Feedback
Table Of Contents
Management Interface Configuration
Configuring the Default Gateway
Verifying the Default Gateway Configuration
IPv4 Default Network Configuration
Configuring an IPv4 Address in a VSAN
Verifying the VSAN Interface Configuration
Verifying the IPv4 Routing Configuration
Configuring IPv4 Static Routes
Verifying IPv4 Static Route Information
Virtual Router Redundancy Protocol
Adding and Deleting Virtual Router
Adding Virtual Router IP Addresses
Priority for the Virtual Router
Time Interval for Advertisement Packets
Priority Based on Interface State Tracking
Displaying IPv4 VRRP Information
Displaying IPv6 VRRP Information
Displaying DNS Host Information
Configuring IP Services
Cisco MDS 9000 Family switches can route IP traffic between Ethernet and Fibre Channel interfaces. The IP static routing feature is used to route traffic between VSANs. To do so, each VSAN must be in a different IP subnetwork. Each Cisco MDS 9000 Family switch provides the following services for network management systems (NMSs):
•
IP forwarding on the out-of-band Ethernet interface (mgmt0) on the front panel of the supervisor modules.
•
•
Switches are compliant with RFC 2338 standards for Virtual Router Redundancy Protocol (VRRP) features. VRRP is a restartable application that provides a redundant, alternate path to the gateway switch.
Note
This chapter includes the following sections:
•
•
•
•
Traffic Management Services
In-band options are compliant with and use the RFC 2625 standards. An NMS host running the IP protocol over an FC interface can access the switch using the IPFC functionality. If the NMS does not have a Fibre Channel HBA, in-band management can still be performed using one of the switches as an access point to the fabric (see Figure 43-1).
Figure 43-1 Management Access to Switches
Management Interface Configuration
The management interface on the switch allows multiple simultaneous Telnet or SNMP sessions. You can remotely configure the switch through the management interface, but first you must configure IP version 4 (IPv4) parameters (IP address, subnet mask) or an IP version 6 (IPv6) address and prefix length so that the switch is reachable. For information on configuring IPv6 addresses, see Chapter 46, "Configuring IPv6 for Gigabit Ethernet Interfaces."
On director class switches, a single IP address is used to manage the switch. The active supervisor module's management (mgmt0) interface uses this IP address. The mgmt0 interface on the standby supervisor module remains in an inactive state and cannot be accessed until a switchover happens. After a switchover, the mgmt0 interface on the standby supervisor module becomes active and assumes the same IP address as the previously active supervisor module.
Note
Note
To configure the mgmt0 Ethernet interface for IPv4, follow these steps:
To configure the mgmt0 Ethernet interface for IPv6, follow these steps:
Default Gateway
You can configure a default gateway IPv4 address on your Cisco MDS 9000 Family switch.
This section includes the following topics:
•
•
About the Default Gateway
The default gateway IPv4 address should be configured along with the IPv4 static routing commands (IP default network, destination prefix, and destination mask, and next hop address).
Tip
See the "Initial Setup Routine" section on page 5-2 for more information on configuring the IP addresses for all entries in the switch.
Use the ip default-gateway command to configure the IP address for a switch's default gateway and the show ip route command to verify that the IPv4 address for the default gateway is configured.
Configuring the Default Gateway
To configure the default gateway, follow these steps:
Step 1
switch# config t
switch(config)#
Enters configuration mode.
Step 2
switch(config)# ip default-gateway 1.12.11.1
Configures the IPv4 address for the default gateway.
Verifying the Default Gateway Configuration
Use the show ip route command to verify the default gateway configuration.
switch# show ip routeCodes: C - connected, S - staticGateway of last resort is 1.12.11.1S 5.5.5.0/24 via 1.1.1.1, GigabitEthernet1/1C 1.12.11.0/24 is directly connected, mgmt0C 1.1.1.0/24 is directly connected, GigabitEthernet1/1C 3.3.3.0/24 is directly connected, GigabitEthernet1/6C 3.3.3.0/24 is directly connected, GigabitEthernet1/5S 3.3.3.0/24 via 1.1.1.1, GigabitEthernet1/1IPv4 Default Network Configuration
If you assign the IPv4 default network address, the switch considers routes to that network as the last resort. If the IPv4 default network address is not available, the switch uses the IPv4 default gateway address. For every network configured with the IPv4 default network address, the switch flags that route as a candidate default route, if the route is available.
Tip
See the "Initial Setup Routine" section on page 5-2 for more information on configuring the IP addresses for all entries in the switch.
When the Ethernet interface is configured, the switch should point to the gateway router for the IP network. The host accesses the gateway using a gateway switch. This gateway switch is configured as the default gateway. The other switches in the fabric that are connected to the same VSAN as the gateway switch can also be connected through the gateway switch. Every interface connected to this VSAN should be configured with the VSAN IPv4 address of the gateway switch (see Figure 43-2).
Figure 43-2 Overlay VSAN Functionality
In Figure 43-2, switch A has the IPv4 address 1.12.11.1, switch B has the IPv4 address 1.12.11.2, switch C has the IPv4 address 1.12.11.3, and switch D has the IPv4 address 1.12.11.4. Switch A is the gateway switch with the Ethernet connection. The NMS uses the IPv4 address 1.1.1.10 to connect to the gateway switch. Frames forwarded to any switch in the overlaid VSAN 1 are routed through the gateway switch. Configuring the gateway switch's IPv4 address (1.12.11.1) in the other switches enable the gateway switch to forward the frame to the intended destination. Similarly, if a non-gateway switch in the VSAN forwards a frame to the Ethernet world, the frame is routed through the gateway switch.
When forwarding is disabled (default), IP frames are not sent from one interface to another. In these cases, the software performs local IP routing between two switches using the in-band option for Fibre Channel traffic and the mgmt0 option for Ethernet traffic.
When a VSAN is created, a VSAN interface is not created automatically. You need to specifically create the interface (see the "VSAN Interfaces" section on page 12-39).
To configure default networks using IPv4 addresses, follow these steps:
IPFC
IPFC provides IP forwarding or in-band switch management over a Fibre Channel interface (rather than out-of-band using the Gigabit Ethernet mgmt 0 interface). You can be use IPFC to specify that IP frames can be transported over Fibre Channel using encapsulation techniques. IP frames are encapsulated into Fibre Channel frames so NMS information can cross the Fibre Channel network without using an overlay Ethernet network.
Once the VSAN interface is created, you can specify the IP address for that VSAN. You can assign an IPv4 address or an IPv6 address.
Note
This topic includes the following sections:
•
•
•
•
IPFC Configuration Guidelines
Follow these guidelines to configure IPFC:
1.
2.
3.
4.
Configuring an IPv4 Address in a VSAN
To create a VSAN interface and configure an IPv4 address for that interface, follow these steps:
Verifying the VSAN Interface Configuration
Use the show interface vsan command to verify the configuration of the VSAN interface.
Note
switch# show interface vsan 1vsan1 is down (Administratively down)WWPN is 10:00:00:0c:85:90:3e:85, FCID not assignedInternet address is 10.0.0.12/24MTU 1500 bytes, BW 1000000 Kbit0 packets input, 0 bytes, 0 errors, 0 multicast0 packets output, 0 bytes, 0 errors, 0 droppedEnabling IPv4 Routing
By default, the IPv4 routing feature is disabled in all switches.
To enable the IPv4 routing feature, follow these steps:
Verifying the IPv4 Routing Configuration
Use the show ip routing command to verify the IPv4 routing configuration.
switch(config)# show ip routingip routing is enabledIPFC Configuration Example
This section describe an example configuration for IPFC. Figure 43-3 shows an example network.
The example network has the following links:
•
•
Figure 43-3 IPFC Example Network
The following steps show how to configure Switch_1 in the example network in Figure 43-3:
Step 1
switch_1# config tswitch_1(config)# interface vsan 1switch_1(config-if)#Step 2
switch_1(config-if)# ip address 10.1.1.1 255.0.0.0Step 3
switch_1(config-if)# no shutdownswitch_1(config-if)# exitswitch_1(config)#Step 4
switch_1(config)# ip routingswitch_1(config)# exitswitch_1#Step 5
switch_1# show ip routeCodes: C - connected, S - staticC 172.16.1.0/23 is directly connect, mgmt0C 10.0.0.0./8 is directly connected, vsan1The following steps show how to configure Switch_2 in the example network in Figure 43-3.
Step 1
Note
switch_2# config tswitch_2(config)# interface mgmt 0switch_2(config-if)# no shutdownswitch_2(config-if)# exitswitch_2(config)#Step 2
switch_2# config tswitch_2(config)# interface vsan 1switch_2(config-if)#Step 3
switch_2(config-if)# ip address 10.1.1.2 255.0.0.0Step 4
switch_2(config-if)# no shutdownswitch_2(config-if)# exitswitch_2(config)#Step 5
switch_2(config)# ip routingswitch_2(config)# exitswitch_2#Step 6
switch_2# show ip routeCodes: C - connected, S - staticC 10.0.0.0./8 is directly connected, vsan1Step 7
switch_2# ping 10.1.1.1PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data.64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=0.618 ms64 bytes from 10.1.1.1: icmp_seq=2 ttl=64 time=0.528 ms64 bytes from 10.1.1.1: icmp_seq=3 ttl=64 time=0.567 ms--- 10.1.1.1 ping statistics ---3 packets transmitted, 3 received, 0% packet loss, time 4998 msrtt min/avg/max/mdev = 0.528/0.570/0.618/0.057 msThe following steps show how to configure Switch_3 in the example network in Figure 43-3.
Step 1
Note
switch_3# config tswitch_3(config)# interface mgmt 0switch_3(config-if)# no shutdownswitch_3(config-if)# exitswitch_3(config)#switch_3# config tswitch_3(config)# interface vsan 1switch_3(config-if)#Step 2
switch_3(config-if)# ip address 10.1.1.3 255.0.0.0Step 3
switch_3(config-if)# no shutdownswitch_3(config-if)# exitswitch_3(config)#Step 4
switch_3(config)# ip routingswitch_3(config)# exitswitch_3#Step 5
switch_3# show ip routeCodes: C - connected, S - staticC 10.0.0.0./8 is directly connected, vsan1Step 6
switch_3# ping 10.1.1.1PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data.64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=1.19 ms64 bytes from 10.1.1.1: icmp_seq=2 ttl=64 time=0.510 ms64 bytes from 10.1.1.1: icmp_seq=3 ttl=64 time=0.653 ms--- 10.1.1.1 ping statistics ---3 packets transmitted, 3 received, 0% packet loss, time 2008 msrtt min/avg/max/mdev = 0.510/0.787/1.199/0.297 ms
IPv4 Static Routes
If your network configuration does not need an external router, you can configure IPv4 static routing on your MDS switch.
Note
This section includes the following topics:
•
•
About IPv4 Static Routes
Static routing is a mechanism to configure IPv4 routes on the switch. You can configure more than one static route.
If a VSAN has multiple exit points, configure static routes to direct traffic to the appropriate gateway switch. IPv4 routing is disabled by default on any gateway switch between the out-of-band management interface and the default VSAN, or between directly connected VSANs.
Configuring IPv4 Static Routes
To configure an IPv4 static route, follow these steps:
Verifying IPv4 Static Route Information
Use the show ip route command to verifying the IPv4 static route configuration.
switch# show ip route configuredDestination Gateway Mask Metric Interfacedefault 172.22.95.1 0.0.0.0 0 mgmt010.1.1.0 0.0.0.0 255.255.255.0 0 vsan1172.22.95.0 0.0.0.0 255.255.255.0 0 mgmt0Use the show ip route command to verifying the active and connected IPv4 static route.
switch# show ip routeCodes: C - connected, S - staticDefault gateway is 172.22.95.1C 172.22.95.0/24 is directly connected, mgmt0C 10.1.1.0/24 is directly connected, vsan1Example 43-1 Displays the IP Routing Status
switch# show ip routingip routing is disabledDisplaying and Clearing ARPs
Address Resolution Protocol (ARP) entries in Cisco MDS 9000 Family switches can be displayed, deleted, or cleared. The ARP feature is enabled on all switches.
•
switch# show arpProtocol Address Age (min) Hardware Addr Type InterfaceInternet 171.1.1.1 0 0006.5bec.699c ARPA mgmt0Internet 172.2.0.1 4 0000.0c07.ac01 ARPA mgmt0•
switch(config)# no arp 172.2.0.1•
switch# clear arp-cacheOverlay VSANs
This section describes overlay VSANs and how to configure them.
This section includes the following topics:
About Overlay VSANs
VSANs enable deployment of larger SANs by overlaying multiple logical SANs, each running its own instance of fabric services, on a single large physical network. This partitioning of fabric services reduces network instability by containing fabric reconfiguration and error conditions within an individual VSAN. VSANs also provide the same isolation between individual VSANs as physically separated SANs. Traffic cannot cross VSAN boundaries and devices may not reside in more than one VSAN. Because each VSAN runs separate instances of fabric services, each VSAN has its own zone server and can be zoned in exactly the same way as SANs without VSAN capability.
Configuring Overlay VSANs
To configure an overlay VSAN, follow these steps:
Step 1
Step 2
Step 3
Step 4
Figure 43-4 Overlay VSAN Configuration Example
Note
The following procedure configures an overlay VSAN in one switch. This procedure must be repeated for each switch in the fabric.
To configure an overlay VSAN in one switch (using the example in Figure 43-4), follow these steps:
To configure the NMS station displayed in Figure 43-4, follow this step:
Multiple VSAN Configuration
More than one VSAN can be used to segment the management network in multiple subnets. An active interface must be present on the switch for the VSAN interface to be enabled.
To configure multiple VSANs, follow these steps:
Step 1
Step 2
Step 3
Step 4
Figure 43-5 Multiple VSAN Configuration Example
To configure an overlay VSAN (using the example in Figure 43-5), follow these steps:
Virtual Router Redundancy Protocol
Cisco MDS 9000 Family switches are compliant with RFC 2338 standards for Virtual Router Redundancy Protocol (VRRP) features. This section provides details on the VRRP feature.
This section includes the following topics:
About VRRP
VRRP provides a redundant alternative path to the gateway switch, which has connectivity to the NMS. VRRP has the following characteristics and advantages:
•
•
•
•
•
•
•
•
•
Note
In Figure 43-6, switch A is the VRRP master and switch B is the VRRP backup switch. Both switches have an IP address to VRRP mapping configured. The other switches set switch A as the default gateway. If switch A fails, the other switches do not have to change the routing configurations as switch B automatically becomes the master and takes over the function of a gateway.
Figure 43-6 VRRP Functionality
In Figure 43-7, the fabric example has two virtual router groups (VR1 and VR 2) because a virtual router cannot span across different types of interfaces. In both switch 1 and switch 2, the Ethernet interface is in VR 1 and the FC interface is in VR 2. Each virtual router is uniquely identified by the VSAN interface and the VR ID.
Figure 43-7 Redundant Gateway
Configuring VRRP
This section describes how to configure VRRP and includes the following topics:
•
•
•
•
•
•
•
•
Adding and Deleting Virtual Router
All VRRP configurations should be replicated across switches in a fabric that runs VRRP.
Note
To create or remove a VR for IPv4, follow these steps:
To create or remove a VR for IPv6, follow these steps:
Virtual Router Initiation
By default, a virtual router is always disabled. VRRP can be configured only if this state is enabled. Be sure to configure at least one IP address, either IPv4 or IPv6, before attempting to enable a VR.
To enable or disable a virtual router configure for IPv4, follow these steps:
Step 1
switch(config-if-vrrp)# no shutdown
Enables VRRP configuration.
switch(config-if-vrrp)# shutdown
Disables VRRP configuration.
To enable or disable a virtual router configured for IPv6, follow these steps:
Step 1
switch(config-if-vrrp-ipv6)# no shutdown
Enables VRRP configuration.
switch(config-if-vrrp-ipv6)# shutdown
Disables VRRP configuration.
Adding Virtual Router IP Addresses
One virtual router IP address can be configured for a virtual router. If the configured IP address is the same as the interface IP address, this switch automatically owns the IP address. You can configure either an IPv4 address or an IPv6 address.
According to the VRRP specification, the master VRRP router drops the packets addressed to the virtual router's IP address because the virtual router is only intended as a next-hop router to forward packets. In MDS switches however, some applications require that packets addressed to virtual router's IP address be accepted and delivered to them. By using the secondary option to the virtual router IPv4 address, the VRRP router will accept these packets when it is the master.
To configure an IPv4 address for a virtual router, follow these steps:
Step 1
switch# config t
Enters configuration mode.
Step 2
switch(config)# interface vsan 10
switch(config-if)#
Configures a VSAN interface (VSAN 10).
Step 3
switch(config-if)# interface ip address 10.0.0.12 255.255.255.0
Configures an IPv4 address and subnet mask. The IPv4 address must be configured before the VRRP is added.
Step 4
switch(config-if)# vrrp 250
switch(config-if-vrrp)#
Creates VR ID 250.
Step 5
switch(config-if-vrrp)# address 10.0.0.10
Configures the IPv4 address for the selected VR.
Note
switch(config-if-vrrp)# no address 10.0.0.10
Removes the IP address for the selected VR.
Step 6
switch(config-if-vrrp)# address 10.0.0.10 secondary
Configures the IP address (10.0.0.10) as secondary for the selected VR.
Note
switch(config-if-vrrp)# no address 10.0.0.10 secondary
Removes the IP address (10.0.0.10) as secondary for the selected VR.
To configure an IPv6 address for a virtual router, follow these steps:
Priority for the Virtual Router
The valid range to assign a virtual router priority is 1 to 254 with 1 being the lowest priority and 254 being the highest priority. The default value is 100 for switches with secondary IP addresses and 255 for switches with the primary IP address.
To set the priority for a virtual router using IPv4, follow these steps:
To set the priority for a virtual router using IPv6, follow these steps:
Time Interval for Advertisement Packets
The valid time range for an advertisement packet on an interface using IPv4 is between 1 and 255 seconds. The default value is 1 (one) second. If the switch has the primary IP address, this time must be specified.
To set the time interval for advertisement packets for a virtual router using IPv4, follow these steps:
To set the time interval for advertisement packets for a virtual router using IPv6, follow these steps:
Priority Preemption
You can enable a higher priority backup virtual router to preempt the lower priority master virtual router.
Note
Note
To enable or disable preempting when using IPv4, follow these steps:
To enable or disable preempting when using IPv6, follow these steps:
Virtual Router Authentication
VRRP security provides three options, including simple text authentication, MD5 authentication, and no authentication.
•
•
•
You can configure the key using the authentication option in the VRRP submode and distribute it using the configuration file. The security parameter index (SPI) settings assigned in this option should be unique for each VSAN.
Note
Note
To set an authentication option for a virtual router, follow these steps:
Priority Based on Interface State Tracking
Interface state tracking changes the priority of the virtual router based on the state of another interface in the switch. When the tracked interface is down, the priority reverts to the priority value for the virtual router (see the"Priority for the Virtual Router" section). When the tracked interface is up, the priority of the virtual router is restored to the interface state tracking value. You can track the state of either a specified VSAN interface or the management interface (mgmt 0). The interface state tracking feature is disabled by default.
Note
To track the interface priority for a virtual router using IPv4, follow these steps:
To track the interface priority for a virtual router using IPv6, follow these steps:
Step 1
switch# config t
Enters configuration mode.
Step 2
switch(config)# interface vsan 12
switch(config-if)#
Configures a VSAN interface (VSAN 12).
Step 3
switch(config-if)# vrrp ipv6 200
switch(config-if-vrrp-ipv6)#
Creates a virtual router.
Step 4
switch(config-if-vrrp-ipv6)# preempt
Enables priority preemption.
Step 5
switch(config-if-vrrp-ipv6)# track interface mgmt 0 priority 2
Specifies the priority of the virtual router to be modified based on the state of the management interface.
Note
switch(config-if-vrrp-ipv6)# no track
Disables the tracking feature.
Displaying IPv4 VRRP Information
Use the show vrrp vr command to display configured IPv4 VRRP information (see Examples 43-2 to 43-4).
Example 43-2 Displays IPv4 VRRP Configured Information
switch# show vrrp vr 7 interface vsan 2 configurationvr id 7 configurationadmin state downpriority 100no authenticationadvertisement-Interval 1preempt yestracking interface vsan1 priority 2protocol IPExample 43-3 Displays IPv4 VRRP Status Information
switch# show vrrp vr 7 interface vsan 2 statusvr id 7 statusMAC address 00:00:5e:00:01:07Operational state: initExample 43-4 Displays IPv4 VRRP Statistics
switch# show vrrp vr 7 interface vsan 2 statisticsvr id 7 statisticsBecome master 0Advertisement 0Advertisement Interval Error 0Authentication Failure 0TTL Error 0Priority 0 Received 0Priority 0 Sent 0Invalid Type 0Mismatch Address List 0Invalid Authentication Type 0Mismatch Authentication 0Invalid Packet Length 0Displaying IPv6 VRRP Information
Use the show vrrp ipv6 vr command to display configured IPv6 VRRP information (see Example 43-5 through Example 43-9).
Example 43-5 Displays IPv6 VRRP Information
switch# show vrrp ipv6 vr 1Interface VR IpVersion Pri Time Pre State VR IP addr---------------------------------------------------------------------------GigE1/5 1 IPv6 100 100cs master 2004::1GigE1/6 1 IPv6 100 100cs backup 2004::1Example 43-6 Displays IPv6 VRRP Interface Configuration Information
switch# show vrrp ipv6 vr 1 interface gigabitethernet 1/5 configurationIPv6 vr id 1 configurationadmin state uppriority 100associated ip: 2004::1advertisement-interval 100preempt noprotocol IPv6Example 43-7 Displays IPv6 VRRP Interface Status Information
switch# show vrrp ipv6 vr 1 interface gigabitethernet 1/5 statusIPv6 vr id 1 statusMAC address 00:00:5e:00:02:01Operational state: masterUp time 37 min, 10 secMaster IP address: fe80::20c:30ff:feda:96dcExample 43-8 Displays IPv6 VRRP Statistics
switch# show vrrp ipv6 vr 1 interface gigabitethernet 1/5 statisticsIPv6 vr id 1 statisticsBecome master 1Advertisement 0Advertisement Interval Error 0TTL Error 0Priority 0 Received 0Priority 0 Sent 0Invalid Type 0Mismatch Address List 0Invalid Packet Lenght 0Displaying VRRP Statistics
Use the show vrrp statistics command to display configured IPv6 VRRP information (see Example 43-9).
Example 43-9 Displays VRRP Cumulative Statistics
switch# show vrrp statisticsInvalid checksum 0Invalid version 0Invalid VR ID 0Clearing VRRP Statistics
Use the clear vrrp statistics command to clear all the VRRP statistics for all interfaces on the switch (see Example 43-10).
Example 43-10 Clears VRRP Statistics
switch# clear vrrp StatisticsUse the clear vrrp vr command to clear both the IPv4 and IPv6 VRRP statistics for a specified interface (see Example 43-10).
Example 43-11 Clears VRRP Statistics on a Specified Interface
switch# clear vrrp vr 1 interface vsan 1Use the clear vrrp ipv4 command to clear all the statistics for the specified IPv4 virtual router (see Example 43-12).
Example 43-12 Clears VRRP IPv4 Statistics on a Specified Interface
switch# clear vrrp ipv4 vr 7 interface vsan 2Use the clear vrrp ipv6 command to clear all the statistics for the specified IPv6virtual router (see Example 43-13).
Example 43-13 Clears VRRP IPv6 Statistics on a Specified Interface
switch# clear vrrp ipv6 vr 7 interface vsan 2DNS Server Configuration
The DNS client on the switch communicates with the DNS server to perform the IP address-name server correspondence.
The DNS server may be dropped after two attempts because of one of the following reasons:
•
•
Note
To configure a DNS server, follow these steps:
Displaying DNS Host Information
Use the show hosts command to display the DNS configuration (see Example 43-14).
Example 43-14 Displays Configured Host Details
switch# show hostsDefault domain is cisco.com
Domain list: ucsc.edu harvard.edu yale.edu stanford.edu
Name/address lookup uses domain service
Name servers are 15.1.0.1 15.2.0.0Default Settings
Table 43-1lists the default settings for DNS features.
Table 43-1 Default DNS Settings
Domain lookup
Disabled.
Domain name
Disabled.
Domains
None.
Domain server
None.
Maximum domain servers
6.
Table 43-2lists the default settings for VRRP features.
