F Commands


To add a fabric to the cluster, use the fabric command in the Cisco SME cluster configuration submode.

fabric fabric name

Syntax Description

fabric name

Specifies the fabric name. The maximum length is 32 characters.

Command Modes

Cisco SME cluster configuration submode.

This command was introduced.

The following example adds a fabric named sw-xyz to a cluster:

switch# config terminal
switch(config)# sme cluster c1
switch(config-sme-cl)# fabric sw-xyz

fabric-binding activate

To activate fabric binding in a VSAN, use the fabric-binding activate command in configuration mode. To disable this feature, use the no form of the command.

fabric-binding activate vsan vsan-id [force]

no fabric-binding activate vsan vsan-id

Syntax Description

vsan vsan-id

Specifies the VSAN. The ID of the VSAN is from 1 to 4093.


(Optional) Forces fabric binding activation.

Command Modes

Configuration mode.

Command History




This command was introduced.


Extended support for fabric binding to Fibre Channel VSANs.

Fabric binding is configured on a per-VSAN basis and can be implemented in both FICON VSANs and Fibre Channel VSANs.


The following example activates the fabric binding database for the specified VSAN:

switch# config terminal
switch(config)# fabric-binding activate vsan 1

The following example deactivates the fabric binding database for the specified VSAN:

switch(config)# no fabric-binding activate vsan 10 

The following example activates the fabric binding database for the specified VSAN forcefully, even if the configuration is not acceptable:

switch(config)# fabric-binding activate vsan 3 force 

The following example reverts to the previously, configured state or to the factory default (if no state is configured):

switch(config)# no fabric-binding activate vsan 1 force 

fabric-binding database copy

To copy from the active fabric binding database to the configuration fabric binding database, use the fabric-binding database copy command in EXEC mode.

fabric-binding database copy vsan vsan-id

Syntax Description

vsan vsan-id

Specifies the VSAN. The ID of the VSAN is from 1 to 4093.

Command Modes

EXEC mode.

Command History




This command was introduced.


Extended support for fabric binding to Fibre Channel VSANs.

Fabric binding is configured on a per-VSAN basis and can be implemented in both FICON VSANs and Fibre Channel VSANs.

If the configured database is empty, this command is not accepted.


The following example copies from the active database to the configuration database in VSAN 1:

switch# fabric-binding database copy vsan 1

fabric-binding database diff

To view the differences between the active database and the configuration database in a VSAN, use the fabric-binding database diff command in EXEC mode.

fabric-binding database diff {active | config} vsan vsan-id

Provides information on the differences in the active database with respect to the configuration database.


Provides information on the differences in the configuration database with respect to the active database.

vsan vsan-id

Specifies the VSAN. The ID of the VSAN is from 1 to 4093.

Command Modes

EXEC mode.

Command History




This command was introduced.


Extended support of fabric binding to Fibre Channel VSANs.

Fabric binding is configured on a per-VSAN basis and can be implemented in both FICON VSANs and Fibre Channel VSANs.


The following example displays the differences between the active database and the configuration database in VSAN 1:

switch# fabric-binding database diff active vsan 1

The following example displays information on the differences between the configuration database and the active database:

switch# fabric-binding database diff config vsan 1

fabric-binding database vsan

To configure a user-specified fabric binding list in a VSAN, use the fabric-binding database vsan command in configuration mode. To disable an FC alias, use the no form of the command.

fabric-binding database vsan vsan-id swwn switch-wwn domain domain-id

no fabric-binding database vsan vsan-id swwn switch-wwn domain domain-id

Syntax Description


Specifies the VSAN. The ID of the VSAN is from 1 to 4093.

swwn switch-wwn

Configures the switch WWN in dotted hex format.

domain domain-id

Specifies the specified domain ID. The domain ID is a number from 1 to 239.

Command Modes

Configuration mode.

Command History




This command was introduced.


Extended support of fabric binding to Fibre Channel VSANs.

Fabric binding is configured on a per-VSAN basis and can be implemented in both FICON VSANs and Fibre Channel VSANs.

In a FICON VSAN, the fabric binding feature requires all sWWNs connected to a switch and their persistent domain IDs to be part of the fabric binding active database. In a Fibre Channel VSAN, only the sWWN is required; the domain ID is optional.

A user-specified fabric binding list contains a list of switch WWNs (sWWNs) within a fabric. If an sWWN attempts to join the fabric, and that sWWN is not on the list or the sWWN is using a domain ID that differs from the one specified in the allowed list, the ISL between the switch and the fabric is automatically isolated in that VSAN and the switch is denied entry into the fabric.

The persistent domain ID must be specified along with the sWWN. Domain ID authorization is required in FICON VSANs where the domains are statically configured and the end devices reject a domain ID change in all switches in the fabric.


All switches in a non-FICON VSAN must be running Cisco MDS SAN-OS Release 3.x or later.


The following example enters the fabric binding database submode and adds the sWWN and domain ID of a switch to the configured database list:

switch# config terminal
switch(config)# fabric-binding database vsan 5
switch(config-fabric-binding)# swwn 21:00:05:30:23:11:11:11 domain 102 

The following example deletes a fabric binding database for the specified VSAN:

switch# config terminal
switch(config)# no fabric-binding database vsan 10 

The following example deletes the sWWN and domain ID of a switch from the configured database list:

switch# config terminal
switch(config)# fabric-binding database vsan 5
switch(config-fabric-binding)# no swwn 21:00:15:30:23:1a:11:03 domain 101

fabric-binding enable

To enable fabric binding in a VSAN, use the fabric-binding enable command. To disable fabric binding, use the no form of the command.

fabric-binding enable

no fabric-binding enable

This command has no arguments or keywords.

Command Modes

Configuration mode.

Command History




This command was introduced.


Extended support of fabric binding to Fibre Channel VSANs.

NX-OS 4.1(1b)

This command was deprecated.

Fabric binding is configured on a per-VSAN basis and can be implemented in both FICON VSANs and Fibre Channel VSANs.

The fabric binding feature must be enabled in each switch in the fabric that participates in the fabric binding.


The following example enables fabric binding on that switch:

switch# config t 
switch(config)# fabric-binding enable 

The following example disables fabric binding on that switch:

switch# config t 
switch(config)# no fabric-binding enable


To configure a node to a fabric, use the fabric-membership command. To remove the node from the fabric, use the no form of the command,

fabric-membership fabric name

no fabric-membership fabric name

fabric name

Specifies the fabric name. The maximum length is 32 characters.

Command Modes

Cisco SME cluster node configuration submode.

Command History




This command was introduced.

Use the fabric-membership command to put a node in a fabric. This command has to be configured before the interface sme slot/port [force] can be accepted. It also cannot be removed if the interface sme slot/port [force] command is enabled.


The following example specifies a fabric to which the node belongs:

switch# config t
switch(config)# sme cluster clustername1
switch(config-sme-cl)# node local
switch(config-sme-cl-node)# fabric-membership f1

fcalias clone

To clone a Fibre Channel alias, use the fcalias clone command.

fcalias clone origFcalias-Name cloneFcalias-Name vsan vsan-id

origFcalias-Name cloneFcalias-Name

Clones a Fibre Channel alias from the current name to a new name. Maximum length of names is 64 characters.


Specifies the clone Fibre Channel alias is for a VSAN.


The ID of the VSAN is from 1 to 4093.

Command Modes

Configuration mode.

Command History




This command was introduced.

To disable an FC alias, use the no form of the fcalias name command.


The following examples show how to clone a fcalias named origAlias to cloneAlias on VSAN 45:

switch# config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# fcalias clone origAlias cloneAlias vsan 45

fcalias name

To configure an FC alias, use the fcalias name command. To disable an FC alias, use the no form of the command.

fcalias name alias name vsan vsan-id

no fcalias name alias name vsan vsan-id

The name of the fcalias. Maximum length is 64 characters.


The fcalias is for a VSAN.


The ID of the VSAN is from 1 to 4093.

Command Modes

Configuration mode.

Command History




This command was introduced.

To include multiple members in any alias, use the FCID, fWWN, or pWWN values.


The following examples show how to configure an fcalias called AliasSample on VSAN 3:

switch# config terminal
switch(config)# fcalias name AliasSample 
vsan 3

fcalias rename

To rename a Fibre Channel alias (fcalias), use the fcalias rename command.

fcalias rename current-name new-name vsan vsan-id

Specifies the current fcalias name. The maximum length is 64.


Specifies the new fcalias name. The maximum length is 64.

vsan vsan-id

Specifies the VSAN ID. The range is 1 to 4093.

Command Modes

Configuration mode.

Command History




This command was introduced.

The following example shows how to rename an fcalias:

switch# config terminal
switch(config)# fcalias rename oldalias newalias vsan 10

fcanalyzer local

To configure local Cisco Fabric Analyzer, use the fcanalyzer local command in EXEC mode.

fcanalyzer | ethanalyzer local [interface {inband | mgmt} [capture-filter expression] [brief] [ [display-filter expression] [ [limit-captured-frames number] [ [limit-frame-size bytes] [write uri2]]]] | [interface {inband | mgmt} [dump-pkt]]]

Syntax Description


(Optional) Begins live capture on following interface.


(Optional) Specifies an inband interface (default interface to capture on).


(Optional) Specifies an management interface.


(Optional) Filters frames using a capture filter expression.


Specifies capture filter expression.


(Optional) Displays the protocol summary in a brief.


(Optional) Filters frames using display filter expression.


Specifies display filter expression.

limit-captured-frames number

(Optional) Limits the number of frames captured to 10. The range is 0 to 2147483647 frames. Use 0 if you do not want to limit the captured frames.

limit-frame-size bytes

(Optional) Limits the size of the frame captures. The range is 64 to 65536 bytes.


(Optional) Saves the captured frames to a specified file.


The filename to be written in (bootflash: or volatile:).


Specifies Hex (ASCII) dumps packet, troubleshoot packet analyzer.

Number of packets captured by default is changed from 100 to 10.

Command Modes

EXEC mode.

Command History



NX-OS 4.1(1a)

Changed the display-filter syntax description.

NX-OS 4.2(2)

Moved local capture to EXEC mode, added support for capturing on mgmt interface along with inband (fc-interface). Also addded capture-filter support and support for hex dump of packets.


This command was introduced.

You can capture Fibre Channel control traffic from a switch and decode it without disrupting connectivity and without having to be local to the point of analysis.


When you capture on inband interface packets from the supervisor to the line card module are captured and vice versa.


Multiword capture and display filter expressions need to be either single-quoted or double-quoted depending on what the expression itself contains.


To stop capture at any time press Ctrl+C.


The following example shows how to display only protocol summary on VSAN1:

switch# fcanalyzer local interface inband brief

Capturing on inband interface
  0.000000     ff.fa.01 -> ff.fa.01     FC OHMS(Cisco MDS)
  0.001033     ff.fa.04 -> ff.fa.04     FC OHMS(Cisco MDS)
  4.996424     ff.fa.01 -> ff.fa.01     FC OHMS(Cisco MDS)
  4.997452     ff.fa.04 -> ff.fa.04     FC OHMS(Cisco MDS)
  9.996536     ff.fa.01 -> ff.fa.01     FC OHMS(Cisco MDS)
  9.997470     ff.fa.04 -> ff.fa.04     FC OHMS(Cisco MDS)
 14.996572     ff.fa.01 -> ff.fa.01     FC OHMS(Cisco MDS)
 14.997590     ff.fa.04 -> ff.fa.04     FC OHMS(Cisco MDS)
 19.996463     ff.fa.01 -> ff.fa.01     FC OHMS(Cisco MDS)
 19.997415     ff.fa.04 -> ff.fa.04     FC OHMS(Cisco MDS)

The following example shows how to display capture on inband interface:

switch# fcanalyzer local interface inband
Capturing on inband interface
Frame 1 (148 bytes on wire, 148 bytes captured)
    Arrival Time: Apr 15, 2010 11:20:47.577355000
    Time delta from previous packet: 0.000000000 seconds
    Time since reference or first frame: 0.000000000 seconds
    Frame Number: 1
    Packet Length: 148 bytes
    Capture Length: 148 bytes
Ethernet II, Src: 00:00:00:00:00:0a, Dst: 00:00:00:00:ee:00
    Destination: 00:00:00:00:ee:00 (00:00:00:00:ee:00)
    Source: 00:00:00:00:00:0a (00:00:00:00:00:0a)
    Type: Unknown (0xfcfc)
MDS Header(Unknown(0)/Unknown(0))
    MDS Header
        ...0 0000 0111 0110 = Packet Len: 118
        .... 0000 0000 00.. = Dst Index: 0x0000
        .... ..01 0010 0000 = Src Index: 0x0120
        .... 0000 0000 0001 = VSAN: 1
    MDS Trailer
        EOF: Unknown (0)
        CRC: 0xdeadbeef
Fibre Channel
    R_CTL: 0x20(Extended Link Services/0x0)

The following example shows how to display a hex dump of packets:

switch# fcanalyzer local interface inband dump-pkt
Warning:  Couldn't obtain netmask info (eth2: no IPv4 address assigned).
Capturing on eth2
  0.000000     ff.fa.01 -> ff.fa.01     FC OHMS(Cisco MDS)
0000  00 00 00 00 ee 00 00 00 00 00 00 0a fc fc 81 00   ................
0010  00 72 ff 00 01 20 00 01 00 00 00 10 01 00 20 ff   .r... ........ .
0020  fa 01 00 ff fa 01 01 00 00 03 00 00 00 00 ff ff   ................
0030  ff ff 00 00 00 00 00 00 00 00 00 00 03 49 00 00   .............I..
0040  00 29 f6 1f 73 d9 00 00 00 00 00 00 00 00 00 00   .)..s...........
0050  00 00 00 00 00 00 00 ff fa 01 00 ff fa 01 00 00   ................
0060  09 96 00 00 00 00 00 00 00 04 00 00 00 02 00 00   ................
0070  00 00 01 00 00 00 ff ff ff ff 00 09 f5 00 2b 99   ..............+.
0080  86 d2 8b df 4e 02 0b aa aa aa 00 00 de ad be ef   ....N...........
  0.001112 80:57:00:00:cb:07 -> 81:00:00:72:e7:00 LLC I P, N(R) = 127, N(S) = 16
; DSAP NULL LSAP Group, SSAP 68 Command
0000  81 00 00 72 e7 00 80 57 00 00 cb 07 00 10 01 68   ...r...W.......h
0010  20 ff fa 01 00 ff fa 01 01 00 00 03 00 00 00 00    ...............
0020  ff ff ff ff 00 00 00 00 00 00 00 00 00 00 03 49   ...............I
0030  00 00 00 29 f6 1f 73 d9 00 00 00 29 f6 1f d4 00   ...)..s....)....
0040  00 00 00 00 00 00 00 00 00 ff fa 01 00 ff fa 01   ................
0050  00 00 09 96 00 00 00 00 00 00 00 04 00 00 00 02   ................
0060  00 00 00 00 01 00 00 00 ff ff ff ff 00 09 f5 00   ................
0070  2b 99 86 d2 8b df 4e 02 0b aa aa aa 00 00 de ad   +.....N.........
0080  4d 94                                             M.
  0.001763     ff.fa.04 -> ff.fa.04     FC OHMS(Cisco MDS)
0000  00 00 00 00 ee 00 00 00 00 00 00 0a fc fc 81 00   ................
0010  00 96 ff 80 81 20 00 01 00 00 00 10 01 00 20 ff   ..... ........ .
0020  fa 04 00 ff fa 04 01 00 00 00 00 00 00 00 ff ff   ................
0030  ff ff 00 00 00 00 00 00 00 00 00 00 03 49 00 00   .............I..
0040  00 29 f6 1f fc e2 00 00 00 00 00 00 00 00 00 00   .)..............
0050  00 00 00 00 00 00 00 ff fa 04 00 ff fa 04 00 00   ................
0060  09 96 00 00 00 00 00 00 00 00 00 00 00 01 00 00   ................
0070  00 00 06 08 20 00 06 08 20 00 00 30 d1 00 f6 cc   .... ... ..0....
0080  99 87 01 c8 72 e1 ad c5 a0 dd 09 c3 d6 2d 56 8b   ....r........-V.
0090  18 96 0a 43 2f 90 15 bb 70 63 bd 7b e1 b3 47 7a   ...C/...pc.{..Gz
00a0  3a 49 42 ac 2a ef 71 ca cd 7a 8e a3 a7 e4 00 00   :IB.*.q..z......
00b0  de ad be ef                                       ....
  0.002248 81:20:00:01:cb:07 -> 81:00:00:96:ff:80 LLC I P, N(R) = 127, N(S) = 16
; DSAP NULL LSAP Group, SSAP NetWare Command

The following example shows how to use a display filter on inband interface and display its summary:

switch# fcanalyzer local interface inband brief display-filter 'mdshdr.vsan==0x1 && (fc.d_id == "ff.fa.01") || (fc.s_id == "ff.fa.04")'
Capturing on inband interface
  0.000000     ff.fa.01 -> ff.fa.01     FC OHMS(Cisco MDS)
  0.001782     ff.fa.04 -> ff.fa.04     FC OHMS(Cisco MDS)
  4.996741     ff.fa.01 -> ff.fa.01     FC OHMS(Cisco MDS)
  4.997725     ff.fa.04 -> ff.fa.04     FC OHMS(Cisco MDS)
  9.996670     ff.fa.01 -> ff.fa.01     FC OHMS(Cisco MDS)
  9.997483     ff.fa.04 -> ff.fa.04     FC OHMS(Cisco MDS)
 14.996623     ff.fa.01 -> ff.fa.01     FC OHMS(Cisco MDS)
 14.997642     ff.fa.04 -> ff.fa.04     FC OHMS(Cisco MDS)
 19.996739     ff.fa.01 -> ff.fa.01     FC OHMS(Cisco MDS)
 19.997554     ff.fa.04 -> ff.fa.04     FC OHMS(Cisco MDS)

The following example shows how to write captured packets in PCAP format and display captures on the screen:

switch# fcanalyzer local interface inband display-filter 'mdshdr.vsan==0x1 && (fc.d_id == "ff.fa.01") || (fc.s_id == "ff.fa.04")' limit-captured-frames 2 write bootflash:fc_cap
Frame 2 (160 bytes on wire, 160 bytes captured)
    Arrival Time: May  6, 2010 09:53:38.020767000
    Time delta from previous packet: 0.000000000 seconds
    Time since reference or first frame: 0.000000000 seconds
    Frame Number: 2
    Packet Length: 160 bytes
    Capture Length: 160 bytes
Ethernet II, Src: 00:00:00:00:00:0a, Dst: 00:00:00:00:ee:00
    Destination: 00:00:00:00:ee:00 (00:00:00:00:ee:00)
    Source: 00:00:00:00:00:0a (00:00:00:00:00:0a)
    Type: Unknown (0xfcfc)
MDS Header(Unknown(0)/Unknown(0))
    MDS Header
        ...0 0000 1000 0010 = Packet Len: 130
        .... 0000 0000 00.. = Dst Index: 0x0000
        .... ..01 0010 0000 = Src Index: 0x0120
        .... 0000 0000 0001 = VSAN: 1
    MDS Trailer
        EOF: Unknown (0)
        CRC: 0xdeadbeef
Fibre Channel
    R_CTL: 0x20(Extended Link Services/0x0)
    Dest Addr: ff.fa.01
    CS_CTL: 0x00
    Src Addr: ff.fa.01
    Type: Ext Link Svc (0x01)
    F_CTL: 0x000000  Exchange Originator, Seq Initiator, CS_CTL, Last Data Frame
 - No Info, ABTS - Abort/MS,
        0... .... .... .... .... .... = ExgRpd: Exchange Originator
        .0.. .... .... .... .... .... = SeqRec: Seq Initiator
        ..0. .... .... .... .... .... = ExgFst: NOT exchg first
        ...0 .... .... .... .... .... = ExgLst: NOT exchg last
        .... 0... .... .... .... .... = SeqLst: NOT seq last
        .... ..0. .... .... .... .... = Pri: CS_CTL
        .... ...0 .... .... .... .... = TSI: NOT transfer seq initiative
        .... .... 00.. .... .... .... = LDF: Last Data Frame - No Info (0x000000
        .... .... ..00 .... .... .... = A01: no ack required (0x000000)
        .... .... .... ..0. .... .... = RetSeq: NOT retransmitted sequence
        .... .... .... .... ..00 .... = AA: ABTS - Cont (0x000000)
        .... .... .... .... .... 0... = RelOff: rel offset NOT set
    SEQ_ID: 0x00
    DF_CTL: 0x00
    SEQ_CNT: 0
    OX_ID: 0xffff
    RX_ID: 0xffff
    Parameter: 0x00000000
Data (106 bytes)
0000  01 00 00 00 00 00 04 1a 00 00 00 34 19 a0 be 60   ...........4...`
0010  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0020  00 ff fa 01 00 ff fa 01 00 00 09 96 00 00 00 00   ................
0030  00 00 00 04 00 00 00 02 00 00 00 00 01 00 00 00   ................
0040  ff ff ff ff 00 1c c0 00 c1 24 50 6e 4d aa 55 a6   .........$PnM.U.
0050  19 81 9c d3 6d b2 58 34 8a 30 6a e6 d6 cf 31 ff   ....m.X4.0j...1.
0060  ca cd 83 0e 00 00 de ad be ef                     ..........

The following example shows how to use capture filter on the mgmt interface and redirect the console output to a file:

switch# fcanalyzer local interface mgmt capture-filter "arp" > mgmt_capture.txt
Capturing on mgmt interface

fcanalyzer remote

To configure remote Cisco Fabric Analyzer, use the fcanalyzer remote command in configuration mode. To disable this command, use the no form of the command.

no fcanalyzer remote ip address [active [port-number]]

Syntax Description


Maximum length is 1024 characters.


(Optional) Enables active mode (passive is the default) with the remote host.


(Optional) Specifies the port number.

Command Modes

Configuration mode.

Command History




This command was introduced.

You can capture Fibre Channel control traffic from a switch and decode it without having to disrupt connectivity and without having to be local to the point of analysis.


The following example shows how to configure remote Cisco Fabric analyzer:

switch(config)# fcanalyzer remote


To specify the fields of the certificate map, use the filter command in configuration mode. The CA certificate or certificate chain is assumed to already be available in Privacy Enhanced Mail (PEM) (base-64) encoded format.

filter {altname-email email-id | altname-upn username | subject-name subject-name}

altname-email email-id

Specifies an Email ID as an alternate name. The maximum size is 64 characters.

altname-upn username

Specifies user principal name as an alternate name. The maximum size is 64 characters.

subject-name subject-name

Specifies subject name of the certificate. The maximum size is 64 characters

Command Modes

Configuration submode.

Command History



NX-OS 5.0(1a)

This command was introduced.

%username% substitutes the user’s login name.

%hostname% substitute the peer hostname.


Two maps currently can be configured for a given issuer name. The certificate will be filtered based on these two configured maps. If a default configuration is provided then the certificates are filtered against the default map in case if there is no map for that particular issuer name.


The following example shows how to configure an Email ID as an alternate name:

switch(config)# crypto certificatemap mapname map1
switch(config-certmap-filter)# filter subject-name cn=%username%,ou=PKI,o=Cisco Systems,c=US 

The following example shows how to configure the user principal as an alternate name:

switch(config-certmap-filter)# filter altname-email %username%@cisco.com

The following example shows how to configure the subject name as an certificate:

switch(config-certmap-filter)# filter altname-upn%username%@%hostname%

fcc enable

To enable Fibre Channel Congestion Control (FCC), use the fcc enable command in configuration mode. To disable this feature, use the no form of the command.

fcc enable

no fcc enable

This command has no arguments or keywords.

Command Default


Command Modes

Configuration mode.

Command History



NX-OS 5.0(1a)

This command was deprecated.


This command was introduced.

This command is not supported on the Cisco MDS 9124 switch, the Cisco Fabric Switch for HP c-Class BladeSystem, and the Cisco Fabric Switch for IBM BladeCenter.


The following example shows how to enable FCC:

switch# config terminal
switch(config)# fcc enable

The following example shows how to disable FCC:

switch# config terminal
switch(config)#  no fcc enable

fc-management database

To configure the Fibre Channel Common Transport (FC-CT) Management Security database, use the fc-management database command.

fc-management database vsan vsan-id

Specifies the VSAN.


Specifies the VSAN ID. The range is from 1 to 4093.

Command Modes

Configuration mode.

Command History



NX-OS 6.2(9)

This command was introduced.

The following example shows how to configure the management security database:

switch(config)# fc-management database vsan 1

fc-management enable

To enable the Fibre Channel Common Transport (FC-CT) Management Security, use the fc-management enable command. To disable this feature command, use the no form of the command.

fc-management enable

no fc-management enable

This command has no arguments or keywords.

Command Modes

Configuration mode.

Command History



NX-OS 6.2(9)

This command was introduced.

The following example shows how to enable the FC-CT management security:

switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# fc-management enable

fcc priority

To assign the FCC priority to the entire switch, use the fcc priority command in configuration mode. To revert to the default, use the no form of the command.

fcc priority number

no fcc priority number

The FCC priority threshold. The range is 0 to 7, where 0 is the lowest priority and 7 the highest priority.

Command Default

The default priority is 4.

Command Modes

Configuration mode.

Command History




This command was introduced.


This command was deprecated.

FCC reduces the congestion in the traffic without interfering with the standard Fibre Channel protocol.


This command is not supported on the Cisco MDS 9124 switch, the Cisco Fabric Switch for HP c-Class BladeSystem, and the Cisco Fabric Switch for IBM BladeCenter.


The following example shows how to configure the FCC priority threshold as 2:

switch# config terminal
switch(config)# fcc priority 2


To enable domain selection on the switch and participation in the Fibre Channel fabric topology, use the fcdomain command. To disable the domain and withdraw from the Fibre Channel fabric, use the no form of this command.

fcdomain vsan ID

no fcdomain vsan ID

vsan ID

Specifies the VSAN ID. Range is 1–4093.

Command Default

Fibre Channel domains are enabled for all VSANs.

Command Modes

Configuration mode (config)

Command History




This command was introduced.

Usage Guidelines

If you disable a Fibre Channel domain on a switch, that switch has no identity in the VSAN. It can neither communicate with other switches in the fabric nor allocate FCIDs to attached edge devices.

This command is not available on N Port Virtualization (NPV) enabled switches as they do not require this functionality. Functions requiring FC domains are handled by the upstream NPIV enabled switch instead.


The following example displays how to enable the Fibre Channel domain in VSAN 10:

switch# configure
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# fcdomain vsan 10

The following example displays how to disable the Fibre Channel domain in VSAN 10:

switch# configure
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# no fcdomain vsan 10

fcdomain abort

To discard pending changes to the domain configuration in a VSAN and release the Cisco Fabric Services (CFS) lock, use the fcdomain abort command.

fcdomain abort vsan ID

vsan id

Specifies a VSAN ID. The range is 1 to 4093.

Command Modes

Configuration mode (config)

Command History




This command was introduced.

The pending changes to the domain configuration are cached until the changes are committed. Discarding pending configuration changes should normally be done using the no fcdomain commit command. However, when another user has left pending configuration changes without committing them, use this command to force the changes to be abandoned and the session lock to be released. Ensure to check that the other user is no longer logged in to the switch and making changes first.


The following example displays how to discard pending changes to the domain configuration in VSAN 10 and release the CFS lock:

switch# configure
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# fcdomain abort vsan 10

fcdomain allowed

To configure a set of domain IDs that are allowed in a VSAN, use the fcdomain allowed command. To remove this configuration, use the no form of this command.

fcdomain allowed domain-IDs vsan ID

no fcdomain allowed domain-IDs vsan ID

Specifies a set of domain IDs. Two domain IDs separated by a '-' denotes a range of consecutive domain IDs. Nonconsecutive domain IDs are separated by ','. Range is 1–239.

vsan ID

Specifies the VSAN ID. Range is 1–4093.

Command Default

All domain IDs are allowed.

Command Modes

Configuration mode (config)

Command History




This command was introduced.

A set of allowed domain IDs must satisfy the following conditions:

  • If this switch is a principal switch, all the currently assigned domain IDs must be in the allowed set.

  • If this switch is a subordinate switch, the local runtime domain ID must be in the allowed set.

  • The locally configured domain ID of the switch must be in the allowed set.

  • The intersection of the assigned domain IDs with other already configured domain ID sets must not be empty.

If you configure an allowed set on one switch in a fabric, we recommend that you configure the same set in all other switches in the fabric to ensure consistency or use CFS to distribute the configuration.


The following example displays how to configure set of allowed domain IDs to 2-10,20,30 in VSAN 10:

switch# configure
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# fcdomain allowed 2-10,20,30 vsan 10

If CFS distribution for fcdomain is enabled, the following command is required for the allowed list configuration to take effect:

switch# configure
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# fcdomain commit vsan 10

The following example displays how to reset the set of allowed domain IDs list back to default for VSAN 10:

switch# configure
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# no fcdomain allowed 2-10,20,30 vsan 10

fcdomain auto-reconfigure

To enable the automatic reconfiguration of FC domains in the event of overlap during a fabric merge in a VSAN or range of VSANs, use the fcdomain auto-reconfigure command. To disable the automatic reconfiguration option, use the no form of this command.

fcdomain auto-reconfigure vsan ID

no fcdomain auto-reconfigure vsan ID

vsan ID

Specifies the VSAN ID. Range is 1–4093.

Command Default

Automatic reconfiguration is disabled.

Command Modes

Configuration mode (config)

Command History




This command was introduced.

Duplicate domains refer to multiple switches selecting the same domain ID in the same VSAN. When connected together, switches with such a configuration will fail to merge and become isolated in the affected VSAN.

Enabling automatic reconfiguration on switches with a duplicate domain IDs before connecting their fabrics together causes a disruptive domain reconfiguration (RCF) to be automatically triggered immediately when they are connected. This will cause the switches with duplicate domain IDs to reselect a domain. Switches that change their domain ID will cause all attached end devices to log out and log in again. This will cause traffic disruption on those devices.

Enabling automatic reconfiguration on switches after they are isolated does not trigger a reconfiguration. The fabrics remains isolated. You can initiate a reconfiguration by manually changing the configured domain ID on one of the switches and thus eliminating the domain overlap and allowing the fabrics to merge.


The following example displays how to enable the automatic reconfiguration option in VSAN 10:

switch# configure
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# fcdomain auto-reconfigure vsan 10


The following example displays how to disable the automatic reconfiguration option in VSAN 10:

switch# configure
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# no fcdomain auto-reconfigure vsan 10

fcdomain commit

To commit pending changes to the domain configuration in a VSAN and release the CFS lock, use the fcdomain commit command.

fcdomain commit vsan ID

vsan ID

Specifies the VSAN ID. Range is 1–4093.

Command Default

The pending changes to the domain configuration are cached until the changes are committed.

Command Modes

Configuration mode (config)

Command History




This command was introduced.

This command may be used on the switch that has the CFS lock. This will be the switch where the fcdomain configuration changes for the session were started. A session commit is successful after the pending configuration changes are distributed to each MDS switch in the VSAN, the configuration changes are applied to the configuration by each switch, and the session lock is released.


The following example displays how to commit pending changes to the domain configuration in VSAN 10 and release the CFS lock:

switch# configure
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# fcdomain commit vsan 10

fcdomain contiguous-allocation

To assign contiguous domain IDs to subordinate switches by a principle switch in a VSAN or range of VSANs, use the fcdomain contiguous-allocation command. To disable the contiguous domain ID assignment by the principle switch, use the no form of this command.

fcdomain contiguous-allocation vsan ID

no fcdomain contiguous-allocation vsan ID

vsan ID

Specifies the VSAN ID. Range is 1–4093.

Command Default

The contiguous allocation option is disabled.

Command Modes

Configuration mode (config)

Command History




This command was introduced.

The contiguous allocation option takes immediate effect at runtime. You need not restart the Fibre Channel domain.


The following example displays how to enable the contiguous allocation option in VSAN 10:

switch# configure
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# fcdomain contiguous-allocation vsan 10

The following example displays how to disable the contiguous allocation option in VSAN 10:

switch# configure
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# no fcdomain contiguous-allocation vsan 10

fcdomain distribute

To enable Fibre Channel domain configuration distribution using CFS, use the fcdomain distribute command. To disable Fibre Channel domain configuration distribution, use the no form of this command.

fcdomain distribute

no fcdomain distribute

Fibre Channel domain configuration distribution is disabled.

Command Modes

Configuration mode (config)

Command History




This command was introduced.

You must enable distribution on all switches on which you want to distribute Fibre Channel domain configuration to.


The following example displays how to enable Fibre Channel domain configuration distribution using CFS:

switch# configure
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# fcdomain distribute

The following example displays how to disable Fibre Channel domain configuration distribution:

switch# configure
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# no fcdomain distribute

fcdomain domain

To configure a static or preferred domain ID for a switch, use the fcdomain domain command. To remove this configuration, use the no form of this command.

fcdomain domain dID { preferred | static } vsan vID

no fcdomain domain dID { preferred | static } vsan vID


Specifies the domain ID in decimal or hexadecimal. Range is 0–239 in decimal and 0x0–0xef in hexadecimal.


Assigns a specific domain ID but the switch will accept a different domain ID if the specified ID is unavailable.


Assigns a specific domain ID but the switch will isolate itself if the specified domain ID is unavailable.

vsan vID

Specifies the VSAN ID. Range is 1–4093.

Command Modes

Configuration mode (config)

Command History




This command was introduced.

When you assign a static domain ID, you are requesting a specific domain ID for the switch in the VSAN. If the switch does not get the requested ID, it will isolate itself from the fabric. When you specify a preferred domain ID, you are also requesting a particular domain ID, however, if the requested domain ID is unavailable, then the switch will accept another domain ID.

While the static option can be applied at runtime after a disruptive or non-disruptive restart, the preferred option is applied at runtime only after a disruptive restart.


Within a VSAN all switches should have the same domain ID type (either static or preferred). If a configuration is mixed with some switches with static domain types and others with preferred, then switches with static domain configuration may unexpectedly be isolated if their domain was allocated to a switch with a preferred domain configuration first.


The following example displays how to configure the switch in VSAN 8 to request a preferred domain ID 3 but accept any value assigned by the principal switch if the domain ID is unavailable:

switch# configure
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# fcdomain domain 3 preferred vsan 8


The following example displays how to configure the switch in VSAN 237 to accept only a specific value and moves the local interfaces in VSAN 237 to an isolated state if the requested domain ID is unavailable:

switch# configure
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# fcdomain domain 2 static vsan 237


fcdomain fabric-name

To set the fabric name of a VSAN, use the fcdomain fabric-name command. To revert to the default fabric name, use the no form of this command.

fcdomain fabric-name name vsan ID

no fcdomain fabric-name name vsan ID

Specifies a fabric name. The fabric name is in the format hh:hh:hh:hh:hh:hh:hh:hh.

vsan ID

Specifies the VSAN ID. Range is 1–4093.

Command Default

The default fabric name is built from the VSAN number and the switch WWN.

Command Modes

Configuration mode (config)

Command History




This command was introduced.

The fabric name is a local configuration on the switch and is passed as a parameter in some frames (for example, FAN) to edge devices to identify the fabric it is connected to.


The following example displays how to set a fabric name for VSAN 10:

switch# configure
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# fcdomain fabric-name 20:1:ac:16:5e:0:21:01 vsan 10

The following example displays how to revert to the default fabric name in VSAN 10:

switch# configure
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# no fcdomain fabric-name 20:1:ac:16:5e:0:21:01 vsan 10

fcdomain fcid database

To modify the persistent FCID database, use the fcdomain fcid database command.

fcdomain fcid database

Command Modes

Configuration mode (config)

Command History




This command was introduced.


The following example displays how to configure a new FCID with a whole area allocation in VSAN 10:

switch# configure
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# fcdomain fcid database
switch(config-fcid-db)# vsan 10 wwn 50:05:08:b2:00:71:c8:c2 fcid 0x6fee00 area

fcdomain fcid persistent

To enable the persistent FCID feature, use the fcdomain fcid persistent command. To disable this feature, use the no form of this command.

fcdomain fcid persistent vsan ID

no fcdomain fcid persistent vsan ID

vsan ID

Specifies the VSAN ID. Range is 1–4093.

Command Default

The persistent FCID feature is enabled.

Command Modes

Configuration mode (config)

Command History




This command was introduced.

It is recommended to not disable the persistent FCID feature in VSANs with any AIX or HP-UX hosts connected. These devices may lose connectivity if the FCID assigned to them changes at the next fabric login.

A device with a persistent FCID assigned may be moved between F port interfaces. They will maintain the same FCID. Loop-attached devices (FL ports) must remain connected to the same port to which they initially logged in to.


The following example displays how to enable the persistent FCID feature in VSAN 10:

switch# configure
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# fcdomain fcid persistent vsan 10

The following example displays how to disable the persistent FCID feature in VSAN 10:

switch# configure
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# no fcdomain fcid persistent vsan 10

fcdomain optimize

To enable restart optimization algorithms, use the fcdomain optimize command. To disable these algorithms, use the no form of this command.

fcdomain optimize { fast-restart | selective-restart | scale-restart | all } vsan ID

no fcdomain optimize { fast-restart | selective-restart | scale-restart | all } vsan ID

Enables domain manager fast restart.


Enables domain manager selective restart.


Enables domain manager scale restart.


Enables all domain manager optimizations.

vsan ID

Specifies the VSAN ID. Range is 1–4093.

Command Default

Scale restart optimization is enabled by default.

Command Modes

Configuration mode (config)

Command History




Added the all and scale-restart keywords to the syntax description.


Added the fast-restart keyword to the syntax description.


This command was introduced.

In the Fibre Channel protocol, fabric reconfiguration starts with flooding of reconfigure fabric (RCF) or build fabric (BF) frames which indicates to all the switches in the VSAN that the fabric is changing. This process is followed by principal switch selection and domain ID allocation phases. Fibre Channel domains can be started disruptively or nondisruptively. A disruptive restart sends RCF frames to the other switches in the VSAN and data traffic is disrupted on all the switches in the VSAN (including remotely segmented ISLs). A nondisruptive restart sends BF frames to the other switches in the fabric and data traffic is disrupted only on the local switch. The MDS platform has a number of optimizations available to increase scaling and the completion speed of this process.

When fast restart is enabled and a backup link is available, the domain manager needs only a few milliseconds to select a new principal link to replace the one that failed. Also, the operation to select the new principal link is only executed by the two switches that are directly attached to the failed link, not all switches in the VSAN. When a backup link is not available, the domain manager reverts to the default behavior and starts a normal build fabric phase followed by a principal switch selection phase.

When selective restart is enabled, the domain manager sends BF frames on only one peer switch link if there are multiple links between them. This benefits scaling. During the build fabric phase, frames are normally flooded on all links. A switch may have more than one link to a peer switch. In such cases, the BF frame can be sent to only one of the links to the peer switch. This configuration reduces the number of BF frames that are to be exchanged during the build fabric phase of fabric reconfiguration.

When scale restart is enabled, a single consolidated Exchange Fabric Parameter (EFP) request will be flooded by the principal switch after the domain identifier allocation phase is completed. Normally, when principal switch assigns a domain ID to a switch (including itself) during the fabric reconfiguration phase, it transmits an Exchange Fabric Parameter (EFP) request. This request carries the domain list information of the fabric. Whenever the domain list changes, an EFP frame is flooded to the fabric. This option reduces the number of EFP requests each switch must process. Scale restart is enabled by default in all native VSANs. This option is not supported in interoperability mode and thus is not enabled in interoperability VSANs.

We recommend using the fast-restart option on most fabrics, especially those with many logical ports (3200 or more), where a logical port is an instance of a physical port in a VSAN.


The following example displays how to enable domain manager fast restart on VSAN 10:

switch# configure
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# fcdomain optimize fast-restart vsan 10


The following example displays how to disable domain manager fast restart on VSAN 10:

switch# configure
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# no fcdomain optimize fast-restart vsan 10


The following example displays how to enable all domain manager optimizations on VSAN 10:

switch# configure
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# fcdomain optimize all vsan 10


The following example displays how to disable all domain manager optimizations on VSAN 10:

switch# configure
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# no fcdomain optimize all vsan 10


fcdomain priority

To configure the priority of the local switch in a VSAN, use the fcdomain priority command. To revert to the default priority, use the no form of this command.

fcdomain priority value vsan ID

no fcdomain priority value vsan ID

Specifies the priority value. Range is 1–254.

vsan ID

Specifies the VSAN ID. Range is 1–4093.

Command Default

The default priority value is 128.

Command Modes

Configuration mode (config)

Command History




This command was introduced.

The priority of a switch is used during the principle switch selection process. During principal switch selection, the switch with the highest priority becomes the principal switch. If two switches have the same priority, the switch with the lower WWN becomes the principal switch.

1 is the highest priority and 255 is the lowest. 255 is accepted from other switches but cannot be configured on an MDS switch.

Any new switch should not be allowed to become the principal switch when it joins an existing fabric. It may cause traffic disruption when it becomes the principal switch as it may assign different domain IDs than the previous principal switch. If it has a lower switch WWN than the existing principal switch, then it can be assigned a lower priority so that it loses the principal switch selection process.


The following example displays how to configure a priority of 25 for the local switch in VSAN 10:

switch# configure
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# fcdomain priority 25 vsan 10

The following example displays how to revert the priority to the factory default (128) in VSAN 10:

switch# configure
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# no fcdomain priority 25 vsan 10

fcdomain restart

To force the principal switch selection process to be restarted in a VSAN, use the fcdomain restart command.

fcdomain restart vsan ID

vsan ID

Specifies the VSAN ID. Range is 1–4093.

Command Default

Fabric restart is nondisruptive across all switches in the specified VSAN.

Command Modes

Configuration mode (config)

Command History




The disruptive keyword was removed.


The disruptive keyword was added.


This command was introduced.

Issue the fcdomain restart command if you want to apply the configured domain changes to the runtime domain.


The following example displays how to force VSAN 10 to reconfigure without traffic disruption:

switch# configure
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# fcdomain restart vsan 10

fcdomain rcf-reject

To enable the RCF reject flag for a Fibre Channel or FCIP interface, use the fcdomain option. To disable this feature, use the no form of the command.

fcdomain rcf-reject vsan number

no fcdomain rcf-reject vsan number

vsan vsan-id

Specifies a VSAN ID. The range is 1 to 4093.

Command Modes

Interface configuration submode.

Command History




This command was introduced.

Access this command from the switch(config-if)# submode.

Use this option to configure the RCF reject option for the selected Fibre Channel or FCIP interface.


The following example shows how to configure the FCIP RCF reject fcdomain feature:

switch# config terminal
switch(config)# interface fcip 1
switch(config-if)# fcdomain rcf-reject vsan 1


To configure the network and switch FC drop latency time, use the fcdroplatency command in configuration mode. To disable the FC latency time, use the no form of the command.

fcdroplatency {network milliseconds [vsan vsan-id] | switch milliseconds}

no fcdroplatency {network milliseconds [vsan vsan-id] | switch milliseconds}

network milliseconds

Specifies network latency. The range is 500 to 60000.

vsan vsan-id

Specifies a VSAN ID. The range is 1 to 4093.

switch milliseconds

Specifies switch latency. The range is 0 to 60000 milliseconds.

Command Default

2000 millisecond network latency.

500 millisecond switch latency.

Command Modes

Configuration mode.

Command History




This command was introduced.


The switch keyword was deprecated.

The following example shows how to configure the network latency to 5000 milliseconds:

switch# config terminal
switch(config)# fcdroplatency network 5000

The following example shows how to revert to the default network latency:

switch(config)# no fcdroplatency network 5000

The following example shows how to configure the switch latency to 4000 milliseconds:

switch(config)# fcdroplatency switch 4000

The following example shows how to revert to the default switch latency:

switch(config)# no fcdroplatency switch 4000

fcflow stats

To configure FC flow statistics, use the fcflow stats command in configuration mode. To disable the counter, use the no form of the command.

fcflow stats {aggregated module module-number index flow-number vsan vsan-id | module module-number index flow-number flow-numberdestination-fcid source-fcid netmask vsan vsan-id}

no fcflow stats {aggregated module module-number index flow-number | module module-number index flow-number}

Configures aggregated FC flow statistics.

module module-number

Configures FC flow statistics on a module.

index flow-number

Specifies a flow index. The range is 1 to 2147483647.

vsan vsan-id

Specifies a VSAN ID. The range is 1 to 4093.


The destination FCID in hexadecimal format.


The source FCID in hexadecimal format.


The mask for the source and destination FCID (restricted to 6 hexadecimal characters ranging from 0xff0000 to 0xffffff).

Command Modes

Configuration mode.

Command History




This command was introduced.

If you enable flow counters, you can enable a maximum of I K entries for aggregate flow and flow statistics. Be sure to assign an unused flow index to a module for each new flow. Flow indexes can be repeated across modules. The number space for flow index is shared between the aggregate flow statistics and the flow statistics.


The following example shows how to configure aggregated fcflow statistics for module 1:

switch-config# fcflow stats aggregated module 1

The following example enables the aggregated flow counter.

switch(config)# fcflow stats aggregated module 1 index 1005 vsan 1 

The following example disables the aggregated flow counter.

switch(config)# no fcflow stats aggregated module 1 index 1005 

The following example enables the flow counter for module 1:

switch(config)# fcflow stats module 1 index 1 0x145601 0x5601 0xffffff vsan 1 

The following example disables the flow counter for module 1.

switch(config)# no fcflow stats module 2 index 1001


Use the fcid-allocation command to manually add a FCID to the default area company ID list. Use the no form of the command to remove a FCID from the default area company ID list.

fcid-allocation area company-id company-id

no fcid-allocation area company-id company-id

Modifies the auto area list of company IDs.

company-id company-id

Configures the company IDs.

Command Modes

Configuration mode.

Command History




This command was introduced.

Fibre Channel standards require a unique FCID to be allocated to an N port attached to a Fx port in any switch. To conserve the number of FCIDs used, Cisco MDS 9000 Family switches use a special allocation scheme.

Some HBAs do not discover targets that have FCIDs with the same domain and area. Prior to Cisco MDS SAN-OS Release 2.0, the Cisco MDS SAN-OS software maintained a list of tested company ID (also know as Organizational Unit Identifier, or OUI) which do not exhibit this behavior. These Host Bus Adapters (HBAs) were allocated with single FCIDs, and for others a full area was allocated.

The FCID allocation scheme available in Release 1.3 and earlier, allocates a full area to these HBAs. This allocation isolates them to that area and are listed with their pWWN during a fabric login. The allocated FCIDs are cached persistently and are still available in Cisco MDS SAN-OS Release 2.0 (see the “FCID Allocation for HBAs” section on page 38-22).

As of Cisco MDS SAN-OS Release 2.0, to allow further scalability for switches with numerous ports, the Cisco MDS SAN-OS software is maintaining a list of HBAs exhibiting this behavior. Each HBA is identified by its company ID used in the pWWN during a fabric log in. A full area is allocated to the N ports with company IDs that are listed and for the others a single FCID is allocated. Irrespective of the kind (whole area or single) of FCID allocated, the FCID entries remain persistent.


The following example adds a new company ID to the default area company ID list:

switch# config terminal
switch(config)# fcid-allocation area company-id 0x003223


Use the fcid-last-byte command to allocate the last byte FCID for the fabric address. To disable the configuration or to revert to factory defaults, use the no form of the command.

fcid-last-byte last-byte-id

no fcid-last-byte last-byte-id

Specifies the last-byte FCID range from 0 to 250.

Command Modes

FICON configuration submode.

Command History




This command was introduced.


This command was deprecated.

This is an optional configuration. If you are not sure of the EBCDIC format to be used, we recommend retaining the us-canada (default) option.


The following example assigns the last byte FCID for the fabric address:

switch# config terminal
switch(config)# ficon vsan 2 
switch(config-ficon)# fcid-last-byte 12

The following example removes the configured last byte FCID for the fabric address and reverts to the default:

switch# config terminal
switch(config)# ficon vsan 2 
switch(config-ficon)# no fcid-last-byte 3

fcinterop fcid-allocation

To allocate FCIDs on the switch, use the fcinterop fcid-allocation command in configuration mode. To disable FCIDs on the switch, use the no form of the command.

fcinterop fcid-allocation {auto | flat | none}

no fcinterop fcid-allocation {auto | flat | none}

Assigns single FCID to compatible HBAs.


Assigns single FCID.


Assigns FCID range.

Command Default

The default is fcinterop fcid-allocation auto.

Command Modes

Configuration mode.

Command History




This command was introduced.

This command defines how the switch assigns FCIDs.


The following example shows how to allocate FCIDs on the switch:

switch# config terminal
switch(config)# fcinterop fcid-allocation none
switch(config)# fcinterop fcid-allocation flat
switch(config)# fcinterop fcid-allocation auto

fcinterop loop-monitor

To monitor removal of discs from a loop port, use the fcinterop loop-monitor command in configuration mode. To disable loop monitoring, use the no form of the command.

fcinterop loop-monitor

no fcinterop loop-monitor

This command has no arguments or keywords.

Command Modes

Configuration mode.

Command History




This command was introduced.

This command detects devices that are removed from a looped port:


The following example shows how to enable monitoring of NL ports in a loop:

switch# config terminal
switch(config)# fcinterop loop-monitor

The following example shows how to disable monitoring of NL ports in a loop:

switch# config terminal
switch(config)# no fcinterop loop-monitor


To set the same hashing algorithm between MDS switches for write acceleration, use the fcip-enhanced command. To remove write acceleration support on port channels of FCIP interfaces, use the no form of this command.


no fcip-enhanced

Command Modes

Interface configuration (config-if)

Release Modification


This command was introduced.

Usage Guidelines

Cisco MDS 9250i and MDS 9220i switches use different hashing algorithm than the hashing algorithm used in Cisco MDS 24/10 port SAN Extension Module on MDS 9700 switches. For the write acceleration feature to work, the hashing algorithm must be same on both the switches. The fcip-enhanced command sets the hashing algorithm in MDS 9220i or MDS 9250i same as Cisco MDS 24/10 port SAN Extension Module and this command must be used only for write acceleration.

  • This command can be issued only on Cisco MDS 9250i Switches running on Cisco MDS NX-OS Release 7.3(1)DY(1) or later.

  • This command can be issued only on Cisco MDS 9220i Switches running on Cisco MDS NX-OS Release 8.5(1) or later.

  • This command can be issued only for port channels on FCIP interfaces.

  • This command should be issued only between Cisco MDS 9220i and MDS 9250i switches and a Cisco MDS 24/10 port SAN Extension Module (on Cisco MDS 9700 Directors).

  • The port channel mode must be set to active on both peers before issuing this command.

  • This command must be issued before a member is added to a port channel. If an interface is already added as a member, remove the interface before issuing the command.


The following example shows how to enable write acceleration support on port channels of FCIP interfaces:

switch# configure terminal 
switch(config)# interface port-channel 1
switch(config-if)# channel mode active
switch(config-if)# fcip-enhanced  
FCIP enhanced will be enabled. Please ensure the peer link is connected to m97xx
switch(config-if)# end

fcip enable

To enable the FCIP feature in any switch in the Cisco MDS 9000 Family, use the fcip enable command.

fcip enable

no fcip enable

This command has no arguments or keywords.

Command Modes

Configuration mode.

Command History




This command was introduced.

NX-OS 4.1(1b)

This command was deprecated.

The configuration and verification commands for the iSCSI feature are only available when FCIP is enabled on a switch. When you disable this feature, all related configurations are automatically discarded.


This command is not supported on the Cisco MDS 9124 switch, the Cisco Fabric Switch for HP c-Class BladeSystem, and the Cisco Fabric Switch for IBM BladeCenter.


The following command enables the FCIP feature:

switch(config)# fcip enable

The following command disables the FCIP feature (default):

switch(config)# no fcip enable

fcip profile

To create and configure an FCIP profile, use the fcip profile command. To remove an FCIP profile, use the no form of the command.

fcip profile profile-id

no fcip profile profile-id

Specifies a ID range from 1 to 255.

Command Modes

Configuration mode.

Command History




This command was introduced.

Usage Guidelines

When you perform this command, the CLI enters FCIP profile configuration mode.


This command is not supported on the Cisco MDS 9124 switch, the Cisco Fabric Switch for HP c-Class BladeSystem, and the Cisco Fabric Switch for IBM BladeCenter.


The following example shows how to configure an FCIP profile:

switch## config terminal
switch(config)# fcip profile 5

fcns bulk-notify

To enable transmission of multiple name server entry change notifications in one Messaging and Transaction Services (MTS) payload, use the fcns bulk-notify command. To disable bulk notify, use the no form of this command.

fcns bulk-notify

no fcns bulk-notify

This command has no keywords or arguments.

Command Default

Bulk notification from the name server is disabled by default. For 6.2(9) and later releases, bulk notification from the name server is enabled by default.

Command Modes

Configuration mode.

Command History




This command was introduced.


This command was deprecated.

Enabling the fcns bulk-notify command would improve the performance of the components like Zone, IVR, QOS, IPS.


Run the show fcns internal info global command to determine if the bulk notification is enabled.


The following example shows how to enable transmission of multiple name server entry change notifications in one MTS payload:

switch# config terminal
switch(config)# fcns bulk-notify

fcns no-bulk-notify

To disable transmission of multiple name server entry change notifications in one MTS payload, use the fcns no-bulk-notify command. To re-enable bulk notification once it is disabled, use the no form of this command.

fcns no-bulk-notify

no fcns no-bulk-notify

This command has no keywords or arguments.

Command Default

Bulk notification from the name server is disabled by default. For 6.2(9) and later releases, bulk notification from the name server is enabled by default.

Command Modes

Configuration mode.

Command History




This command was introduced.

The following example shows how to disable transmission of multiple name server entry change notifications in one MTS payload:

switch# config terminal
switch(config)# fcns no-bulk-notify

The following example shows how to re-enable bulk notification once it has been disabled:

switch# config terminal
switch(config)# no fcns no-bulk-notify

fcns proxy-port

To register a name server proxy, use the fcns proxy-port command in configuration mode.

fcns proxy-port wwn-id vsan vsan-id

no fcns proxy-port wwn-id vsan vsan-id

Specifies the port WWN, with the format hh: hh: hh: hh: hh: hh: hh: hh.

vsan vsan-id

Specifies a VSAN ID. The range is 1 to 4093.

Command Modes

Configuration mode.

Command History




This command was introduced.

One name server can be configured to proxy another name server and name server information can be displayed using the CLI. The name server can be viewed using the CLI or Cisco Fabric Manager.

All name server registration requests come from the same port whose parameter is registered or changed. If it does not, then the request is rejected.


The following example shows configuring a proxy port for VSAN 2:

switch# config terminal
switch(config)# fcns proxy-port 21:00:00:e0:8b:00:26:d vsan 2

fcns reject-duplicate-pwwn vsan

To reject the same pwwn from logging in the different switch, use the fcns reject-duplicate-pwwn vsan command in configuration mode.

fcns reject-duplicate-pwwn vsan vsan-id

no fcns reject-duplicate-pwwn vsan vsan-id

Specifies a VSAN ID. The range is 1 to 4093.

Command Modes

Configuration mode.

Command History




This command was introduced.

The following example rejects duplicate FCNS pWWNs for VSAN 2:

switch# configure terminal
switch(config)# fcns reject-duplicate-pwwn vsan 2


To ping an N port with a specified FCID, use the fcping fcid command in EXEC mode.

fcping {device-alias aliasname | fcid {fc-port | domain-controller-id} | pwwn pwwn-id} vsan vsan-id [count number [timeout value [usr-priority priority]]]

device-alias aliasname

Specifies the device alias name. Maximum length is 64 characters.


The FCID of the destination N port.


The port FCID with the format 0xhhhhhh.


Verifies connection to the destination switch.

pwwn pwwn-id

Specifies the port WWN of the destination N port, with the format hh:hh:hh:hh:hh:hh:hh:hh.

vsan vsan-id

Specifies the VSAN ID of the destination N port. The range is 1 to 4093.

count number

(Optional) Specifies the number of frames to send. A value of 0 sends forever. The range is 0 to 2147483647.

timeout value

(Optional) Specifies the timeout value in seconds. The range is 1 to 10.

usr-priority priority

(Optional) Specifies the priority the frame receives in the switch fabric. The range is 0 to 1.

Command Modes

EXEC mode.

Command History




This command was introduced.


Allowed the domain controller ID as an FCID.


Added the device-alias aliasname option.

To obtain the domain controller address, concatenate the domain ID with FFFC . For example, if the domain ID is 0xda (218), the concatenated ID is 0xfffcda .


The following example shows a fcping operation for the specified pWWN or the FCID of the destination. By default, five frames are sent.

switch# fcping fcid 0xd70000 vsan 1 
28 bytes from  0xd70000  time = 730 usec
28 bytes from  0xd70000  time = 165 usec
28 bytes from  0xd70000  time = 262 usec
28 bytes from  0xd70000  time = 219 usec
28 bytes from  0xd70000  time = 228 usec
5 frames sent, 5 frames received, 0 timeouts
Round-trip min/avg/max = 165/270/730 usec

The following example shows the setting of the number of frames to be sent using the count option. The range is from 0 through 2147483647. A value of 0 will ping forever.

switch# fcping fcid 0xd70000 vsan 1 count 10
28 bytes from  0xd70000  time = 730 usec
28 bytes from  0xd70000  time = 165 usec
28 bytes from  0xd70000  time = 262 usec
28 bytes from  0xd70000  time = 219 usec
28 bytes from  0xd70000  time = 228 usec
28 bytes from  0xd70000  time = 230 usec
28 bytes from  0xd70000  time = 230 usec
28 bytes from  0xd70000  time = 225 usec
28 bytes from  0xd70000  time = 229 usec
28 bytes from  0xd70000  time = 183 usec
10 frames sent, 10 frames received, 0 timeouts
Round-trip min/avg/max = 165/270/730 usec

The following example shows the setting of the timeout value. The default period to wait is 5 seconds. The range is from 1 through 10 seconds.

switch# fcping fcid 0xd500b4 vsan 1 timeout 10
28 bytes from  0xd500b4  time = 1345 usec
28 bytes from  0xd500b4  time = 417 usec
28 bytes from  0xd500b4  time = 340 usec
28 bytes from  0xd500b4  time = 451 usec
28 bytes from  0xd500b4  time = 356 usec
5 frames sent, 5 frames received, 0 timeouts
Round-trip min/avg/max = 340/581/1345 usec

This command shows the No response from the N port message even when the N port or NL port is active. This is due to resource exhaustion at the N port or NL port. Retry the command a few seconds later.

switch# fcping fcid 0x010203 vsan 1
No response from the N port.
switch# fcping pwwn 21:00:00:20:37:6f:db:dd vsan 1
28 bytes from 21:00:00:20:37:6f:db:dd time = 1454 usec
28 bytes from 21:00:00:20:37:6f:db:dd time = 471 usec
28 bytes from 21:00:00:20:37:6f:db:dd time = 372 usec
28 bytes from 21:00:00:20:37:6f:db:dd time = 364 usec
28 bytes from 21:00:00:20:37:6f:db:dd time = 1261 usec
5 frames sent, 5 frames received, 0 timeouts
Round-trip min/avg/max = 364/784/1454 usec

The following example displays fcping operation for the device alias of the specified destination:

switch# fcping device-alias x vsan 1
28 bytes from 21:01:00:e0:8b:2e:80:93 time = 358 usec
28 bytes from 21:01:00:e0:8b:2e:80:93 time = 226 usec
28 bytes from 21:01:00:e0:8b:2e:80:93 time = 372 usec

fc-redirect version2 enable

To enable FC redirect version2 mode, use the fc-redirect version2 enable command in configuration mode. To disable this feature, use the no form of the command.

fc-redirect version2 enable

no fc-redirect version2 enable

This command has no arguments or keywords.

Command Modes

Configuration mode.

Command History



NX-OS 5.0(1a)

This command was introduced.

AAM mode can be enabled in version1 mode also.


The following example shows how to enable FC redirect version2 mode:

switch# config terminal
switch(config)# fc-redirect version2 enable

Please make sure to read and understand the following implications
before proceeding further:

   1) This is a Fabric wide configuration. All the switches in the
      fabric will be configured in Version2 mode.Any new switches
      added to the fabric will automatically be configured in version2

   2) SanOS 3.2.x switches CANNOT be added to the Fabric after Version2
      mode is enabled. If any 3.2.x switch is added when Version2 mode
      is enabled, all further FC-Redirect Configuration changes will Fail
      across the fabric. This could lead to traffic disruption for
      applications like SME.

   3) If enabled, Version2 mode CANNOT be disabled till all FC-Redirect
      configurations are deleted. FC-Redirect configurations can be
      deleted ONLY after all the relevant application configurations
      are deleted. Please use the command 'show fc-redirect configs'
      to see the list of applications that created FC-Redirect

   4) 'write erase' will NOT disable this command. After 'write erase'
      on ANY switch in the fabric, the user needs to do:
               'clear fc-redirect decommission-switch'
      on that that switch. Without that, if the user moves the switch
      to a different fabric it will try to convert all the switches
      in the fabric to Version2 mode automatically. This might lead
      to Error conditions and hence Traffic disruption.

Do you want to continue? (Yes/No) [No]

The following example shows how to disable FC redirect version2 mode:

switch# config terminal
switch(config)# no fc-redirect version2 enable
WARNING: This command will disable Version2 mode throughout the fabric.
         This is NOT a recommended step.
Do you want to continue? (Yes/No) [No]

fc-redirect ivr-support enable

To enable FC redirect IVR support, use the fc-redirect ivr-support enable command in configuration mode. To disable this feature, use the no form of the command.

fc-redirect ivr-support enable

no fc-redirect ivr-support enable

This command has no arguments or keywords.

Command Modes

configuration mode.

Command History



NX-OS 5.0(1a)

This command was introduced.

The following example shows how to enable FC redirect IVR support:

switch# config terminal
switch(config)# fc-redirect ivr-support enable

The following example shows how to disable FC redirect IVR support:

switch# config terminal
switch(config)# no fc-redirect ivr-support enable


To configure Fibre Channel routes and to activate policy routing, use the fcroute command. To remove a configuration or revert to factory defaults, use the no form of the command.

fcroute {fcid network-mask interface {fc slot/port | port-channel port} domain domain-id {metric number | remote | vsan vsan-id} | policy fcroute-map vsan vsan-id [route-map-identifier] }

no fcroute {fcid network-mask interface {fc slot/port | port-channel port} domain domain-id {metric number | remote | vsan vsan-id} | policy fcroute-map vsan vsan-id [route-map-identifier] }

Syntax Description


Specifies the FC ID. The format is 0x hhhhhh .


Specifies the network mask of the FC ID. The format is 0x 0 to 0x ffffff .


Specifies an interface.

fc slot /port

Specifies a Fibre Channel interface.

port-channel port

Specifies a PortChannel interface.

domain domain-id

Specifies the route for the domain of the next hop switch. The range is 1 to 239.

metric number

Specifies the cost of the route. The range is 1 to 65535. Default cost is 10.


Configures the static route for a destination switch remotely connected.

vsan vsan-id

Specifies a VSAN ID. The range is 1 to 4093.

policy fcroute-map

Activates policy routing.


(Optional) Specifies the route map identifier. The range is 1 to 65535.

Command Modes

Configuration mode.

Command History




This command was deprecated.


This command was introduced.


Added the policy option.

Use this command to assign forwarding information to the switch and to activate a preferred path route map.


The following example specifies the Fibre Channel interface and the route for the domain of the next hop switch for VSAN 2:

switch# config terminal
switch(config)# fcroute 0x111211 interface fc1/1 domain 3 vsan 2

The following example removes this configuration:

switch(config)# no fcroute 0x111211 interface fc1/1 domain 3 vsan 2

The following example specifies the PortChannel interface and the route for the domain of the next hop switch for VSAN 4:

switch# config terminal
switch(config)# fcroute 0x111211 interface port-channel 1 domain 3 vsan 4

The following example removes this configuration:

switch(config)# no fcroute 0x111211 interface port-channel 1 domain 3 vsan 4

The following example specifies the Fibre Channel interface, the route for the domain of the next hop switch, and the cost of the route for VSAN 1:

switch# config terminal
switch(config)# fcroute 0x031211 interface fc1/1 domain 3 metric 1 vsan 1

The following example removes this configuration:

switch(config)# no fcroute 0x031211 interface fc1/1 domain 3 metric 1 vsan 1

The following example specifies the Fibre Channel interface, the route for the domain of the next hop switch, the cost of the route, and configures the static route for a destination switch remotely connected for VSAN 3:

switch# config terminal
switch(config)# fcroute 0x111112 interface fc1/1 domain 3 metric 3 remote vsan 3

The following example removes this configuration:

switch(config)# no fcroute 0x111112 interface fc1/1 domain 3 metric 3 remote vsan 3

fcroute-map vsan

To configure a preferred path Fibre Channel route map, use the fcroute-map vsan command. To remove a configuration, use the no form of the command.

fcroute-map vsan vsan-id route-map-identifier

no fcroute-map vsan vsan-id route-map-identifier

vsan vsan-id

Specifies a VSAN ID. The range is 1 to 4093.


Specifies the route map identifier. The range is 1 to 65535.

Command Default


Command Modes

Configuration mode.

Command History




This command was introduced.

As of Cisco MDS SAN-OS Release 3.0(3) and later, you can use preferred path routes for Fibre Channel to route traffic over selected paths that are not necessarily the shortest path as chosen by routing protocols such as FSPF. This kind of control allows you to choose paths based on characteristics such as frames received on a selected interface or frames with a selected source FC ID. This ensures path separation between a host and a target.


The following example specifies a Fibre Channel route map and places you in the Fibre Channel route map configuration submode.

switch# config terminal
switch(config)# fcroute-map vsan 2 12

The following example removes the Fibre Channel route map.

switch(config)# no fcroute-map vsan 2 12

fcrxbbcredit extended enable

To enable Fibre Channel extended buffer-to-buffer credits (BB_credits), use the fcrxbbcredit extended enable command in configuration mode. To disable the feature, use the no form of the command.

fcrxbbcredit extended enable

no fcrxbbcredit extended enable

This command has no arguments or keywords.

Command Modes

Configuration mode.

Command History




This command was introduced.

Usage Guidelines

Use the fcrxbbcredit extended enable command to enable the switchport fcrxbbcredit extended command.

The fcrxbbcredit extended enable command is not supported on the following switches:

  • Cisco MDS 9124 Multilayer Fabric Switch
  • Cisco Fabric Switch for HP c-Class BladeSystem
  • Cisco Fabric Switch for IBM BladeCenter
  • Cisco MDS 9134 Multilayer Fabric Switch
  • Cisco MDS 9148 Multilayer Fabric Switch
  • Cisco MDS 9148S 16G Multilayer Fabric Switch
  • Cisco MDS 9250i Multiservice Fabric Switch

The following example shows how to enable Fibre Channel extended BB_credits:

switch# config terminal
switch(config)# fcrxbbcredit extended enable

The following example shows how to disable Fibre Channel extended BB_credits:

switch# config terminal
switch(config)# no fcrxbbcredit extended enable

fcs plat-check-global vsan

To enable FCS platform and node name checking fabric-wide, use the fcs plat-check-global vsan command in configuration mode. To disable this feature, use the no form of the command.

fcs plat-check-global vsan vsan-id

no fcs plat-check-global vsan vsan-id

Specifies the VSAN ID for platform checking, which is from 1 to 4096.

Command Modes

Configuration mode.

Command History




This command was introduced.

switch# config terminal
switch(config)# fcs plat-check-global vsan 2

fcs register

To register FCS attributes, use the fcs register command in configuration mode. To disable this feature, use the no form of the command.

fcs register platform name name vsan vsan-id

no fcs register platform name name vsan vsan-id

platform name name

Specifies the name of the platform to register. Maximum size is 255 characters.

vsan vsan-id

Specifies the VSAN ID. The range is 1 to 4096.

Command Modes

Configuration mode.

Command History




This command was introduced.

The following example shows how to register FCS attributes:

switch# config terminal
switch(config)# fcs register
switch(config-fcs-register)# platform Platform1 vsan 10

fcs virtual-device-add

To include a virtual device in a query about zone information from an FCS, use the fcs virtual-device-add command in configuration mode. To remove a virtual device, use the no form of the command.

fcs virtual-device-add [vsan-ranges vsan-ids]

no fcs virtual-device-add [vsan-ranges vsan-ids]

vsan-ranges vsan-ids

(Optional) Specifies one or multiple ranges of VSANs. The range is 1 to 4093.

Command Modes

Configuration mode.

Command History




This command was introduced.

VSAN ranges are entered as vsan-ids - vsan-ids . When you specify more than one range, separate each range with a comma. If no range is specified, the command applies to all VSANs.


The following example shows how to add to one range of VSANs:

switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# fcs virtual-device-add vsan-ranges 2-4

The following example shows how to add to more than one range of VSANs:

switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# fcs virtual-device-add vsan-ranges 2-4,5-8


To configure a Fibre Channel Security Protocol (FC-SP) authentication mode for a specific interface in an FC-SP-enabled switch, use the fcsp command. To disable an FC-SP on the interface, use the no form of the command.

fcsp {auto-active | auto-passive | esp manual | off | on} [timeout-period]

no fcsp {auto-active | auto-passive | esp manual | off | on} [timeout-period]

Configures the auto-active mode to authenticate the specified interface.


Configures the auto-passive mode to authenticate the specified interface.


Configures the Encapsulating Security Payroll for an interface.


Configures the Encapsulating Security Payroll in manual mode.


Configures the auto-active mode to authenticate the specified interface.


Configures the auto-active mode to authenticate the specified interface.


(Optional) Specifies the timeout period to reauthenticate the interface. The time ranges from 0 (the default where no authentication is performed) to 100,000 minutes.

Command Modes

Configuration mode.

Command History




Fibre Channel Security Protocol (FC-SP) is currently not supported on MDS 9710, but targeted for a future release.

NX-OS 4.2(1)

Added esp keyword for the syntax description.


This command was introduced.

Usage Guidelines

To use this command, FC-SP must be enabled using the feature fcsp command.


The following example shows how to configure the ESP in manual mode:

switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# interface fc 2/1 - 3
switch(config-if)# fcsp esp manual

The following example turns on the authentication mode for ports 1 to 3 in Fibre Channel interface 2:

switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# interface fc 2/1 - 3
switch(config-if)# fcsp on

The following example reverts to the factory default of auto-passive for these Fibre Channel interfaces:

switch(config-if)# no fcsp

The following example changes these Fibre Channel interfaces to initiate FC-SP authentication, but does not permit reaunthentication:

switch(config-if)# fcsp auto-active 0

The following example changes these Fibre Channel interfaces to initiate FC-SP authentication and permits reaunthentication within two hours (120 minutes) of the initial authentication attempt:

switch(config-if)# fcsp auto-active 120

fcsp dhchap devicename

Asymmetric DHCHAP secrets may be used on FC-SP links. To populate the FC-SP DHCHAP secret database on the local switch with the secrets used by remote switches use the fcsp dhchap devicename command. To remove these entries use the no form of the command.

fcsp dhchap devicename remote-switch-wwn password [0 | 7] remote-secret

Syntax Description


Switch World Wide Name (WWN) of the remote device. The WWN format is hh:hh:hh:hh:hh:hh:hh:hh.


Configures the DHCHAP secret for the remote device.


(Optional) Specifies that the secret is in cleartext.


(Optional) Specifies that the secret is in encrypted text. This is the default value.


DHCHAP secret. Maximum of 64 alphanumeric characters.

Command Default

The default entry format for the secret is encrypted.

Command Modes

Global configuration (config)

Command History

Release Modification

1.3 (1)

This command was introduced.

The fcsp dhchap devicename command is available only when the FC-SP feature is enabled.


The following example shows how to configure an encrypted secret of a remote switch:

switch(config)# fcsp dhchap devicename 00:11:22:33:44:aa:bb:cc password mypassword

The following example shows how to remove the remote switch secret of the previous example from the local switch DHCHAP secret database:

switch(config)# no fcsp dhchap devicename 00:11:22:33:44:aa:bb:cc password mypassword

The following example shows an asymmetric secret configuration for a link between the local switch and a remote switch with switch WWN of 01:01:01:01:01:01:01:01 . The secret on the local switch is 'local_secret' and the remote switch has a secret of 'far_secret'. The configuration is for the local switch and the secrets:

switch(config)# fcsp dhchap password 0 local_secret 01:01:01:01:01:01:01:01
switch(config)# fcsp dhchap devicename 01:01:01:01:01:01:01:01 password 0 far_secret

fcsp dhchap dhgroup

To change the FC-SP DHCHAP group priority list, use the fcsp dhchap dhgroup command in global configuration mode. To revert to the default group priority list, use the no form of this command. .

no fcsp dhchap dhgroup group-id [group-id [group-id [group-id [ group-id] ]]]

Syntax Description


0|1|2|3|4 Specifies an FC-SP DHCHAP group priority list entry.

Command Default

The default DH group priority list, from highest to lowest is 0 4 1 2 3 .

Command Modes

Global configuration (config)

Command History




This command was introduced.

The fcsp dhchap dhgroup command is available only when the FC-SP feature is enabled.

There must be at least one member in the DH group priority list. Each group may only be specified once.

If you change the default FC-SP DH group priority list, ensure that you change it globally for all the switches in the fabric.

The following table maps the Cisco Group Number with the corresponding RFC Group Number and Modular Exponentiation (MODP) Group:
Table 1. Cisco Group Number with Corresponding RFC Group Number and MODP Group

Cisco Group Number

RFC Group Number

MODP Group



null DH algorithm













The following example shows how to configure the used DH group list to only groups 2, 3, and 4, in the same order of priority:

switch(config)# fcsp dhchap dhgroup 2 3 4

The following example shows how to revert a previously configured DH group priority list of the 'null' group only back to the default priority list:

switch(config)# no fcsp dhchap dhgroup 0

fcsp dhchap hash

To configure the hash algorithm priority list for FC-SP DHCHAP authentication use the fcsp dhchap hash command. To return to the default hash algorithm priority list use the no form of the command.

no fcsp dhchap hash {md5 [sha1] | sha1 [md5]}

Syntax Description


(Optional) Specifies the MD5 hash algorithm.


(Optional) Specifies the SHA-1 hash algorithm.

Command Default

The default FC-SP DHCHAP hash algorithm priority list has the following order:

  • MD5

  • SHA-1

Command Modes

Global configuration (config)

Command History




This command was introduced.

The fcsp dhchap hash command is available only when the FC-SP feature is enabled.

If you change the default hash algorithm list order, then change it in all switches in the fabric.


If FC-SP DHCHAP authentication via AAA is enabled, the MD5 hash algorithm must be set if the AAA authentication uses RADIUS or TACACS+. This is because RADIUS and TACACS+ applications do not support other hash algorithms.


The following example shows how to configure the DHCHAP authentication hash priority list to be SHA-1 followed by MD5:

switch(config)# fcsp dhchap hash sha1 md5

The following example shows how to configure the use of the SHA-1 hash algorithm only:

switch(config)# fcsp dhchap hash sha1 

The following example shows how to revert the previous example to the default priority list:

switch(config)# no fcsp dhchap hash sha1

fcsp dhchap password

To configure the FC-SP DHCHAP secret database used for FC-SP peer switch link authentication via DHCHAP use the fcsp dhchap password command. To remove secrets from the FC-SP DHCHAP database use the no form of the command.

fcsp dhchap password [0 | 7] secret [remote-switch-wwn]

no fcsp dhchap password [0 | 7] secret [remote-switch-wwn]

DHCHAP secret. Maximum of 64 alphanumeric characters.


(Optional) Switch World Wide Name of the remote switch to use this secret with. The WWN format is hh:hh:hh:hh:hh:hh:hh:hh.

Command Default

The default entry format for the secret is encrypted.

Command Modes

Global configuration (config)

Command History




This command was introduced.

The fcsp dhchap password command is available only when the FC-SP feature is enabled.

Be sure to configure an FC-SP DHCHAP database on each switch in the fabric when this facility is being used.

To configure a fabric-wide global FC-SP DHCHAP secret use the command without any switch WWN specifier. There can be only a single global FC-SP DHCHAP secret in a fabric. Additionally, switch specific secrets may be configured. To configure these specify the switch WWN.


The following example show how to configure the global FC-SP DHCHAP secret in cleartext:

switch(config)# fcsp dhchap password 0 mypassword

The following example show how to configure a secret to be used with the specified peer switch in cleartext:

switch(config)# fcsp dhchap password 0 mypassword 30:11:bb:cc:dd:33:11:22

The following example show how to remove a secret to be used with the specified peer switch by entering the secret in cleartext, even though the configuration is stored in the configuration in encrypted form:

switch(config)# no fcsp dhchap password 0 mypassword 30:11:bb:cc:dd:33:11:22

The following example shows how to configure symmetric secrets on a link between switch1 with sWWN of 01:01:01:01:01:01:01:01 and switch2 with sWWN of 02:02:02:02:02:02:02:02 . The FC-SP DHCHAP secret is in cleartext format:

switch1(config)# fcsp dhchap password 0 very_secret 02:02:02:02:02:02:02:02
switch2(config)# fcsp dhchap password 0 very_secret 01:01:01:01:01:01:01:01

fcsp enable

To enable the Fibre Channel Security Protocol (FC-SP) in a switch, use the fcsp enable command in configuration mode. Additional FC-SP commands are available when the FC-SP feature is enabled. To disable FC-SP, use the no form of the command.

fcsp enable

no fcsp enable

This command has no arguments or keywords.

Command Modes

Configuration mode.

Command History




This command was introduced.

NX-OS 4.1(1b)

This command was deprecated.

The following example enables FC-SP:

switch# config terminal
switch(config)# fcsp enable

fcsp esp sa

To configure the parameters for the Security Association (SA), use the fcsp esp sa command. To delete the SA between the switches, use the no form of the command.

fcsp esp sa spi-number

Syntax Description


Configures the Security Protocol Interface (SPI) of the Security Association. The range is from 256 to 4294967295.

Command Default


Configuration mode.

Command History



NX-OS 5.2(1)

The spi-number range has been reduced from 256 4294967295 to 256 65536.

NX-OS 4.2(1)

This command was introduced.

The following example shows how to configure the command for ESP:

switch(config)# fcsp esp sa 257
This is a Early Field Trial (EFT) feature.  Please do not use this in a producti
on environment. Continue Y/N ? [no] y

fcsp timeout

To configure the timeout value for FC-SP message, use the fcsp timeout command in configuration mode. Use the no form of the command to revert to factory defaults.

fcsp timeout timeout-period

Syntax Description


Specifies the timeout period. The time ranges from 20 to 100 seconds. The default is 30 seconds.

Command Default

30 seconds.

Command Modes

Command History




This command was introduced.

Usage Guidelines

The following example configures the FCSP timeout value:

switch# config terminal
switch(config)# fcsp enable
switch(config)# fcsp timeout 60


To change the default Fibre Channel timers, use the fctimer command in configuration mode. To revert to the default values, use the no form of the command.

fctimer {d_s_tov milliseconds [vsan vsan-id] | e_d_tov milliseconds [vsan vsan-id] | r_a_tov milliseconds [vsan vsan-id]}

no fctimer {d_s_tov milliseconds [vsan vsan-id] | e_d_tov milliseconds [vsan vsan-id] | r_a_tov milliseconds [vsan vsan-id]}

Syntax Description

d_s_tov milliseconds

Specifies the distributed services time out value. The range is 5000 to 10,000 milliseconds, with a default of 5000.

vsan vsan-id

(Optional) Specifies the VSAN ID. The range is 1 to 4096.

e_d_tov milliseconds

Specifies the error detect time out value. The range is 1000 to 4,000 milliseconds, with a default of 2000.

r_a_tov milliseconds

Specifies the resolution allocation time out value. The range is 5000 to 10,000 milliseconds, with a default of 10,000.

Configuration mode.

Command History




This command was introduced.

Usage Guidelines

Use the vsan option to configure different TOV values for VSANs with special types of links such as FC or IP tunnels.


The following example shows how to change the default Fibre Channel timers:

switch# config terminal
switch(config)# fctimer e_d_tov 3000
switch(config)# fctimer r_a_tov 7000

fctimer abort

To discard a Fibre Channel timer (fctimer) Cisco Fabric Services (CFS) distribution session in progress, use the fctimer abort command in configuration mode.

fctimer abort

This command has no arguments or keywords.

Command Modes

Configuration mode.

Command History




This command was introduced.

The following example shows how to discard a CFS distribution session in progress:

switch# config terminal
switch(config)# fctimer abort

fctimer commit

To apply the pending configuration pertaining to the Fibre Channel timer (fctimer) Cisco Fabric Services (CFS) distribution session in progress in the fabric, use the fctimer commit command in configuration mode.

fctimer commit

This command has no arguments or keywords.

Command Modes

Configuration mode.

Command History




This command was introduced.

After the FC timer commit is completed the running configuration has been modified on all switches participating in fctimer distribution. You can then use the copy running-config startup-config fabric command to save the running configuration to the startup configuration on all the switches in the fabric.


The following example shows how to commit changes to the active Fibre Channel timer configuration:

switch# config terminal
switch(config)# fctimer commit

fctimer distribute

To enable Cisco Fabric Services (CFS) distribution for Fibre Channel timer (fctimer), use the fctimer distribute command. To disable this feature, use the no form of the command.

fctimer distribute

no fctimer distribute

This command has no arguments or keywords.

Command Modes

Configuration mode.

Command History




This command was introduced.

Before distributing the Fibre Channel timer changes to the fabric, the temporary changes to the configuration must be committed to the active configuration using the fctimer commit command.


The following example shows how to change the default Fibre Channel timers:

switch# config terminal
switch(config)# fctimer distribute


To trace the route to an N port, use the fctrace command in EXEC mode.

fctrace {device-alias aliasname | fcid fcid vsan vsan-id [timeout value] | pwwn pwwn-id [timeout seconds]}

Syntax Description

device-alias aliasname

Specifies the device alias name. Maximum length is 64 characters.

fcid fcid

The FCID of the destination N port, with the format 0x hhhhhh

vsan vsan-id

Specifies a VSAN ID. The range is 1 to 4093.

timeout value

(Optional) Configures the timeout value. The range is 1 to 10.

pwwn pwwn-id

The PWWN of the destination N port, with the format hh: hh: hh: hh: hh: hh: hh: hh.

By default, the period to wait before timing out is 5 seconds.

Command Modes

EXEC mode.

Command History




This command was introduced.


Usage Guidelines



The following example traces a route to the specified fcid in VSAN 1:

switch# fctrace fcid 0x660000 vsan 1
Route present for :  0x660000 
Latency: 0 msec
Latency: 0 msec

The following example traces a route to the specified device alias in VSAN 1:

switch# fctrace device-alias x vsan 1
Route present for : 21:01:00:e0:8b:2e:80:93


To terminate a Fibre Channel tunnel in a destination switch, use the fc-tunnel command. To remove a configuration or revert it to factory defaults, use the no form of the command.

fc-tunnel {enable | explicit-path name [next-address ip-address {loose | strict}] | tunnel-id-map tunnel-id interface fc slot-number}

no fc-tunnel {enable | explicit-path name | tunnel-id-map tunnel-id}

Syntax Description


Enables the FC tunnel feature.

explicit-path name

Specifies an explicit path. Maximum length is 16 characters.

next-address ip-address

(Optional) Specifies the IP address of the next hop switch.


Specifies that a direct connection to the next hop is not required.


Specifies that a direct connection to the next hop is required.

tunnel-id-map tunnel-id

Specifies FC tunnel ID to an outgoing interface. The range is 1 to 255.

interface fc slot/port

Configures the Fiber Channel interface in the destination switch.

Command Modes

Configuration mode.

Command History




All the fc-tunnel commands are not supported in Cisco MDS 9250i Multiservice Fabric Switch.


Added the output for remote span configuration on local and remote switches.


This command was introduced.

All VSANs with RSPAN traffic must be enabled. If a VSAN containing RSPAN traffic is not enabled, it will be dropped.

The FC tunnel can only be configured in the same subnet as the VSAN interface.

The Fibre Channel tunnel feature must be enabled (the interface fc-tunnel command) on each switch in the end-to-end path of the Fibre Channel fabric in which RSPAN is to be implemented.


This command is not supported on the Cisco MDS 9124 switch, the Cisco Fabric Switch for HP c-Class BladeSystem, and the Cisco Fabric Switch for IBM BladeCenter.


The following example enables the FC tunnel feature:

switch# config terminal
switchS(config)# fc-tunnel enable

The following example displays remote SPAN configuration on a local switch:

switch(config)# fc-tunnel enable 
switch(config)# interface vsan 1
switch(config)# ip address
switch(config)# no shut
switch(config)# interface fc-tunnel 102
switch(config)# source
switch(config)# destination
switch(config)# no shut

The following example displays remote SPAN Configuration on a remote switch:

switch(config)# fc-tunnel enable
switch(config)# interface  vsan 1
switch(config)# ip address
switch(config)# no shut
switch(config)# interface fc1/16
switch(config)# switchport mode sd
switch(config)# fc-tunnel tunnel-id-map 102 interface fc1/16

The following example places you at the explicit path prompt for the path named Path and specifies that the next hop VSAN interface IP addresses:

switch# config terminal
switchS(config)# fc-tunnel explicit-path Path1
switchS(config-explicit-path)# next-address 
switchS(config-explicit-path)# next-address 
switchS(config-explicit-path)# next-address 

The following example places you at the explicit path prompt for the path named Path and configures a minimum cost path in which this IP address exists:

switchS(config)# fc-tunnel explicit-path Path3
switchS(config-explicit-path)# next-address loose

The following example configures the FC tunnel (100) in the destination switch (switch D):

switchD(config)# fc-tunnel tunnel-id-map 100 interface fc2/1

The following example creates two explicit paths and configures the next hop addresses for each path in the source switch (switch S):

switchS# config t
switchS(config)# fc-tunnel explicit-path Path1
switchS(config-explicit-path)# next-address 
switchS(config-explicit-path)# next-address 
switchS(config-explicit-path)# next-address 
switchS(config-explicit-path)# exit
switchS(config)# fc-tunnel explicit-path Path3
switchS(config-explicit-path)# next-address loose 

The following example references the configured path in the source switch (switch S):

switchS# config t
switchS(config)# interface fc-tunnel 100
 switchS(config)# explicit-path Path1


To enable a feature or service on the switch, use the feature command. To disable a feature or service on the switch, use the no form of the command.

feature {cimserver | cluster | crypto {ike | ipsec} dpvm | fport-channel-trunk | fabric-binding | fcip | fcrxbbcredit extended fcsp | ficon | fport-channel-trunk | http-server | ioa | iscsi | ivr | npiv | npv | nxapi | port-security | privilege | port-track | san-ext-turner | scheduler | sdv | sme | ssh | tacacs | + | telnet}

no feature {cimserver | cluster | crypto {ike | ipsec} dpvm | fport-channel-trunk | fabric-binding | fcip | fcrxbbcredit extended fcsp | ficon | fport-channel-trunk | http-server | ioa | iscsi | ivr | npiv | npv | nxapi | port-security | privilege | port-track | san-ext-turner | scheduler | sdv | sme | ssh | tacacs | + | telnet}

Syntax Description


Enables or disables CIM server.


Enables or disables cluster.
