I Commands

identity

To configure the identity for the IKE protocol, use the identity command in IKE configuration submode. To delete the identity, use the no form of the command.

identity {address | hostname}

no identity {address | hostname}

Syntax Description

address

Sets the IKE identity to be the IPv4 address of the switch.

hostname

Sets the IKE identity to be the host name of the switch.

Command Default

None.

Command Modes


IKE configuration submode.

Command History

Release

Modification

3.0(1)

This command was introduced.

Usage Guidelines

To use this command, the IKE protocol must be enabled using the crypto ike enable command.

Before configuring a certificate for the switch, configure the host name and domain name, and set the identity to be the host name. This allows the certificate to be used for authentication.


Note

The host name is the fully qualified domain name (FQDN) of the switch. To use the switch FQDN for the IKE identity, you must first configure both the switch name and the domain name. The FQDN is required for using RSA signatures for authentication. By default address is identified.

Examples

The following example shows how to set the IKE identity to the IP address of the switch:


switch# config terminal
switch(config)# crypto ike domain ipsec
switch(config-ike-ipsec)# identity address

The following example shows how to delete the IKE identity:


switch(config-ike-ipsec)# no identity address

The following example shows how to set the IKE identity to the host name:


switch(config-ike-ipsec)# identity hostname

The following example shows how to delete the IKE identity:


switch(config-ike-ipsec)# no identity hostname

ingress-sa

To configure the Security Association (SA) to the ingress hardware, use the ingress-sa command. To delete the SA from the ingress hardware, use the no form of the command.

ingress-sa spi-number

no ingress-sa spi-number

Syntax Description

spi-number

The range is from 256 to 4294967295.

Command Default

None.

Command Modes


Configuration submode.

Command History

Release

Modification

NX-OS 4.2(1)

This command was introduced.

Usage Guidelines

None.

Examples

The following example shows how to configure the SA to the ingress hardware:


switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# interface fc 2/1 - 3
switch(config-if)# fcsp esp manual
switch(config-if-esp)# ingress-sa 258
switch(config-if-esp)#

initiator

To configure the initiator version and address, use the initiator command IKE configuration submode. To revert to the default, use the no form of the command.

initiator version version address ip-address

no initiator version version address ip-address

Syntax Description

version

Specifies the protocol version number. The only valid value is 1.

address ip-address

Specifies the IP address for the IKE peer. The format is A . B . C . D .

Command Default

IKE version 2.

Command Modes


IKE configuration submode.

Command History

Release

Modification

2.0(x)

This command was introduced.

Usage Guidelines

To use this command, the IKE protocol must be enabled using the crypto ike enable command.

Examples

The following example shows how initiator information for the IKE protocol:


switch# config terminal
switch(config)# crypto ike domain ipsec
switch(config-ike-ipsec)# initiator version 1 address 10.1.1.1

in-order-guarantee

To enable in-order delivery, use the in-order-guarantee command in configuration mode. To disable in-order delivery, use the no form of the command.

in-order-guarantee [vsan vsan-id]

no in-order-guarantee [vsan vsan-id]

Syntax Description

vsan vsan-id

(Optional) Specifies a VSAN ID. The range is 1 to 4093.

Command Default

Disabled.

Command Modes


Configuration mode.

Command History

Release

Modification

1.3(4)

This command was introduced.

Usage Guidelines

In-order delivery of data frames guarantees frame delivery to a destination in the same order that they were sent by the originator.

Examples

The following example shows how to enable in-order delivery for the entire switch:


switch# config terminal
switch(config) # in-order-guarantee

The following example shows how to disable in-order delivery for the entire switch:


switch(config)# no in-order-guarantee

The following example shows how to enable in-order delivery for a specific VSAN:


switch(config)# in-order-guarantee vsan 3452

The following example shows how to disable in-order delivery for a specific VSAN:


switch(config)# no in-order-guarantee vsan 101

install all

To upgrade all modules in any Cisco MDS 9000 family switch, use the install all command. This upgrade can happen nondisruptively or disruptively depending on the current configuration of your switch.

install all [ {asm-sfn file name | kickstart | ssi | system} URL]

Syntax Description

asm-sfn filename

(Optional) Upgrades the ASM image.

kickstart

(Optional) Upgrades the kickstart image.

ssi

(Optional) Upgrades the SSI image.

system

(Optional) Upgrades the system image.

URL

(Optional) Specifies the location URL of the source file to be installed.

The following table lists the aliases for URL .

bootflash:

Source location for internal bootflash memory.

slot0:

Source location for the CompactFlash memory or PCMCIA card.

volatile:

Source location for the volatile file system.

tftp:

Source location for a Trivial File Transfer Protocol (TFTP) network server. The syntax for this URL is tftp: [[ //location ] /directory ] /filename.

ftp:

Source location for a File Transfer Protocol (FTP) network server. The syntax for this URL is ftp: [[ //location ] /directory ] /filename.

sftp:

Source location for a Secure Trivial File Transfer Protocol (SFTP) network server. The syntax for this URL is sftp: [[ //<username@> location ] /directory ] /filename.

scp:

Source location for a Secure Copy Protocol (SCP) network server. The syntax for this URL is scp: [[ //location ] /directory ] /filename.

image-filename

The name of the source image file.

Command Default

None.

Command Modes


EXEC mode.

Command History

Release

Modification

1.0(3)

This command was introduced.

1.2(2)

Added the asm-sfn keyword and made all keywords optional.

2.0(1b)

Added the ssi keyword.

Usage Guidelines

The install all command upgrades all modules in any Cisco MDS 9000 Family switch.


Tip

During a software upgrade to Cisco MDS SAN-OS 3.1(3), all modules that are online are tested and the installation stops if any modules are running with a faulty CompactFlash. When this occurs, the switch can not be upgraded until the situation is corrected. A system message displays the module information and indicates that you must issue the system health cf-crc-check module CLI command to troubleshoot.


To copy a remote file, specify the entire remote path exactly as it is.


Caution

If a switchover is required when you issue the install all command from a Telnet or SSH session, all open sessions are terminated. If no switchover is required, the session remains unaffected. The software issues a self-explanatory warning at this point and provides the option to continue or terminate the installation.


Examples

The following example displays the result of the install all command if the system and kickstart files are specified locally:


switch# install all sys bootflash:isan-1.3.1 kickstart bootflash:boot-1.3.1

Verifying image bootflash:/boot-1.3.1
[####################] 100% -- SUCCESS

Verifying image bootflash:/isan-1.3.1
[####################] 100% -- SUCCESS

Extracting “slc” version from image bootflash:/isan-1.3.1.
[####################] 100% -- SUCCESS

Extracting “ips” version from image bootflash:/isan-1.3.1.
[####################] 100% -- SUCCESS

Extracting “system” version from image bootflash:/isan-1.3.1.
[####################] 100% -- SUCCESS

Extracting “kickstart” version from image bootflash:/boot-1.3.1.
[####################] 100% -- SUCCESS

Extracting “loader” version from image bootflash:/boot-1.3.1.
[####################] 100% -- SUCCESS


Compatibility check is done:
Module  bootable          Impact  Install-type  Reason
------  --------  --------------  ------------  ------
     1       yes  non-disruptive       rolling
     2       yes      disruptive       rolling  Hitless upgrade is not supported
     3       yes      disruptive       rolling  Hitless upgrade is not supported
     4       yes  non-disruptive       rolling
     5       yes  non-disruptive         reset
     6       yes  non-disruptive         reset


Images will be upgraded according to following table:
Module       Image       Running-Version           New-Version  Upg-Required
------  ----------  --------------------  --------------------  ------------
     1         slc               1.3(2a)                1.3(1)           yes
     1        bios      v1.1.0(10/24/03)      v1.1.0(10/24/03)            no
     2         ips               1.3(2a)                1.3(1)           yes
     2        bios      v1.1.0(10/24/03)      v1.1.0(10/24/03)            no
     3         ips               1.3(2a)                1.3(1)           yes
     3        bios      v1.1.0(10/24/03)      v1.1.0(10/24/03)            no
     4         slc               1.3(2a)                1.3(1)           yes
     4        bios      v1.1.0(10/24/03)      v1.1.0(10/24/03)            no
     5      system               1.3(2a)                1.3(1)           yes
     5   kickstart               1.3(2a)                1.3(1)           yes
     5        bios      v1.1.0(10/24/03)      v1.1.0(10/24/03)            no
     5      loader                1.2(2)                1.2(2)            no
     6      system               1.3(2a)                1.3(1)           yes
     6   kickstart               1.3(2a)                1.3(1)           yes
     6        bios      v1.1.0(10/24/03)      v1.1.0(10/24/03)            no
     6      loader                1.2(2)                1.2(2)            no


Do you want to continue with the installation (y/n)?  [n] y

Install is in progress, please wait.

Syncing image bootflash:/boot-1.3.1 to standby.
[####################] 100% -- SUCCESS

Syncing image bootflash:/isan-1.3.1 to standby.
[####################] 100% -- SUCCESS

Jan 18 23:40:03 Hacienda %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configuring console from
Performing configuration copy.
[####################] 100% -- SUCCESS

Module 6: Waiting for module online.
|
Auto booting bootflash:/boot-1.3.1 bootflash:/isan-1.3.1...
Booting kickstart image: bootflash:/boot-1.3.1....
.....................................Image verification OK

Starting kernel...
INIT: version 2.78 booting
Checking all filesystems..r.r.. done.
Loading system software
Uncompressing system image: bootflash:/isan-1.3.1
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
INIT: Entering runlevel: 3

The following example displays the file output continuation of the install all command on the console of the standby supervisor module:


Hacienda(standby)#

Auto booting bootflash:/boot-1.3.1 bootflash:/isan-1.3.1...
Booting kickstart image: bootflash:/boot-1.3.1....
.....................................Image verification OK

Starting kernel...
INIT: version 2.78 booting
Checking all filesystems..r.r.. done.
Loading system software
Uncompressing system image: bootflash:/isan-1.3.1
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
INIT: Entering runlevel: 3
Continue on installation process, please wait.
The login will be disabled until the installation is completed.

Module 6: Waiting for module online.
Jan 18 23:43:02 Hacienda %PORT-5-IF_UP: Interface mgmt0 is up
Jan 18 23:43:19 Hacienda %LICMGR-3-LOG_LIC_NO_LIC: No license(s) present for feature FM_SERVER_PKG. Application(s) shutdown in 53 days.
Jan 18 23:43:19 Hacienda %LICMGR-3-LOG_LIC_NO_LIC: No license(s) present for feature ENTERPRISE_PKG. Application(s) shutdown in 50 days.
Jan 18 23:43:19 Hacienda %LICMGR-3-LOG_LIC_NO_LIC: No license(s) present for feature SAN_EXTN_OVER_IP. Application(s) shutdown in 50 days.
Jan 18 23:43:19 Hacienda %LICMGR-3-LOG_LICAPP_NO_LIC: Application port-security running without ENTERPRISE_PKG license, shutdown in 50 days
Jan 18 23:43:19 Hacienda %LICMGR-4-LOG_LICAPP_EXPIRY_WARNING: Application Roles evaluation license ENTERPRISE_PKG expiry in 50 days
Jan 18 23:44:54 Hacienda %BOOTVAR-5-NEIGHBOR_UPDATE_AUTOCOPY: auto-copy supported by neighbor, starting...

Module 1: Non-disruptive upgrading.
[#                   ]   0%Jan 18 23:44:56 Hacienda %MODULE-5-STANDBY_SUP_OK: Supervisor 5 is standby
Jan 18 23:44:55 Hacienda %IMAGE_DNLD-SLOT1-2-IMG_DNLD_STARTED:  Module image download process. Please wait until completion...
Jan 18 23:45:12 Hacienda %IMAGE_DNLD-SLOT1-2-IMG_DNLD_COMPLETE:  Module image download process. Download successful.
Jan 18 23:45:48 Hacienda %MODULE-5-MOD_OK: Module 1 is online
[####################] 100% -- SUCCESS

Module 4: Non-disruptive upgrading.
[#                   ]   0%Jan 18 23:46:12 Hacienda %IMAGE_DNLD-SLOT4-2-IMG_DNLD_STARTED:  Module image download process. Please wait until completion...
Jan 18 23:46:26 Hacienda %IMAGE_DNLD-SLOT4-2-IMG_DNLD_COMPLETE:  Module image download process. Download successful.
Jan 18 23:47:02 Hacienda %MODULE-5-MOD_OK: Module 4 is online
[####################] 100% -- SUCCESS

Module 2: Disruptive upgrading.
...
-- SUCCESS

Module 3: Disruptive upgrading.
...
 -- SUCCESS

Install has been successful.

MDS Switch
Hacienda login:

The following example displays the result of the install all command if the system and kickstart files are specified remotely:


switch# install all system scp://user@171.69.16.26/tftpboot/HKrel/qa/vegas/final/m9500-sf1ek9-mz.1.3.2a.bin kickstart scp://user@171.69.16.26/tftpboot/HKrel/qa/vegas/final/m9500-sf1ek9-kickstart-mz.1.3.2a.bin
For scp://user@171.69.16.26, please enter password:
For scp://user@171.69.16.26, please enter password:

Copying image from
scp://user@171.69.16.26/tftpboot/HKrel/qa/vegas/final/m9500-sf1ek9-kickstart-mz.1.3.2a.bin to bootflash:///m9500-sf1ek9-kickstart-mz.1.3.2a.bin.
[####################] 100% -- SUCCESS

Copying image from
scp://user@171.69.16.26/tftpboot/HKrel/qa/vegas/final/m9500-sf1ek9-mz.1.3.2a.bin to bootflash:///m9500-sf1ek9-mz.1.3.2a.bin.
[####################] 100% -- SUCCESS

Verifying image bootflash:///m9500-sf1ek9-kickstart-mz.1.3.2a.bin
[####################] 100% -- SUCCESS

Verifying image bootflash:///m9500-sf1ek9-mz.1.3.2a.bin
[####################] 100% -- SUCCESS

Extracting “slc” version from image bootflash:///m9500-sf1ek9-mz.1.3.2a.bin.
[####################] 100% -- SUCCESS

Extracting “ips” version from image bootflash:///m9500-sf1ek9-mz.1.3.2a.bin.
[####################] 100% -- SUCCESS

Extracting “system” version from image bootflash:///m9500-sf1ek9-mz.1.3.2a.bin.
[####################] 100% -- SUCCESS

Extracting “kickstart” version from image bootflash:///m9500-sf1ek9-kickstart-mz.1.3.2a.bin.
[####################] 100% -- SUCCESS

Extracting “loader” version from image bootflash:///m9500-sf1ek9-kickstart-mz.1.3.2a.bin.
[####################] 100% -- SUCCESS

Compatibility check is done:
Module  bootable          Impact  Install-type  Reason
------  --------  --------------  ------------  ------
     1       yes  non-disruptive       rolling
     2       yes      disruptive       rolling  Hitless upgrade is not supported
     3       yes  non-disruptive       rolling
     4       yes  non-disruptive       rolling
     5       yes  non-disruptive         reset
     6       yes  non-disruptive         reset
     7       yes  non-disruptive       rolling
     8       yes  non-disruptive       rolling
     9       yes      disruptive       rolling  Hitless upgrade is not supported

Images will be upgraded according to following table:
Module       Image       Running-Version           New-Version  Upg-Required
------  ----------  --------------------  --------------------  ------------
     1         slc                1.3(1)               1.3(2a)           yes
     1        bios      v1.1.0(10/24/03)      v1.0.8(08/07/03)            no
     2         ips                1.3(1)               1.3(2a)           yes
     2        bios      v1.1.0(10/24/03)      v1.0.8(08/07/03)            no
     3         slc                1.3(1)               1.3(2a)           yes
     3        bios      v1.1.0(10/24/03)      v1.0.8(08/07/03)            no
     4         slc                1.3(1)               1.3(2a)           yes
     4        bios      v1.1.0(10/24/03)      v1.0.8(08/07/03)            no
     5      system                1.3(1)               1.3(2a)           yes
     5   kickstart                1.3(1)               1.3(2a)           yes
     5        bios      v1.1.0(10/24/03)      v1.0.8(08/07/03)            no
     5      loader                1.2(2)                1.2(2)            no
     6      system                1.3(1)               1.3(2a)           yes
     6   kickstart                1.3(1)               1.3(2a)           yes
     6        bios      v1.1.0(10/24/03)      v1.0.8(08/07/03)            no
     6      loader                1.2(2)                1.2(2)            no
     7         slc                1.3(1)               1.3(2a)           yes
     7        bios      v1.1.0(10/24/03)      v1.0.8(08/07/03)            no
     8         slc                1.3(1)               1.3(2a)           yes
     8        bios      v1.1.0(10/24/03)      v1.0.8(08/07/03)            no
     9         ips                1.3(1)               1.3(2a)           yes
     9        bios      v1.1.0(10/24/03)      v1.0.8(08/07/03)            no
Do you want to continue with the installation (y/n)?  [n]

Command

Description

install module bios

Upgrades the supervisor or switching module BIOS.

install module loader

Upgrades the bootloader on the active or standby supervisor or modules.

show version

Displays software image version information.

install clock-module

To upgrade the EPLD images of the clock module on a Cisco MDS 9513 Switch Director, use the install clock-module command.

install clock-module [epld {bootflash: | slot0: | volatile: }]

Syntax Description

epld

(Optional) Installs the clock module EPLD from the EPLD image.

bootflash:

(Optional) Specifies the local URI containing EPLD image.

slot0:

(Optional) Specifies the local URI containing EPLD image.

volatile:

(Optional) Specifies the local URI containing EPLD image.

Command Default

None.

Command Modes


EXEC mode.

Command History

Release

Modification

3.0(1)

This command was introduced.

Usage Guidelines

Use this command on the active supervisor to install the standby clock module EPLD from the specified EPLD image. After upgrading the clock module, power cycle the entire chassis for the change to take effect. It is not sufficient to reboot the chassis; you must turn the power off and on.


Note

This command is supported only on the Cisco MDS 9513 Multilayer Switch Director.

Examples

The following example upgrades the EPLD images for the clock module:


switch# install clock-module epld bootflash:m9000-epld-3.0.0.278.img
Len 3031343, CS 0x58, string MDS series EPLD image, built on Fri Nov 11 01:11:09 2005
EPLD Curr Ver New Ver
-------------------------------------------------------
Clock Controller 0x03 0x04
There are some newer versions of EPLDs in the image!
Do you want to continue (y/n) ? y
Proceeding to program Clock Module B.
Do you want to switchover Clock Modules after programming Clock Module B.
System Will Reset! y/n) ?n

|


Clock Module B EPLD upgrade is successful. 

install license

To program the supervisor or switching module BIOS, use the install license command.

install license [bootflash: | slot0: | volatile: ] file-name

Syntax Description

bootflash:

(Optional) Specifies the source location for the license file.

slot0:

(Optional) Specifies the source location for the license file.

volatile:

(Optional) Specifies the source location for the license file.

file-name

Specifies the name of the license file.

Command Default

None.

Command Modes


EXEC mode.

Command History

Release

Modification

1.2(1)

This command was introduced.

Usage Guidelines

If a target filename is provided after the source URL, the license file is installed with that name. Otherwise, the filename in the source URL is used. This command also verifies the license file before installing it.

Examples

The following example installs a file named license-file which resides in the bootflash: directory:


switch# install license bootflash:license-file

install module bios

To program the supervisor or switching module BIOS, use the install module bios command.

install module module-number bios {system [bootflash: | slot0: | volatile: | system-image]}

Syntax Description

module-number

Specifies the module number from slot 1 to 9 in a Cisco MDS 9500 Series switch.

Specifies the module number from slot 1 to 2 in a Cisco MDS 9200 Series switch.

system

(Optional) Specifies the system image to use (optional). If system is not specified, the current running image is used.

bootflash:

(Optional) Specifies the source location for internal bootflash memory

slot0:

(Optional) Specifies the source location for the CompactFlash memory or PCMCIA card.

volatile:

(Optional) Specifies the source location for the volatile file system.

system-image

(Optional) Specifies the name of the system or kickstart image.

Command Default

None.

Command Modes


EXEC mode.

Command History

Release

Modification

1.0(3)

This command was introduced.

Usage Guidelines

If the BIOS is upgraded, you need to reboot to make the new BIOS effective. You can schedule the reboot at a convenient time so traffic will not be impacted.

The console baud rate automatically reverts to the default rate (9600) after any BIOS upgrade.

The URL is always the system image URL in the supervisor module, and points to the bootflash: or slot0: directories.

Examples

The following example shows how to perform a nondisruptive upgrade for the system:


switch# install module 1 bios 
Started bios programming .... please wait
###
BIOS upgrade succeeded for module 1

In this example, the switching module in slot 1 was updated.

install module epld

To upgrade the electrically programmable logical devices (EPLDs) module, use the install module epld command. This command is only for supervisor modules, not switching modules.

install module module-number epld [bootflash: | ftp: | scp: | sftp: | tftp: | volatile: ]

Syntax Description

module-number

Enters the number for the standby supervisor modules or any other line card.

bootflash:

(Optional) Specifies the source location for internal bootflash memory.

ftp

(Optional) Specifies the local/remote URI containing EPLD image.

scp

(Optional) Specifies the local/remote URI containing EPLD image.

sftp

(Optional) Specifies the local/remote URI containing EPLD image.

tftp

(Optional) Specifies the local/remote URI containing EPLD image.

volatile:

(Optional) Specifies the source location for the volatile file system.

Command Default

None.

Command Modes


EXEC mode.

Command History

Release

Modification

1.2(1)

This command was introduced.

Usage Guidelines

Issue this command from the active supervisor module to update any other module.

If you forcefully upgrade a module that is not online, all EPLDs are forcefully upgraded. If the module is not present in the switch, an error is returned. If the module is present, the command process continues.

Do not insert or extract any modules while an EPLD upgrade or downgrade is in progress.

Examples

The following example upgrades the EPLDs for the module in slot 2:


switch# install module 2 epld scp://user@10.6.16.22/users/dino/epld.img
 
The authenticity of host '10.6.16.22' can't be established.
RSA1 key fingerprint is 55:2e:1f:0b:18:76:24:02:c2:3b:62:dc:9b:6b:7f:b7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.6.16.22' (RSA1) to the list of known hosts.
user@10.6.16.22's password:
epld.img             100% |*****************************|  1269 KB    00:00
Module Number                                      2
EPLD                            Curr Ver     New Ver
----------------------------------------------------
Power Manager                       0x06
XBUS IO                             0x07        0x08
UD chip Fix                         0x05
Sahara                              0x05        0x05

Module 2 will be powered down now!!
Do you want to continue (y/n) ? y
\ <----------------------------------------------------------progress twirl
Module 2 EPLD upgrade is successful

The following example forcefully upgrades the EPLDs for the module in slot 2:


switch# install module 2 epld scp://user@10.6.16.22/epld-img-file-path

Module 2 is not online, Do you want to continue (y/n) ? y
cchetty@171.69.16.22's password:
epld.img             100% |*****************************|  1269 KB    00:00
\ <-----------------------------------------------------------progress twirl
Module 2 EPLD upgrade is successful

install module loader

To upgrade the bootloader on either the active or standby supervisor module, use the install module loader command. This command is only for supervisor modules, not switching modules.

install module module-number loader kickstart [bootflash: | slot0: | volatile: | kickstart-image]

Syntax Description

module-number

Enters the module number for the active or standby supervisor modules (only slot 5 or 6).

kickstart

Specifies the kickstart image to use.

bootflash:

(Optional) Specifies the source location for internal bootflash memory

slot0:

(Optional) Specifies the source location for the CompactFlash memory or PCMCIA card.

volatile:

(Optional) Specifies the source location for the volatile file system.

kickstart-image

Specifies the name of the kickstart image.

Command Default

None.

Command Modes


EXEC mode.

Command History

Release

Modification

1.0(3)

This command was introduced.

Usage Guidelines

Before issuing the install module loader command, be sure to read the release notes to verify compatibility issues between the boot loader and the kickstart or system images.

If you install a loader version that is the same as the currently installed version, the loader will not be upgraded. When both the current version and the installed version are the same, use the init system command to force a loader upgrade.

Examples

The following example shows how to perform a non disruptive upgrade for the system:


switch# install module 6 loader bootflash:kickstart_image

install ssi

To perform a nondisruptive upgrade of the SSI image on an SSM, use the install ssi command.

install ssi {bootflash: | slot0: | modflash: } file-name module slot

Syntax Description

bootflash:

Specifies the source location for the SSI boot image file.

slot0:

Specifies the source location for the SSI boot image file.

modflash:

Specifies the source location for the SSI boot image file.

file-name

Specifies the SSI boot image filename.

module slot

Specifies the module slot number.

Command Default

None.

Command Modes


EXEC mode.

Command History

Release

Modification

5.0(x)

This command has been deprecated (install ssi command is not supported for gen 2 card.

2.1(2)

This command was introduced.

Usage Guidelines

You can use the install ssi command to upgrade or downgrade the SSI boot image if the SSM is only configured for Fibre Channel switching. If your SSM is configured for VSFN or Intelligent Storage Services, you must use the boot command to reconfigure the SSI boot variable and reload the module.

The install ssi command implicitly sets the SSI boot variable.


Note

The SSM must be running EPLD version 2.1(2) to use the install ssi command. You must install the SSM on a Cisco MDS 9500 Series switch to update the EPLD.

Note

The install ssi command does not support files located on the SSM modflash.

Examples

The following example installs the SSI boot image on the module in slot 2:


switch# install ssi bootflash:lm9000-ek9-ssi-mz.2.1.2.bin module 2

interface

To configure an interface on the Cisco MDS 9000 Family of switches, use the interface command in configuration mode.

interface {cpp {module-number | processor-number | vsan-id} | ethernet {slot number\ port-number} | ethernet-port-channel ethernet-port-channel-number | fc {slot number | port number | fc-tunnel tunnel-id} | mgmt | port-channel port-channel-number | vfc vfc-id | vfc port-channel vfc port-channel-id | vsan vsan-id}

nointerface {cpp {module-number | processor-number | vsan-id} | ethernet {slot number\ port-number} | ethernet-port-channel ethernet-port-channel-number | fc {slot number | port number | fc-tunnel tunnel-id} | mgmt | port-channel port-channel-number | vfc vfc-id | vfc port-channel vfc port-channel-id | vsan vsan-id}


Note

On a Cisco Fabric Switch for HP c-Class BladeSystem and on a Cisco Fabric Switch for IBM BladeCenter, the syntax differs as follows:

Syntax Description

cpp

Configures a Control Plane Process (CPP) interface.

module-number

Specifies the module number. The range is 1 to 10.

processor-number

Specfies the processor number. The range is from 1 to 1.

vsan-id

Specifies the VSAN ID. The range is from 1 to 4093.

ethernet

Specfies the Ethernet IEEE 802.3z.

slot number / port number

Specifies the Ethernet slot number and port number. Slot range is from 1 to 253 and port number range is from 1 to 128.

ethernet-port-channel

Ethernet Port Channel interface. The range is from 513 to 4096.

ethernet-port-channel-number

Specifies the Port Channel number. The range is from 513 to 4096.

fc

(Optional) Configures a Fiber Channel interface on an MDS 9000 Family switch (see the interface fc command).

slot number / port number

Specifies the slot number. The range is from 1 to 10.

Specifies the FC slot number and port number. Slot range is from 1 to 10 and port number range is from 1 to 48.

fc-tunnel

Configures a Fiber Channel link interface (see the interface fc-tunnel command).

tunnel-id

Specifies the tunnel ID. The range is from 1 to 255.

mgmt

Configures a management interface (see the interface mgmt command).

port-channel

Configures a Port Channel interface (see the interface port-channel command).

port-channel-number

Specifies the Port Channel number. The range is from 1 to 256.

vfc

Specifies the Virtual FC interface.

vfc-id

Specifies the virtual interface ID or slot. The range is from 1 to 8192.

vfc-port-channel

Specifies the virtual FC port-channel interface

vfc-port-channel-id

Specifies the virtual interface ID. The range is from 513 to 4096.

vsan

Specifies the IPFC VSAN interface.

vsan-id

Specfies the VSAN ID. The range is from 1 to 4093.

Command Default

None.

Command Modes


Configuration mode.

Command History

Release

Modification

3.0(2)

This command was introduced.

Usage Guidelines

You can specify a range of interfaces by issuing a command with the following example format:

interface fc1/1 - 5 , fc2/5 - 7

The spaces are required before and after the dash ( - ) and before and after the comma ( , ).


Note

For Cisco MDS 9500, 9700 and 9250i Series Switches support ethernet , vfc, vfc-port-channel and ethernet-port-channel commands.

Examples

The following example selects the mgmt 0 interface and enters interface configuration submode:


switch# config terminal
switch(config)# interface mgmt 0

interface fc

To configure a Fibre Channel interface on the Cisco MDS 9000 Family of switches, use the interface fc command in EXEC mode. To revert to defaults, use the no form of the command.

interface fc slot/ port channel-group {group-id [force] | auto} fcdomain rcf-reject vsan vsan-id fcsp| fspf {cost link-cost vsan vsan-id | ficon portnumber portnumber | dead-interval seconds vsan vsan-id | hello-interval seconds vsan vsan-id | passive vsan vsan-id | retransmit-interval seconds vsan vsan-id}

nointerface fc slot/ port channel-group {group-id [force] | auto} fcdomain rcf-reject vsan vsan-id no fspf {cost link-cost vsan vsan-id | ficon portnumber portnumber | dead-interval seconds vsan vsan-id | hello-interval seconds vsan vsan-id | passive vsan vsan-id | retransmit-interval seconds vsan vsan-id}

Syntax Description

slot /port

Specifies a slot number and port number.

channel-group

Add to or remove chaneel group from a Port Channel.

group-id

Specifies a Port Channel group number from 1 to 128.

force

(Optional) Forcefully adds a port.

auto

Enables autocreation of Port Channels.

fcdomain

Enters the interface submode.

rcf-reject

Configures the rcf-reject flag.

vsan vsan-id

Specifies the VSAN ID. The range is 1 to 4093.

fcsp

Configures the FCSP for an interface.

fspf

Configures FSPF parameters.

cost link-cost

Configures FSPF link cost. The range is 1 to 30000.

ficon

Configures FICON parameters.

portnumber portnumber

Configures the FICON port number for this interface.

dead-interval seconds

Configures FSPF dead interval in seconds. The range is 2 to 65535.

hello-interval seconds

Configures FSPF hello-interval. The range is 1 to 65535.

passive

Enables or disables FSPF on the interface.

retransmit-interval seconds

Configures FSPF retransmit interface in seconds. The range is 1 to 65535.

Command Default

Disabled.

Command Modes


Configuration mode.

Command History

Release

Modification

NX-OS 4.2(1)

Added fcsp keyword for the syntax description.

1.0(2)

This command was introduced.

2.0(x)

Added the auto option to the channel-group keyword.

Usage Guidelines

You can specify a range of interfaces by entering the command with the following example format:

interface spacefc1/1 space- space5 space, spacefc2/5 space- space7

Use the no shutdown command to enable the interface.

The channel-group auto command enables autocreation of Port Channels. If autocreation of Port Channels is enabled for an interface, you must first disable this configuration before downgrading to earlier software versions or before configuring the interface in a manually configured channel group.

Examples

The following example configures ports 1 to 4 in Fibre Channel interface 9:


switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# int fc9/1 - 4

The following example enables the Fibre Channel interface:


switch# config terminal
switch(config)# interface fc1/1
switch(config-if)# no shutdown

The following example assigns the FICON port number to the selected Fibre Channel interface:


switch# config terminal
switch(config)# interface fc1/1
switch(config-if)# ficon portnumber 15

interface fcip

To configure a Fibre Channel over IP Protocol (FCIP) interface, use the interface fcip command. To disable a FCIP interface, use the no form of the command.

interface fcip interface_number bport bport-keepalives channel-group number [force] fcdomain rcf-reject vsan vsan-id ficon portnumber portnumber| fspf {cost link-cost | dead-interval seconds | hello-interval seconds | passive | retransmit-interval seconds} vsan vsan-id passive-mode peer-info ipaddr ip-address [port number] qos control control-value data data-value special-frame peer-wwn pwwn-id tcp-connections number time-stamp [acceptable-diff number] use-profile profile-id

no interface fcip interface_number bport bport-keepalives channel-group number [force] fcdomain rcf-reject vsan vsan-id ficon portnumber portnumber fspf {cost link-cost | dead-interval seconds | hello-interval seconds | passive | retransmit-interval seconds} vsan vsan-id qos control-value data data-value passive-mode peer-info ipaddr ip-address [port number] special-frame peer-wwn pwwn-id tcp-connections number time-stamp [acceptable-diff number] use-profile profile-id

Syntax Description

interface-number

Configures the specified interface from 1 to 255.

bport

Sets the B port mode.

bport-keepalives

Sets the B port keepalive responses.

channel-group number

Specifies a PortChannel number from 1 to 128.

force

(Optional) Forcefully adds a port.

fcdomain

Enters the fcdomain mode for this FCIP interface

rcf-reject

Configures the rcf-reject flag.

vsan vsan-id

Specifies a VSAN ID. The range is 1 to 4093.

ficon

Configures FICON parameters.

portnumber portnumber

Configures the FICON port number for this interface.

fspf

Configures FSPF parameters.

cost link-cost

Enters FSPF link cost. The range is 1 to 30000.

dead-interval seconds

Specifies the dead interval in seconds. The range is 1 to 65535.

hello-interval seconds

Specifies FSPF hello-interval in seconds. The range is 1 to 65535.

passive

Enables or disables FSPF on the interface.

retransmit-interval

Specifies FSPF retransmit interface in seconds. The range is 1 to 65535.

passive-mode

Configures a passive connection.

peer-info

Configures the peer information.

ipaddr ip-address

Specifies the peer IP address.

port number

(Optional) Specifies the peer port number. The range is 1 to 65535.

qos

Configures the differentiated services code point (DSCP) value to

mark all IP packets.

control control-value

Specifies the control value for DSCP.

data data-value

Specifies the data value for DSCP.

special-frame

Configures special frames.

peer-wwn pwwn-id

Specifies the peer WWN for special frames.

switchport

Configures switchport parameters.

tcp-connections number

Specifies the number of TCP connection attempts. Valid values are 1 or 2.

time-stamp

Configures the time stamp.

acceptable-diff number

(Optional) Specifies the acceptable time difference for time stamps. The range is 1 to 60000.

use-profile profile-id

Specifies the interface using an existing profile ID. The range is 1 to 255.

Command Default

Disabled.

Command Modes


Configuration mode.

Command History

Release

Modification

1.1(1)

This command was introduced.

1.3(1)

Added the ficon portnumber subcommand.

2.0(x)

Added the qos subcommand.

Usage Guidelines

You can specify a range of interfaces by issuing a command with the following example format:

interface fcip1 space- space5 space, spacefcip10 space- space12 space

Examples

The following example selects an FCIP interface and enters interface configuration submode:


switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# interface fcip 1
switch(config-if)#

The following example assigns the FICON port number to the selected FCIP interface:


switch# config terminal
switch(config)# interface fcip 51
switch(config-if)# ficon portnumber 234

interface fc-tunnel

To configure a Fibre Channel tunnel and facilitate RSPAN traffic, use the interface fc-tunnel command. To remove a configured tunnel or revert to factory defaults, use the no form of the command.

interface fc-tunnel {number destination ip-address | explicit-path path-name source ip-address}

no interface fc-tunnel {number destination ip-address | explicit-path path-name source ip-address}

Syntax Description

number

Specifies a tunnel ID range from 1 to 255.

destination ip-address

Maps the IP address of the destination switch.

explicit-path path-name

Specifies a name for the explicit path. Maximum length is 16 alphanumeric characters.

source ip-address

Maps the IP address of the source switch.

Command Default

None.

Command Modes


Configuration mode.

Command History

Release

Modification

1.2(1)

This command was introduced.

Usage Guidelines

None.

Examples

The following example initiates the FC tunnel (100) in the source switch (switch S):


switch(config)# config terminal
switch(config)# interface fc-tunnel 100
switch(config-if)#

The following example maps the IP address of the source switch (switch S) to the FC tunnel (100):


switchS(config-if)# source 209.165.200.226

The following example maps the IP address of the destination switch (switch D) to the FC tunnel (100):


switch(config-if)# destination 209.165.200.227

The following example enables traffic flow through this interface:


switch(config-if)# no shutdown

The following example references the configured path in the source switch (switch S):


switch# config t
switch(config)# interface fc-tunnel 100
switch(config)# explicit-path Path1

interface gigabitethernet

To configure an Gigabit Ethernet interface, use the interface gigabitethernet command. To revert to the default values, use the no form of the command.

interface gigabitethernet slot/ port cdp enable channel-group group-id [force] isns profile-name

no interface gigabitethernet slot/ port cdp enable channel-group isns profile-name

Syntax Description

slot / port

Specifies a slot number and port number.

cdp enable

Enables Cisco Discovery Protocol (CDP) configuration parameters.

channel-group group-id

Adds to or removes from a PortChannel. The range is 1 to 128.

force

(Optional) Forcefully adds a port.

isns profile-name

Specifies the profile name to tag the interface. Maximum length is 64 characters.

Command Default

Disabled.

Command Modes


Configuration mode.

Command History

Release

Modification

1.0(3a)

This command was introduced.

1.1(1a)

Added the channel-group subcommand.

1.3(1)

Added the isns subcommand.

Usage Guidelines

You can specify a range of interfaces by issuing a command with the following example format:

interface gigabitethernet 1/1 space- space2 space, space gigabitethernet 3/1 space- space2

Examples

The following example configures the Gigabit Ethernet interface at slot 4 port 1:


switch# config terminal
switch(config)# interface gigabitethernet 4/1 
switch(config-if)#

The following example enters a IP address and subnet mask for the selected Gigabit Ethernet interface:


switch(config-if)# ip address 209.165.200.226 255.255.255.0

The following example changes the IP maximum transmission unit (MTU) value for the selected Gigabit Ethernet interface:


switch(config-if)# switchport mtu 3000

The following example creates a VR ID for the selected Gigabit Ethernet interface, configures the virtual IP address for the VR ID (VRRP group), and assigns a priority:


switch(config-if)# vrrp 100 
switch(config-if-vrrp)# address 209.165.200.226 
switch(config-if-vrrp)# priority 10

The following example adds the selected Gigabit Ethernet interface to a channel group. If the channel group does not exist, it is created, and the port is shut down:


switch(config-if)# channel-group 10

gigabitethernet 4/1 added to port-channel 10 and disabled
please do the same operation on the switch at the other end of the port-channel, then do “no shutdown” at both ends to bring them up.

interface ioa

To configure an IOA interface, use the interface ioa command. To disable this feature, use the no form of the command.

interface ioa { slot/ port}

no interface ioa { slot/ port}

Syntax Description

slot / port

Specifies IOA slot or port number. The range is from 1 to 16 for the slot and for the port. The range is from 1 to 4.

Command Default

None.

Command Modes


Configuration mode.

Command History

Release

Modification

NX-OS 4.2(1)

This command was introduced.

Usage Guidelines

None.

Examples

The following example shows how to configure an IOA interface for a specific cluster:


switch(config)# interface ioa2/1

2009 May 19 18:33:08 sjc-sw2 %IOA-2-LOG_LIBBASE_SVC_LICENSE_ON_GRACE_PERIOD: (pid=8582) No license. Feature will be shut down after a grace period of approximately 107 days

switch(config-if)# no shutdown

interface iscsi

To configure an iSCSI interface, use the interface iscsi command. To revert to default values, use the no form of the command.

interface iscsi slot/ port mode {pass-thru | store-and-forward | cut-thru} tcp qos value

nointerface iscsi slot/ port mode {pass-thru | store-and-forward | cut-thru} tcp qos value

slot/ port

Specifies a slot number and port number.

mode

Configures a forwarding mode.

pass-thru

Forwards one frame at a time.

store-and-forward

Forwards data in one assembled unit (default).

cut-thru

Forwards one frame at a time without waiting for the exchange to complete.

tcp qos value

Configures the differentiated services code point (DSCP) value to apply to all outgoing IP packets. The range is 0 to 63.

Command Default

Disabled.

The TCP QoS default is 0.

The forwarding mode default is store-and-forward.

Command Modes


Configuration mode.

Command History

Release

Modification

1.3(1)

This command was introduced.

2.1(1)

Added the cut-thru option for the mode subcommand.

Usage Guidelines

To configure iSCSI interface, enable iSCSI using the iscsi enable command.

You can specify a range of interfaces by issuing a command with the following example format:

interface iscsi space fc1/1space -space 5space ,space fc2/5space -space 7

Examples

The following example enables the iSCSI feature:


switch# config t
switch(config)# iscsi enable

The following example enables the store-and-forward mode for iSCSI interfaces 9/1 to 9/4:


switch(config)# interface iscsi 9/1 - 4
switch(config-if)# mode store-and-forward

The following example reverts to using the default pass-thru mode for iSCSI interface 9/1:


switch(config)# interface iscsi 9/1
switch(config-if)# mode pass-thru 

interface mgmt

To configure a management interface, use the interface mgmt command in configuration mode.

interface mgmt number

Syntax Description

number

Specifies the management interface number which is 0.

Command Default

Disabled.

Command Modes


Configuration mode.

Command History

Release

Modification

1.0(2)

This command was introduced.

Usage Guidelines

When you try to shut down a management interface(mgmt0), a follow-up message confirms your action before performing the operation. Use the force option to bypass this confirmation, if required.

Examples

The following example configures the management interface, displays the options available for the configured interface, and exits to configuration mode:


switch# config terminal
switch(config)#
switch(config)# interface mgmt 0
switch(config-if)# exit
switch(config)#

The following example shuts down the interface without using the force option:


switch# config terminal
switch(config)# interface mgmt 0
switch(config-if)# shutdown
Shutting down this interface will drop all telnet sessions.
Do you wish to continue (y/n)? y

The following example shuts down the interface using the force option:


switch# config terminal
switch(config)# interface mgmt 0
switch(config-if)# shutdown force
switch(config-if)# 

interface port-channel

To configure a PortChannel interface, use the interface port-channel command. To remove this configuration, use the no form of the command.

interface port-channel number channel mode active fcdomain rcf-reject vsan vsan-id fspf [cost link_cost | dead-interval seconds | ficon portnumber portnumber | hello-interval seconds | isns profile-name | passive | retransmit-interval seconds]

no interface port-channel number

Syntax Description

number

Specifies the PortChannel number. The range is 1 to 128.

channel mode active

Configures the channel mode for the PortChannel interface.

fcdomain

Specifies the interface submode.

rcf-reject

Configures the rcf-reject flag.

vsan

Specifies the VSAN range.

vsan-id

Specifies the ID of the VSAN is from 1 to 4093.

fspf

Configures the FSPF parameters.

cost

(Optional) Configures the FSPF link cost.

link_cost

Specifies the FSPF link cost which is 1-30000.

dead-interval

(Optional) Configures the FSPF dead interval.

seconds

Specifies the dead interval (in seconds) from 2-65535.

ficon

(Optional) Configures the FICON parameters.

portnumber portnumber

(Optional) Configures the FICON port number for this interface.

hello-interval

(Optional) Configures FSPF hello-interval.

seconds

Specifies the hello interval (in seconds) from 1-65535.

isns

(Optional) Tags this interface to the Internet Storage Name Service (iSNS) profile.

profile-name

Specifies the profile name to tag the interface.

passive

(Optional) Enable/disable FSPF on the interface.

retransmit-interval

(Optional) Configures FSPF retransmit interface.

seconds

Specifies the retransmit interval (in seconds) from 1-65535.

Command Default

Prior to Cisco MDS NX-OS Release 8.3(1), the CLI and the Device Manager create the PortChannel in On mode in the NPIV core switches and Active mode on the NPV switches. DCNM-SAN creates all PortChannels in Active mode.

From Cisco MDS NX-OS Release 8.4(1), the CLI and the Device Manager create the PortChannel in Active mode in the NPIV core switches.

Command Modes


Configuration mode.

Command History

Release

Modification

1.0(2)

This command was introduced.

1.3(1)

Added channel mode active subcommand.

8.4(1)

This command was modified to change the default PortChannel mode from On to Active.

Usage Guidelines

Prior to Cisco MDS NX-OS Release 8.3(1), the CLI and the Device Manager create the PortChannel in On mode in the NPIV core switches and Active mode on the NPV switches. DCNM-SAN creates all PortChannels in Active mode. We recommend that you create PortChannels in Active mode.

From Cisco MDS NX-OS Release 8.4(1), the CLI and the Device Manager create the PortChannel in Active mode in the NPIV core switches.

Examples

The following example enters configuration mode and configures a PortChannel interface:


switch# config terminal
switch(config)# interface port-channel 32
switch(config-if)#

The following example assigns the FICON port number to the selected PortChannel port:


switch# config terminal
switch(config)# interface Port-channel 1
switch(config-if)# ficon portnumber 234

interface sme

To configure the Cisco SME interface on a switch, use the interface sme command. To remove the interface, use the no form of the command,

interface sme slot / port

no interface sme slot / port

Syntax Description

slot

Identifies the number of the MPS-18/4 module slot.

port

Identifies the number of the Cisco SME port.

Command Default

Disabled.

Command Modes


Configuration mode.

Command History

Release

Modification

3.2(2)

This command was introduced.

Usage Guidelines

To use this command, clustering must be enabled using the cluster enable command and Cisco SME services must be activated using the sme enable command.

Once you have configured the interface, use the no shutdown command to enable the interface.

To delete the Cisco SME interface, you must first remove the switch from the cluster. Use the no sme cluster command to remove the switch from the cluster and then use the no interface command to delete the interface.

The interface commands are available in the (config-if) submode.

Examples

The following example configures and enables the Cisco SME interface on the MPS-18/4 module slot and the default Cisco SME port:


switch# config terminal
switch(config)# interface sme 3/1
switch(config-if)# no shutdown

interface sme (Cisco SME cluster node configuration submode)

To add Cisco SME interface from a local or a remote switch to a cluster, use the interface sme command. To delete the interface, use the no form of the command.

interface sme { slot/ port} [force]

no interface sme { slot/ port} [force]

Syntax Description

slot

Identifies the MPS-18/4 module slot.

port

Identifies the Cisco SME port.

force

(Optional) Forcibly clears the previous interface context in the interface.

Command Default

Disabled.

Command Modes


Cisco SME cluster node configuration submode.

Command History

Release

Modification

3.2(2)

This command was introduced.

Usage Guidelines

You have to first configure a node using the fabric-membership command before this command can be executed.

To use this command, clustering must be enabled using the cluster enable command and Cisco SME services must be activated using the sme enable command.

To delete the Cisco SME interface, first remove the switch from the cluster. Use the no sme cluster command to remove the switch from the cluster and then use the no interface command to delete the interface.

Examples

The following example specifies the fabric to which the node belongs and then adds the Cisco SME interface (4/1) from a local switch using the force option:


switch# config terminal
switch(config)# sme cluster clustername1
switch(config-sme-cl)# node local
switch(config-sme-cl-node)# fabric-membership f1
switch(config-sme-cl-node)# interface sme 4/1 fabric sw-xyz

The following example specifies the fabric to which the node belongs and then adds the Cisco SME interface (4/1) from a remote switch using the force option:


switch# config terminal
switch(config)# sme cluster clustername1
switch(config-sme-cl)# node 171.71.23.33
switch(config-sme-cl-node)# fabric-membership f1
switch(config-sme-cl-node)# interface sme 4/1 fabric sw-xyz

interface vsan

To configure a VSAN interface, use the interface vsan command. To remove a VSAN interface, use the no form of the command.

interface vsan vsan-id

no interface vsan vsan-id

Syntax Description

vsan-id

Specifies the VSAN ID. The range is 1 to 4093.

Command Default

Disabled.

Command Modes


Configuration mode.

Command History

Release

Modification

1.0(2)

This command was introduced.

Usage Guidelines

None.

Examples

The following example selects a VSAN interface and enters interface configuration submode:


switch# config terminal
switch(config)# interface vsan 1
switch(config-if)#

ioa cluster

To configure an IOA cluster, use the ioa cluster command. To disable this feature, use the no form of the command.

ioa cluster { cluster name}

no ioa cluster { cluster name}

Syntax Description

cluster name

Specifies an IOA cluster name.

Command Default

None.

Command Modes


Configuration mode.

Command History

Release

Modification

NX-OS 4.2(1)

This command was introduced.

Usage Guidelines

None.

Examples

The following example shows how to configure an IOA cluster:


switch(config)# ioa cluster tape_vault
switch#(config-ioa-cl)#

ioa site-local

To configure an IOA site, use the ioa site-local command. To disable this feature, use the no form of the command.

ioa site-local { site name}

no ioa site-local { site name}

Syntax Description

site name

Specifies an IOA site name. The maximum name length is restricted to 31 alphabetical characters.

Command Default

None.

Command Modes


Configuration mode.

Command History

Release

Modification

NX-OS 4.2(1)

This command was introduced.

Usage Guidelines

None.

Examples

The following example shows how to configure an IOA local site:


switch# config t
switch(config)# ioa site-local SJC
switch#(config)#

ioa-ping

To validate the connectivity between the master switch and the specified target device (for a specific flow), use the ioa-ping command.

ioa-ping host hpwwn target tpwwn vsan vid interface if0

Syntax Description

host

Specifies the host address.

hpwwn

Specifies the host PWWN for the flow.

target

Specifies the target address.

tpwwn

Specifies the target PWWN for the flow.

vsan

Specifies the VSAN.

vid

Specifies the VSAN ID. The range is from 1 to 4093.

interface

Specifies the interface associated with the flow.

if0

Specifies the ioa interface for the flow over which the test unit ready commands will be sent.

Command Default

Prompts for user input.

Command Modes


EXEC mode.

Command History

Release

Modification

NX-OS 6.2(5)

This command was introduced.

Usage Guidelines

None.


Note

ioa-ping will work from 6.2(5) onwards and the command has to be executed from IOA master switch only.

Examples

The following example shows how to validate the connectivity between the master switch and the specified target device:


switch# ioa-ping host 10:00:00:00:11:a1:01:0a target 50:0a:09:80:11:4b:01:0a vsan 11 interface ioa 1/1

1: Round Trip Time  inf msec Device status 0 
2: Round Trip Time  inf msec Device status 0 
3: Round Trip Time  inf msec Device status 0 
4: Round Trip Time  inf msec Device status 0 
5: Round Trip Time  inf msec Device status 0 
5 transmitted, 5 received ,rtt min/avg/max =  inf/ inf/ inf (msec)
switch# 

ip access-group

To apply an access list to an interface, use the ip access-group command in interface mode. Use the no form of this command to negate a previously issued command or revert to factory defaults.

ip access-group access-list-name [in | out]

Syntax Description

access-list-name

Specifies the IP access list name. The maximum length is 64 alphanumeric characters and the text is case insensitive.

in

(Optional) Specifies that the group is for ingress traffic.

out

(Optional) Specifies that the group is for egress traffic.

Command Default

The access list is applied to both ingress and egress traffic.

Command Modes


Interface mode.

Command History

Release

Modification

1.2(1)

This command was introduced.

Usage Guidelines

The ip access-group command controls access to an interface. Each interface can only be associated with one access list. The access group becomes active immediately.

We recommend creating all rules in an access list, before creating the access group that uses that access list.

If you create an access group before an access list, the access list is created and all packets in that interface are dropped, because the access list is empty.

The access-group configuration for the ingress traffic applies to both local and remote traffic. The access-group configuration for the egress traffic applies only to local traffic. You can apply a different access list for each type of traffic.

Examples

The following example creates an access group called aclPermit for both the ingress and egress traffic (default):


switch# config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# ip access-list aclPermit permit ip any any
switch(config)# interface Gigabitethernet 3/1
switch(config-if)# ip access-group aclPermit 

The following example deletes the access group called aclPermit:


switch(config-if)# no ip access-group aclPermit 

The following example creates an access group called aclDenyTcp (if it does not already exist) for ingress traffic:


switch# config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# ip access-list aclDenyTcp deny tcp any any
switch(config)# interface gigabitethernet 3/1
switch(config-if)# ip access-group aclDenyTcp in 

The following example deletes the access group called aclDenyTcp for ingress traffic:


switch(config-if)# no ip access-group aclDenyTcp in

The following example creates an access list called aclPermitUdp (if it does not already exist) for local egress traffic:


switch# config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# ip access-list aclPermitUdp permit udp 192.168.32.0 0.0.7.255 any 
switch(config)# interface gigabitethernet 3/1
switch(config-if)# ip access-group aclPermitUdp out

The following example removes the access list called aclPermitUdp for local egress traffic:


switch(config-if)# no ip access-group aclPermitUdp out

ip access-list

IP access control lists can be used to filter IP packets though an interface. To configure IPv4 access control lists (ACLs), use the ip access-list command. To remove a line from an access list or completely remove the access list, use the corresponding no form of this command.

ip access-list name { permit | deny } protocol { any | src-ip src-mask } [ source-ports ] { any | dst-ip dst-mask } [destination-ports] [options]

no ip access-list name { permit | deny } protocol { any | src-ip src-mask } [ source-ports ] { any | dst-ip dst-mask } [destination-ports] [options]

no ip access-list name

where:

  • protocol—{icmp | ip | tcp [flags {{[ack]} {[all]} {[fin]} {[psh]} {[rst]} {[syn]} {[urg]}}] | udp | protocol-num}

  • source-ports—[eq port {dns | ftp | ftp-data | http | ntp | radius | sftp | smtp | snmp | snmp-trap | ssh | syslog | tacacs-ds | tacacs-plus | telnet | tftp | www | wbem-http | wbem-https | port-num} | gt port port-num-low | lt port port-num-high | range port port-num-low port-num-high]

  • destination-ports—[eq port {dst_dns | dst_ftp | dst_ftp-data | dst_http | dst_ntp | dst_radius | dst_sftp | dst_smtp | dst_snmp | dst_snmp-trap | dst_ssh | dst_syslog | dst_tacacs-ds | dst_tacacs-plus | dst_telnet | dst_tftp | dst_www | dst_wbem-http | dst_wbem-https | port-num} | gt port port-num-low | lt port port-num-high | range port port-num-low port-num-high]

  • options—[established | icmp-type {echo | echo-reply | redirect | time-exceeded | unreachable | traceroute | icmp-msg-num} [icmp-code icmpcode-num]] [tos {delay | throughput | reliability | monetary-cost | normal service}] [log-deny]

Syntax Description

name

Specifies an access list name. The maximum length is 28 alphanumeric characters.

deny

Drops the packet if the conditions match.

permit

Forwards the packet if the conditions match.

protocol

Specifies the name or number (integer range from 0 to 255) of an IP protocol. The IP protocol name can be icmp , ip , tcp , or udp .

flags flag-set

(Optional) Specifies TCP header flags to match. Multiple flags may be specified, separated by spaces.

The available flag names are:

all —Any TCP flag.

psh —The Push flag. It indicates the data should be immediately pushed through to the receiving user.

fin —The Finish flag. It is used to clear connections.

rst —Reset flag. It indicates that the receiver should delete the connection without further interaction.

syn —The Synchronize flag. It is used to establish connections.

urg —The Urgent flag. It indicates that the urgent field is meaningful and must be added to the segment sequence number.

any

Specifies any source or destination IP address. The any keyword is synonymous to the address 0.0.0.0 and wildcard mask 255.255.255.255.

src-ip src-mask

Specifies the network from which the packet is sent. Mask bits are 0 for match and 1 for don't care.

dst-ip dst-mask

Specifies the network to which the packet is to be sent. Mask bits are 0 for match and 1 for don't care.

source-ports

Specifies a set of source ports to match.

The syntax of this block is:

operator port-set

The following operators are available:

eq — equal to

gt — greater than and including

lt — less than and including

range — a range of source ports (inclusive)

The port-set is a single value for the eq, gt, lt operators and a pair of space separated ports, in low port high port order, for the range operator. Ports may be specified as a number or a name. The range for numbers is 0 to 65535.

The available names are as follows.

TCP:

ftp-data (20)

ftp (21)

ssh (22)

telnet (23)

smtp (25)

tacacs-plus (49)

tacacs-ds (65)

www (80)

sftp (115)

http (143)

radius (1812)

wbem-http (5988)

wbem-https (5989)

UDP:

dns (53)

tftp (69)

ntp (123)

snmp (161)

snmp-trap (162)

syslog (514)

destination-ports

Specifies a set of destination ports to match.

The syntax of this block is:

operator port-set

The following operators are available:

eq — equal to

gt — greater than and including

lt — less than and including

range — a range of source ports (inclusive)

The port-set is a single value for the eq, gt, lt operators and a pair of space separated ports, in low port high port order, for the range operator. Ports may be specified as a number or a name. The range for numbers is 0 to 65535.

The available names are as follows.

TCP:

dst_ftp-data (20)

dst_ftp (21)

dst_ssh (22)

dst_telnet (23)

dst_smtp (25)

dst_tacacs-plus (49)

dst_tacacs-ds (65)

dst_www (80)

dst_sftp (115)

dst_http (143)

dst_radius (1812)

dst_wbem-http (5988)

dst_wbem-https (5989)

UDP:

dst_dns (53)

dst_tftp (69)

dst_ntp (123)

dst_snmp (161)

dst_snmp-trap (162)

dst_syslog (514)

icmp-type icmp-value

Optional) Specifies an ICMP message type to match. icmp-value may be a number or a name. The range for numbers is 0 to 255.

The names are:

echo-reply (0)

unreachable (3)

redirect (5)

echo (8)

time-exceeded (11)

traceroute (30)

icmp-code icmpcode-num

(Optional) Specifies an ICMP message code to match as a number. The range of icmpcode-num is from 0 to 255.

established

(Optional) Indicates an established connection for the TCP protocol. A match occurs if the TCP datagram has the ACK, FIN, PSH, RST, or URG control bits set. The nonmatching case is that of the initial TCP datagram to form a connection.

tos tos-value

(Optional) Specifies the name of a type of service level to match.

The names are:

normal-service (0)

monetary-cost (1)

reliability (2)

throughput (4)

delay (8)

log-deny

(Optional) Logs an information level syslog message for each denied packet.

Command Default

No IP access lists are configured.

Command Modes


Configuration mode (config)

Command History

Release

Modification

1.2(1)

This command was introduced.

Usage Guidelines

An ACL is applied to each packet, starting at the first ACL rule. Each subsequent rule in the ACL is applied until there is a match. No further rules are applied after this. If there is no match the default rule is applied. Thus, it is important that rules are configured in the right order to achieve the desired results. Generally, 'deny' rules should be configured before 'permit' rules to ensure packets are dropped before matching an unintended 'permit' rule.

IP ACLs use an address and a wildcard mask to specify a range of IP addresses. The mask is applied to the specified address where bits in the mask that are 0 mean the corresponding bits in the specified address are used as written (they cannot change), including 0s. Bits that are 1 in the mask mean the corresponding bits in the address may have any value (they can change and are wild). This is the inverse behaviour of subnet masks.

Using the log-deny option at the end of the individual ACL entries shows the ACL number and whether the packet was permitted or denied, in addition to port-specific information. This option causes an information logging message about the packet that matches the dropped entry (or entries).

If the ACL specified does not exist, it is created when you enter this command. If the ACL already exists, new configuration commands are added to the end of it.

Each interface has a default action that is used when all entries in an IP ACL have been checked and there is no match. For management and non-IPS Gigabit Ethernet interfaces, this is an implicit deny ip any any action at the end of the IP ACL which will drop the packet. For IP Storage (IPS) interfaces, this is an implicit permit ip any any , which allows any IPS traffic. You must explicitly add a deny ip any any rule at the end of IP ACL for IPS interfaces to match the behaviour of other interfaces.

Table 1. Unsupported Keyword Combinations

Protocol Keyword

Unsupported Keywords

ip

eq

established

gt

lt

range

icmp-type

icmp

eq

established

gt

lt

range

udp

established

icmp-type

tcp

icmp-type

Examples

The following example configures an IP ACL called aclPermit and permits IP traffic from any source address to any destination address:


switch# config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# ip access-list aclPermit permit ip any any 

The following example removes the IP ACL called aclPermit:


switch# config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# no ip access-list aclPermit

The following example appends a rule to the IP ACL called aclPermit to deny TCP traffic from any source address to any destination address:


switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# ip access-list aclPermit deny tcp any any

The following example appends a rule to the IP ACL called aclPermitUdp that permits source addresses of 192.168.32.0 to 192.168.39.255. Subtracting 255.255.248.0 (subnet mask) from 255.255.255.255 yields 0.0.7.255:


switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# ip access-list aclPermitUdp permit udp 192.168.32.0 0.0.7.255 any

The following example appends a rule to the IP ACL called aclPermitIpToServer that permits all IP traffic from and to the specified networks:


switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# ip access-list aclPermitIpToServer permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 

The following example appends a rule to the IP ACL called aclDenyTcpIpPrt5 that denies TCP traffic from port 5 and any source address in the range 1.2.3.0 to 1.2.3.255 to any destination:


switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/
switch(config)# ip access-list aclDenyTcpIpPrt5 deny tcp 1.2.3.0 0.0.0.255 eq port 5 any

The following example removes this entry from the IP ACL:


switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/
switch(config)# no ip access-list aclDenyTcpIpPrt5 deny tcp 1.2.3.0 0.0.0.255 eq port 5 any

ip address (FCIP profile configuration submode)

To assign the local IP address of a Gigabit Ethernet interface to the FCIP profile, use the ip address command. To remove the IP address, use the no form of the command.

ip address address

no ip address address

Syntax Description

address

Specifies the IP address.

Command Default

Disabled.

Command Modes


FCIP profile configuration submode.

Command History

Release

Modification

1.3(1)

This command was introduced.

Usage Guidelines

To create a FCIP profile, you must assign a local IP address of a Gigabit Ethernet interface to the FCIP profile.

Examples

The following example assigns the local IP address of a Gigabit Ethernet interface to the FCIP profile:


switch# config terminal
switch(config)# fcip profile 5
switch(config-profile)# ip address 209.165.200.226

ip address (interface configuration)

To assign an IP address to a Gigabit Ethernet interface, use the ip address command in interface configuration submode. To remove the IP address, us the no form of the command.

ip address address netmask

no ip address address netmask

Syntax Description

address

Specifies the IP address.

netmask

Specifies the network mask.

Command Default

None.

Command Modes


Interface configuration submode.

Command History

Release

Modification

1.1(2)

This command was introduced.

Usage Guidelines

None.

Examples

The following example assigns an IP address to a Gigabit Ethernet interface:


switch# config terminal
switch(config)# interface gigabitethernet 1/2
switch(config-profile)# ip address 10.5.1.1 255.255.0.0

ip default-gateway

To configure the IP address of the default gateway, use the ip default-gateway command. To disable the IP address of the default gateway, use the no form of the command.

ip default-gateway destination-ip-address [interface cpp slot_number/ processor-number/ vsan-id]

no ip default-gateway destination-ip-address [interface cpp slot_number/ processor-number/ vsan-id]

Syntax Description

destination-ip-address

Specifies the IP address,

interface

(Optional) Configures an interface.

cpp

(Optional) Specifies a virtualization IPFC interface.

slot

(Optional) Specifies a slot number of the ASM.

processor-number

(Optional) Specifies the processor number for the IPFC interface. The current processor number is always 1.

vsan-id

(Optional) Specifies the ID of the management VSAN. The range 1 to 4093.

Command Default

None.

Command Modes


Configuration mode.

Command History

Release

Modification

1.0(2)

This command was introduced.

Usage Guidelines

None.

Examples

The following example configures the IP default gateway to 1.1.1.4:


switch# config terminal
switch(config)# ip default-gateway 1.1.1.4

ip default-network

To configure the IP address of the default network, use the ip default-network command in configuration mode. To disable the IP address of the default network, use the no form of the command.

ip default-network ip-address

no ip default-network ip-address

Syntax Description

ip-address

Specifies the IP address of the default network.

Command Default

None.

Command Modes


Configuration mode.

Command History

Release

Modification

1.0(2)

This command was introduced.

Usage Guidelines

None.

Examples

The following example configures the IP address of the default network to 1.1.1.4:


switch# config terminal
switch(config)# ip default-network 209.165.200.226 
switch(config)# ip default-gateway 209.165.200.227 

ip (destination-group)

To configure an IPv4 or IPv6 destination address for a destination group, use the ip command. To remove the destination address, use the no form of this command.

{ip | ipv6} address address port number [protocol procedural-protocol encoding encoding-protocol]

Syntax Description

address address

Destination IPv4 or IPv6 address.

port number

Destination port number.

protocol procedural-protocol

Transport protocol. gRPC is the supported transport protocol.

encoding encoding-protocol

Encoding format. Google Protocol Buffers (GPB) is the supported encoding format.

Command Default

IP address is not configured for a destination group.

Command Modes


Telemetry destination group configuration mode (conf-tm-dest)

Command History

Release

Modification

8.3(1)

This command was introduced.

Usage Guidelines

When the destination group is linked to a subscription node, telemetry data is sent to the IP address and port specified in the profile.

Examples

This example shows how to configure an IPv4 and IPv6 address to a destination group with the default transport protocol and default encoding:


switch# configure
switch(config)# telemetry 
switch(config-telemetry)# destination-group 100
switch(conf-tm-dest)# ip address 1.2.3.4 port 50003 protocol gRPC encoding GPB
switch(conf-tm-dest)# destination-group 100
switch(conf-tm-dest)# ipv6 address 1:1::1:1 port 50009 protocol gRPC encoding GPB

This example shows how to remove an IPv4 and IPv6 address from a destination group with the default transport protocol and default encoding:


switch# configure
switch(config)# telemetry 
switch(config-telemetry)# destination-group 100
switch(conf-tm-dest)# no ip address 1.2.3.4 port 50003 protocol gRPC encoding GPB
switch(conf-tm-dest)# destination-group 100
switch(conf-tm-dest)# no ipv6 address 1:1::1:1 port 50009 protocol gRPC encoding GPB

ip domain-list

To configure or un-configure one or more domain names, use the ip domain-list command in configuration mode. To disable the IP domain list, use the no form of the command.

ip domain-list domain-name

no ip domain-list domain-name

Syntax Description

domain-name

Specifies the domain name for the IP domain list. Maximum length is 80 characters.

Command Default

If there is a domain list, the default domain name is not used.

Command Modes


Configuration mode.

Command History

Release

Modification

1.0(2)

This command was introduced.

Usage Guidelines

When “ping dino” is initiated, IP stack will append dino.cisco.com (whatever configured in domain-name) first for Name resolution. If that doesn’t succeed, it will try with domain-list.


Note

If there is no domain list, the domain name that you specified with the ip domain-name global configuration command is used. More than one "ip domain-list "command can be entered and they will be tried in order.

Examples

The following example configures the IP domain list:


switch# config terminal
switch(config)# ip domain-list juniper.com

ip domain-lookup

To enable the DNS hostname to address translation, use the ip domain-lookup command in configuration mode. Use the no form of this command to disable this feature.

ip domain-lookup

no ip domain-lookup

Syntax Description

This command has no arguments or keywords.

Command Default

Enabled.

Command Modes


Configuration mode.

Command History

Release

Modification

1.0(2)

This command was introduced.

Usage Guidelines

Instead of IP addresses, you can configure the switch using meaningful names. When names are configured the switch automatically looks up the name to get its corresponding IP address.


Note

In addition to ip domain-lookup , other commands need to be entered as well such as "ip name-server " and optionally, "ip domain-name " and "ip domain-list ".

Examples

The following example configures a DNS server lookup feature:


switch# config terminal
switch(config)# ip domain-lookup

ip domain-name

To configure a domain name, use the ip domain-name command in configuration mode. To delete a domain name, use the no form of the command.

ip domain-name domain-name

no ip domain-name domain-name

Syntax Description

domain-name

Specifies the domain name.

Command Default

None.

Command Modes


Configuration mode.

Command History

Release

Modification

1.0(2)

This command was introduced.

Usage Guidelines

When “ping dino” is initiated, IP stack will append dino.cisco.com (whatever configured in domain-name) first for name resolution. If that doesn’t succeed, it will try with domain-list.

Examples

The following example configures a domain name:


switch# config terminal
switch(config)# ip domain-name cisco.com

ip name-server

To configure one or more IP name servers, use the ip name-server command in configuration mode. To disable this feature, use the no form of the command.

ip name-server ip-address

no ip name-server ip-address

Syntax Description

ip-address

Specifies the IP address for the name server.

Command Default

The default is no name servers are configured and no IP name resolution is performed.

Command Modes


Configuration mode.

Command History

Release

Modification

1.0(2)

This command was introduced.

Usage Guidelines

You can configures a maximum of six servers. By default, no server is configured.

Examples

The following example configure a name server with an IP address of 209.165.200.226:


switch# config terminal
switch(config)# ip name-server 209.165.200.226

The following example specifies the first address (209.165.200.226) as the primary server and the second address (209.165.200.227) as the secondary sever:


switch(config)# ip name-server 209.165.200.226 209.165.200.227

The following example deletes the configured server(s) and reverts to factory default:


switch(config)# no ip name-server

ip route

To configure a static route, use the ip route command in configuration mode.

ip route ip-address subnet-mask [ nexthop_ip-address] [interface {gigabitethernet slot / port | mgmt 0 | port-channel channel-id | vsan vsan-id} | distance distance-number]

no ip route ip-address subnet-mask [ nexthop_ip-address] [interface {gigabitethernet slot / port | mgmt 0 | port-channel channel-id | vsan vsan-id} | distance distance-number]

Syntax Description

ip-address

Specifies the IP address for the route.

subnet-mask

Specifies the subnet mask for the route.

nexthop_ip-address

(Optional) Specifies the IP address of the next hop switch.

interface

(Optional) Configures the interface associated with the route.

gigabitethernet slot / port

Specifies a Gigabit Ethernet interface at a port and slot.

mgmt 0

Specifies the managment interface (mgmt 0).

port-channel channel-id

Specifies a PortChannel interface. The range is 1 to 128.

vsan vsan-id

Specifies a VSAN ID. The range is 1 to 4093.

distance distance-number

(Optional) Specifies the distance metric for this route. It can be from 0 to 32766.

Command Default

None.

Command Modes


Configuration mode.

Command History

Release

Modification

1.0(2)

This command was introduced.

Usage Guidelines

None.

Examples

The following example shows how to configure a static route:


switch# config terminal
switch(config)# IP route 10.0.0.0 255.0.0.0 20.20.20.10 distance 10 interface vsan 1

ip routing

To enable the IP forwarding feature, use the ip routing command in configuration mode. To disable this feature, use the no form of the command.

ip routing

no ip routing

Syntax Description

This command has no arguments or keywords.

Command Default

Disabled.

Command Modes


Configuration mode.

Command History

Release

Modification

1.0(2)

This command was introduced.

Usage Guidelines

None.

Examples

The following example enables the IP forwarding feature:


switch# config terminal
switch(config)# ip routing

ip-compression

To enable compression on the FCIP link, use the ip-compression command in interface configuration submode. To disable compression, use the no form of the command.

ip-compression [auto | mode1 | mode2 | mode3]

no ip-compression [auto | mode1 | mode2 | mode3]

Syntax Description

auto

(Optional) Enables the automatic compression setting.

mode1

(Optional) Enables fast compression for the following high bandwidth links:

PS-4 and IPS-8, less then 100 Mbps MPS-14/2, up to 1 Gbps

mode2

(Optional) Enables moderate compression for medium bandwidth links less than 25 Mbps.

mode3

(Optional) Enables compression for bandwidth links less than 10 Mbps.

Command Default

Disabled.

Command Modes


Interface configuration submode.

Command History

Release

Modification

1.3(1)

This command was introduced.

2.0(x)

Changed the keywords from high-throughput and high-comp-ratio to mode1 , mode2 , and mode3 .

Usage Guidelines

When no compression mode is entered in the command, the default is auto .

The FCIP compression feature introduced in Cisco SAN-OS Release 1.3 allows IP packets to be compressed on the FCIP link if this feature is enabled on that link. By default the FCIP compression is disabled. When enabled, the software defaults to using the auto mode (if a mode is not specified).

With Cisco SAN-OS Release 2.0(1b) and later, you can configure FCIP compression using one of the following modes:

  • mode1 is a fast compression mode for high bandwidth links (> 25 Mbps).
  • mode2 is a moderate compression mode for moderately low bandwidth links (between 10 and 25 Mbps).
  • mode3 is a high compression mode for low bandwidth links (< 10 Mbps).
  • auto (default) mode determines the appropriate compression scheme based on the bandwidth of the link (the bandwidth of the link configured in the FCIP profile’s TCP parameters).

The IP compression feature behavior differs between the IPS module(s) and the MPS-14/2 module. While mode2 and mode3 perform software compression in both modules, mode1 performs hardware-based compression in MPS-14/2 modules, and software compression in IPS-4 and IPS-8 modules.

In Cisco MDS SAN-OS Release 2.1(1a) and later, the auto mode option uses a combination of compression modes to effectively utilize the WAN bandwidth. The compression modes change dynamically to maximize the WAN bandwidth utilization.

Examples

The following example enables faster compression:


switch# config terminal
switch(config) interface fcip 1
switch(config-if)# ip-compression mode1

The following example enables automatic compression by default:


switch(config-if)# ip-compression

The following example disables compression:


switch(config-if)# no ip-compression

ips netsim delay-ms

To delay packets that arrive at a specified Gigabit Ethernet interface specifying milliseconds, use the ips netsim delay command in SAN extension tuner configuration submode.

ips netsim delay-ms milliseconds ingress gigabitethernet slot/ port

Syntax Description

milliseconds

Specifies the delay in milliseconds. The range is 0 to 150.

ingress

Specifies the ingress direction.

gigabitethernet slot/ port

Specifies the the slot and port number of the Gigabit Ethernet interface.

Command Default

Disabled.

Command Modes


SAN extension tuner configuration submode.

Command History

Release

Modification

3.1(1)

This command was introduced.

Usage Guidelines

To use this command, you must enable the IP Network Simulator using the ips netsim enable command.

This command introduces a delay for all packets entering the Gigabit Ethernet interface. Delay is unidirectional. To introduce delay in the opposite direction, use the slot and port number of the adjacent interface.

Examples

The following example shows how to configure a delay of 50 milliseconds for packets entering Gigabit Ethernet interface 2/3:


switch# config terminal
switch(config)#
switch(config)# san-ext-tuner enable
switch(config)# exit
switch#
switch# ips netsim delay-ms 50 ingress gigabitethernet 2/3

ips netsim delay-us

To delay packets that arrive at a specified Gigabit Ethernet interface specifying microseconds, use the ips netsim delay command in SAN extension tuner configuration submode.

ipsnetsimdelay-usmicrosecondsingressgigabitethernetslot/ port

Syntax Description

microseconds

Specifies the delay in microseconds. The range is 0 to 150000.

ingress

Specifies the ingress direction.

gigabitethernet slot/ port

Specifies the the slot and port number of the Gigabit Ethernet interface.

Command Default

Disabled.

Command Modes


SAN extension tuner configuration submode.

Command History

Release

Modification

3.1(1)

This command was introduced.

Usage Guidelines

To use this command, you must enable the IP Network Simulator using the ips netsim enable command.

This command introduces a delay for all packets entering the Gigabit Ethernet interface. Delay is unidirectional. To introduce delay in the opposite direction, use the slot and port number of the adjacent interface.

Examples

The following example shows how to configure a delay of 50 microseconds for packets entering Gigabit Ethernet interface 2/3:


switch# config terminal
switch(config)#
switch(config)# san-ext-tuner enable
switch(config)# exit
switch#
switch# ips netsim delay-us 50 ingress gigabitethernet 2/3

ips netsim drop nth

To drop packets every nth packet at a specified Gigabit Ethernet interface, use the ips netsim drop nth command in SAN extension tuner configuration submode.

ips netsim drop nth packet {burst burst-size ingress gigabitethernet slot/ port | ingress gigabitethernet slot/ port}

Syntax Description

packet

Specifies a specific packet to drop. The range is 0 to 10,000.

burst burst-size

Specifies the packet burst size. The range is 1 to 100.

ingress

Specifies the ingress direction.

gigabitethernet slot/ port

Specifies the the slot and port number of the Gigabit Ethernet interface.

Command Default

Disabled.

Command Modes


SAN extension tuner configuration submode.

Command History

Release

Modification

3.1(1)

This command was introduced.

Usage Guidelines

To use this command, you must enable the IP Network Simulator using the ips netsim enable command.

You can configure the IP Network Simulator to simulate packet drops (even when the queue is not full) randomly (specified as a percentage) or every Nth packet. Percentage is represented as the number of packets in 10,000. For example, if you want to drop one percent of packets, then specify it as 100 packets in 10,000. To simulate a realistic scenario for IP networks using random drops, the drop percentage should be between zero and one percent of packet drops in the specified traffic direction.

If you use the optional burst parameter, then a specified number of packets are dropped. If you do not specify the burst parameter, then only one packet is dropped. The burst limit for either random or Nth drops is 1 to 100 packets. Take the burst parameter into account when specifying the percentage of packets dropped. For example, if you select a random drop of 100 packets in 10,000 (or one percent) with a burst of 2, 200 packets (or two percent) in every 10,000 packets are dropped. Specifying 2 for burst doubles the packet drop.

Examples

The following example shows how to configure an interface to drop every 100th packet, 2 packets at a time:


switch# config terminal
switch(config)#
switch(config)# san-ext-tuner enable
switch(config)# exit
switch#
switch# ips netsim drop nth 100 burst 2 ingress gigabitethernet 2/3

ips netsim drop random

To drop packets randomly at a specified Gigabit Ethernet interface, use the ips netsim drop random command in SAN extension tuner configuration submode.

ips netsim drop random packet-percentage {burst burst-size ingress gigabitethernet slot/ port | ingress gigabitethernet slot/ port}

Syntax Description

packet-percentage

Specifies the percentage of packets dropped. The range is 0 to 10000.

burst burst-size

Specifies the packet burst size. The range is 1 to 100.

ingress

Specifies the ingress direction.

gigabitethernet slot / port

Specifies the the slot and port number of the Gigabit Ethernet interface.

Command Default

Disabled.

Command Modes


SAN extension tuner configuration submode.

Command History

Release

Modification

3.1(1)

This command was introduced.

Usage Guidelines

To use this command, you must enable the IP Network Simulator using the ips netsim enable command.

You can configure the IP Network Simulator to simulate packet drops (even when the queue is not full) randomly (specified as a percentage) or every Nth packet. Percentage is represented as the number of packets in 10,000. For example, if you want to drop one percent of packets, then specify it as 100 packets in 10,000. To simulate a realistic scenario for IP networks using random drops, the drop percentage should be between zero and one percent of packet drops in the specified traffic direction.

If you use the optional burst parameter, then a specified number of packets are dropped. If you do not specify the burst parameter, then only one packet is dropped. The burst limit for either random or Nth drops is 1 to 100 packets. Take the burst parameter into account when specifying the percentage of packets dropped. For example, if you select a random drop of 100 packets in 10,000 (or one percent) with a burst of 2, 200 packets (or two percent) in every 10,000 packets are dropped. Specifying 2 for burst doubles the packet drop.

Examples

The following example shows how to configure an interface to drop one percent of packets:


switch# config terminal
switch(config)#
switch(config)# san-ext-tuner enable
switch(config)# exit
switch#
switch# ips netsim drop random 100 burst 1 ingress gigabitethernet 2/3

ips netsim enable

To enable two Gigabit Ethernet interfaces to operate in the network simulation mode, enter the ips netsim enable command in SAN extension tuner configuration submode. To disable this feature, use the no form of the command.

ips netsim enable interface gigabitethernet slot/ port gigabitethernet slot/ port

no ips netsim enable interface gigabitethernet slot/ port gigabitethernet slot/ port

Syntax Description

interface

Specifies that interfaces are enabled.

gigabitethernet slot/port

Specifies the the slot and port number of the Gigabit Ethernet interface.

Command Default

Disabled.

Command Modes


SAN extension tuner configuration submode.

Command History

Release

Modification

3.1(1)

This command was introduced.

Usage Guidelines

This command enables two Gigabit Ethernet interfaces to simulate network characteristics. The first interface specified is the ingress port and the second interface specified is the egress port. Ports must be adjacent and the ingress interface must be an odd-numbered port.

Interfaces configured with this command can no longer be used for FCIP or iSCSI. When the SAN extension tuner configuration submode is turned off, any interface configured for network simulation reverts back to normal operation.

Examples

The following example enables the IP Network Simulator and configures interfaces 2/3 and 2/4 for network simulation:


switch# config terminal
switch(config)#
switch(config)# san-ext-tuner enable
switch(config)# exit
switch#
switch# ips netsim enable interface gigabitethernet 2/3 gigabitethernet 2/4

ips netsim max-bandwidth-kbps

To limit the bandwidth in kilobytes per second of a specified Gigabit Ethernet interface, use the ips netsim max-bandwidth-kbps command in SAN extension tuner configuration submode.

ips netsim max-bandwidth-kbps bandwidth ingress gigabitethernet slot/ port

Syntax Description

bandwidth

Specifies the bandwidth in kilobytes per second. The range is 1000 to 1000000.

ingress

Specifies the ingress direction.

gigabitethernet slot/ port

Specifies the the slot and port number of the Gigabit Ethernet interface.

Command Default

Disabled.

Command Modes


SAN extension tuner configuration submode.

Command History

Release

Modification

3.1(1)

This command was introduced.

Usage Guidelines

To use this command, you must enable the IP Network Simulator using the ips netsim enable command.

Examples

The following example shows how to limit the interface bandwidth to 4500 Kbps:


switch# config terminal
switch(config)#
switch(config)# san-ext-tuner enable
switch(config)# exit
switch#
switch# ips netsim max-bandwidth-kbps 4500 ingress gigabitethernet 2/3

ips netsim max-bandwidth-mbps

To limit the bandwidth in megabytes per second of a specified Gigabit Ethernet interface, use the ips netsim max-bandwidth-mbps command in SAN extension tuner configuration submode.

ips netsim max-bandwidth-mbps bandwidth ingress gigabitethernet slot/ port

Syntax Description

bandwidth

Specifies the bandwidth in megabytes per second. The range is 1 to 1000.

ingress

Specifies the ingress direction.

gigabitethernet slot/ port

Specifies the the slot and port number of the Gigabit Ethernet interface.

Command Default

Disabled.

Command Modes


SAN extension tuner configuration submode.

Command History

Release

Modification

3.1(1)

This command was introduced.

Usage Guidelines

To use this command, you must enable the IP Network Simulator using the ips netsim enable command.

Examples

The following example shows how to limit the interface bandwidth to 45 Mbps:


switch# config terminal
switch(config)#
switch(config)# san-ext-tuner enable
switch(config)# exit
switch#
switch# ips netsim max-bandwidth-mbps 45 ingress gigabitethernet 2/3

ips netsim qsize

To limit the size of the queue on a specified Gigabit Ethernet interface, use the ips netsim qsize command in SAN extension tuner configuration submode.

ips netsim qsize queue-size ingress gigabitethernet slot/ port

Syntax Description

queue-size

Specifies the queue size. The range is 0 to 1000000.

ingress

Specifies the ingress direction.

gigabitethernet slot / port

Specifies the the slot and port number of the Gigabit Ethernet interface.

Command Default

Disabled.

Command Modes


SAN extension tuner configuration submode.

Command History

Release

Modification

3.1(1)

This command was introduced.

Usage Guidelines

To use this command, you must enable the IP Network Simulator using the ips netsim enable command.

This command rate limits the size of the queue on a specified Gigabit Ethernet port. The recommended queue size for network simulation is 50000 to 150000. If the queue becomes full, packets are dropped.

Examples

The following example shows how to limit the queue size to 75 KB:


switch# config terminal
switch(config)#
switch(config)# san-ext-tuner enable
switch(config)# exit
switch#
switch# ips netsim qsize 75 ingress gigabitethernet 2/3

ips netsim reorder

To reorder packets entering a specified Gigabit Ethernet interface, use the ips netsim reorder command in SAN extension tuner configuration submode.

ips netsim reorder {nth packet distance dist-packet ingress gigabitethernet slot/ port | nth packet ingress gigabitethernet slot/ port}|{ random percent distance dist-packet ingress gigabitethernet slot/ port| random percent ingress gigabitethernet slot/ port}

Syntax Description

nth packet

Specifies a specific packet reordered. The range is 0 to 10,000.

distance dist-packet

Specifies the distance between the packet to be reordered and the packet at the head of the queue. The range is 1 to 10.

ingress

Specifies the ingress direction.

gigabitethernet slot/ port

Specifies the the slot and port number of the Gigabit Ethernet interface.

random percent

Specifies the percentage of packets passed before a reorder. The range is 0 to 10,000.

Command Default

Disabled.

Command Modes


SAN extension tuner configuration submode.

Command History

Release

Modification

3.1(1)

This command was introduced.

Usage Guidelines

To use this command, you must enable the IP Network Simulator using the ips netsim enable command.

You can configure network simulator to reorder packets (even when the queue is not full) randomly (specified as a percentage) or every Nth packet. Percentage is represented as the number of packets in 10,000. For example, if you want to reorder one percent of packets, then specify it as 100 packets in 10,000. To simulate a realistic scenario for IP networks using random reordering, the percentage should be between zero and one percent of packet reordered in the specified traffic direction.

If you use the optional burst parameter, then the specified number of packets will be reordered. If you do not specify the burst parameter, then only one packet is reordered.

Examples

The following example shows reordering at 50 percent with a distance limit of 5:


switch# config terminal
switch(config)#
switch(config)# san-ext-tuner enable
switch(config)# exit
switch#
switch# ips netsim reorder random 50 distance 5 ingress gigabitethernet 2/3

The following example shows reordering of every 50th packet with a distance limit of 5:


switch# config terminal
switch(config)#
switch(config)# san-ext-tuner enable
switch(config)# exit
switch#
switch# ips netsim reorder nth 50 distance 5 ingress gigabitethernet 2/3

ipv6 access-list

To configure an IPv6 access control list (ACL) and enter IPv6-ACL configuration submode, use the ipv6 access-list command in configuration mode. To discard an IPv6 ACL, use the no form of the command.

ipv6 access-list list-name

no ipv6 access-list list-name

Syntax Description

list-name

Specifies an IP access control list name. The maximum size is 64.

Command Default

None.

Command Modes


Configuration mode.

Command History

Release

Modification

3.0(1)

This command was introduced.

Usage Guidelines

Before using the ipv6 access-list command to configure an IPv6 ACL on a switch, become familiar with the features of IPv6 and its extended addressing capabilities. In particular, it is important to understand the different types of IPv6 address formats, the IPv6 address prefix format, and the different IPv6 address types. For detailed information about IPv6.

Examples

The following example configures an IPv6 access list called List1 and enters IPv6-ACL configuration submode:


switch # config terminal
Enter configuration commands, one per line. End with CNTL/Z. 
switch(config)# ipv6 access-list List1
switch(config-ipv6-acl)# 

The following example removes the IPv6 access list called List1 and all of its entries:


switch(config)# no ipv6 access-list List1
switch(config)# 

ipv6 address

To enable IPv6 processing and configure an IPv6 address on the interface, use the ipv6 address command in interface configuration submode. To remove an IPv6 address, use the no form of the command.

ipv6 address ipv6-address-prefix

no ipv6 address ipv6-address-prefix

Syntax Description

ipv6-address-prefix

Specifies the IPv6 address prefix. The format is X:X:X::X/n .

Command Default

None.

Command Modes


Interface configuration submode.

Command History

Release

Modification

3.0(1)

This command was introduced.

Usage Guidelines

You can use the ipv6 address command to enable IPv6 processing and configure the IPv6 address on the interface. An IPv6 a ddress must be configured on an interface for the interface to forward IPv6 traffic.

Assigning a unicast address generates a link local address and implicitly enables IPv6.


Note

The ipv6-address-prefix argument in the ipv6 address command must be in the form documented in R FC 2373, where the address is specified in hexadecimal using 16-bit values between colons. A slash mark (/) precedes a decimal value that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address).

Examples

The following example assigns a unicast IPv6 address to the interface and enables IPv6 processing on the interface:


switch#config terminal
Enter configuration commands, one per line. End with CNTL/Z. 
switch(config)#interface gigabitethernet 2/2
switch(config-if)#ipv6 address 2001:0DB8:800:200C::417A/64

ipv6 enable

To enable IPv6 processing and configure an IPv6 link-local address on the interface, use the ipv6 enable command in interface configuration submode. To disable IPv6 processing and remove the link-local address, use the no form of the command.

ipv6 enable

no ipv6 enable

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Command Modes


Interface configuration submode.

Command History

Release

Modification

3.0(1)

This command was introduced.

Usage Guidelines

When you enable IPv6 on an interface, a link local address is automatically assigned. This address is used for communication on the switch:

Examples

The following example enables IPv6 processing on the interface:


switch#config terminal
Enter configuration commands, one per line. End with CNTL/Z. 
switch(config)#interface gigabitethernet 2/2
switch(config-if)#ipv6 enable

The following example disables IPv6 processing on the interface:

switch(config-if)# no ipv6 enable

ipv6 nd

To configure IPv6 neighbor discovery commands on the interface, use the ipv6 nd command in interface configuration submode. To remove IPv6 neighbor discovery configuration commands, use the no form of the command.

ipv6 nd {dad attempts number | reachable-time time | retransmission-time time}

no ipv6 nd {dad attempts number | reachable-time time | retransmission-time time}

Syntax Description

dad attempts number

Configures duplicate address detection (DAD) attempts. The range is 0 to 15.

reachable-time time

Configures reachability time. Specifies the reachability time in milliseconds. The range is 1000 to 3600000.

retransmission-time time

Configures the retransmission timer. Specifies the retransmission time in milliseconds. The range is 1000 to 3600000.

Command Default

DAD attempts: 0.

Reachable-time: 30000 milliseconds.

Retransmission-time: 1000 milliseconds.

Command Modes


Interface configuration submode.

Command History

Release

Modification

3.0(1)

This command was introduced.

Usage Guidelines

A router must be able to determine the link-local address for each of its neighboring routers in order to ensure that the target address (the final destination) in a redirect message identifies the neighbor router by its link-local address. For static routing, the address of the next-hop router should be specified using the link-local address of the router; for dynamic routing, all IPv6 routing protocols must exchange the link-local addresses of neighboring routers.


Note

A high number of DAD attempts (greater than 2) can delay address assignment.

For complete information about IPv6 neighbor discovery.

Examples

The following example sets the duplicate address detection attempts count to 2:


switch# config terminal
switch(config)# interface gigabitethernet 2/2
switch(config-if)# ipv6 nd dad attempts 2

The following example sets the reachability time to 10000 milliseconds:


switch(config-if)# ipv6 nd reachability-time 10000

The following example sets the retransmission time to 20000 milliseconds:


switch(config-if)# ipv6 nd retransmission-time 20000

ipv6 route

To configure an IPv6 static route, use the ipv6 route command in configuration mode. To remove or disable an IPv6 static route, use the no form of the command.

ipv6 route destination-address-prefix next-hop-address [distance distance-metric | interface {gigabitethernet slot/ port | mgmt number | port-channel number | vsan vsan-id}] [distance distance-metric]

no ipv6 route destination-address-prefix next-hop-address [distance distance-metric | interface {gigabitethernet slot/ port | mgmt number | port-channel number | vsan vsan-id}] [distance distance-metric]

Syntax Description

destination-address-prefix

Specifies the IPv6 destination address prefix. The format is X:X:X::X/n .

next-hop-address

Specifies the next hop IPv6 address. The format is X:X:X::X .

distance

(Optional) Configures an IPv6 route metric.

distance-metric

Specifies a distance metric for the specified route. The range is 0 to 32766.

interface

(Optional) Configures a next hop IPv6 address.

gigabitethernet slot/ port

(Optional) Specifies a Gigabit Ethernet slot and port number.

mgmt number

(Optional) Specifies the management interface.