Cisco MDS 9000 Family Command Reference, Release 3.x - U Commands [Cisco MDS 9000 NX-OS and SAN-OS Software]

Table Of Contents

U Commands

undebug all

update license

use-profile

username

username (iSCSI initiator configuration and iSLB initiator configuration)

U Commands

The commands in this chapter apply to the Cisco MDS 9000 Family of multilayer directors and fabric switches. All commands are shown here in alphabetical order regardless of command mode. See "About the CLI Command Modes" section on page 1-3 to determine the appropriate mode for each command. For more information, refer to the Cisco MDS 9000 Family CLI Configuration Guide.

undebug all

To disable all debugging, use the undebug all command.

undebug all
Syntax Description

This command has no arguments or keywords.

Defaults

None.

Command Modes

EXEC mode.

Command History

Release

Modification

1.0(2)

This command was introduced.

Usage Guidelines

Use this command to turn off all debugging.

Examples

The following example shows how to disable all debugging on the switch.
switch# undebug all
Related Commands

Command

Description

no debug all

Also disables all debug commands configured on the switch.

show debug

Displays all debug commands configured on the switch.

update license

To update an existing license, use the update license command in EXEC mode.

update license {url | bootflash: | slot0: | volatile:} filename
Syntax Description

update license

Updates an installed, expiring license.

url

Specifies the URL for the license file to be uninstalled.

bootflash:

Specifies the license file location in internal bootflash memory.

slot0:

Specifies the license file in the CompactFlash memory or PCMCIA card.

volatile:

Specifies the license file in the volatile file system.

filename

Specifies the name of the license file to update.

Command Modes

EXEC mode.

Command History

Release

Modification

1.3(2)

This command was introduced.

Examples

The following example updates a specific license.
switch# update license bootflash:sanextn2.lic sanextn1.lic
Updating sanextn1.lic:
SERVER this_host ANY
VENDOR cisco
# An example fcports license
INCREMENT SAN_EXTN_OVER_IP cisco 1.000 permanent 1 HOSTID=VDH=ABCD \
        NOTICE=<LicFileID>san_extn1.lic</LicFileID><LicLineID>0</LicLineID> \
        SIGN=33088E76F668
with bootflash:/sanextn2.lic:
SERVER this_host ANY
VENDOR cisco
# An example fcports license
INCREMENT SAN_EXTN_OVER_IP cisco 1.000 permanent 1 HOSTID=VDH=ABCD \
        NOTICE=<LicFileID>san_extn2.lic</LicFileID><LicLineID>1</LicLineID> \
        SIGN=67CB2A8CCAC2
Do you want to continue? (y/n) y
Updating license ..done
use-profile

To bind a profile to the FCIP interface, use the use-profile option. To disable a configured profile, use the no form of the option.

use-profile profile-id
no use-profile profile-id
Syntax Description

use-profile profile-id

Specifies the profile ID to be used. The range is 1 to 255.

Defaults

None.

Command Modes

Interface configuration submode.

Command History

Release

Modification

1.1(1)

This command was introduced.

Usage Guidelines

Access this command from the switch(config-if)# submode.

This command binds the profile with the FCIP interface.

Examples
switch# config terminal
switch(config)# interface fcip 50 
switch(config-if)# use-profile 100 
switch(config-if)# no use-profile 100
Related Commands

Command

Description

show interface fcip

Displays an interface configuration for a specified FCIP interface.

show fcip

Displays information about the FCIP profile.

username

To define a user, use the username command in configuration mode. Use the no form of a command to undo the configuration or revert to factory defaults.

username name [expire date | iscsi | password [0 | 5 | 7] user-password [expire date] [role rolename] | role rolename | ssh-cert-dn distinguished-name {dsa | rsa} | sshkey {key-content | file filename}]
no username name [expire date | iscsi | password [0 | 5 | 7] user-password [expire date] [role rolename] | role rolename | ssh-cert-dn distinguished-name {dsa | rsa} | sshkey {key-content | file filename}]
Syntax Description

name

Specifies the name of the user. Maximum length is 32 characters.

expire date

Specifies the date when this user account expires (in YYYY-MM-DD format).

iscsi

Identifies an iSCSI user.

password

Configures a password for the user. The password is limited to 64 characters. The minimum length is 8 characters.

user-password

Enters the password. Maximum length is 32 characters.

0

Specifies a clear text password for the user.

5

Specifies a strongly encrypted password for the user.

7

Specifies an encrypted password for the user.

role rolename

Specifies the role name of the user. Maximum length is 32 characters.

ssh-cert-dn distinguished-name

Specifies the SSH X.509 certificate distinguished name. The maximum size is 512.

dsa

Specifies the DSA algorithm.

rsa

Specifies the RSA algorithm.

sshkey key_content

Specifies the actual contents of the SSH public key in OPENSSH format.

file filename

Specifies a file containing the SSH public key either in OPENSSH or
IETF SECH or Public Key Certificate in PEM format.

Defaults

None.

Command Modes

Configuration mode.

Command History

Release

Modification

1.0(2)

This command was introduced.

2.0(x)

•Removed the update_snmpv3 option.

•Added level 7 for passwords.

3.0(1)

Added the ssh-cert-dn, dsa, and rsa options.

Usage Guidelines

To change the SNMP password, a clear text CLI password is required. You must know the SNMPv3 password to change the password using the CLI.

The password specified in the username command is synchronized as the auth and priv passphrases for the SNMP user.

Deleting a user using either command results in the user being deleted for both SNMP and CLI.

User-role mapping changes are synchronized in SNMP and CLI.

The SSH X.509 certificate distinguished name (DN) is in fact the subject name in the certificate. You need to extract the subject name from the certificate and specify the subject name as the argument to the username command.

Examples

The following example shows how to define a user.
switch(config)# username knuckles password testpw role bodega
switch(config)# do show user-account 
user:admin
        this user account has no expiry date
        roles:network-admin 
user:knuckles
        this user account has no expiry date
        roles:bodega
The following example configures the name for a user to log in using iSCSI authentication.
switch(config)# username iscsi
The following example places you in the mode for the specified role (techdocs). The prompt indicates that you are now in the role configuration submode. This submode is now specific to the techdocs group.
switch(config)# role name techdocs 
switch(config-role)# 
The following example deletes the role called techdocs.
switch(config)# no role name techdocs 
The following example assigns a description to the new role. The description is limited to one line and can contain spaces.
switch(config-role)# description Entire Tech. Docs. group
The following example resets the description for the Tech. Docs. group.
switch(config-role)# no description 
The following example creates or updates the user account (usam) along with a password (abcd) that is set to expire on 2003-05-31.
switch(config)# username usam password abcd expire 2003-05-31	
The following example creates or updates the user account (msam) along with a password (abcd) specified in clear text (indicated by 0).
switch(config)# username msam password 0 abcd role network-operator 
The following example specifies an encrypted (specified by 5) password (!@*asdsfsdfjh!@df) for the user account (user1).
switch(config)# username user1 password 5!@*asdsfsdfjh!@df
The following example adds the specified user (usam) to the network-admin role.
switch(config)# username usam role network-admin
The following example deletes the specified user (usam) from the vsan-admin role.
switch(config)# no username usam role vsan-admin
The following example shows how to define a distinguished name on a switch for SSH certificate authentication.
switch# config t
switch(config)# username knuckles ssh-cert-dn /CN=excal-1.cisco.com rsa 
switch(config)# do show user-account 
user:admin
        this user account has no expiry date
        roles:network-admin
user:knuckles
        this user account has no expiry date
        roles:network-operator
        ssh cert DN : /CN=excal-1.cisco.com; Algo: x509v3-sign-rsa
The following example specifies the SSH X.509 certificate distinguished name and DSA algorithm for an existing user account (usam).
switch(config)# username usam ssh-cert-dn usam-dn dsa
The following example specifies the SSH X.509 certificate distinguished name and RSA algorithm for an existing user account.
switch(config)# username user1 ssh-cert-dn user1-dn rsa
The following example deletes the SSH X.509 certificate distinguished name for the user account.
switch(config)# no username admin ssh-cert-dnadmin-dn dsa
The following example identifies the contents of the SSH key for the specified user (usam).
switch(config)# username usam sshkey fsafsd2344234234ffgsdfg	 
The following example deletes the SSH key content identification for the user (usam).
switch(config)# no username usam sshkey fsafsd2344234234ffgsdfgffsdfsfsfssf	
The following example updates the SNMPv3 password for the specified user (joe). The local CLI password and the SNMP password are updated. If user Joe does not exist, the command fails.
switch(config)# username joe password wxyz6789 update-snmpv3 abcd1234 
Related Commands

Command

Description

role

Configures user roles.

show username

Displays user name information.

username (iSCSI initiator configuration and iSLB initiator configuration)

To assign a username for iSCSI login authentication, use the username command in iSCSI initiator configuration submode. To assign a username for iSLB login authentication, use the username command in iSLB initiator configuration submode.To disable this feature, use the no form of the command.

username username
no username username
Syntax Description

username

Specifies the username for iSCSI or iSLB login authentication.

Defaults

None.

Command Modes

iSCSI initiator configuration submode.
iSLB initiator configuration submode.

Command History

Release

Modification

1.3(2)

This command was introduced.

3.0(1)

Added iSLB initiator configuration submode.

Usage Guidelines

None.

Examples

The following example assigns the username for iSCSI login authentication of an iSCSI initiator.
switch# config terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# iscsi initiator name iqn.1987-02.com.cisco.initiator
switch(config-iscsi-init)# username iSCSIloginUsername
switch(config-iscsi-init)#
The following example assigns the username tester for iSLB login authentication of an iSLB initiator.
switch# config t
switch(config)# islb initiator ip-address 100.10.10.10
switch(config-iscsi-islb-init)# username ?

<WORD> Enter username <Max Size - 32>

switch(config-iscsi-islb-init)# username tester
The following example removes the username tester for an iSLB initiator.
switch (config-iscsi-islb-init)# no username tester
Related Commands

Command

Description

iscsi initiator name

Assigns an iSCSI name and changes to iSCSI initiator configuration submode.

show iscsi initiator

Displays information about a configured iSCSI initiator.

show iscsi initiator configured

Displays iSCSI initiator information for the configured iSCSI initiator.

show iscsi initiator detail

Displays detailed iSCSI initiator information.

show iscsi initiator summary

Displays iSCSI initiator summary information.

islb initiator

Assigns an iSLB name and IP address to the iSLB initiator and enters iSLB initiator configuration submode.

show islb initiator

Displays iSLB initiator information.

show islb initiator configured

Displays iSLB initiator information for the configured iSLB initiator.

show islb initiator detail

Displays detailed iSLB initiator information.

show islb initiator summary

Displays iSLB initiator summary information.