About Fabric Overview for SAN Operational Mode Setups, Release 12.2.1

The following table provides an overview of the significant changes up to this current release. The table does not provide an exhaustive list of all changes or of the new features up to this release.

The Actions drop-down list at the Fabric level allows you to configure backup, Refer to the section "Configuring Fabric Backup" in Backing Up and Restoring SAN Operational Mode Setups for more information.

Fabric Overview contains tabs that allows you view and perform the below operations on the fabric.

Click on a fabric to open the side kick panel. The following sections display the summary of the fabric:

Click the Launch icon to the right top corner to view the Fabric Overview.

The following table describes the fields that appear on Switches window.

The following table describes the action items, in the Actions menu drop-down list, that appear on Manage > Inventory > Switches.

To view the inventory information for modules from the SAN Controller Web UI, perform the following steps:

Beginning with NDFC release 12.2.1, you can also filter the performance data that is shown using the following options:

You can configure and manage Virtual SANs (VSANs) from Cisco Nexus Dashboard Fabric Controller. Go to Manage > Fabrics, then double-click on a fabric to view the Fabric Overview page. Click on the VSANs tab to view VSAN information. You can view or configure VSAN for the discovered fabrics, with either Manageable or Manage Continuously status. For a selected fabric, a VSAN Scope tree is displayed in the left panel.

You can achieve higher security and greater stability in Fibre Channel fabrics by using virtual SANs (VSANs) on Cisco Data Center Switches and Cisco MDS 9000 Series switches. VSANs provide isolation among devices that are physically connected to the same fabric. With VSANs, you can create multiple logical SANs over a common physical infrastructure. Each VSAN can contain up to 239 switches and has an independent address space that allows identical Fibre Channel IDs (FC IDs) to be used simultaneously in different VSANs.

Cisco Nexus Dashboard Fabric Controller does not discover, nor display any suspended VSAN.

The VSANs tab displays the following fields.

The following table describes the action items, in the Actions menu drop-down list, that appear on Fabrics Overview > VSANs tab.

When changing VSAN of the Switch port in Nexus Dashboard Fabric Controller, If the port was associated with Isolated VSAN, then the previous VSAN column will be blank. For description on all fields that appear on the tabs, refer Field and Descriptions for VSANs.

Create VSAN Wizard

The VSAN Creation Wizard workflow includes these steps:

• VSAN ID and name

• Select Switches

• Configure VSAN Attributes

• Configure VSAN Domain

• Configure Port Membership

Go to Manage > Fabrics, then double-click on a fabric to view the Fabric Overview page. Click on the VSANs tab to view VSAN information. Click Actions > Create VSAN. The Create New VSAN screen of the wizard is displayed.

---

Ensure that the VSAN is not already created.

---

To create and configure VSANs from the Cisco Nexus Dashboard Fabric Controller Web UI, perform the following steps:

Before you begin:

You cannot configure any application-specific parameters for a VSAN before creating the VSAN.

Ensure that the VSAN is not already created. Do not create the VSAN in suspended state.

---

The suspended VSANs are not managed.

---

1. In the VSAN ID and Name window, perform the following steps:

   1. Ensure that the correct Fabric is against the Fabric field.

   2. In the VSAN ID field, select VSAN ID from the drop-down list.

      The range is 2-4094. Create the list of VSAN ID in at least one Switch in the Fabric. VSAN ID 4079 is for reserved VSAN.

   3. In the VSAN Name field, enter a name for VSAN.

      

      ---

      If the field is left blank, the Switch assigns a default name to the VSAN.

      ---

   4. Click the FICON check box to enable FICON on the switch.

   5. Click Next.

2. In the Select Switches screen, click the check box next to the Switch Name, to create the VSAN.

   If the switch name is grayed out, it implies that the switch is already part of a VSAN. It may also imply that the switch doesn’t have FICON feature enabled, if FICON is checked in the previous step.

   Click Next.

3. In the Configure VSAN Attributes screen, configure the VSAN attributes.

   

   ---

   If you create a VSAN in a suspended state, it doesn’t appear on the Cisco Nexus Dashboard Fabric Controller as it doesn’t manage suspended VSANs.

   ---

   1. In Load Balancing, select the load balancing type to be used on the VSAN.

      The following types are available:

      • Src ID/Dest ID: Based on only source ID (Src_ID) and destination ID (Dest_ID).

      • Src ID/Dest ID/Ox ID (default): Originator exchange ID (Ox_ID) is also used for load balancing, in addition to Src_ID and Dest_ID. 0x_ID is an exchange ID assigned by the originator Interconnect Port for an exchange with the target Interconnect Port.

        

        ---

        Src ID/Dest ID/0x ID is the default Load Balancing type for non-FICON VSAN and it isn’t available for FICON VSAN, Src ID/Dest ID is the default for FICON VSAN.

        ---

   2. In InterOp, select an interoperability value.

      The InterOp value is used to interoperate with different vendor devices. You can choose from one of the following:

      • Default: implies that the interoperability is disabled.

      • InterOp-1: implies that the VSAN can interoperate with all the Fibre Channel vendor devices.

      • InterOp-2: implies that the VSAN can interoperate with specific Fibre Channel vendor devices for basic to advanced functionalities.

      • InterOp-3: implies that the VSAN can interoperate with specific Fibre Channel vendor devices for basic to advanced functionalities.

      • InterOp-4: implies that the VSAN can interoperate with specific Fibre Channel vendor devices for basic to advanced functionalities.

        

        ---

        InterOp isn’t supported on FICON VSAN.

        ---

   3. In Admin State, select the configurable state for this VSAN.

      • Active: implies that the VSAN is configured and services for this VSAN is activated.

      • Suspended: implies that the VSAN is configured, but the service for this VSAN is deactivated.

        Choose this state to preconfigure all the VSAN parameters for the whole Fabric.

        

        ---

        Nexus Dashboard Fabric Controller doesn’t manage a suspended VSAN, and therefore it does not appear in the VSAN scope.

        ---

   4. Check the InOrder delivery check box to allow in-order delivery.

      When the value of fcInorderDelivery is changed, the value of this object is set to the new value of that object.

   5. Check the Add Fabric Binding DB check box if you want to enable the fabric binding for the FICON VSAN.

      If the check box is selected, all the peers in the selected switches are added to each switch in the selected list.

   6. Check the All Port Prohibited check box if you want to prohibit all the ports for FICON VSAN.

      If the check box is selected, the FICON VSAN is created as all Ports prohibited, by default.

   7. Click Next.

4. In the Configure VSAN Domain screen, configure the static domain IDs for FICON VSAN.

   1. Check the Use Static Domain IDs check box to configure the domain ID for the switches in the VSAN.

   2. The Available Domain IDs field shows all the available Domain IDs in the Fabric.

      Click Automatically apply available domain IDs to assign the domain ID for every switch that is selected to be a part of the VSAN.

   3. For every switch in the table, enter the domain ID from the list of available Domain IDs.

   4. Click Next.

5. In the Configure Port Membership screen, for every switch in the VSAN, configure the interfaces as the member of the new VSAN.

   

   ---

   Modifying the Port VSAN may affect the I/O of the interface.

   ---

   Click Next.

6. In the Review screen, verify if you have configured the VSAN correctly.

   Click Previous to navigate to the earlier screen and modify the configuration.

   Click Finish to confirm and configure the VSAN. The VSAN creation result is displayed at the bottom of the window.

   

   ---

   After the VSAN is created, it will take few minutes for the new VSAN to appear in the VSAN scope tree.
   If the switch port is associated with Isolated VSAN then the previous VSAN information will be blank.

   ---

Field and Descriptions for VSANs

The Field and Descriptions for all the tabs that are displayed on Manage > Fabrics > Fabric Overview > VSANs are explained in the following sections:

• Switches Tab

• ISL Tab

• Host Ports Tab

• Storage Ports Tab

• Attributes Tab

• Domain ID Tab

• VSAN Membership Tab

Switches Tab

This tab displays Switches in the VSAN scope. Click the Switch name to view the summary information of the switch. The following table describes the fields that appear on the Switches tab.

Field	Description
Name	Specifies the name of the switch in the VSAN. Click the name to view the switch summary. Click Show more Details to view complete information.
Domain ID	Specifies an insistent domain ID.
VSAN WWN	Specifies the world wide name (WWN) of the VSAN.
Principal WWN	Specifies the world wide name (WWN) of the switch. For the principal switch, the value is self.
Model	Specifies the model name of the switch.
Release	Specifies the NX-OS version on the switch.
Up Time	Specifies the time from which the switch is up.

ISL Tab

This tab displays information about the ISLs about the switches in the VSAN scope. The following table describes the fields that appear on the ISLs tab.

If the VSAN is configured on both the switches across the ISL and if VSAN is not enabled on the ISL, Nexus Dashboard Fabric Controller considers VSAN as segmented. Therefore, add the VSAN to the trunked VSANs across the ISL to clear the warning message. Alternatively, you can ignore this warning message.

Field	Description
VSANs	All VSANs which this ISL runs traffic on.
From Switch	The source switch of the link.
From Interface	The port index of source E_port of the link.
To Switch	The switch on the other end of the link.
To Interface	The port index of destination E_port of the link.
Speed	The speed of this ISL.
Status	The operational status of the link.
Port Channel Members	The member of Port Channel if the ISL is a Port Channel.
Additional Info	Additional information for this ISL, such as, TE/TF/TNP ISL.

Host Ports Tab

This tab displays information about the host ports on the switches in the VSAN scope. The following table describes the fields that appear on the Host Ports tab.

Field	Description
Enclosure	The name of the enclosure.
Device Alias	The device alias of this entry.
Port WWN	The assigned PWWN for this host.
Fcid	The FC ID assigned for this host.
Switch Interface	Interface on the switch that is connected with the end device.
Link Status	The operational status of the link.
Vendor	Specifies the name of the vendor.
Serial Number	Specifies the serial number of the enclosure.
Model	Specifies the name of the model.
Firmware	The version of the firmware that is executed by this HBA.
Driver	The version of the driver that is executed by this HBA.
Additional Info	The information list corresponding to this HBA.

Storage Ports Tab

This tab displays information about the storage ports on the switches in the VSAN scope. The following table describes the fields that appear on the Storage Ports tab.

Field	Description
Enclosure	The name of the enclosure.
Device Alias	The device alias of this entry.
Port WWN	The assigned PWWN for this host.
Fcid	The FC ID assigned for this host.
Switch Interface	Interface on the switch that is connected with the end device.
Link Status	The operational status of the link.

Attributes Tab

This tab displays the attributes of all the switches in the VSAN scope. The following table describes the fields that appear on the Attributes tab.

Field	Description
Edit	Click Edit to modify the attributes of the VSAN and to push the same VSAN attributes to the selected switches. If the VSAN is FICON VSAN in any selected switch, the following fields won’t appear on the UI, as they can’t be modified for the FICON VSAN. vsanLoadBalancing InterOp Inorder Delivery After modify the attributes, you can click Save to save changes or Cancel to discard.
Switch Name	Displays the name of the switch that is associated with the VSAN.
VSAN Name	Displays the name of the VSAN.
Admin	Specifies if the status of the Admin is either Active or Suspend. Active implies that the VSAN is configured and services for the VSAN is activated. Down implies that the VSAN is configured; however, the service for the VSAN is deactivated. You can use set this state to preconfigure all the VSAN parameters by using the CLI only. If you suspend a VSAN, it’s removed from Cisco Nexus Dashboard Fabric Controller as well.
Oper	The operational state of the VSAN.
MTU	Displays the MTU for the switch.
Load Balancing	Specifies the load-balancing type that is used in the VSAN. The type of load balancing used on this VSAN. srcId/DestId-use source and destination ID for path selection srcdId/DestId/Oxld-use source, destination, and exchange IDs
InterOp	The interoperability mode of the local switch on this VSAN. default interop-1 interop-2 interop-3
Inorder Delivery	The Inorder Delivery guarantee flag of device. If true, then the inorder delivery is guaranteed. If false, it’s not guaranteed.
FICON	True if the VSAN is FICON-enabled.

Domain ID Tab

This tab displays information about the VSAN domain and its parameters. The following table describes the fields that appear on the Domain ID tab.

Field	Description
Edit	Select a switch and click the Edit icon to modify the Domain ID information for the selected switch.
Switch Name	Specifies the switch name in the VSAN. NPV switches aren’t listed in this column. However, the NPV switches exist in this VSAN fabric.
State	Specifies the state of the Switch.
Enable	Specifies if the Domain ID is enabled or disabled.
Running	Specifies the running domain.
Config	Specifies the configuration.
Config Type	Specifies the usage of the domain ID type-preferred or static.
Icons
Total	The number next to Table specifies the entries under this tab.
Refresh Icon	Click the Refresh icon to refresh the entries.

VSAN Membership Tab

This tab displays information about the interfaces on the switches that form the VSAN. The following table describes the fields that appear on the VSAN Membership tab.

Field	Description
Edit	Select a switch and click the Edit icon to modify Port VSAN Membership for selected VSAN and selected switch. Port VSAN Membership is presented by different types including FC (physical), Port Channel, FCIP, iSCSI, VFC (slot/port), VFC (ID), VFC Channel, VFC FEX, and VFC Breakout, PortChooser is provided for each type to show all existing interfaces on a selected switch for the user to choose from. If you modify Post VSAN Membership for any operational trunking port or port channel members, a warning appears. Use the Device Manager to change Allowed VSAN List for Trunking Interface.
Switch Name	Name of the switch
Interfaces	FC Ports in VSAN

A device aliases is a user-friendly name for a port WWN. Device alias name can be specified when configuring features such as zoning, QoS, and port security. The device alias application uses the Cisco Fabric Services (CFS) infrastructure to enable efficient database management and fabric-wide distribution.

The following table describes the fields that appear under Device Aliases tab.

Configuring Device Aliases

Click a required Fabric from Fabrics table, a Slide-in panel is displayed. Click Launch icon to view Fabric Overview window, and click Device Aliases tab.

Before performing any Device Alias configuration, check the status on the CFS tab, to ensure that the status is success.

---

To perform Device Alias configuration from the SAN Controller Web UI, the fabric must be configured as Device Alias enhanced mode.

---

To add, or edit, or delete device aliases, perform the following steps:

1. Choose check box next to the switch column for which you need to add the device alias

   1. Click Actions > Add device alias.

      The Add device alias windows appears.

      All the provisioned port WWNs are populated in the table.

   2. Enter a device alias name in the Device Alias field to indicate to create a device alias for the selected pWWN.

   3. Click Save to exit the inline editor mode.

   4. Click Apply to assign the device alias to the switches.

      You can also create a device alias with a non-provisioned port WWN.

   5. Click + icon of Pre-provision device aliases to create a new table row in inline editor mode.

   6. In the pWWN field, enter the non-provisioned port WWN and device alias for the new alias.

   7. Click Save to exit the inline editor mode.

   8. Click Apply to assign the device alias and the associated pWWN to the switches.

   

   ---

   If you close the Add device alias window before applying the device alias to the switches, the changes will be discarded and the device alias will not be created.

   ---

2. To edit the device alias, choose the check box next to the switch column, and then click Actions > Edit device aliases.

   

   ---

   You can select multiples switches to edit device aliases.

   ---

   The Edit device aliases windows appears.

   All the selected port WWNs are populated in the table.

   1. Click Edit icon next to the pWWN column.

   2. Enter a required device alias name in the Device Alias field and click tick icon to save the name.

   3. Repeat the same procedure to edit other device alias names.

   4. Click Apply to save edited device aliases to the switches.

      

      ---

      When you rename a device alias, a warning message appears that editing device alias causes traffic interruption and to review the zone member type. For Cisco NX-OS Releases in:
      * 7.x releases - before 7.3(0) releases
      * 6.x releases - before 6.2(15) releases

      ---

   5. Click Cancel to discard changes or click Confirm to save changes.

3. Choose check box next to the switch column for which you need to delete the device alias.

   1. Click Actions > Delete device alias.

      A confirmation window appears.

      

      ---

      Deleting the device alias may cause traffic interruption.

      ---

   2. Click Yes to delete the device alias.

4. For end devices with an attached service profile, the service profile name is populated to the Device Alias field. This allows the service profile name as a device alias name for those devices.

   Device Alias creation is CFS auto committed after clicking Apply. Click CFS tab to check if CFS is properly performed after the device alias created. In case of failure, you must troubleshoot and fix the problem.

Event Analytics includes the following topics:

The following table describes the columns that appears on Backup tab.

The following table describes the fields and descriptions that appears on Action tab.

Actions	Descriptions
Backup now	Choose Backup now. The Create new backup window appears. Enter name in Backup tag field. If required choose check box Mark backup as golden. For more information on golden backup, refer to the section "Golden Backup" in Backing Up and Restoring SAN Operational Mode Setups. Click OK.
Copy to bootflash	Choose Copy to bootflash. A confirmation window appears, click OK. For more information on bootflash, see the section "Copy Bootflash" in About Switch Overview for SAN Operational Mode Setups.
Compare	Choose required switch names to compare configuration of switches, choose Compare. You can select only two switches at an instance. Compare Config window appears, displaying the difference between the two configuration files. The Source and Target configuration files content is displayed in two columns. The differences in the configuration file are show in the table, with legends. Red: Deleted configuration details. Green: New added configuration. Blue: Modified configuration details.
Export	Click Export. The files are downloaded in your local system. You can use the third-party file transfer tools to transfer these files to an external server.
Edit tag	Click Edit tag to change the backup tag name.
Mark as golden	To mark existing backup as golden backup, choose Mark as golden, a confirmation window appears, click Confirm.
Remove as golden	To remove existing backup from golden backup, choose Remove as golden, a confirmation window appears, click Confirm.
Delete	To delete existing backups, choose Delete a confirmation window appears, click Confirm. If you have marked backup as golden backup. make sure that the golden backup is removed, else error appears you can’t delete existing backup. You can delete one backup at a time.

Name Server stores name entries for all hosts in the FCNS database. The name server permits an Nx port to register attributes during a PLOGI (to the name server) to obtain attributes of other hosts. These attributes are deregistered when the Nx port logs out either explicitly or implicitly. In a multiswitch fabric configuration, the name server instances running on each switch shares information in a distributed database. One instance of the name server process runs on each switch.

Double click on the Fabric to view the Fabric Overview screen. Beginning with Release 12.1.2e, the Name Server tab displays name server entries for the selected Fabric. Note that this data is pulled from the Switches discovery, and therefore, the duplicate entries are removed.

The Name Server tab displays the following fields.

From Release 12.1.2e, NDFC SAN Controller allows you to monitor the changes in configuration as compared to the baseline configuration.

After fabric discovery, configuration monitor saves the baseline configuration for all the switches in the fabric. The following parameters are monitored:

The monitoring job is executed once a day, everyday, to check for differences in baseline configuration and current configuration. Configuration Drift displays Yes when there is a difference between baseline and current configuration and an alarm is raised. You can view the Alarms raised on Cisco NDFC Web UI > Event Analytics > Alarms > Alarms Raised.

The Configuration Monitor tab displays the following fields.

The following table describes the action items, in the Actions menu drop-down list, that appear on Fabric Overview > Configuration Monitor tab.

For every event, an alarm is triggered and recorded on Event Analytics > Alarms > Alarms Raised page. If you Disable Fabric Monitoring, all the alarms are moved to Alarms Cleared.

Action Item	Description
Enable Fabric Monitoring	Allows you to enable fabric monitoring on all switches in the fabric.
Disable Fabric Monitoring	Allows you to disable monitoring the entire fabric. Note that if you disable fabric monitoring, the configuration drift data will not be captured and there will be no data to display on this tab. If you Disable Fabric Monitoring for the fabric, all the alarms are moved to Alarms Cleared tab.
Reset Baseline Configuration	Allows you to reset baseline configuration. Select the switch and choose Reset Baseline Configuration to purge all the configurations into Baseline Configuration.

You can view the following information on Port Usage tab.

You can use Filter by attribute to view required information.

Click Refresh icon to refresh the table.

Used ports displays the total used ports for the selected switch. Total ports displays the total available ports for the selected switch.

The tabs and their fields on the page are explained in the following sections.

CPU and Memory

The following table describes the columns that appear on the CPU and the Memory tab.

Field	Description
Switch Name	Specifies the name of the switch. Click the name of a switch to access a Switch slide-in pane with the switch details. Click on the graph icon to view the CPU or memory performance chart.
IP Address	Specifies the switch IP address.
Low Value (%)	Specifies the lowest CPU utilization value on the switch.
Avg. Value (%)	Specifies the average CPU utilization value on the switch.
High Value (%)	Specifies the high CPU utilization value on the switch.
Low to High Value Range (Preview)	Specifies the linear range preview.

Click the drop-down list to view CPU or memory data for the selected Day, Week, Month, or Year.

---

The label for the drop-down list changes based on your selection. For example, if you clicked Day, the label changes to Show last day.

---

Traffic

The following table describes the columns that appear on the Traffic tab.

Field	Description
Switch Name	Specifies the name of the switch. Click the name of a switch to access a Switch slide-in pane with the switch details.
Avg. Rx	Specifies the average Rx value.
Peak Rx	Specifies the peak Rx value.
Avg. Tx	Specifies the average Tx value.
Peak Tx	Specifies the peak Tx value.
Avg. Rx+Tx	Specifies the average of the Rx and Tx value.
Avg. Errors	Specifies the average error value.
Peak Errors	Specifies the peak error value.
Avg. Discards	Specifies the average discarded value.
Peak Discards	Specifies the peak discarded value.
Last Update Time	Specifies the last updated time.

Click the drop-down list to view traffic data for the selected Day, Week, Month, or Year.

---

The label for the drop-down list changes based on your selection. For example, if you clicked Day, the label changes to Show last day.

---

Temperature

The following table describes the columns that appear on the Temperature tab.

Field	Description
Switch Name	Specifies the name of switch. Click the name of a switch to access a Switch slide-in pane with the switch details. Click the graph icon to view the temperature chart.
IP Address	Specifies the switch IP address.
Temperature Module	Specifies the module of temperature.
Low Value (°C)	Specifies the lowest temperature value in degrees.
Avg. Value (°C)	Specifies the average temperature value in degrees.
High Value (°C)	Specifies the high temperature value in degrees.

Click the drop-down list to view temperature data for the selected Hour, Day, Week, or Month.

---

The label for the drop-down list changes based on your selection. For example, if you clicked Day, the label changes to Show last day.

---

Power

The following table describes the columns that appear on the Power tab.

Field	Description
Switch Name	Specifies the name of the switch. Click the name of a switch to access a Switch slide-in pane with the switch details.
IP Address	Specifies the switch IP address.
Power Module	Specifies the power module. Click the graph icon to view the power usage chart.
Power Usage (%)	Specifies the power usage as a percentage with subcategories based on the selected switch.
Avg	Specifies the average power usage.
Min	Specifies the minimum power usage.
Max	Specifies the maximum power usage.
Capacity (AMPs)	Specifies the capacity in (amps) amperes.
Draw (AMPs)	Specifies the power usage draw with subcategories based on the selected switch.
Avg	Specifies the average power usage draw.
Min	Specifies the minimum power usage draw.
Max	Specifies the maximum power usage based.
Capacity (WATTs)	Specifies the power capacity in watts.
Draw (WATTs)	Specifies the power usage draw in watts with subcategories based on the selected switch.
Avg	Specifies the average power usage draw in watts.
Min	Specifies the minimum power usage draw in watts.
Max	Specifies the maximum power usage draw in watts.
Power Module	Click on the graph icon under the Power Module column to filter the power usage based on the chosen data type. Options include: Usage (%) Draw (AMPs) Draw (WATTs) Click on Day, Week, or Month to filter the data based on time increments. If you click on the Day increment, the graph displays one line for the selected data type. If you click on the Week or Month option, the graph displays the average, minimum, or maximum power usage values depending on the chosen data type.

Click the drop-down list to view power data for the selected Hour, Day, Week, or Month.

---

The label for the drop-down list changes based on your selection. For example, if you clicked Hour, the label changes to Show last hour.

---

The Congestion Analysis option enables you to view slow drain statistics at the switch level and the port level. You can monitor the slow drain issue within any duration. You can display the data in a chart format and export the data for analysis. You can also view the topology that provides a high-level view of txwait, drops, credit loss recovery, over utilization, and port monitor events.

Congestion Visualization

A topology of the selected fabric appears when you click a fabric name and displays Congestion details for the fabric. The topology window shows color-encoded nodes and links that correspond to various network elements. For each of the elements, you can hover over to fetch more information. The links and switches are color-coded. Enable performance collections and SNMP traps to view the Congestion information on the topology.

The following table lists the color description that is associated with the links and switches.

Color	Name	Description
Blue (light)	High Utilization	High utilization tx-datarate >= 80%
Green	Normal	No Congestion found
Red	Level 3	Credit loss recovery
Orange	Level 2	Drops
Yellow (dark)	Level 1.5	txwait >= 30%
Yellow	Level 1	txwait < 30%
Gray (light)	No Data	No Data

A switch color represents the highest level Congestion that is found on any link to switch. The maximum value is 3 and the minimum value is 1. A switch has two colors if overutilized. The right half of the switch is colored in light blue to represent the overutilization. A number on the switch represents the number of F ports with Congestion. The color around the number represents the highest level Congestion that is found on F ports of the switch. Click the switch to bring in a sliding window, which shows the switch details. Double-click on the switch to view congestion data by filtering on the switch name.

Two parallel lines are used to represent the Congestion on links. Links are bidirectional, hence each direction has a color to represent the highest level of Congestion. Hover over a link to view the switch and interface name of the source and destination. Click a link to view the Congestion data that is related to that link alone.

---

The highest Congestion level a link can have is Level 3. Valid colors for a link are Green, Red, Orange, Yellow, and Gray (light).

---

Dynamic Ingress Rate Limiting (DIRL) is used to automatically limit the rate of ingress commands and other traffic to reduce or eliminate the congestion that is occurring in the egress direction. DIRL does this by reducing the rate of IO solicitations such that the data generated by these IO solicitations matches the ability of the end device to process the data without causing any congestion. As the device’s ability to handle the amount of solicited data changes, DIRL, will dynamically adjust seeking to supply it with the maximum amount of data possible without the end device causing congestion. After the end device recovers from congestion, DIRL will automatically stop limiting the traffic that is sent to the switch port.

In case of slow drain and over utilization, the assumption is that if the rate of IO solicitation requests is reduced then this will make a corresponding reduction in the amount of data solicited and being sent to the end device. Reducing the amount of data will resolve both the slow drain and over utilization cases.

DIRL is comprised of two functions and can perform equally well on congestion caused both slow drain and over utilization:

After the port monitor policy is configured with the DIRL portguard action and activated, all non- default F ports are monitored by default, and FPM is notified if congestion is detected on any of these ports. However, you can manually exclude certain interfaces from being monitored.

The following are the different transition states of DIRL:

The following are the actions that are initiated by DIRL depending on the type of event detected on the port:

The events are listed in reverse chronological order with the most current event at the top.

DIRL Congestion Management Visualization

Dynamic Ingress Rate Limiting (DIRL) analysis is an on-demand job executed on the selected Fabric. It displays the DIRL status and events on all the switches in the fabric. The following commands are executed on the switches and the output is collected as a snapshot.

• show fpm ingress-rate-limit status

• show fpm ingress-rate-limit events

---

DIRL Visualization is supported on Cisco MDS Series switches with Release 9.2(1) and later.

---

To view the DIRL analysis on Cisco NDFC SAN Controller UI, perform the following:

1. Choose Manage > Fabrics.

2. From the list of Fabrics, double click on the fabric to view Fabric Summary.

3. Click DIRL tab.

4. Click Start DIRL data collection to begin collection.

5. Click Cancel/Abort to stop the collection.

A status message appears to show that the collection is in progress. It also displays the time stamp at which the analysis began. After the Analysis is complete, information is populated in the table below. A status message appears to indicate that the collection is complete. It also displays the time stamp at which the analysis was completed.

An entry in the table below shows that following fields:

Field	Description
Switch	Specifies the switch on which the analysis is collected. Click on the Switch to view a slide-in pane displaying the summary. Click on the launch icon to view Switch Overview.
Interface	Specifies the interface on which the analysis is collected. Click the trend icon to view the chart for DIRL events on the interface. The graph provides information about Ingress, Egress, DIRL counter(s) values of the current DIRL with event timestamps for the selected DIRL interface. The graph also shows set of Falling/Rising threshold of each DIRL counter; the threshold is based on the active edge type Port Monitor policy at the time of the DIRL status collection. Click on the interface name to view interface summary. Click VSAN value to view the related VSANs. Click DIRL Events to view Rate Limit Events. The table displays the events of this interface from the CLI command output show fpm ingress-rate-limit events.
Current rate limit (%)	Specifies the % indicating the current rate limit.
Previous action	Specifies the previous action performed to control the rate limit.
Last updated time	Displays the time stamp at which the event occurred.

Click DIRL Past Events to view the DIRL events for all the interfaces in this fabric, except the current DIRL interfaces. The table displays events from CLI command output show fpm ingress-rate-limit events.

AAA

You can view or configure authentication, authorization, and accounting (AAA) servers, Lightweight Directory Access Protocol (LDAP), RADIUS, or TACACS+ servers, using the AAA tab.

1. Navigate to Manage > Fabrics.

2. Single-click on a fabric with a Cisco MDS switch on it.

   A slide-in pane appears containing the summary information for the chosen fabric.

3. Click the Launch icon in the top right-hand corner of the Fabric slide-in pane.

   The Fabric Overview > Summary tab appears.

4. Click on the AAA tab.

   If you do not see the AAA tab, click on the three dots (…​) in the tab list and then choose AAA from the drop-down list.

   The tabs and their fields on the page are explained in the following sections.

   • AAA Servers

   • AAA Server Groups

   • Search Maps

   • Applications

   • Protocol Defaults

   • Authentication Type

AAA Servers

The AAA Servers tab displays any RADIUS, TACACS+, or LDAP server configured on Cisco MDS switches for the chosen fabric.

Field	Description
Switch Name	Specifies the name of the switch.
Switch IP	Specifies the IP address of the switch.
Server Groups	Specifies the number for the AAA server group.
ID	Specifies the AAA server ID.
Protocol	Specifies the type of authentication protocol. Available options are: Radius Tacacs+ LDAP
IP Address Type	Specifies the type of IP address. Available options are: IPv4 IPv6 DNS
Name or IP Address	Specifies the hostname or the IP address of the server.
Auth Port	Specifies the authentication port of the AAA server. Set the authentication port as 636 for secure LDAP.
Account Port	Specifies the port number of the account.
Key Type	Specifies the key type. Available options include: Plain Encrypted Not Configured
Time Out (s)	Specifies the time-out value in seconds for the AAA server to attempt authentication requests before the AAA server times out.
Retransmits	Specifies the number of AAA server retransmission attempts.
Idle Time (m)	Specifies the allowed idle time in minutes before the AAA server times out.
Test User	Specifies the test username. You can configure a username and password for periodic TACACS+ server status testing. You can use the default test username (test) and default password (test).
Root DN	Specifies the root distinguished name (DN).

AAA Server Groups

The AAA Server Groups tab displays any RADIUS, TACACS+, or LDAP server groups configured on Cisco MDS switches for the chosen fabric. You can also view if an LDAP server group is attached to a search map.

The fields in the AAA Server Groups tab are described in the following table.

Field	Description
Switch Name	Specifies the name of the switch.
Switch IP	Specifies the IP address of the switch.
ID	Specifies ID of the switch.
Name	Specifies the name of the server group.
Protocol & Search Map	Specifies the authentication protocol. If the switch is enabled for LDAP, you can configure a search map. For more information, see Creating a Search Map.
Server ID List	Specifies the list of server IP addresses assigned to the server group.
Dead Time (m)	Specifies the LDAP server dead-time interval in minutes. The dead-time interval specifies the time that the Cisco MDS server waits, after declaring that an LDAP server is dead, before sending out a test packet to determine if the server is now alive.

Search Maps

The Search Maps tab allows you to attach an LDAP server group to a search map. A search map provides the workflow for managing your LDAP server groups and Cisco MDS switches.

The fields in the Search Maps tab are described in the following table.

Field	Description
Switch Name	Specifies the name of the LDAP-enabled Cisco MDS switch.
Name	Specifies the name of the search map.
Type	Specifies the type of search map. Available options are: User Profile Trusted Cert Control Lookup User Switch Bind User Cert Bind
Base DN	Specifies the base distinguished name (DN) for the search map. For example, you can enter dc=ldapuser,dc=local as the base DN.
Filter	Specifies the filter for the search map. For example, you can enter a filter such as cn=$userid@ldapuser@ldapuser.local.
Attribute	Specifies the attribute for the search map. For example, you can enter description as an attribute.
Mode	Specifies the mode for the switch. The Mode parameter is configured by the switch.

Applications

The fields in the Applications tab are described in the following table.

Field	Description
Switch Name	Specifies the name of the switch.
Switch IP	Specifies the IP address of the switch.
Type, SubType, Function	Specifies the type, subtype, and function of the LDAP application.
Server Group List	Specifies the list of server groups.
Server Group Local	Specifies the local server group.
Server Group Trivial	Specifies the server group trivial.

Protocol Defaults

The Protocol Defaults tab displays a default entry for each AAA protocol if enabled from each Cisco MDS switch in the fabric. Cisco MDS switches create the protocol defaults.

The fields in the Protocol Defaults tab are described in the following table.

Field	Description
Switch Name	Specifies the name of the switch.
Switch IP	Specifies the IP address of the switch.
Protocol	Specifies the protocol for the switch.
Authentication Type	Specifies the type of authentication.
Key	Specifies the authentication key.
Time Out (s)	Specifies the time outs in seconds.
Retransmits	Specifies the number of retransmission attempts.
Directed Req	Specifies the directed requisition requests. Directed Req is a toggle parameter that allows you to send only the user name to a specified server.
Idle Time (m)	Specifies the idle time before the server times out in minutes.

Authentication Type

The fields in the Authentication Type tab are described in the following table.

Field	Description
Switch Name	Specifies the name of the switch.
Switch IP	Specifies the IP address of the switch.
Auth Type MSCHAP	Provides a toggle option for indicating the authentication type of Microsoft Challenge Handshake Authentication Protocol (MSCHAP).
Auth Type MSCHAP2	Provides a toggle option for indicating the authentication type of MSCHAP2.

Configuring an AAA Server, a Server Group, a Search Map, and an Authentication Type

You can configure an LDAP, RADIUS, or TACACS+ server as an AAA server. You can then add a server group for failover in case a remote AAA server fails to respond. A server group is a set of remote AAA servers implementing the same AAA protocols. The purpose of a server group is to provide for failover servers in case a remote AAA server fails to respond. If the Cisco MDS switch encounters errors from the servers in the first group, it tries the servers in the next server group.

You can create a search map for attaching an LDAP server group. The search map provides a workflow for managing your LDAP server groups and Cisco MDS switches. You can attach a single LDAP-enabled switch or multiple LDAP-enabled switches to a search map. For more information, see Creating a Search Map and Creating an AAA Server Group.

For more information, see the following sections:

• Creating an AAA Server

• Creating an AAA Server Group

• Creating a Search Map

• Configuring an Authentication Type

• Editing a Server Group List, Server Group Local, or Trivial for an AAA Server

• Deleting an AAA Server

• Deleting an AAA Server Group

• Deleting a Search Map

Creating an AAA Server

NDFC creates the specified AAA server for the chosen Cisco MDS switch or switches based on the chosen protocol. NDFC chooses the proper index based on the existing index allocation for each chosen Cisco MDS switch.

You can assign the same AAA server to multiple switches at one time.

1. Navigate to Manage > Fabrics.

2. Single-click on a fabric with a Cisco MDS switch on it.

   A slide-in pane appears containing the summary information for the chosen fabric.

3. Click the Launch icon in the top right-hand corner of the Fabric slide-in pane.

   The Fabric Overview > Summary tab appears.

4. Click on the AAA tab.

   If you do not see the AAA tab, click on the three dots (…​) in the list of tabs and then choose AAA from the drop-down list.

5. Click on the AAA Servers tab.

6. Choose Create Server from the Actions drop-down list.

   The Create Server dialog appears.

7. Check the check box for the Cisco MDS switch for which you want to create an AAA server.

   You can choose multiple Cisco MDS switches.

8. Click Select.

9. Choose a protocol from the Protocol drop-down list.

   Available protocols are:

   • LDAP

   • RADIUS

   • TACACS+

10. Choose an IP Address Type.

    Available options are:

    • IPv4

    • IPv6

    • DNS

      For an LDAP, RADIUS, or a TACACS+ server, choose IPv4.

11. Choose a key type.

    Options are:

    • Plain

    • Encrypted

    • Not Configured

12. Click Ok to enter your changes or Close to cancel your changes.

Creating an AAA Server Group

1. Navigate to Manage > Fabrics.

2. Single-click on a fabric with a Cisco MDS switch on it.

   A slide-in pane appears containing the summary information for the chosen fabric.

3. Click the Launch icon in the top right-hand corner of the Fabric slide-in pane.

   The Fabric Overview > Summary tab appears.

4. Click on the AAA tab.

   If you do not see the AAA tab, click on the three dots (…​) in the list of tabs and then choose AAA from the drop-down list.

5. Click on the AAA > AAA Server Groups tab.

6. Choose Create Server Group from the drop-down list.

7. Click LDAP, RADIUS, or TACACS+ as the protocol depending on what type of server group you want to create.

8. Choose a switch from the list of switches.

9. Choose a server group name from the Server Group Name drop-down list.

10. Choose a server name from the Server ID List drop-down list.

11. Enter the idle time in the Idle Time field.

12. Click Ok to enter your changes or Close to cancel your changes.

    You can assign one server group to multiple switches at one time provided that the switches contain the same servers that are being used in the AAA server group. You can use servers that overlap.

Creating a Search Map

You can create a search map for attaching an LDAP server group. A search map helps you manage your LDAP server groups and Cisco MDS switches.

---

You have to create a search map before you create an LDAP server group.

---

You can attach a single LDAP-enabled switch or multiple LDAP-enabled switches to a search map.

Before You Begin

Navigate to the Switch Overview > Summary > Switch Information area > Enabled Features link and confirm that LDAP is enabled for the switch.

Workflow

1. Create a search map.

2. Create an AAA server group using the LDAP protocol. For more information, see Creating an AAA Server Group.

Limitations of Search Maps

• You must create a search map before you create an LDAP server group.

• You cannot edit a search map.

Create a Search Map

1. Navigate to Manage > Fabrics.

2. Single-click on a fabric with a Cisco MDS switch on it.

   A slide-in pane appears containing the summary information for the chosen fabric.

3. Click the Launch icon in the top right-hand corner of the Fabric slide-in pane.

   The Fabric Overview > Summary tab appears.

4. Click on the AAA > Search Maps tab.

   If you do not see the AAA tab, click on the three dots (…​) in the list of tabs and then choose AAA from the drop-down list.

5. Choose Create Search Map from the Actions drop-down list.

   The Create Search Maps dialog box appears.

6. Choose a Cisco MDS switch that is enabled for LDAP from the Switch drop-down list.

7. Choose the appropriate map type from the Map Type drop-down list.

8. Enter a name for the search map in the Map Name field.

9. Enter the base distinguished name (DN) for the LDAP server in the Base DN field. For example, you can enter dc=ldapuser,dc=local as the base DN.

10. Enter a filter for the search map in the Filter field. For example, you can enter cn=$userid@ldapuser@ldapuser.local as a search map filter.

11. Enter an attribute for the search map in the Attribute field. For example, you can enter description as an attribute.

12. Click Submit to submit your changes and create the search map.

Create an AAA Server Group for the Search Map

1. Navigate to the AAA Server Groups tab.

   If you do not see the AAA tab, click on the three dots (…​) in the list of tabs and then choose AAA from the drop-down list.

2. Choose Create Server Group from the drop-down list.

3. Choose LDAP as the protocol for creating an LDAP server group.

4. Choose an LDAP switch from the list of switches.

5. Choose a server group name from the Server Group Name drop-down list.

6. Choose a server name from the Server ID List drop-down list.

7. Enter the idle time in the Idle Time field.

8. Click Ok to enter your changes or Close to cancel your changes.

   You can create multiple server groups at one time.

   You can navigate to the AAA Server Groups > Protocol & Search Map column to see if your LDAP-enabled switch is attached to a search map.

Configuring an Authentication Type

Cisco MDS switches allow user logins to perform remote authentication using different versions of the Microsoft Challenge Handshake Authentication Protocol (MSCHAP). You use MSCHAP for authentication on a RADIUS or a TACACS+ server, while you use MSCHPAv2 for authentication on a RADIUS server.

1. Navigate to Manage > Fabrics.

2. Single-click on a fabric with a Cisco MDS switch on it.

   A slide-in pane appears containing the summary information for the chosen fabric.

3. Click the Launch icon in the top right-hand corner of the Fabric slide-in pane.

   The Fabric Overview > Summary tab appears.

4. Click on the AAA tab.

   If you do not see the AAA tab, click on the three dots (…​) in the list of tabs and then choose AAA from the drop-down list.

5. Click on the Protocol Defaults tab.

6. Click on the pencil icon.

   You can edit the following fields:

   • Select Encryption Type

   • Key

   • Timeout

   • Retransmits

   • Directed Req

   • Idle Time (m)

7. Click the checkmark icon to save your edits, or click the X to cancel your edits.

Editing a Server Group List, Server Group Local, or Trivial for an AAA Server

1. Navigate to Manage > Fabrics.

2. Single-click on a fabric with a Cisco MDS switch on it.

   A slide-in pane appears containing the summary information for the chosen fabric.

3. Click the Launch icon in the top right-hand corner of the Fabric slide-in pane.

   The Fabric Overview > Summary tab appears.

4. Click on the AAA tab.

   If you do not see the AAA tab, click on the three dots (…​) in the list of tabs and then choose AAA from the drop-down list.

5. Click on the Applications tab.

6. Click on the pencil icon.

7. Edit the Server Group List, Server Group Local, or Server Group Trivial fields.

8. Click the checkmark icon to save your edits, or click the X to cancel your edits.

Deleting an AAA Server

1. Navigate to Manage > Fabrics.

2. Single-click on a fabric with a Cisco MDS switch on it.

   A slide-in pane appears containing the summary information for the chosen fabric.

3. Click the Launch icon in the top right-hand corner of the Fabric slide-in pane.

   The Fabric Overview > Summary tab appears.

4. Click on the AAA tab.

   If you do not see the AAA tab, click on the three dots (…​) in the list of tabs and then choose AAA from the drop-down list.

5. Click on the AAA Servers tab.

6. Choose a Cisco MDS switch to delete.

7. Choose Delete Servers from the Actions drop-down list.

   You can choose multiple servers to delete at one time.

Deleting an AAA Server Group

1. Navigate to Manage > Fabrics.

2. Single-click on a fabric with a Cisco MDS switch on it.

   A slide-in pane appears containing the summary information for the chosen fabric.

3. Click the Launch icon in the top right-hand corner of the Fabric slide-in pane.

   The Fabric Overview > Summary tab appears.

4. Click on the AAA tab.

   If you do not see the AAA tab, click on the three dots (…​) in the list of tabs and then choose AAA from the drop-down list.

5. Click on the AAA Server Groups tab.

6. choose Delete Servers from the Actions drop-down list.

   You can delete multiple server groups at one time.

Deleting a Search Map

1. Navigate to Manage > Fabrics.

2. Single-click on a fabric with a Cisco MDS switch on it.

   A slide-in pane appears containing the summary information for the chosen fabric.

3. Click the Launch icon in the top right-hand corner of the Fabric slide-in pane.

   The Fabric Overview > Summary tab appears.

4. Click on the AAA tab.

   If you do not see the AAA tab, click on the three dots (…​) in the list of tabs and then choose AAA from the drop-down list.

5. Click on the Search Maps tab.

6. Choose the search map that you want to delete.

7. Choose Delete Search Maps from the Actions drop-down list.

   The search map is deleted.

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

© 2017-2024 Cisco Systems, Inc. All rights reserved.