S Commands

salt (sa configuration submode)

To configure the salt for the Security Association (SA), use the key command. To delete the salt from the SA, use the no form of the command.

salt salt

no salt salt

Syntax Description

salt

Specifies the salt for encryption. The range is from 0x0 to 0xffffffff.

Command Default

None.

Command Modes


Configuration submode

Command History

Release

Modification

NX-OS 4.2(1)

This command was introduced.

Usage Guidelines

None.

Examples

The following example shows how to configure the salt for the current SA:


switch# config t
switch(config)# fcsp esp sa 257
This is a Early Field Trial (EFT) feature.  Please do not use this in a producti
on environment. Continue Y/N ? [no] y
switch(config-sa)# salt 0x0 

san-ext-tuner enable

To enable the IP Network Simulator to simulate a variety of data network conditions, use the san-ext-tuner enable command.

san-ext-tuner enable

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Command Modes


Configuration mode

Command History

Release

Modification

3.1(1)

This command was introduced.

Usage Guidelines

The IP Network Simulator tool is used for network simulation and is supported on the 8-port IP Storage Services (IPS-8) module and 4-port IP Storage Services (IPS-4) module only. You must also have either the SAN extension over IP package for IPS-8 modules (SAN_EXTN_OVER_IP) or SAN extension over IP package for IPS-4 modules (SAN_EXTN_OVER_IP_IPS4), so that you can enable the SAN Extension Tuner, a prerequisite for enabling and using the network simulator.

You must have a pair of Gigabit Ethernet ports dedicated for each Ethernet path requiring simulation; these ports cannot provide FCIP or iSCSI functionality while simulation occurs. The remaining ports that are not performing network simulations can run FCIP or iSCSI. Ports dedicated to network simulation must be adjacent, and always begin with an odd-numbered port. For example, GE 1/1 and GE 1/2 would be a valid pair, while GE 2/2 and GE 2/3 would not.


Note

This command is not supported on the Cisco MDS 9124 switch, the Cisco Fabric Switch for HP c-Class BladeSystem, and the Cisco Fabric Switch for IBM BladeCenter.

Examples

The following example shows how to enable the SAN Extension Tuner and enable a pair of ports for network simulation:


switch# 
config t
switch(config)#
switch(config)# 
san-ext-tuner enable
switch(config)# 
exit
switch#
switch# 
ips netsim enable interface gigabitethernet 2/3 gigabitethernet 2/4

santap module

To configure the mapping between the Storage Services Module (SSM) and the VSAN where the appliance is configured, use the santap module command in configuration mode. To disable this feature, use the no form of the command.

santap module slot-number {appl-vsan vsan-id [cvt-name cvt-name] | dvt target-pwwn target-pwwn target-vsan target-vsan-id dvt-name dvt-name dvt-vsan dvt-vsan-id [dvt-port port-number] [lun-size-handling enable/ disable] [io-timeout timeout-value]}

no santap module slot-number {appl-vsan vsan-id [cvt-name cvt-name] | dvt target-pwwn target-pwwn}

Syntax Description

slot-number

Specifies the slot number of the SSM where the control virtual target (CVT) is created.

appl-vsan vsan-id

Specifies the appliance VSAN identification number used to communicate with the appliance. The range is 1 to 4093.

cvt-name cvt-name

(Optional) Specifies the control virtual target (CVT) name. The maximum size is 80 characters.

dvt

Configures the data virtual target (DVT).

target-pwwn target-pwwn

Specifies the target pWWN for the DVT. The format is hh:hh:hh:hh:hh:hh:hh:hh.

target-vsan target-vsan-id

Specifies the target VSAN for the DVT. The range for the real target-vsan-id is 1 through 4093.

dvt-name dvt-name

Specifies the DVT name. The maximum size is 80 characters.

dvt-vsan dvt- vsan-id

Specifies the DVT VSAN. The range for the dvt-vsan-id is 1 through 4093.

dvt-port port-number

(Optional) Specifies the DVT port. The range for the port number is 1 through 32.

lun-size-handling enable/disable

(Optional) Enables or disables LUN size handling. Specify 1 to enable or 0 to disable LUN size handling, with the default being enable.

io-timeout timeout-value

(Optional) Specifies the I/O timeout value. The range is 10 to 200 seconds, with the default being 10 seconds.

Command Default

Disabled.

The IO-timeout is 10 seconds.

Lun-size-handling is Enabled.

Command Modes


onfiguration mode.

Command History

Release

Modification

2.1(1a)

This command was introduced.

3.0(1)

Added the following options: cvt-name , dvt , target-pwwn , target-vsan , dvt-name , dvt-vsan , dvt-port , lun-size-handling , and io-timeout .

Usage Guidelines

To access this command, you must first enable the SANTap feature on the SSM using the ssm enable feature command.

When the lun-size-handling option is set (enabled), the maximum logical block addressing (LBA) for DVT LUN is set to 2 TB. As a result, there is no issue with LUN resizing.


Note

You can delete dvt target-pwwn using the no santap module slot dvt target-pwwn command. Other dvt options are not supported by the no form of the command.

Examples

The following example shows the configuration of the SSM where the SANTap feature is enabled and the VSAN used to communicate with the appliance:


switch# config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# santap module 1 appl-vsan 1

scaling batch enable

To enable scalability in the Cisco SME configuration, use the scaling batch enable command. To disable this feature, use the no form of the command.

scaling batch enable

no scaling batch enable

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Command Modes


Cisco SME cluster onfiguration submode

Command History

Release

Modification

NX-OS 4.1(3)

This command was introduced.

Usage Guidelines

None.

Examples

The following example shows how to enable Cisco SME scalability:


switch# config t
switch(config)# sme cluster c1
switch(config-sme-cl)# scaling batch enable
switch(config-sme-cl)#

scheduler

To schedule a maintenance job, use the scheduler command. To disable a job, use the no form of the command.

scheduler {aaa-authentication [username username] password [0 | 7] password | job name job-name | logfile size filesize | schedule name schedule-name}

no scheduler {aaa-authentication [username username] password [0 | 7] password | job name job-name | logfile size filesize | schedule name schedule-name}

Syntax Description

aaa-authentication

Specifies AAA credentials for AAA authentication of a remote user.

username

(Optional) Specifies the remote user and specifies the username. If the username keyword is not specified in the command, the currently logged-in user's name will be used.

username

(Optional) Specifies the remote user username.

password

Specifies the password of the logged-in remote user for AAA authentication.

0

(Optional) Specifies that the password is in clear text.

7

(Optional) Specifies that the password is encrypted.

password

Specifies the remote user’s password. If the encryption level was not specified (0 or 7), the supplied password will be encrypted.

job name

Specifies a scheduler job.

job-name

Specifies the name of the scheduler job. The maximum length is 31 characters.

logfile size

Specifies a log file configuration.

filesize

Specifies the size of the log file. The range is 16 to 1024 KB.

schedule name

Specifies a scheduler schedule.

schedule-name

Specifies the name of the schedule. The maximum length is 31 characters.

Command Default

None.

Command Modes


Configuration mode

Command History

Release

Modification

NX-OS 4.1(3)

Deleted a note from the Usage Guidelines.

NX-OS 4.1(1b)

Added a note to the Usage Guidelines.

2.0(x)

This command was introduced.

Usage Guidelines

Scheduler job configurations may not be edited. They need to be deleted and reconfigured to make changes. Jobs may comprise of multiple commands which can be entered in a single line by using ";" as the delimiter between commands.

A user's credentials are checked by the scheduler before allowing them to create, delete or run a scheduled jobs. Use the scheduler aaa-authetication command to configure a remote user's (a user without local credentials) credentials. The scheduler uses these credentials to verify that the user account is still active on the AAA server each time before it starts the job.

To use the command scheduler. You do not need to obtain any license.

Examples

The following example shows how to enable the scheduler command:


switch# config t

switch(config)# feature scheduler

switch(config)#


The following example shows how to specify the password for the currently logged-in remote user:


switch# config t
switch(config)# scheduler aaa-authentication password newpwd
switch(config)#

The following example shows how to specify a clear text password for the currently logged-in remote user:


switch# config t
switch(config)# scheduler aaa-authentication password 0 X12y34Z56a 
switch(config)#

The following example shows how to specify a name and password for a remote user:


switch# config t
switch(config)# scheduler aaa-authentication username newuser password newpwd3
switch(config)#

The following example shows how to specify scheduler logfile size:

switch(config)# scheduler logfile size 512 switch(config)#

The following example shows how to define a name for the schedule and enters the submode for that schedule:


switch(config)# scheduler schedule name my_timetable
switch(config-schedule)# 

The following example shows how to specify a schedule to run jobs:


switch(config-schedule)# time daily 1:23
switch(config-schedule)# 

The following example shows how to define a job that uses variables:


switch(config)# scheduler job name my_job  
switch(config-job)# cli var name timestamp $(TIMESTAMP);copy running-config 
bootflash:/$(SWITCHNAME)-cfg.$(timestamp);copy bootflash:/$(SWITCHNAME)-cfg.$(timestamp) 
tftp://1.2.3.4/
switch(config-job)# exit
switch(config)#

scsi-flow distribute

To enable SCSI flow distribution through CFS, use the scsi-flow distribute command. To disable the SCSI flow distribution, use the no form of the command.

scsi-flow distribute

no scsi-flow distribute

Syntax Description

This command has no arguments or keywords.

Command Default

SCSI flow distribution is enabled.

Command Modes


Configuration mode

Command History

Release

Modification

2.0(2)

This command was introduced.

Usage Guidelines

You must enable the SCSI flow feature on the Storage Services Module (SSM) before you can configure an SCSI flow. Use the ssm enable feature module slot-number command to enable the SCSI flow feature on the SSM.

Examples

The following example enables distribution of SCSI flow services using CFS:


switch# config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# scsi-flow distribute

The following example disables distribution of SCSI flow services:


switch(config)# no scsi-flow distribute

scsi-flow flow-id

To configure SCSI flow services, use the scsi-flow flow-id command. To disable the SCSI flow services, use the no form of the command.

scsi-flow flow-id flow-id {initiator-vsan vsan-id initiator-pwwn wwn target-vsan vsan-id target-pwwn wwn | statistics | write-acceleration [buffers count]}

no scsi-flow flow-id flow-id {statistics | write-acceleration}

Syntax Description

flow-id

Configures the SCSI flow identification number. The range is 1 to 65535.

initiator-vsan vsan-id

Specifies the initiator VSAN identification number. The range is 1 to 4093.

initiator-pwwn wwn

Configures initiator side pWWN.

target-vsan vsan-id

Configures target VSAN identification number of the SCSI flow.

target-pwwn wwn

Configures the target side pWWN.

statistics

Enables statistics gathering.

write-acceleration

Enables write acceleration.

buffers count

(Optional) Configures the write acceleration buffer count. The range is 1 to 40000 and the default is 1024.

Command Default

SCSI flow services are disabled.

Command Modes


Configuration mode

Command History

Release

Modification

2.0(2)

This command was introduced.

Usage Guidelines

You must enable the SCSI flow feature on the Storage Services Module (SSM) before you can configure a SCSI flow. Use the ssm enable feature module slot-number command to enable the SCSI flow feature on the SSM.

Examples

The following example configures an SCSI flow with a flow identifier of 4 and the following attributes:

  • Initiator VSAN number—101
  • Initiator port WWN—21:00:00:e0:8b:05:76:28
  • Target VSAN number—101
  • Target port—WWN 21:00:00:20:37:38:67:cf

switch# config terminal
switch(config)# scsi-flow flow-id 4 initiator-vsan 101 initiator-pwwn 21:00:00:e0:8b:05:76:28 target-vsan 101 target-pwwn 21:00:00:20:37:38:67:cf

The following example disables a SCSI flow with a flow identifier of 4:


switch(config)# no scsi-flow flow-id 4

The following example configures SCSI flow 4 to gather statistics about the SCSI flow:


switch(conf)# scsi-flow flow-id 4 statistics

The following example disables the statistics gathering feature on SCSI flow 4:


switch(conf)# no scsi-flow flow-id 4 statistics

The following example configures SCSI flow 4 with write acceleration:


switch(conf)# scsi-flow flow-id 4 write-acceleration

The following example configures SCSI flow 4 with write acceleration and buffers of 1024 credits:


switch(conf)# scsi-flow flow-id 4 write-acceleration buffer 1024

The following example disables the write acceleration feature on SCSI flow 4:


switch(conf)# no
 scsi-flow flow-id 4 write-acceleration

scsi-target

To configure SCSI target discovery, use the scsi-target command in configuration mode. To remove SCSI target discovery, use the no form of the command.

scsi-target {auto-poll [vsan vsan-id] | discovery | ns-poll [vsan vsan-id] | on-demand [vsan vsan-id]}

no scsi-target {auto-poll [vsan vsan-id] | discovery | ns-poll [vsan vsan-id] | on-demand [vsan vsan-id]}

Syntax Description

auto-poll

Configures SCSI target auto polling globally or per VSAN.

vsan vsan-id

(Optional) Specifies a VSAN ID. The range is 1 to 4093.

discovery

Configures SCSI target discovery.

ns-poll

Configures SCSI target name server polling globally or per VSAN.

on-demand

Configures SCSI targets on demand globally or per VSAN.

Command Default

SCSI target discovery for each option is on.

Command Modes


Configuration mode

Command History

Release

Modification

3.0(1a)

This command was introduced.

Usage Guidelines

Automatic global SCSI target discovery is on by default. Discovery can also be triggered for specific VSANs using on-demand, name server polling, or auto-polling options. All options are on by default. Use the no scsi-target discovery command to turn off all discovery options. You can also turn off specific options by using the no form of the command.

Examples

The following example configures SCSI target auto-polling discovery for VSAN 1:


switch# config t
switch(config)# scsi-target auto-poll vsan 1

The following example removes SCSI target auto-polling discovery for VSAN 1:


switch# config t
switch(config)# no scsi-target auto-poll vsan 1

The following example configures an SCSI target discovery:


switch# config t
switch(config)# scsi-target discovery

The following example removes a SCSI target discovery:


switch# config t
switch(config)# no scsi-target discovery

The following example configures SCSI target ns-polling discovery for VSAN 1:


switch# config t
switch(config)# scsi-target ns-poll vsan 1

The following example removes SCSI target ns-polling discovery for VSAN 1:


switch# config t
switch(config)# no scsi-target ns-poll vsan 1

The following example configures SCSI target on-demand discovery for VSAN 1:


switch# config t
switch(config)# scsi-target on-demand vsan 1

The following example removes SCSI target on-demand discovery for VSAN 1:


switch# config t
switch(config)# no scsi-target on-demand vsan 1

sdv abort vsan

To terminate an SDV configuration for a specified VSAN, use the sdv abort vsan command in configuration mode.

sdv abort vsan vsan-id

Syntax Description

vsan-id

Specifies the number of the VSAN. The range is 1 to 4093.

Command Default

Disabled.

Command Modes


Configuration mode

Command History

Release

Modification

4.x

This command was deprecated.

3.1(2)

This command was introduced.

Usage Guidelines

To use this command, you must enable SDV using the sdv enable command.

Examples

The following example shows how to terminate an SDV configuration for a specified VSAN:


switch# config t
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# sdv abort vsan 2

sdv commit vsan

To commit an SDV configuration to a specified VSAN, use the sdv commit vsan command in configuration mode. To remove the SDV configuration for a specified VSAN, use the no form of the command.

sdv commit vsan vsan-id

no sdv commit vsan vsan-id

Syntax Description

vsan-id

Specifies the number of the VSAN. The range is 1 to 4093.

Command Default

Disabled.

Command Modes


Configuration mode

Command History

Release

Modification

4.x

This command was deprecated.

3.1(2)

This command was introduced.

Usage Guidelines

To use this command, you must enable SDV using the sdv enable command.

Examples

The following example shows how to commit an SDV configuration to a specified VSAN:


switch# config t
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# sdv commit vsan 2

The following example shows how to uncommit an SDV configuration from a specified VSAN:


switch# config t
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# no sdv commit vsan 2

sdv enable

To enable SDV on the switch, use the sdv enable command in configuration mode. To disable SDV, use the no form of the command.

sdv enable

no sdv enable

Syntax Description

This command has no arguments or keywords.

Command Default

Disabled.

Command Modes


Configuration mode

Command History

Release

Modification

4.x

This command was deprecated.

3.1(2)

This command was introduced.

Usage Guidelines

None.

Examples

The following example shows how to enable SDV:


switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# sdv enable

The following example shows how to disable SDV:


switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# no sdv enable

sdv virtual-device name

To create a virtual device name for a specified VSAN, use the sdv virtual-device name command in configuration mode. To remove the name, use the no form of the command.

sdv virtual-device name device-name vsan vsan-id

no sdv virtual-device name device-name vsan vsan-id

Syntax Description

device-name

Specifies the name of the device. The maximum size is 32.

vsan vsan-id

Specifies the number of the VSAN. The range is 1 to 4093.

Command Default

Disabled.

Command Modes


Configuration mode

Command History

Release

Modification

4.x

This command was deprecated.

3.1(2)

This command was introduced.

Usage Guidelines

To use this command, you must enable SDV using the sdv enable command.

No more than 1000 virtual targets can be created in a single VSAN.

No more than 128 devices can be defined as virtual devices.

Examples

The following example shows how to create a virtual device name for a VSAN, and then specify both the primary and secondary pWWNs:


switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# sdv virtual-device name vdev1 vsan 2
switch(config-sdv-virt-dev)# pwwn 21:00:00:04:cf:cf:45:40 primary
switch(config-sdv-virt-dev)# pwwn 21:00:00:04:cf:cf:38:d6

The following example shows how to remove the virtual device name:


switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# no sdv virtual-device name vdev1 vsan 2

secure-erase abort job

To terminate a Secure Erase job, use the secure-erase abort job command in configuration mode.

secure-erase module-id abort job job-id

Syntax Description

module-id

Specifies the desired module number of the SSM on which Secure Erase is provisioned.

job-id

Specifies the job ID of the target.

Command Default

None.

Command Modes


Configuration mode

Command History

Release

Modification

6.2(1)

This command was deprecated.

3.3(1a)

This command was introduced.

Usage Guidelines

This command does not wait for the completion of current patterns. A terminated job cannot be restarted.

A job can be terminated only when it has one or more sessions in the running state.

Examples

The following example shows how to abort a Secure Erase job:


switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 abort job 1

secure-erase create algorithm

To configure a Secure Erase algorithm on a specific slot of the intelligent linecard where Secure Erase is provisioned, use the secure-erase module create algorithm command in configuration mode.

secure-erase module module-id create algorithm algorithm-id

Syntax Description

module-id

Specifies the desired slot number of the intelligent linecard on which Secure Erase is provisioned.

algorithm-id

Specifies the algorithm ID. The range is 0 to 9.

Command Default

None.

Command Modes


Configuration mode

Command History

Release

Modification

6.2(1)

This command was deprecated.

3.3(1a)

This command was introduced.

Usage Guidelines

None.

Examples

The following example shows how to create a Secure Erase algorithm:


switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 create algorithm 3

secure-erase create job

To create a Secure Erase job, use the secure-erase create job command in configuration mode.

secure-erase module module-id create job job-id

Syntax Description

module module-id

Specifies the desired module number of the Storage Services Module (SSM) on which Secure Erase is provisioned.

job-id

Specifies a unique number to identify a Secure Erase job. The range is 1 to 9999.

Note 
You will be prompted to choose a different ID if the job ID chosen already exists.

Command Default

None.

Command Modes


Configuration mode

Command History

Release

Modification

6.2(1)

This command was deprecated.

3.3(1a)

This command was introduced.

Usage Guidelines

A Secure Erase job contains the following information:

  • The target enclosure where Secure Erase needs to be performed. Multiple target ports spanning multiple VSANs can be a part of one target enclosure.
  • Multiple target ports, VIs, and Secure Erase sessions can be added. These target ports and VIs can be a part of different VSANs.

Examples

The following example shows how to create a Secure Erase job:


switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 create job 1

secure-erase create-vi vsan

To create a VI for a specific VSAN, use the secure-erase create-vi vsan command in configuration mode.

secure-erase module module-id create-vi vsan vsan-id

Syntax Description

module module-id

Specifies the desired slot number of the SSM on which Secure Erase is provisioned.

vsan-id

Specifies the VSAN ID of the target port being added.

Command Default

None.

Command Modes


Configuration mode

Command History

Release

Modification

6.2(1)

This command was deprecated.

3.3(1a)

This command was introduced.

Usage Guidelines

You do not need to provide the job ID because VIs can be used commonly across jobs.

Examples

The following example shows how to create VIs for a VSAN:


switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 create-vi vsan 1

secure-erase destroy algorithm

To destroy a Secure Erase algorithm, use the secure-erase destroy algorithm command in configuration mode.

secure-erase module module-id destroy algorithm algorithm-id

Syntax Description

module module-id

Displays the slot number of the SSM on which Secure Erase is provisioned.

algorithm-id

Displays the algorithm ID. The range is 0 to 9.

Command Default

None.

Command Modes


Configuration mode

Command History

Release

Modification

6.2(1)

This command was deprecated.

3.3(1a)

This command was introduced.

Usage Guidelines

None.

Examples

The following example shows how to destroy an algorithm:


switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 destroy algorithm 1

secure-erase destroy job

To destroy a Secure Erase job, use the secure-erase destroy job command in configuration mode.

secure-erase module-id destroy job job-id

Syntax Description

module-id

Specifies the desired module number of the SSM on which Secure Erase is provisioned.

job-id

Specifies the job ID of the target.

Command Default

None.

Command Modes


Configuration mode

Command History

Release

Modification

6.2(1)

This command was deprecated.

3.3(1a)

This command was introduced.

Usage Guidelines

This command destroys a Secure Erase job. A job can be destroyed only when there are no active sessions running.

Examples

The following example shows how to validate a Secure Erase job:


switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 destroy job 1

secure-erase destroy-vi vsan

To destroy a VI for a specific VSAN, use the secure-erase destroy-vi vsan command in configuration mode.

secure-erase module module-id destroy-vi vsan vsan-id

Syntax Description

module module-id

Displays the slot number of the SSM on which Secure Erase is provisioned.

vsan-id

Displays the VSAN-ID of the target.

Command Default

None.

Command Modes


Configuration mode

Command History

Release

Modification

6.2(1)

This command was deprecated.

3.3(1a)

This command was introduced.

Usage Guidelines

None.

Examples

The following example shows how to destroy a VSAN:


switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 destroy-vi vsan 1

secure-erase start job

To restart all sessions in a job, use the secure-erase start job command in configuration mode.

secure-erase module module-id start job job-id

Syntax Description

module module-id

Specifies the desired module number of the SSM on which Secure Erase is provisioned.

job-id

Starts a specific job ID of the target.

Command Default

None.

Command Modes


Configuration mode

Command History

Release

Modification

6.2(1)

This command was deprecated.

3.3(1a)

This command was introduced.

Usage Guidelines

This command starts all sessions in a job. If the active sessions have reached the maximum limit, the remaining sessions are queued. The queued sessions start when one or more sessions are complete or terminated.

A job can be started only when it has one or more sessions in the stopped state or ready state.

Examples

The following example shows how to start a session in a Secure Erase job:


switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 start job 1

secure-erase stop job

To stop all sessions in a job, use the secure-erase stop job command in configuration mode.

secure-erase module-id stop job job-id

Syntax Description

module-id

Specifies the desired module number of the SSM on which Secure Erase is provisioned.

job-id

Stops the specific job ID of the target.

Command Default

None.

Command Modes


Configuration mode

Command History

Release

Modification

6.2(1)

This command was deprecated.

3.3(1a)

This command was introduced.

Usage Guidelines

This command waits for the completion of the current pattern and pauses the pattern sequence. A stopped job can be restarted.

A job can be stopped only when it has one or more sessions in the running state.

Examples

The following example shows how to stop a session in a Secure Erase job:


switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 stop job 1

secure-erase validate job

To validate a Secure Erase job, use the secure-erase validate job command in configuration mode.

secure-erase module-id validate job job-id

Syntax Description

module-id

Specifies the desired module number of the SSM on which Secure Erase is provisioned.

job-id

Specifies the job ID of the target.

Command Default

None.

Command Modes


Configuration mode

Command History

Release

Modification

6.2(1)

This command was deprecated.

3.3(1a)

This command was introduced.

Usage Guidelines

None

Examples

The following example shows how to validate a Secure Erase job:


switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# secure-erase module 2 validate job 1

security-mode

To configure the Cisco SME security settings, use the security-mode command. To delete the security settings, use the no form of the command.

security-mode {basic | standard | advanced schema threshold threshold total total}

no security-mode {basic | standard | advanced schema threshold threshold total total}

Syntax Description

basic

Sets the Cisco SME security level to basic.

standard

Sets the Cisco SME security level to standard.

advanced

Sets the Cisco SME security level to advanced.

schema

Configures the recovery schema.

threshold threshold

Configures the recovery schema threshold. The limit is 2-3.

total total

Configures the recovery schema total. The limit is 5-5.

Command Default

None.

Command Modes


Cisco SME cluster configuration submode

Command History

Release

Modification

3.2(2)

This command was introduced.

Usage Guidelines

None.

Examples

The following example sets the security mode to basic:


switch# config t
switch(config)# sme cluster c1
switch(config-sme-cl)# security-mode basic

The following example sets the security mode to advanced:


switch# config t
switch(config)# sme cluster c1
switch(config-sme-cl)# security-mode advanced schema threshold 3 total 5

send

To send a message to all active CLI users currently using the switch, use the send command in EXEC mode.

send message-text

Syntax Description

message-text

Specifies the text of your message.

Command Default

None.

Command Modes


EXEC mode

Command History

Release

Modification

1.0(2)

This command was introduced.

Usage Guidelines

This message is restricted to 80 alphanumeric characters with spaces.

Examples

The following example sends a warning message to all active users about the switch being shut down:


switch# send Shutting down the system in 2 minutes. Please log off.
Broadcast Message from admin@excal-112
        (/dev/pts/3) at 16:50 ... 
Shutting down the system in 2 minutes. Please log off.

sensor-group

To create a sensor group and enter sensor group configuration mode, use the sensor-group command. To remove the sensor group, use the no form of this command.

sensor-group id

no sensor-group id

Syntax Description

id

Sensor group ID. Range is from 1 to 4095.

Command Default

No sensor group exists.

Command Modes


Telemetry configuration mode (config-telemetry)

Command History

Release

Modification

8.3(1)

This command was introduced.

Usage Guidelines

Currently, only numeric sensor group ID values are supported. The sensor group defines nodes that are monitored for telemetry reporting.

Examples

This example shows how to add a sensor group:


switch# configure
switch(config)# telemetry 
switch(config-telemetry)# sensor-group 100

This example shows how to remove a sensor group:


switch# configure
switch(config)# telemetry 
switch(config-telemetry)# no sensor-group 100

server

To add a server to the server group, use the server command. To disable this feature, use the no form of the command.

server ip address or DNS name

no serverip address or DNS name

Syntax Description

ipaddress or DNS name

Specifies LDAP server name.

Command Default

None.

Command Modes


Configuration submode

Command History

Release

Modification

NX-OS 5.0(1a)

This command was introduced.

Usage Guidelines

This CLI is allowed to be configured multiple times for different servers. These servers will be tried sequentially in case of failure with one server. Also the same server can belong to multiple groups.

Examples

The following example shows how to configure LDAP server name:


switch(config)# aaa group server ldap a
switch(config-ldap)# server local
Error: specified LDAP server not found, first configure it using ldap-server hos
t... and then retry
switch(config-ldap)#

server (configure session submode)

To configure a data migration session, use the server command in session configuration submode. To remove the data migration session, use then no form of the command.

server pwwn src_tgt pwwn src_lun src-lun dst_tgt pwwn dst_lun dst-lun

no server pwwn src_tgt pwwn src_lun src-lun dst_tgt pwwn dst_lun dst-lun

Syntax Description

pwwn

Specifies the pWWN of the server. The format is hh:hh:hh:hh:hh:hh:hh:hh, where h is a hexadecimal number.

src_tgt pwwn

Specifies the pWWN of the source target. The format is hh:hh:hh:hh:hh:hh:hh:hh , where h is a hexadecimal number.

src_lun src-lun

Specifies the source LUN number in hex notation. The range is 0x0 to 0xfff.

dst_tgt pwwn

Specifies the pWWNof the destination target. The format is hh:hh:hh:hh:hh:hh:hh:hh , where h is a hexadecimal number.

dst_lun dst-lun

Specifies the destination LUN in hex notation. The range is 0x0 to 0xfff.

Command Default

None.

Command Modes


Configure session submode

Command History

Release

Modification

3.2(1)

This command was introduced.

Usage Guidelines

None.

Examples

The following example shows how to configure a source target, source LUN, destination target, and destination LUN in a session:


switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# dmm module 3 job 1 session
switch(config-session)# server 12:13:1d:1c:2d:2d:3f:3a src_tgt 12:13:1d:1c:2d:2d:3f:3a src_lun 0x1 dst_tgt 12:13:1d:1c:2d:2d:3f:3a dst_lun 0x5

server (DMM job configuration submode)

To add a server HBA port to the DMM job, use the server command in DMM job configuration submode. To remove the server HBA port, use the no form of the command.

server vsan vsan-id pwwn port-wwn

no server vsan vsan-id pwwn port-wwn

Syntax Description

vsan vsan-id

Specifies the VSAN ID. The range is 1 to 4093.

pwwn port-wwn

Specifies the port worldwide name of the server HBA port. The format is hh:hh:hh:hh:hh:hh:hh:hh , where h is a hexadecimal number.

Command Default

None.

Command Modes


DMM job configuration submode

Command History

Release

Modification

3.2(1)

This command was introduced.

Usage Guidelines

None.

Examples

The following example shows how to add server information to a DMM job:


switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# dmm module 3 job 1 create
Started New DMM Job Configuration.
Do not exit sub-mode until configuration is complete and committed
switch(config-dmm-job)# server vsan 3 pwwn 1d:22:3a:21:3c:44:3b:51
switch(config-dmm-job)#

server (iSNS profile configuration mode)

To add a server in an Internet Storage Name Service (iSNS) profile, use the server command in iSNS profile configuration submode. To delete a server from an iSNS profile, use the no form of the command.

server server-id

no server server-id

Syntax Description

server-id

Specifies the server address. The format is A.B.C.D .

Command Default

None.

Command Modes


iSNS profile configuration submode

Command History

Release

Modification

1.3(1)

This command was introduced.

Usage Guidelines

An iSNS profile can have only one server address. To change the server address, you must delete the current server and add the new one.

Examples

The following example shows how to add a server address to an iSNS profile:


switch# config terminal
switch(config)# isns profile name UserProfile
switch(config-isns-profile)# server 10.1.1.1

The following example shows how to delete a server address from an iSNS profile:


switch# config terminal
switch(config)# isns profile name AdminProfile
switch(config-isns-profile)# no server 10.2.2.2

server (radius configuration)

To configure a RADIUS server, use the server command in RADIUS configuration submode. To discard the configuration, use the no form of the command.

server [ipv4-address | ipv6-address | dns name]

no server [ipv4-address | ipv6-address | dns name]

Syntax Description

ipv4-address

(Optional) Specifies the RADIUS server IP address in the format A.B.C.D .

ipv6-address

(Optional) Specifies the RADIUS server IP address in the format X:X::X .

name

(Optional) Specifies the RADIUS DNS server name. The maximum size is 255.

Command Default

None.

Command Modes


RADIUS configuration submode

Command History

Release

Modification

1.3(1)

This command was introduced.

3.0(1)

Added the ipv6-address argument.

Usage Guidelines

None.

Examples

The following example shows the server command in RADIUS configuration submode:


switch# config terminal
switch(config)# aaa group server radius testgroup
switch(config-radius)# server myserver

server (tacacs+ configuration)

To configure a TACACS+ server, use the server command in TACACS+ configuration submode. To discard the configuration, use the no form of the command.

server [ipv4-address | ipv6-address | dns-name]

no server [ipv4-address | ipv6-address | dns-name]

Syntax Description

ipv4-address

(Optional) Specifies the TACACS+ server IP address in the format A.B.C.D .

ipv6-address

(Optional) Specifies the TACACS+ server IP address in the format X:X::X .

dns-name

(Optional) Specifies the TACACS+ DNS server name. The maximum size is 255.

Command Default

None.

Command Modes


TACACS+ configuration submode

Command History

Release

Modification

1.3(1)

This command was introduced.

3.0(1)

Added the ipv6-address argument.

Usage Guidelines

None.

Examples

The following example shows the server command in RADIUS configuration submode:


switch# config terminal
switch(config)# aaa group server tacacs+ testgroup
switch(config-
tacacs+
)# server myserver

set (IPsec crypto map configuration submode)

To configure attributes for IPsec crypto map entries, use the set command in IPsec crytpo map configuration submode. To revert to the default values, use the no form of the command.

set {peer {ip-address | auto-peer} | pfs [group1 | group14 | group2 | group5] | security-association lifetime {gigabytes number | kilobytes number | megabytes number | seconds number} | transform-set {set-name | set-name-list}}

no set {peer {ip-address | auto-peer} | pfs | security-association lifetime {gigabytes | kilobytes | megabytes | seconds} | transform-set}

Syntax Description

peer

Specifies an allowed encryption/decryption peer.

ip-address

Specifies a static IP address for the destination peer.

auto-peer

Specifies automatic assignment of the address for the destination peer.

pfs

Specifies the perfect forwarding secrecy.

group1

(Optional) Specifies PFS DH Group1 (768-bit MODP).

group14

(Optional) Specifies PFS DH Group14 (2048-bit MODP).

group2

(Optional) Specifies PFS DH Group2 (1024-bit MODP).

group5

(Optional) Specifies PFS DH Group5 (1536-bit MODP).

security-association lifetime

Specifies the security association lifetime in traffic volume or time in seconds.

gigabytes number

Specifies a volume-based key duration in gigabytes. The range is 1 to 4095.

kilobytes number

Specifies a volume-based key duration in kilobytes. The range is 2560 to 2147483647.

megabytes number

Specifies a volume-based key duration in megabytes. The range is 3 to 4193280.

seconds number

Specifies a time-based key duration in seconds. The range is 600 to 86400.

transform-set

Configures the transform set name or set name list.

set-name

Specifies a transform set name. Maximum length is 63 characters.

set-name-list

Specifies a comma-separated transform set name list. Maximum length of each name is 63 characters. You can specified a maximum of six lists.

Command Default

None.

PFS is disabled by default. When it is enabled without a group parameter, the default is group1.

The security association lifetime defaults to global setting configured by the crypto global domain ipsec security-association lifetime command.

Command Modes


IPsec crypto map configuration submode

Command History

Release

Modification

2.0(1b)

This command was introduced.

Usage Guidelines

To use this command, IPsec must be enabled using the crypto ipsec enable command.

Examples

The following example shows how to configure IPsec crypto map attributes:


switch# config terminal
switch(config)# crypto map domain ipsec x 1
switch(config-crypto-map-ip)# set peer auto-peer

set interface preference-strict (fcroute-map configuration submode)

To configure a Fibre Channel or PortChannel interface strictly by preference level, use the set interface preference-strict command. To remove the configuration, use the no form of the command.

set interface preference-strict

no set interface preference-strict

Syntax Description

This command has no arguments or keywords.

Command Default

The set interface preference-strict default setting is disabled.

Command Modes


Fibre Channel route-map configuration submode.

Command History

Release

Modification

3.0(3)

This command was introduced.

Usage Guidelines

None.

Examples

The following example specifies an interface with a strict preference level.


switch# config terminal
switch(config)#
switch(config)# fcroute-map vsan 2 12
switch(config-fcroute-map)# set interface preference-strict

The following example removes the strict preference level from an interface.


switch(config-fcroute-map)# no set interface preference-strict

setup

To enter the switch setup mode, use the setup command in EXEC mode.

setup

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Command Modes


EXEC mode

Command History

Release

Modification

1.0(2)

This command was introduced.

Usage Guidelines

The setup utility guides you through the basic configuration process. Type Ctrl-c at any prompt to skip the remaining configuration options and proceed with what is configured to that point.

If you do not want to answer a previously configured question, or if you want to skip answers to any questions, press Enter . If a default answer is not available (for example switch name), the switch uses what is already configured, and skips to the next question.

Examples

The following example shows how to enter switch setup mode:


switch# setup
---- Basic System Configuration Dialog ----
This setup utility will guide you through the basic configuration of
the system. Setup configures only enough connectivity for management
of the system.
*Note: setup always assumes a predefined defaults irrespective
of the current system configuration when invoked from CLI.
Press Enter incase you want to skip any dialog. Use ctrl-c at anytime
to skip away remaining dialogs.
Would you like to enter the basic configuration dialog (yes/no): yes

setup ficon

To enter the automated FICON setup mode, use the setup ficon command in EXEC mode.

setup ficon

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Command Modes


EXEC mode

Command History

Release

Modification

1.3(1)

This command was introduced.

Usage Guidelines

The setup utility guides you through the basic configuration process. Type Ctrl-c at any prompt to skip the remaining configuration options and proceed with what is configured to that point.

If you do not want to answer a previously configured question, or if you want to skip the answers to any questions, press Enter . If a default answer is not available (for example switch name), the switch uses what is already configured, and skips to the next question.

Examples

The following example shows how to enter switch setup mode:


switch# setup ficon 
---- Basic System Configuration Dialog ----
--- Ficon Configuration Dialog ---
This setup utility will guide you through basic Ficon Configuration
on the system.
Press Enter if you want to skip any dialog. Use ctrl-c at anytime
to skip all remaining dialogs.
Would you like to enter the basic configuration dialog (yes/no): yes

setup sme

To run the basic SME setup facility, use the setup sme command.

setup sme

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Command Modes


EXEC mode

Command History

Release

Modification

3.3(1a)

This command was introduced.

Usage Guidelines

Use the setup sme command to create the sme-admin and sme-recovery roles for Cisco SME.

Examples

The following example creates the sme-admin and sme-recovery roles:


switch# setup sme
Set up two roles necessary for SME, sme-admin and sme-recovery? (yes/no) [no] y
SME setup done

shared-keymode

To configure the shared key mode, use the shared-keymode command. To specify the unique key mode, use the no form of the command.

shared-keymode

no shared-keymode

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Command Modes


Cisco SME cluster configuration submode

Command History

Release

Modification

3.2(2)

This command was introduced.

Usage Guidelines

The shared-keymode command generates a single key that is used for a group of backup tapes.

The no shared-keymode generates unique or specific keys for each tape cartridge.


Note

The shared unique key mode should be specified if you want to enable the key-ontape feature.

Examples

The following example specifies the shared key mode:


switch# config t
switch(config)# sme cluster c1
switch(config-sme-cl)# shared-keymode

The following example specifies the shared unique keymode:


switch# config t
switch(config)# sme cluster c1
switch(config-sme-cl)# no shared-keymode

shutdown

To disable an interface, use the shutdown command. To enable an interface, use the no form of the command.

shutdown [force]

no shutdown [force]

Syntax Description

force

(Optional) Forces the shutdown of the mgmt 0 interface without a prompt message.

Command Default

All interfaces are shutdown by default except the mgmt0 interface.

Command Modes


Interface configuration submode

Command History

Release

Modification

1.0(1)

This command was introduced.

Usage Guidelines

When you try to shut down a management interface (mgmt0), a followup prompt message confirms your action before performing the operation. Use the force option to bypass this confirmation, if required.

Examples

The following example shows how to enable an interface:


switch# config terminal
switch(config)# interface fc 1/2
switch(config-if)# no shutdown

The following example shows how to disable an interface:


switch# config terminal
switch(config)# interface mgmt 0
switch(config-if)# shutdown
Shutting down this interface will drop all telnet sessions.
Do you wish to continue (y/n)? y

The following example shows how to forcefully disable the mgmt 0 interface:


switch# config terminal
switch(config)# interface mgmt 0
switch(config-if)# shutdown force

shutdown (Cisco SME and IOA cluster configuration submode)

To disable a cluster for recovery, use the shutdown command. To enable the cluster for recovery, use the no form of the command.

shutdown

no shutdown

Syntax Description

This command has no arguments or keywords.

Command Default

SME and IOA clusters are shutdown.

Command Modes


Cisco SME and IOA cluster configuration submode

Command History

Release

Modification

3.2(2)

This command was introduced.

Usage Guidelines

To disable operation of a cluster for the purpose of recovery, use the shutdown command. To enable the cluster for normal usage, use the no shutdown command.

The default state for clusters is no shutdown. Use the shutdown command for cluster recovery.

Examples

The following example restarts the cluster after recovery is complete:


switch# config t
switch(config)# sme cluster c1
switch(config-sme-cl)# no shutdown

The following example disables the SME cluster operation in order to start recovery:


switch# config t
switch(config))# sme cluster c1
switch(config-sme-cl)# shutdown

The following example disables the IOA cluster operation:


switch# config t
switch(config))# ioa cluster c1
switch(config-ioa-cl)# shutdown

site-id

To configure the site ID with the Call Home function, use the site-id command in Call Home configuration submode. To disable this feature, use the no form of the command.

site-id site-number

no site-id site-number

Syntax Description

site-number

Identifies the unit to the outsourced throughput. Allows up to 256 alphanumeric characters in free format.

Command Default

None.

Command Modes


Call Home configuration submode

Command History

Release

Modification

1.0(2)

This command was introduced.

Usage Guidelines

None.

Examples

The following example shows how to configure the site ID in the Call Home configuration:


switch# config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# callhome
switch(config-callhome)# site-id Site1ManhattanNY

sleep

To delay an action by a specified number of seconds, use the sleep command.

sleep seconds

Syntax Description

seconds

Specifies the delay in number of seconds. The range is 0 to 2147483647.

Command Default

None.

Command Modes


EXEC mode

Command History

Release

Modification

1.0(2)

This command was introduced.

Usage Guidelines

This command is useful within scripts.

Examples

The following example shows how to create a script called test-script:


switch# show file slot0:test-script
discover scsi-target remote
sleep 10
show scsi-target disk
switch# run-script slot0:test-script

When you execute the slot0:test-script, the switch executes the discover scsi-target remote command, and then waits for 10 seconds before executing the show scsi-target disk command.

The following example shows how to delay the switch prompt return:


switch# sleep 30

You will see the switch prompt return after 30 seconds.

sme

To enable or disable the Cisco SME services, use the sme command.

sme { cluster name | transport ssl trustpoint trustpoint label }

Syntax Description

cluster

Configures the cluster.

name

Identifies the cluster name.

transport

Configures the transport information.

ssl

Configures the transport SSL information.

trustpoint

Configures the transport SSL trustpoint.

trustpoint label

Identifies the trustpoint label.

Command Default

Disabled.

Command Modes


Configuration mode

Command History

Release

Modification

3.2(2c)

This command was introduced.

Usage Guidelines

Cisco SME services must be enabled to take advantage of the encryption and security features.

To use this command, you must enable Cisco SME clustering using the feature cluster command.

Examples

The following example shows how to configure a cluster:


switch# config t
sw-sme-n1(config)# sme cluster clustername
sw-sme-n1(config-sme-cl)#

snmp port

Use the snmp port command to enable SNMP control of FICON configurations. To disable the configuration or to revert to factory defaults, use the no form of the command.

snmp port control

no snmp port control

Syntax Description

This command has no arguments or keywords.

Command Default

SNMP control of FICON configurations is enabled.

Command Modes


FICON configuration submode

Command History

Release

Modification

1.3(1)

This command was introduced.

Usage Guidelines

By default, SNMP users can configure FICON parameters through the Fabric Manager application. You can prohibit this access, if required, by using the no snmp port control command.

Examples

The following example prohibits SNMP users from configuring FICON parameters:


switch(config)# ficon vsan 2
switch(config-ficon)# no
 snmp port control

The following example allows SNMP users to configure FICON parameters (default):


switch(config-ficon)# snmp port control

snmp-server

To configure the SNMP server information, switch location, and switch name, use thesnmp-server command in configuration mode. To remove the system contact information, use the no form of the command.

snmp-server {community string [group group-name | ro | rw] | contact [name] | location [location] }

no snmp-server {community string [group group-name | ro | rw] | contact [name] | location [location] }

Syntax Description

community string

Specifies SNMP community string. Maximum length is 32 characters.

group group-name

(Optional) Specifies group name to which the community belongs. Maximum length is 32 characters.

ro

(Optional) Sets read-only access with this community string.

rw

(Optional) Sets read-write access with this community string.

contact

Configures system contact.

name

(Optional) Specifies the name of the contact. Maximum length is 80 characters.

location

Configures system location.

location

(Optional) Specifies system location. Maximum length is 80 characters.

Command Default

The default community access is read-only (ro ).

Command Modes


Configuration mode

Command History

Release

Modification

1.0(3)

This command was introduced.

2.0(1b)

Added group option.

Usage Guidelines

None.

Examples

The following example sets the contact information, switch location, and switch name:


switch# config terminal
switch(config)# snmp-server contact NewUser 
switch(config)# no snmp-server contact NewUser 
switch(config)# snmp-server location SanJose
switch(config)# no snmp-server location SanJose

snmp-server aaa-user cache-timeout

To configure the Simple Network Management Protocol (SNMP) time-out value for synchronized AAA users, use the snmp-server aaa-user cache-timeout command in configuration mode. To revert to the default settings, use the no form of the command.

snmp-server aaa-user cache-timeout seconds

no snmp-server aaa-user cache-timeout seconds

Syntax Description

seconds

Timeout value, in seconds. The range is from 1 to 86400. The default is 60000.

Command Default

60000 seconds

Command Modes

Global configuration mode

Command History

Release

Modification

4.2(1)

This command was introduced.

Usage Guidelines

This command does not require a license.

Examples

The following example shows how to configure the AAA user synchronization timeout value:


switch# config terminal
switch(config)# snmp-server aaa-user cache-timeout 6000

snmp-server aaa exclusive-behavior enable

To enable AAA exclusive behavior on the SNMP server, use the snmp-server aa exclusive-behavior enable command in configuration mode. To disable the exclusive behavior command, use the no form of the command.

snmp-server aaa exclusive-behavior enable

no snmp-server aaa exclusive-behavior enable

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Command Modes


Configuration mode

Command History

Release

Modification

6.2(1)

This command was introduced.

Usage Guidelines

This command when configured will make enable exclusive behavior between local users and aaa users.

  • if testuser is local user and if aaa is on, then the queries for testuser will fail saying no such user.
  • If testuser2 is aaa user and if aaa is off, then the queries for testuser2 will fail saying no such user.
  • If testuser3 is used in both local and aaa user, then if aaa is on then queries with remote credentials succeed and queries with local credential fail saying incorrect password. If aaa is off then queries with local remote credentials succeed and queries with remote credential fail saying incorrect password.

Examples

The following example shows how to enable the aaa exclusive behavior:


switch# config t
switch(config)# snmp-server aaa exclusive-behavior enable
switch(config)#

The following example shows how to disable the aaa exclusive behavior:


switch(config)# no snmp-server aaa exclusive-behavior enable
switch(config)#

snmp-server community

To set the SNMP server community string, use thesnmp-server community command in configuration mode. To remove the SNMP server community string, use the no form of the command.

snmp-server community string [group group-name]

no snmp-server community string [group group-name]

Syntax Description

community string

SNMP community string.

group group-name

(Optional) Group to which the community belongs.

Command Default

None.

Command Modes


Configuration mode

Command History

Release

Modification

4.1(1b)

This command was introduced.

Usage Guidelines

None.

Examples

The following example sets the SNMP server community string:


switch# config t
switch(config)# snmp-server community public group network-operator
switch(config)#
switch(config)# no snmp-server community public group network-operator
switch(config)#

snmp-server contact

To modify server contact, use the snmp-server contact command in configuration mode. To remove the SNMP server contact, use the no form of the command.

snmp-server contact line

no snmp-server contact line

Syntax Description

line

(Optional) Modifies the system contact.

Command Default

None.

Command Modes


Configuration mode

Command History

Release

Modification

4.1(1b)

This command was introduced.

Usage Guidelines

None.

Examples

The following example shows how to modify the server contact:


switch# config t
switch(config)# snmp-server contact line
switch(config)#
switch(config)# no snmp-server contact line
switch(config)#

snmp-server enable traps

To enable SNMP server notifications (informs and traps), use the snmp-server enable traps command. To disable the SNMP server notifications, use the no form of the command.

snmp-server enable traps [entity [fru] | fcc | fcdomain | fcns | fdmi | fspf | license | link [cisco] | ietf [cisco] | ietf-extended [cisco] | port-security | rscn [els | ils] | snmp [authentication] | vrrp | zone [default-zone-behavior-change | merge-failure | merge-success | request-reject]]

no snmp-server enable traps [entity [fru] | fcc | fcdomain | fcns | fdmi | fspf | license | link [cisco] | ietf [cisco] | ietf-extended [cisco] | port-security | rscn [els | ils] | snmp [authentication] | vrrp | zone [default-zone-behavior-change | merge-failure | merge-success | request-reject]]

Syntax Description

entity

(Optional) Enables all SNMP entity notifications.

fru

(Optional) Enables only SNMP entity FRU notifications.

fcc

(Optional) Enables SNMP Fibre Channel congestion control notifications.

fcdomain

(Optional) Enables SNMP Fibre Channel domain notifications.

fcns

(Optional) Enables SNMP Fibre Channel name server notifications.

fdmi

(Optional) Enables SNMP Fabric Device Management Interface notifications.

fspf

(Optional) Enables SNMP Fabric Shortest Path First notifications.

license

(Optional) Enables SNMP license manager notifications.

link

(Optional) Enables SNMP link traps.

cisco

(Optional) Enables Cisco cieLinkUp/cieLinkDown.

ietf

(Optional) Enables standard linkUp/linkDown trap.

ietf-extended

(Optional) Enables standard linkUp/linkDown trap with extra varbinds.

port-security

(Optional) Enables SNMP port security notifications.

rscn

(Optional) Enables all SNMP Registered State Change Notification notifications.

els

(Optional) Enables only SNMP RSCN ELS notifications.

ils

(Optional) Enables only SNMP RSCN ILS notifications.

snmp

(Optional) Enables all SNMP agent notifications.

authentication

(Optional) Enables only SNMP agent authentication notifications.

vrrp

(Optional) Enables SNMP Virtual Router Redundancy Protocol notifications.

zone

(Optional) Enables all SNMP zone notifications.

default-zone-behavior-change

(Optional) Enables only SNMP zone default zone behavior change notifications.

merge-failure

(Optional) Enables only SNMP zone merge failure notifications.

merge-success

(Optional) Enables only SNMP zone merge success notifications.

request-reject

(Optional) Enables only SNMP zone request reject notifications.

Command Default

All the notifications listed in the Syntax Description table are disabled by default except for the following: entity fru , vrrp , license , link , and any notification not listed (including the generic notifications such as coldstart , warmstart , and linkupdown ).

Command Modes


Configuration mode

Command History

Release

Modification

2.0(1b)

This command was introduced.

2.1(2)

  • Added the link option.
  • Renamed the standard option to ietf .
  • Renamed the standard-extended option to ietf-extended .

Usage Guidelines

If the snmp-server enable traps command is entered without keywords, all notifications (informs and traps) are enabled.

As of Cisco MDS SAN-OS Release 2.1(2), you can configure the linkUp/linkDown notifications that you want to enable on the interfaces. You can enable the following types of linkUp/linkDown notifications:

  • Cisco—Only traps (cieLinkUp, cieLinkDown) defined in CISCO-IF-EXTENSION-MIB.my are sent for an interface, if ifLinkUpDownTrapEnable (defined in IF-MIB) is enabled for that interface.
  • IETF—Only traps (linkUp, linkDown) defined in IF-MIB are sent for an interface, if ifLinkUpDownTrapEnable (defined in IF-MIB) is enabled for that interface. Only the varbinds defined in the trap definition are sent with the traps.
  • IETF extended—Only traps (linkUp, linkDown) defined in IF-MIB are sent for an interface, if ifLinkUpDownTrapEnable (defined in IF-MIB) is enabled for that interface. In addition to the varbinds defined in the trap definition, varbinds defined in the IF-MIB specific to the Cisco Systems implementation are sent. This is the default setting.
  • IETF cisco—Traps (linkUp, linkDown) defined in IF-MIB and traps (cieLinkUp, cieLinkDown) defined in CISCO-IF-EXTENSION-MIB.my are sent for an interface, if ifLinkUpDownTrapEnable (defined in IF-MIB) is enabled for that interface. Only the varbinds defined in the trap definition are sent with the linkUp and linkDown traps.
  • IETF extended cisco—Traps (linkUp, linkDown) defined in IF-MIB and traps (cieLinkUp, cieLinkDown) defined in CISCO-IF-EXTENSION-MIB.my are sent for an interface, if ifLinkUpDownTrapEnable (defined in IF-MIB) is enabled for that interface. In addition to the varbinds defined in the linkUp and linkDown trap definition, varbinds defined in the IF-MIB specific to the Cisco Systems implementation are sent with the linkUp and linkDown traps.

Examples

The following example enables all the SNMP notifications listed in the Syntax Description table:


switch# config terminal
switch(config)# snmp-server traps

The following example enables all SNMP entity notifications:


switch# config terminal
switch(config)# snmp-server traps entity

The following example enables (default) only standard extended linkUp/linkDown notifications:


switch# config t
switch(config)# snmp-server enable traps link

The following example enables only Cisco Systems defined cieLinkUp/cieLinkDown notifications:


switch# config terminal
switch(config)# snmp-server enable traps link cisco 

snmp-server enable traps fcdomain

To enable SNMP FC domain traps, use thesnmp-server enable traps fcdomain command in configuration mode. To disable FC domain trap, use the no form of the command.

snmp-server enable traps fcdomain

no snmp-server enable traps fcdomain

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Command Modes


Configuration mode

Command History

Release

Modification trap

4.1(1b)

This command was introduced.

Usage Guidelines

None.

Examples

The following example shows how to enable SNMP FC domain traps:


switch# config t
switch(config)# snmp-server enable traps fcdomain
switch(config)#
switch(config)# no snmp-server enable traps fcdomain
switch(config)#

snmp-server enable traps link cisco

To enable Cisco cieLinkUp and cieLinkDown traps, use thesnmp-server enable traps link cisco command in configuration mode. To disable Cisco link trap, use the no form of the command.

snmp-server enable traps link cisco

no snmp-server enable traps link cisco

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Command Modes


Configuration mode

Command History

Release

Modification trap

4.1(1b)

This command was introduced.

Usage Guidelines

None.

Examples

The following example shows how to enable SNMP FC domain traps:


switch# config t
switch(config)# snmp-server enable traps link cisco
switch(config)#
switch(config)# no snmp-server enable traps link
switch(config)#

snmp-server enable traps zone

To enable SNMP zone traps, use the snmp-server enable traps zone command in configuration mode. To disable zone trap, use the no form of the command.

snmp-server enable traps zone

no snmp-server enable traps zone

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Command Modes


Configuration mode

Command History

Release

Modification trap

4.1(1b)

This command was introduced.

Usage Guidelines

None.

Examples

The following example shows how to enable SNMP zone traps:


switch# config t
switch(config)# snmp-server enable traps zone
switch(config)#
switch(config)# no snmp-server enable traps zone
switch(config)#

snmp-server globalEnforcePriv

To globally enforce privacy for all SNMP users, use the snmp-server globalEnforcePriv command in configuration mode. To disable global privacy, use the no form of the command.

snmp-server globalEnforcePriv

no snmp-server globalEnforcePriv

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Command Modes


Configuration mode

Command History

Release

Modification

2.1(0)

This command was introduced.

Usage Guidelines

None.

Examples

The following example enables globally enforced privacy for all SNMP users:


switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# snmp-server globalEnforcePriv

snmp-server host

To specify the recipient of an SNMP notification, use the snmp-server host global configuration command. To remove the specified host, use the no form of the command.

snmp-server host {ipv4-address | ipv6-address | dns-name} [traps | informs] [version {1 | 2c | 3 [auth | noauth | priv]}] community-string [udp-port port]

no snmp-server host {ipv4-address | ipv6-address | dns-name} [traps | informs] [version {1 | 2c | 3 [auth | noauth | priv]}] community-string [udp-port port]

Syntax Description

ipv4-address

Specifies the IPv4 address of the host (the targeted recipient).

ipv6-address

Specifies the IPv6 address of the host (the targeted recipient).

dns-name

Specifies the DNS server name of the host (the targeted recipient). SNMP hostname using DSN server name starting with 0. or 127. is not supported.

traps

(Optional) Sends SNMP traps to this host.

informs

(Optional) Sends SNMP informs to this host.

version

(Optional) Specifies the version of the Simple Network Management Protocol (SNMP) used to send the traps. Version 3 is the most secure model, as it allows packet encryption with the priv keyword.

1

SNMPv1 (default). This option is not available with informs.

2c

SNMPv2C.

3

SNMPv3 has three optional keywords (auth , no auth (default), or priv ).

auth

(Optional) Enables Message Digest 5 (MD5) and Secure Hash Algorithm (SHA) packet authentication

noauth

(Optional) Specifies the noAuthNoPriv security level.

priv

(Optional) Enables Data Encryption Standard (DES) packet encryption (privacy).

community-string

Sends a password-like community string with the notification operation.

udp-port port

(Optional) Specifies the port UDP port of the host to use. The default is 162.

Command Default

Sends SNMP traps.

Command Modes


Configuration mode

Command History

Release

Modification

1.0(3)

This command was introduced.

Usage Guidelines

If you use the version keyword, one of the following must be specified: 1 , 2c , or 3 .

Examples

The following example specify the recipient of an SNMP notification:


switch# config terminal
switch(config)# snmp-server host 10.1.1.1 traps version 2c abcddsfsf udp-port 500

snmp-server location

To modify system location, use snmp-server location command. To remove the SNMP server location, use the no form of the command.

snmp-server location

no snmp-server location

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Command Modes


Configuration mode

Command History

Release

Modification

4.1(1b)

This command was introduced.

Usage Guidelines

None.

Examples

The following example sets the SNMP server community string:


switch# config t
switch(config)# snmp-server location line
switch(config)#

snmp-server tcp-session

To enable one time authentication for SNMP over a TCP session, use the snmp-server tcp-session command in configuration mode. To disable one time authentication for SNMP over a TCP session, use the no form of the command.

snmp-server tcp-session [auth]

no snmp-server tcp-session [auth]

Syntax Description

auth

(Optional) Enables one time authentication for SNMP over a TCP session.

Command Default

One time authentication for SNMP over a TCP session is on.

Command Modes


Configuration mode

Command History

Release

Modification

3.1

This command was introduced.

Usage Guidelines

None.

Examples

The following example enables one time authentication for SNMP over a TCP session:


switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# snmp-server tcp-session auth

snmp-server traps entity fru

To enable SNMP entity FRU trap, use the snmp-server traps entity fru command in configuration mode. To disable entity FRU trap, use the no form of the command.

snmp-server enable traps entity fru

no snmp-server enable traps entity fru

Syntax Description

This command has no arguments or keywords.

Command Default

None.

Command Modes


Configuration mode

Command History

Release

Modification trap

4.1(1b)

This command was introduced.

Usage Guidelines

None.

Examples

The following example shows how to enable SNMP entity FRU trap:


switch# config t
switch(config)# snmp-server enable traps entity fru
switch(config)#

snmp-server user

To configure SNMP user information, use the snmp-server user commandin configuration mode. To disable the configuration or to revert to factory defaults, use the no form of the command.

snmp-server user username group-name [auth {md5 | sha} password [priv [password [auto | localizedkey [auto]]] | aes-128 password [auto | localizedkey [auto] | auto | localizedkey [auto]]]]

no snmp-server user name [group-name | auth {md5 | sha} password [priv [password [auto | localizedkey [auto]]] | aes-128 password [auto | localizedkey [auto] | auto | localizedkey [auto]]]]

Syntax Description

username

Specifies the user name. Maximum length is 32 characters.

group-name

(Optional) Specifies role group to which the user belongs. Maximum length is 32 characters.

auth

(Optional) Sets authentication parameters for the user.

md5

Sets HMAC MD5 algorithm for authentication.

sha

Uses HMAC SHA algorithm for authentication.

password

(Optional) Specifies user password. Maximum length is 64 characters.

priv

(Optional) Sets encryption parameters for the user.

auto

(Optional) Specifies whether the user is autocreated (volatile).

localizedkey

(Optional) Sets passwords in localized key format.

aes-128

(Optional) Sets 128-byte AES algorithm for privacy.

Command Default

None.

Command Modes


Configuration mode

Command History

Release

Modification

4.2(1)

This command was deprecated.

4.1(1b)

Added engineID options.

1.0(2)

This command was introduced.

1.0(3)

Added the localizedkey option.

2.0(1b)

Added the auto and aes128 options.

Usage Guidelines

The localized keys are not portable across devices as they contain information on the engine ID of the device. If a configuration file is copied into the device, the passwords may not be set correctly if the configuration file was generated at a different device. We recommend that passwords be explicitly configured to the desired passwords after copying the configuration into the device.

SNMP Version 3 is the most secure model, as it allows packet encryption with the priv keyword.

To assign multiple roles to a user, perform multiple snmp-server user username group-name commands. The group-name argument is defined by the role name command.

Examples

The following example sets the user authentication and SNMP engine ID for a notification target user:


switch# config terminal
switch(config)# snmp-server user notifUser network-admin auth sha abcd1234 engineID 
00:12:00:00:09:03:00:05:48:00:74:30

The following example sets the user information:


switch# config terminal
switch(config)# snmp-server user joe network-admin auth sha abcd1234 engineID 
switch(config)# snmp-server user sam network-admin auth md5 abcdefgh
switch(config)# snmp-server user Bill network-admin auth sha abcd1234 priv abcdefgh
switch(config)# snmp-server user user1 network-admin auth md5 0xab0211gh priv 0x45abf342 localizedkey

snsr-grp

To link a sensor group to a subscription node and set the data sampling interval, use the snsr-grp command. To remove the sensor group, use the no form of this command.

snsr-group id sample-interval interval

no snsr-group

Syntax Description

id

Sensor group ID. Range is from 1 to 4095.

sample-interval interval

Data sampling interval in milliseconds. Range is from 0 to 604800000.

Command Default

No sensor group exists.

Command Modes


Telemetry subscription configuration mode (conf-tm-sub)

Command History

Release

Modification

8.3(1)

This command was introduced.

Usage Guidelines

Currently, sensor group ID supports only numeric ID values. The interval value is specified by the user and the value is milliseconds. The minimum supported interval is 30000 milliseconds. An interval value greater than the minimum value creates a frequency-based subscription, in which telemetry data is sent periodically at the specified interval.

Examples

This example shows how to link a sensor group to a a subscription node and set the data sampling interval of 30000 milliseconds:


switch# configure
switch(config)# telemetry 
switch(config-telemetry)# subscription 100
switch(conf-tm-sub)# snsr-grp 100 sample-interval 30000

This example shows how to remove the sensor group:


switch# configure
switch(config)# telemetry 
switch(config-telemetry)# subscription 100
switch(conf-tm-sub)# no snsr-grp 100

source

To configure the SPAN session source, use the source command in Configuration mode. To revert to the default settings, use the no form of this command.

source { filter vsan vsan-id | interface ethernetsource | ethernet-port-channel | fc module-number | port-channel port-channel-number | sup-eth | sup-fc inband interface number | vlan vlan-id | vsan vsan-id}

{no source filter vsan vsan-id | interface ethernet | ethernet-port-channel | fc module-number | port-channel port-channel-number | sup-eth | sup-fc inband interface number | vlan vlan-id | vsan vsan-id}

Syntax Description

filter

Configures SPAN session filter.

vsan

Specifies the VSAN.

vsan-id

Specifies the VSAN ID. The range is from 1 to 4093

interface

Specifies the interface type.

ethernet

Specifies the ethernet.

ethernet-port-channel

Specifies the ethernet port channel interface.

fc

Specifies Fibre channel interface.

module-number

Specifies the module number. The range is from 1 to 10.

port-channel

Specifies the port channel interface.

port-channel-number

Specifies the port channel number. The range is from 1 to 256.

sup-eth

Specifies the ethernet inband interface.

sup-fc

Specifies the fibre channel inband interface.

inband interface number

Specifies the inband interface. The range is from 0 to 0.

vlan

Specifies the VLAN.

vlan-id

Specifies the VLAN ID. The range is from 1 to 4093.

Command Default

None.

Command Modes


Configuration mode

Command History

Release

Modification

6.2(1)

Added the keywords ethernet, ethernet-port-channel, sup-eth,vlan to the syntax description.

Usage Guidelines

None.

Examples

The following example shows how to configure the SPAN traffic in ingress, egress and both directions:


switch# config
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# monitor session 1
switch(config-monitor)# source interface fc 1/5 rx
switch(config-monitor)# source interface fc 1/5 tx
switch(config-monitor)# source interface fc 1/5 both
switch(config-monitor)# destination interface fc 1/5

span max-queued-packets

To configure the SPAN max-queued-packets, use the span max-queued-packets command in configuration mode. To disable the SPAN drop-threshold, use the no form of the command.

span max-queued-packets id

no span max-queued-packets id

Syntax Description

id

Specifies the SPAN max-queued-packets threshold ID. The range is 1 to 8191.

Command Default

15.

Command Modes


Configuration mode

Command History

Release

Modification

6.2(1)

This command was deprecated.

3.3(1a)

This command was introduced.

Usage Guidelines

This command is supported only on a ISOLA platform.

Examples

The following example shows how to configure the SPAN max-queued-packets:


switch# config
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# span max-queued-packets 1

span session

To configure a SPAN session, use the span session command. To remove a configured SPAN feature or revert it to factory defaults, use the no form of the command.

span session session-id {destination| filter| no| rate-optional| source| suspend}

no span session session-id {destination| filter| no| rate-optional| source| suspend}

Syntax Description

session-id

Specifies the SPAN session ID. The range is 1 to 16.

destination

Specifies the destination configuration.

filter

Specifies the filter configuration.

no

Specifies the default value.

rate-optional

Specifies the rate limit for SPAN packets on FCOE module.

IS there a variable associated with this? Does this have a range.

source

Specifies the source configuration.

suspend

Specifies the SPAN suspended session.

Command Default

None.

Command Modes


Configuration mode

Command History

Release

Modification

6.2(1)

This command was deprecated.

1.0(2)

This command was introduced.

Usage Guidelines

None.

Examples

The following example shows how to configure a SPAN session:


switch# config terminal
switch(config)# span session 1
switch(config-span)#

The following example shows how to delete a SPAN session:


switch(config)# no
 span session 1

span session source interface

To configure the SPAN traffic in both ingress (rx) and egress (tx) directions, use the span sessionsourceinterface command in Configuration mode. To revert this command. use the no form of this command.

interface

span sessionsession-idsource interface interface type

no span session session-id source interface interface type

Syntax Description

session-id

Specifies the SPAN session ID.

interfacetype

Specifies the destination interface mapped to a Fiber Channel or FC tunnel.

Command Default

None.

Command Modes


Configuration mode

Command History

Release

Modification

6.2(1)

This command was deprecated.

1.0(x)

This command was introduced.

3.3(1a)

Enabled SPAN traffic in both ingress (rx) and egress (tx) directions for Generation 2 Fabric Switches.

Usage Guidelines

None.

Examples

The following example shows how to configure the SPAN traffic in both ingress and egress directions:


switch# config
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# span session 1
switch(config-span)# source interface fc 1/5 rx
switch(config-span)# source interface fc 1/5 tx
switch(config-span)# destination interface fc 1/5

special-frame

To enable or disable special frames for the FCIP interface, use the special-frame command. To disable the passive mode for the FCIP interface, use the no form of the command.

special-frame peer-wwn pwwn-id [profile-id profile-number]

no special-frame peer-wwn pwwn-id

Syntax Description

peer-wwn pwwn-id

Specifies the peer WWN ID for special frames.

profile-id profile-number

(Optional) Specifies the peer profile ID. The range is 1 to 255.

Command Default

Disabled.

Command Modes


Interface configuration submode

Command History

Release

Modification

1.1(1)

This command was introduced.

Usage Guidelines

Access this command from the switch(config-if)# submode.

When a new TCP connection is established, an FCIP special frame (if enabled) makes one round trip from the FCIP profile and initiates the TCP connect operation to the FCIP profile receiving the TCP connect request and back. Use these frames to identify the FCIP link endpoints, to learn about the critical parameters shared by Fibre Channel and FCIP profile pairs involved in the FCIP link, and to perform configuration discovery.

Examples

The following example configures the special frames:


switch# config terminal
switch(config)# interface fcip 1
switch(config)# special-frame peer-pwwn 11:11:11:11:11:11:11:11
switch(config)# special-frame peer-pwwn 22:22:22:22:22:22:22:22 profile-id 10

ssh

To initiate a Secure Shell (SSH) session, use the ssh command in EXEC mode.

ssh { hostname | userid@hostname }

Syntax Description

hostname

Specifies the name or IP address of the host to access.

userid @ hostname

Specifies a user name on a host.

Command Default

The default user name is admin.

Command Modes


EXEC mode

Command History

Release

Modification

1.0(2)

This command was introduced.

Usage Guidelines

None.

Examples

The following example shows how to initiate an SSH session using a host name:


switch# ssh host1
admin@1host1's password:

The following example shows how to initiate an SSH session using a host IP address:


switch# ssh 10.2.2.2
admin@10.1.1.1's password:

The following example shows how to initiate an SSH session using a user name host name:


switch# ssh user1@host1
user1@1host1's password:

Note

The ssh command supports only AES-CTR ciphers from version 5.2(8g) and version 6.2(13) onwards, because the other ciphers are considered to be weak by Federal Information Processing Standards (FIPS).

Note

To discover the fabric in DCNM with 5.2(8g) and 6.2(13) images, you must install DCNM 7.1(2); as it supports the AES-CTR ciphers.

ssh connect

To log in to a destination using a channel of previously established SSH session, use the ssh connect command.

ssh connect label

Syntax Description

label

Handle of an already established SSH session.

Command Default

No sessions are defined.

Command Modes

Privileged EXEC (#)

Command History

Release Modification

8.3(1)

This command was introduced.

Usage Guidelines

Enable feature ssh and configure the ssh name command before executing the ssh connect command.

Examples

The following example shows how to connect to a destination over SSH with a local name of 'me@host'. This name has already been configured using the ssh name command.

switch# ssh connect me@host
host$

ssh key

To generate an SSH key, use the ssh key command in configuration mode. To delete SSH keys, use the no form of the command.

ssh key {dsa | | rsa | | [rsa_mod] } [force]

no ssh key [dsa| rsa]

Syntax Description

dsa

Specifies a DSA key.

rsa

Specifies an RSA key.

rsa_mod

(Optional) The modulus of the RSA key. The range is from 768 to 2048.

Starting from Cisco MDS NX-OS Release 8.4(1), the range is from 1024 to 4096.

force

(Optional) Forces the generation of DSA SSH keys even when the keys are present.

Command Default

The default key-pair modulus is 1024 bits.

Command Modes


Configuration mode

Command History

Release

Modification

1.0(2)

This command was introduced.

8.4(1)

The ssh key rsa range was modified to 4096 bits.

Usage Guidelines

It is required to disable the SSH service prior to using the no form of the command to delete all SSH keys. This, in turn, requires all SSH sessions to be closed. To access the switch without SSH, either log in through the console, or enable Telnet access. Ensure to generate new keys when re-enabling the SSH service. SSH access to the switch will be denied if no SSH keys are installed.

Examples

The following example shows how to generate an RSA key-pair:

switch(config)# ssh key rsa 1024 
generating rsa key.....
generated rsa key

The following example shows how to replace an SSH server key using DSA with the force option:

switch(config)# no ssh server enable  
switch(config)# ssh key dsa force
switch(config)# ssh server enable

The following example shows how to delete all SSH key-pairs on the switch:


switch(config)# no ssh key
cleared RSA keys

ssh name

To create an SSH session from the switch to a destination for other commands to use, use the ssh name command. To close the SSH session, use the no form of the command.