O Commands

ocsp url

To configure the HTTP URL of the Online Certificate Status Protocol (OCSP) for the trust point CA, use the ocsp url command in trust point configuration submode. To discard the OCSP configuration, use the no form of the command.

ocsp url url

no ocsp url url

Syntax Description

url

Specifies the OCSP URL. The maximum size is 512 characters.

Command Default

None.

Command Modes


Trust point configuration submode.

Command History

Release

Modification

3.0(1)

This command was introduced.

Usage Guidelines

The MDS switch uses the OCSP protocol to check the revocation status of a peer certificate (presented to it during the security or authentication exchange for IKE or SSH, for example), only if the revocation checking methods configured for the trust point include OCSP as one of the methods. OCSP checks the certificate revocation status against the latest CRL on the CA using the online protocol, which generate network traffic and also requiring that the OCSP service of the CA be available online in the network.

If revocation checking is performed by the cached CRL at the MDS switch, no network traffic is generated. The cached CRL does not contain the latest revocation information.

You must authenticate the CA for the trust point before configuring the OCSP URL for it.

Examples

The following example shows how to specify the URL for OCSP to use to check for revoked certificates: 


switch# config terminal
switch(config)# crypto ca trustpoint admin-ca
switch(config-trustpoint)# ocsp url http://admin-ca.cisco.com/ocsp

The following example shows how to remove the URL for OCSP: 


switch(config-trustpoint)# no ocsp url http://admin-ca.cisco.com/ocsp

Related Commands

Command

Description

crypto ca crl-request

Configures a CRL or overwrites the existing one for the trust point CA.

revocation-check

Configures trust point revocation check methods.

show crypto ca crl

Displays configured CRLs.

odrt.bin

To preform offline data recovery of Cisco SME, use the odrt.bin command on Linux-based systems. This command allows you to recover data when the MSM-18/4 module or the Cisco MDS 9222i fabric switch is not available.

odrt.bin [--help] [--version] {-h | -l | -r | -w} {if =input_device_or_file | of =output_device_or_file | kf =key_export_file | verbose =level}

Syntax Description

--help

(Optional) Displays information on the tool.

--version

(Optional) Displays the version of the tool.

-h

Reads and prints the tape header information on the tape.

-l

Lists all SCSI devices.

-r

Reads the tape device and writes data to intermediate file(s).

-w

Reads the intermediate file(s) on disk and writes data to the tape.

if

Specifies the input device or file.

of

Specifies the output device or file.

kf

Specifies the volume group filename.

verbose

Specifies the level of verbose.

Command Default

None.

Command Modes


None. This command runs from the Linux shell.

Command History

Release

Modification

3.3(1a)

This command was introduced.

Usage Guidelines

The odrt.bin command operates in the following steps:

  • Tape-to-disk– In this mode, the odrt.bin command reads the encrypted data from the tape and stores it as intermediate files on the disk. This mode is invoked with the '-r' flag. The input parameter is the tape device name and filename on the disk is the output parameter.
  • Disk-to-tape– In this mode, the odrt.bin command reads intermediate files on the disk, decrypts and decompresses (if applicable) the data and writes the clear-text data to the tape. The decryption key is obtained from the volume group file that is exported from the Cisco Key Management Center (KMC). This mode is invoked with the '-w' flag. The input parameter is the filename on the disk and tape device name is the output parameter. The volume group file name (key export file) is also accepted as a parameter. Key export password needs to be entered at the command prompt.

Examples

The following command reads and prints the Cisco tape header information on the tape: 


odrt -h if=/dev/sg0

The following example read the data on tape into intermediate file(s) on disk: 


odrt -r if=/dev/sg0 of=diskfile

The following command reads the encrypted/compressed data in intermediate file(s) and writes back the decrypted/decompressed data to the tape: 


odrt -w if=diskfile of=/dev/sg0 kf=c1_tb1_Default.dat

A sample output of the odrt command follows: 


[root@ips-host06 odrt]# ./odrt.bin -w if=c of=/dev/sg2 kf=sme_L700_IBMLTO3_Default.dat verbose=3 
Log file: odrt30072
Please enter key export password:
Elapsed 0:3:39.28, Read 453.07 MB, 2.07 MB/s, Write 2148.27 MB, 9.80 MB/s
Done

open

To open a file or command pipeline and return a channel identifier in Tcl, use the open command.

open filename

Syntax Description

filename

The name of the file to be opened.

Command Default

None.

Command Modes


Interactive Tcl shell and Tcl script.

Command History

Release

Modification

NX-OS 5.1(1)

This command was introduced.

Usage Guidelines

This is a standard Tcl command documented in Tcl documentation with the following modifications:

Access to files and directories is limited to user space only. Access to system filespace and system commands is not permitted.

Examples

The following example shows that access is denied to system files: 


switch-tcl# open "/etc/hosts" r 
Permission denied. couldn't open "/etc/hosts": permission denied 
switch-tcl#

Examples

The following examples shows that access is denied to system commands: 

switch-tcl# open "| cat /etc/hosts" r 
Permission denied. couldn't execute "cat": not owner 
switch-tcl#

Related Commands

Command

Description

cli

Execute an NX-OS CLI command in Tcl verbosely.

clis

Execute an NX-OS CLI command in Tcl silently.

out-of-service

To put an interface out of service, use the out-of-service command in interface configuration submode. To restore the interface to service, use the no form of the command.

out-of-service [force]

no out-of-service [force]

Syntax Description

force

(Optional) Configures the interface that should be forced out of service.

Command Default

None.

Command Modes


Interface configuration submode.

Command History

Release

Modification

NX-OS 5.2(1)

This command was deprecated.

3.0(1)

This command was introduced.

Usage Guidelines

Before using the out-of-service command, you must disable the interface using the shutdown command.

When an interface is out of service, all the shared resources for the interface are released, as is the configuration associated with those resources.


Caution

Taking interfaces out of service releases all the shared resources to ensure that they are available to other interfaces. This causes the configuration in the shared resources to revert to default when the interface is brought back into service. Also, an interface cannot come back into service unless the default shared resources for the port are available. The operation to free up shared resources from another port is disruptive.

Examples

The following example shows how to take an interface out of service: 


switch# config terminal
switch(config)# interface fc 1/1
switch(config-if)#shutdown
switch(config-if)# out-of-service
Putting an interface into out-of-service will cause its shared resource 
configuration to revert to default
Do you wish to continue(y/n)? [n]

The following example makes an interface available for service: 


switch(config-if)# no out-of-service

Related Commands

Command

Description

shutdown

Disables an interface.

show interface

Displays the status of an interface.

out-of-service module

To perform a graceful shutdown of an integrated crossbar on the supervisor module of a Cisco MDS 9500 Series Director, use the out-of-service module command in EXEC mode.

out-of-service module slot

Syntax Description

slot

The slot refers to the chassis slot number for Supervisor-1 module or Supervisor-2 module where the integrated crossbar is located.

Command Default

None.

Command Modes


EXEC.

Command History

Release

Modification

NX-OS 5.2(1)

Applicable for supervisor module only.

3.0(1)

This command was introduced.

Usage Guidelines

Before removing a crossbar from an MDS 9500 Series Director, you must perform a graceful shutdown of the crossbar.


Note
To reactivate the integrated crossbar, you must remove and reinsert or replace the Supervisor-1 or Supervisor-2 module.

For additional information about crossbar management, refer to the Cisco MDS 9000 Family CLI Configuration Guide .

Examples

The following example shows how to perform a graceful shutdown of the integrated crossbar: 


switch# out-of-service module 2

Related Commands

Command

Description

out-of-service xbar

Performs a graceful shutdown of an external crossbar switching module in a Cisco MDS 9513 Director.

show module

Displays the status of a module.

out-of-service xbar

To perform a graceful shutdown of the external crossbar switching module of a Cisco MDS 9513 Director, use the out-of-service xbar command in EXEC mode.

out-of-service xbar slot

no out-of-service xbar slot

Syntax Description

slot

Specifies the external crossbar switching module slot number, either 1 or 2. The slot refers to the external crossbar switching module slot number.

Command Default

None.

Command Modes


EXEC.

Command History

Release

Modification

NX-OS 5.2(1)

This command was deprecated.

3.0(1)

This command was introduced.

Usage Guidelines

Before removing a crossbar from an MDS 9500 Series Director, you must perform a graceful shutdown of the crossbar.

The slot refers to the external crossbar switching module slot number.


Note
To reactivate the external crossbar switching module, you must remove and reinsert or replace the crossbar switching module.

Caution

Taking the crossbar out-of-service may cause supervisor switchover.

For additional information about crossbar management, refer to the Cisco MDS 9000 Family CLI Configuration Guide .

Examples

The following example shows how to perform a graceful shutdown of the external crossbar switching module of a Cisco MDS 9513 Director: 


switch# out-of-service xbar 1

Related Commands

Command

Description

out-of-service module

Performs a graceful shutdown of an integrated crossbar on the supervisor module of a Cisco MDS 9500 Series Director.

show module

Displays the status of a module.