded, upgraded, or downgraded, the supervisor module may be reloaded causing the system to reboot.
Workaround: Before reloading, upgrading, or downgrading an IPS module, shut down all FCIP PortChannels on the line card.
•
Symptom: License warning notifications, either through Call Home or system messages, might occur in the following situations:
–
–
Workaround: None.
•
Symptom: The SAN extension tuner tool cannot be used to inject traffic on FCIP links that have write acceleration enabled.
Workaround: None.
•
Symptom: The SNMP process might fail under certain error conditions if you are adding a member to a zone using fcalias type.
Workaround: None.
•
Symptom: Sometimes in-service software upgrades from previous releases to Release 2.0(1b) causes errors in FICON VSANs showing up as IFCC errors on mainframe.
Workaround: None.
•
Symptom: The XIOTECH initiator does not recognize remote storage devices.
Workaround: Issue the fcid-allocation area company-id 0x00d0b2 command before connecting the devices to the switch to ensure that the storage devices get FCIDs with a unique area byte. If the devices are already connected, refer to the Cisco MDS 9000 Family Configuration Guide for information about adding a company-id to the list.
•
Symptom: Scheduled jobs are sometimes executed twice in a day.
Workaround: None. Upgrade to Cisco MDS SAN-OS Release 2.0(3)
•
Symptom: The application might report that the loop port is not up, however, the port is online and operational.
Workaround: Issue the shutdown/no shutdown command sequence to clear the problem.
•
Symptom: FCIP Write Acceleration does not work with certain storage replication subsystems.
Workaround: None.
•
Symptom: If your switch port is configured in auto speed (switchport speed auto) and auto mode (switchport mode auto), the switch-port fails to establish a link with the device connected through Emulex HBA LP8000 and remains in link-failure state. The problem occurs with the following combination of HBA, Driver, Firmware, and OS configured at 1 Gbps.
Workaround: Configure the switch port speed to 1 Gbps (switchport speed 1000) to support the Emulex HBA LP8000.
•
Sympton: An error message in the log file occurs because the platform manager component passes the wrong parameter while responding to a SNMP query. In some cases, this results in the query not being responded to.
Workaround: Perform a refresh on Device Manager to clear the problem.
•
Symptom: If you remove a port from a port channel or shutdown a member port of a port-channel, the ConnUnitPortStatus/State trap is not sent.
•
Symptom: While using an FCIP link for remote SPAN, it is possible that the FCIP link may flap.
Workaround: Do not use FCIP links for Remote SPAN.
Workaround: None.
•
Symptom: When IVR is enabled, the Fabric-Device Management Interface information is not transferred across VSANs for IVR devices.
Workaround: None.
•
Symptom: During a switch upgrade, a SAN Volume Controller (SVC) node may not save its entire state under rare circumstances. This results in that node not being part of the cluster after the switch upgrade. Verify this symptom by issuing the show nodes local command at the svc-config prompt—the command output displays the following information:
–
–
Workaround: Manually remove the SVC node from the cluster and then add the node back into the cluster. Refer to Cisco MDS 9000 Family SAN Volume Controller Configuration Guide for procedural details.
•
Symptom: On rare occasions, the install license command may fail due to the saved state of the switch configuration. This may occur after saving a remote configuration to the switch using the copy remote-url start-up command.
Workaround: Issue the copy ru st command. The install license command should work properly after that.
•
Symptom: If an iSCSI initiator is configured differently on multiple switches, iSNS might report more targets to the initiator than the initiator can access. An iSCSI initiator would get a target error if it attempts to establish a connection.
Workaround: None.
•
Symptom: When the bit error rate exceeds a threshold, the switch does not send out the RLIR frame correctly.
Workaround: Upgrade to Cisco MDS SAN-OS Release 2.0(2b).
•
Symptom: A VSAN restricted user can change the assignment of a VSAN for an Fx port and have access to other VSANs using SNMP.
Workaround: None.
•
Symptom: If a number of DPVM device entries are deleted together (by highlighting them) from the Fabric Manager or the Device Manager, these entries are not deleted properly.
Workaround: The workaround for this problem is to delete one DPVM device entry at a time.
•
Symptom: IPACL rules are deleted from the running configuration when issuing the show startup configuration command. Issuing the following commands might result in losing all the ipacl rules:
–
–
–
Workaround: Upgrade to Cisco MDS SAN-OS Release 2.0(2b).
•
Symptom: After a successful database merge, the output of the show cfs merge status name application_name command may not reflect the correct merge status. However, the merge operation remains successful.
Workaround: None. The correct status is displayed when you perform additional CFS operations.
•
Symptom: The boot variables are not visible in the output of the show startup-config command. However, the boot variables are successfully saved in startup configuration and are applied at the next switch reboot. This impact occurs only if you use the following sequence:
a.
b.
c.
Workaround: If you use the specified sequence, manually set the boot variables.
•
Symptom: If you issue a blank commit after merge failure or if this is the first commit after merge failure, the current config database is activated in all switches in the fabric. If the config database is null or made null, then the database is deactivated in all switches.
Workaround: None.
•
Symptom: If you issue a commit command, the DPVM application implicitly activates the existing configuration database. The configuration database is activated only when the commit command is explicitly issued after the activate command.
Workaround: None.
•
Symptom: After creating or deleting VSANs, the Fabric Manager client does not list the VSANs correctly.
Workaround: Reopen (click on File > Open Fabric or the Open Fabric toolbar button) to display an accurate list of VSANs.
•
Symptom: In Device Manager, ports which dynamically become member of the FICON VSAN are not visible. Only static FICON VSAN ports are displayed.
Workaround: Make static and dynamic port VSANs identical.
•
Symptom: On rare occasions, the PortChannels with FCIP interface members fail to come up when the switch reboots. This happens when the startup config has a default switchport trunk mode setting that does not match the configured trunk mode for PortChannel members (FCIP interfaces). Also, the startup config shows any explicit switchport trunk mode setting for the PortChannel.
Workaround: Reconfigure the switchport trunk mode on the PortChannel.
•
Symptom: Issuing the Ctrl-Z sequence in the command-line interface does not exit configuration submode.
Workaround: Type exit command to exit the configuration submode.
•
Symptom: The iSNS server might crash when iSCSI is disabled and iSNS is enabled using Fabric Manager.
Workaround: None.
•
Symptom: The copy running-configuration startup-configuration command fails to save the zone default-zone permit vsan xx command. In FICON environments, importing a configuration from one switch without this line, may prevent the data to flow as there are no real zones except the default zone.
Workaround: Add "zone default-zone permit vsan xx" in the configuration when applying the configuration to a different switch.
•
Symptom: WWNs assigned to iSCSI initiators by the system can inadvertently be returned to the system when an upgrade fails or a manual downgrade is performed, such as when an older iSAN software version is booted up without using the install all command. In these scenarios, the system can later assign those WWNs again to other initiators, which causes conflicts. This bug is a duplicate of CSCei17870.
•
Symptom: Configuring the CIM server certificate as listed below might cause your switch to crash.
a.
b.
c.
d.
e.
f.
Workaround: None
•
Symptom: If your host or management application is configured to receive notifications from a Cisco MDS 9000 Family switch using SNMPv1, the source address of the notification might not contain the IP address of the switch. As a result, the host may not interpret the notification properly.
Workaround: Use SNMPv2c or upgrade to Cisco MDS SAN-OS Release 2.0(3).
•
Symptom: The Telnet server may not be disabled even if you disable it through setup. A telnet session will still work in the switch.
Workaround: Issue the no telnet server enable command in configuration mode to disable telnet after you login to the switch.
•
Symptom: Password recovery might fail if you use the copy <config-url> startup command to save the switch configuration, or if you boot a system image that is older than the image you used to store the configuration and did not use the install all command. The following message might display in syslog or on the console during the process of password recovery.
<<%ASCII-CFG-2-ACFG_CONFIGURATION_APPLY_ERROR>>
Workaround: Issue the write erase command from the switchboot prompt.
Note
•
Symptom: A Windows host running Hummingbird 10 with Connectivity Secure Shell 9, cannot use SSH to connect to an MDS switch running Cisco MDS SAN-OS Releases 2.0(x)using the same host configuration as was used when connecting to an MDS switch running 1.3(x) code.The host will display the error, "Authentication Failed, no more shared authentication methods".
Workaround: Reconfigure the client to use "keyboard-interactive" instead of "password" for authentication. To do this, go to tunnel profile settings, select Security Settings>Authentication. Ensure the "keyboard interactive" is the method used, "password" might be the currently configured method. Or upgrade to Cisco MDS SAN-OS Release 2.1(1a).
•
Symptom: The show running command shows the callhome profile alertgroups with an underscore ( _ ) rather than a dash ( - ). If the show running command in Cisco MDS SAN-OS Release 1.3.x shows callhome profile with alertgroups as an underscore ( _ ), then it will carry it over to the release 2.0.x code and cannot be deleted. This occurs if the following alert groups have been configured:
–
–
–
Workaround: Before upgrading to Cisco MDS SAN-OS Release 2.x, issue the show running command and delete the following alert groups:
–
–
–
•
Symptom: Alias for a down endport is not shown andis referenced by its pwwn in the Edit FullZoneset screen of the Fabric Manager rather than the fcalias name. This does not affect the functionality of adding those members to the zones either in Fabric Manager or in the CLI.
Workaround: None
•
Symptom: If the NetApp file server appliance is configured as an initiator performing a Network Data Management Protocol (NDMP) backup, then the fabric login (FLOGI) process on the MDS switch might terminate because of excessive LSTS requests.
This might happen if your N port or NL port uses extended link services to manage and control a public remote loop. The NetApp file server appliance configuration uses these services, namely LSTS and LINIT, which are documented in the Fibre Channel standards compliance (FC-FLA standard) specification.
Workaround: Upgrade to Cisco MDS SAN-OS Release 2.0(4).
•
Symptom: Your connection to the server might terminate during an upgrade/downgrade process if the client is detecting the server's status upon receiving events. If the client does not receive any events from the server for a certain amount of time, it assumes that the server is down and closes the connection. Fabric Manager timeouts have also been seen that do not coincide with upgrade/downgrade events.
Workaround: Remove the fabric and then reopen it.
•
Symptom: Protocol and port numbers, if specified in a IP ACL assigned to a IPSec profile (crypto map), will be ignored.
The interop between Microsoft's iSCSI initiator with IPSec encryption with Cisco MDS 9000 Series switches. If IPSec is configured in the Microsoft iSCSI initiator (also the IPSec/IKE initiator), the host IPSec implementation sends the following IPSec policy:
source IP - Host IP, dest IP - MDS IP,source port - any, dest port - 3260 (iSCSI), protocol - 6 (TCP).Upon receiving the above policy, the protocol and port numbers are ignored and only the IP addresses for the IPSec policy are used. Thus, althhough iSCSI traffic is encrypted, non-iSCSI trafffic (such as ICMP ping) sent by the Microsoft Host in cleartext will be dropped in the MDS port.
Workaround: None.
•
Symptom: A corrupted entry is created in the snmpTargetParamsTable when a user creates an entry with NULL string in object snmpTargetParamsName as its index. The SNMP service may stop and restart.
Workaround: None. To avoid similar problems, enter a name in snmpTargetParamsName with at least one character when creating a snmpTargetParamsEntry.
Workaround: None
•
Symptom: Password recovery might fail if you use the copy <config-url> startup command to save the switch configuration, or if you boot a system image that is older than the image you used to store the configuration and did not use the install all command. The following message might display in syslog or on the console during the process of password recovery.
<<%ASCII-CFG-2-ACFG_CONFIGURATION_APPLY_ERROR>>
Workaround: Issue the write erase command from the switchboot prompt.
Note
•
Symptom: During an upgrade of an MDS switch with two or more MPS-14/2 modules, FCIP tunnels on multiple MPS-14/2 modules can be down at the same time. If a PortChannel of two FCIP tunnels on different MPS-14/2 modules is used for redundancy, the redundancy can be lost. If IVR is running over these FCIP tunnels, IVR can lose remote devices as a result of loss of access over the FCIP based PortChannel.
Workaround: Place other modules on which you can perform a hitless upgrade between the MPS-14/2 modules to allow for more time between module upgrade and to give the FCIP tunnels more time to stabilize. To recover access over the FCIP based PortChannel, reactivate the IVR zone set by adding a dummy zone with two dummy members.
•
Symptom: If iSCSI virtual targets are configured with more than 50 LUN maps, then erroneous overlapping LUN map system messages appear when the iSCSI initiator is not allowed to log in to these iSCSI virtual targets.
•
Symptom: In a fabric with more than one switch, there is a possibility of CFS or syslog crashing because of a PSS-FULL condition. This happens because of leakage in the PSS records stored by the CFS module.
CFS internal distributions cause a PSS leakage during one of the following:
–
–
Application and Regular CFS distributions in a stable fabric do not result in PSS leakages.
Workaround: None. A switchover will help in cleaning up these records but the usage of the partition remains same (dev/shm partition). However, CFS will reuse the freed space for further PSS storage.
•
Symptom: A system switchover causes the boot variables to disappear from display in both the show running and show startup command outputs. However, the functionality is unaffected, and the boot variables are still set as displayed in the show boot command output.
Workaround: Issue the show boot command to verify the boot variables.
•
Symptom: An MDS 9000 switch running SAN-OS 2.0(1b) can potentially send excessive Call Home messages due to a malfunctioning line card that acts as if it were being inserted and removed repeatedly.
Workaround: None.
•
Symptom: After upgrading to Release 2.0, it is no longer possible to create, modify, or delete the admin role.
Workaround: Before upgrading to Release 2.0, create the admin role.
•
Symptom: When no role is associated with a user, SNMP fails when the no role name admin command is issued to delete the admin role. The SNMP user (admin) has no roles assigned, which causes the failure when there is an attempt to delete a specific role.
Workaround: Associate at least one role (group) to the user by executing the snmp-server user username [group-name] command in config mode.
•
Symptom: Issuing the no shutdown command on a port produces this error:
fc1/1: (error) port channel config in progress - config not allowedYou can reproduce the problem by removing a port from a port channel and then perform a system switchover. However, the problem does not always occur with these steps.
Workaround: Use the channel-group X command where port channel X, to configure a new port channel and add the port to it. Then use the no interface port-channel X command to remove the newly created port channel. The no shutdown command will now be accepted on the port.
•
Symptom: In rare circumstances, after you issue the install all command to upgrade an MDS switch, the upgrade may fail because the installer process fails. When this occurs, you may see a message like the following:
%CALLHOME-2-EVENT: SW_CRASH alert for service: installerThe installer failed to respond for 10 times. Exiting ...Unable to send exit to installer. Return code -1If you upgrade from 1.3(x) to 2.1 or from 2.0(x) to 2.1 and the upgrade fails, and if after the upgrade failure the supervisor modules are running the new software version, but some modules are running the older software version, then the next attempt to execute the install all command will trigger this problem.
You should not encounter this problem if you upgrade from 2.1 to a higher version.
Workaround: There are two ways to address this issue:
•
•
•
Symptom: If you issue immediate, back-to-back commands to delete and then create FCIP interfaces, the internal port service might crash.
Workaround: Wait 5 seconds between the delete and the following create command for a given FCIP interface.
•
Symptom: The dynamic port VSAN membership (DPVM) failed after the number of F ports exceeded 64 and a port flap occurred.
Workaround: Keep the number of F ports in a switch below 64.
•
Symptom: If you try to configure SSH key for any of the non-local user- accounts, in some rare cases you might see a core dump on standby.
Workaround: First delete the non-local user-account and create it again so that it becomes a local user-account. Then perform any type of configuration for that user-account. User should not perform configuration operations on non- local user-accounts. Non-local user-accounts can be created due to users getting authenticated using RADIUS/TACACS+ server.
Related Documentation
The documentation set for the Cisco MDS 9000 Family includes the following documents:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
For information on VERITAS Storage Foundation™ for Networks for the Cisco MDS 9000 Family, refer to the VERITAS website: http://support.veritas.com/
For information on IBM TotalStorage SAN Volume Controller Storage Software for the Cisco MDS 9000 Family, refer to the IBM TotalStorage Support website: http://www.ibm.com/storage/support/2062-2300/
Obtaining Documentation
Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation at this URL:
http://www.cisco.com/univercd/home/home.htm
You can access the Cisco website at this URL:
You can access international Cisco websites at this URL:
http://www.cisco.com/public/countries_languages.shtml
Documentation DVD
Cisco documentation and additional literature are available in a Documentation DVD package, which may have shipped with your product. The Documentation DVD is updated regularly and may be more current than printed documentation. The Documentation DVD package is available as a single unit.
Registered Cisco.com users (Cisco direct customers) can order a Cisco Documentation DVD (product number DOC-DOCDVD=) from the Ordering tool or Cisco Marketplace.
Cisco Ordering tool:
http://www.cisco.com/en/US/partner/ordering/
Cisco Marketplace:
http://www.cisco.com/go/marketplace/
Ordering Documentation
You can find instructions for ordering documentation at this URL:
http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm
You can order Cisco documentation in these ways:
•
http://www.cisco.com/en/US/partner/ordering/
•
Documentation Feedback
You can send comments about technical documentation to mdsfeedback-doc@cisco.com.
You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883We appreciate your comments.
Cisco Product Security Overview
Cisco provides a free online Security Vulnerability Policy portal at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
From this site, you can perform these tasks:
•
•
•
A current list of security advisories and notices for Cisco products is available at this URL:
If you prefer to see advisories and notices as they are updated in real time, you can access a Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed from this URL:
http://www.cisco.com/en/US/products/products_psirt_rss_feed.html
Reporting Security Problems in Cisco Products
Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you might have identified a vulnerability in a Cisco product, contact PSIRT:
•
•
Tip
Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one that has the most recent creation date in this public key server list:
http://pgp.mit.edu:11371/pks/lookup?search=psirt%40cisco.com&op=index&exact=on
In an emergency, you can also reach PSIRT by telephone:
•
•
Obtaining Technical Assistance
For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, Cisco Technical Support provides 24-hour-a-day, award-winning technical assistance. The Cisco Technical Support Website on Cisco.com features extensive online support resources. In addition, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not hold a valid Cisco service contract, contact your reseller.
Cisco Technical Support Website
The Cisco Technical Support Website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, 365 days a year, at this URL:
http://www.cisco.com/techsupport
Access to all tools on the Cisco Technical Support Website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:
http://tools.cisco.com/RPF/register/register.do
Note
Submitting a Service Request
Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco TAC engineer. The TAC Service Request Tool is located at this URL:
http://www.cisco.com/techsupport/servicerequest
For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco TAC engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.
To open a service request by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447For a complete list of Cisco TAC contacts, go to this URL:
http://www.cisco.com/techsupport/contacts
Definitions of Service Request Severity
To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.
Severity 1 (S1)—Your network is "down," or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.
Severity 3 (S3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.
Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
•
http://www.cisco.com/go/marketplace/
•
•
•
http://www.cisco.com/go/iqmagazine
•
•
http://www.cisco.com/en/US/learning/index.html
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
