Table Of Contents

O Commands

odrt.bin

ocsp url

out-of-service

out-of-service module

out-of-service xbar

O Commands

---

The commands in this chapter apply to the Cisco MDS 9000 Family of multilayer directors and fabric switches. All commands are shown here in alphabetical order regardless of command mode. Please See "About the CLI Command Modes" section on page 1-3 section to determine the appropriate mode for each command. For more information, see the Cisco MDS 9000 Family CLI Configuration Guide.

odrt.bin

To preform offline data recovery of Cisco SME, use the odrt.bin command on Linux-based systems. This command allows you to recover data when the MSM-18/4 module or the Cisco MDS 9222i fabric switch is not available.

odrt.bin [--help][--version]{-h | -l | -r | -w}{if=input_device_or_file | of=output_device_or_file | kf=key_export_file | verbose=level}

Syntax Description

--help	(Optional)Displays information on the tool.
--version	(Optional)Displays the version of the tool.
-h	Reads and prints the tape header information on the tape.
-l	Lists all SCSI devices.
-r	Reads the tape device and writes data to intermediate file(s).
-w	Reads the intermediate file(s) on disk and writes data to the tape.
if	Specifies the input device or file.
of	Specifies the output device or file
kf	Specifies the volume group file name.
verbose	Specifies the level.

Defaults

None.

Command Modes

None. This command runs from the Linux shell.

Command History

Release	Modification
3.3(1a)	This command was introduced.

Usage Guidelines

The odrt.bin command operates in the following steps:

•Tape-to-disk- In this mode, the odrt.bin command reads the encrypted data from the tape and stores it as intermediate files on the disk. This mode is invoked with the '-r' flag. The input parameter is the tape device name and filename on the disk is the output parameter.

•Disk-to-tape- In this mode, the odrt.bin command reads intermediate files on the disk, decrypts and decompresses (if applicable) the data and writes the clear-text data to the tape. The decryption key is obtained from the volume group file that is exported from the Cisco Key Management Center (KMC). This mode is invoked with the '-w' flag. The input parameter is the filename on the disk and tape device name is the output parameter. The volume group file name (key export file) is also accepted as a parameter. Key export password needs to be entered at the command prompt.

Examples

The following command reads and prints the Cisco tape header information on the tape:

odrt -h if=/dev/sg0

The following example read the data on tape into intermediate file(s) on disk:

odrt -r if=/dev/sg0 of=diskfile

The following command reads the encrypted/compressed data in intermediate file(s) and writes back the decrypted/decompressed data to the tape:

odrt -w if=diskfile of=/dev/sg0 kf=c1_tb1_Default.dat

A sample output of the odrt command follows:

[root@ips-host06 odrt]# ./odrt.bin -w if=c of=/dev/sg2 kf=sme_L700_IBMLTO3_Default.dat 
verbose=3

Log file: odrt30072

Please enter key export password:

Elapsed 0:3:39.28, Read 453.07 MB, 2.07 MB/s, Write 2148.27 MB, 9.80 MB/s

Done

ocsp url

To configure the HTTP URL of the Online Certificate Status Protocol (OCSP) for the trust point CA, use the ocsp url command in trust point configuration submode. To discard the OCSP configuration, use the no form of the command.

ocsp url url

no ocsp url url

Syntax Description

url	Specifies the OCSP URL. The maximum size is 512 characters.

Defaults

None.

Command Modes

Trust point configuration submode.

Command History

Release	Modification
3.0(1)	This command was introduced.

Usage Guidelines

The MDS switch uses the OCSP protocol to check the revocation status of a peer certificate (presented to it during the security or authentication exchange for IKE or SSH, for example), only if the revocation checking methods configured for the trust point include OCSP as one of the methods. OCSP checks the certificate revocation status against the latest CRL on the CA using the online protocol, thereby generating network traffic and also requiring that the OCSP service of the CA be available online in the network.

On the other hand, if revocation checking is performed by the cached CRL at the MDS switch, no network traffic is generated. The cached CRL doesn't contain the latest revocation information.

You must authenticate the CA for the trust point before configuring the OCSP URL for it.

Examples

The following example shows how to specify the URL for OCSP to use to check for revoked certificates.

switch# config terminal

switch(config)# crypto ca trustpoint admin-ca

switch(config-trustpoint)# ocsp url http://admin-ca.cisco.com/ocsp

The following example shows how to remove the URL for OCSP.

switch(config-trustpoint)# no ocsp url http://admin-ca.cisco.com/ocsp

Related Commands

Command	Description
crypto ca crl-request	Configures a CRL or overwrites the existing one for the trust point CA.
revocation-check	Configures trust point revocation check methods.
show crypto ca crl	Displays configured CRLs.

out-of-service

To put an interface out of service, use the out-of-service command in interface configuration submode. To restore the interface to service, use the no form of the command.

out-of-service [force]

no out-of-service [force]

Syntax Description

force

Configures the interface that should be forced out of service.

Defaults

None.

Command Modes

Interface configuration submode.

Command History

Release	Modification
3.0(1)	This command was introduced.

Usage Guidelines

Before using the out-of-service command, you must disable the interface using the shutdown command.

When an interface is out of service, all the shared resources for the interface are released, as is the configuration associated with those resources.

---

Caution Taking interfaces out of service releases all the shared resources to ensure that they are available to other interfaces. This causes the configuration in the shared resources to revert to default when the interface is brought back into service. Also, an interface cannot come back into service unless the default shared resources for the port are available. The operation to free up shared resources from another port is disruptive.

---

Examples

The following example shows how to take an interface out of service.

switch# config terminal

switch(config)# interface fc 1/1

switch(config-if)#shutdown

switch(config-if)# out-of-service

Putting an interface into out-of-service will cause its shared resource 

configuration to revert to default

Do you wish to continue(y/n)? [n] 

The following example makes an interface available for service.

switch(config-if)# no out-of-service

Related Commands

Command	Description
shutdown	Disables an interface.
show interface	Displays the status of an interface.

out-of-service module

To perform a graceful shutdown of an integrated crossbar on the supervisor module of a Cisco MDS 9500 Series Director, use the out-of-service module command in EXEC mode.

out-of-service module slot

Syntax Description

slot	Specifies the module number. For Cisco MDS 9506 and 9509 Directors, the range is 1 to 6. For the Cisco MDS 9513 Director, the range is 1 to 13.

Defaults

None.

Command Modes

EXEC.

Command History

Release	Modification
3.0(1)	This command was introduced.

Usage Guidelines

Before removing a crossbar from an MDS 9500 Series Director, you must perform a graceful shutdown of the crossbar.

Enter the EXEC mode out-of-service module command for a graceful shutdown of the integrated crossbar on the supervisor module in a Cisco MDS 9506 or 9509 Director.

out-of-service module slot

The slot refers to the chassis slot number for Supervisor-1 module or Supervisor-2 module where the integrated crossbar is located.

---

Note To reactivate the integrated crossbar, you must remove and reinsert or replace the Supervisor-1 or Supervisor-2 module.

---

For additional information about crossbar management, refer to the Cisco MDS 9000 Family CLI Configuration Guide.

Examples

The following example shows how to perform a graceful shutdown of the integrated crossbar.

switch# out-of-service module 2

Related Commands

Command	Description
out-of-service xbar	Performs a graceful shutdown of an external crossbar switching module in a Cisco MDS 9513 Director.
show module	Displays the status of a module.

out-of-service xbar

To perform a graceful shutdown of the external crossbar switching module of a Cisco MDS 9513 Director, use the out-of-service xbar command in EXEC mode.

out-of-service xbar slot

no out-of-service xbar slot

Syntax Description

slot	Specifies the external crossbar switching module slot number, either 1 or 2.

Defaults

None.

Command Modes

EXEC.

Command History

Release	Modification
3.0(1)	This command was introduced.

Usage Guidelines

Before removing a crossbar from an MDS 9500 Series Director, you must perform a graceful shutdown of the crossbar.

The administrator must enter the EXEC mode out-of-service xbar command for a graceful shutdown of the external crossbar switching module in a Cisco MDS 9513 Director.

out-of-service xbar slot

The slot refers to the external crossbar switching module slot number.

---

Note To reactivate the external crossbar switching module, you must remove and reinsert or replace the crossbar switching module.

---

---

Caution Taking the crossbar out-of-service may cause supervisor switchover.

---

For additional information about crossbar management, refer to the Cisco MDS 9000 Family CLI Configuration Guide.

Examples

The following example shows how to perform a graceful shutdown of the external crossbar switching module of a Cisco MDS 9513 Director.

switch# out-of-service xbar 1

Related Commands

Command	Description
out-of-service module	Performs a graceful shutdown of an integrated crossbar on the supervisor module of a Cisco MDS 9500 Series Director.
show module	Displays the status of a module.