Table Of Contents
fc srp-global gateway-portmask-policy restricted
fc srp-global lun-policy restricted
Fibre Channel Commands
This chapter documents the following commands:
•fc srp-global gateway-portmask-policy restricted
•fc srp-global lun-policy restricted
Note If you enter a Fibre Channel command and receive an error message that reads, "Operation temporarily failed - try again," give your Fibre Channel gateway time to finish initializing, then retry the command.
fc srp initiator
To configure an initiator— normally a SAN-attached host but in IB terms a SRP host combined with a Server Switch—to communicate with a Fibre Channel SAN across a Fibre Channel gateway on your Server Switch, enter the fc srp initiator command in Global Configuration mode. To deny SAN access to the SRP host, to delete an initiator from the running configuration, or to reconfigure the description of the initiator to an empty string, use the no form of this command.
fc srp initiator guid extension {auto-bind | bootup target target-wwpn lu logical-unit | description descr | discover-itl | pkey pkey-value | wwnn wwnn-value}
no fc srp initiator guid extension [description]
Syntax Description
Defaults
By default, no P_keys apply to initiators. By default, global policies apply to initiators. Configure global policies with fc srp-global commands.
Command Modes
Global Configuration (config) mode.
Usage Guidelines
Platform Availability:
Cisco SFS 3001, Cisco SFS 3012
Privilege Level:
Unrestricted read-write user, Fibre Channel read-write user
Configure initiators so SRP hosts can communicate with SANs.
Note When you configure new initiators, those initiators inherit the global policies that exist at that time. When you change global policies, the new global policies do not apply to existing initiators.
Before you can customize an initiator, you must create an initiator entry with the auto-bind keyword or the wwnn keyword. Once you identify a host as an initiator, you can customize the initiator with the remaining keywords.
Command Keyword Usage Guidelines:
•auto-bind
You must create initiators and assign, or bind, a WWNN (an identifier that FC devices recognize) to each initiator so that FC devices can communicate with initiators. When you use the auto-bind keyword to create an initiator and generate a WWNN for an initiator, your Server Switch creates a virtual port (NL_Port) that represents the initiator on every physical port on the FC gateway. Your Server Switch assigns an internally-generated WWPN to each virtual port. Each physical port on the FC gateway supports 32 virtual ports to form a virtual FC arbitrated loop.
Note We strongly recommend that you use the auto-bind keyword to assign WWNNs to initiators as you configure the initiators. If you perform a manual configuration, you may create duplicate WWNNs that create traffic conflicts.
•description
Enter a description to help identify an initiator without reading its GUID and extension.
•discover-itl
Discover ITLs to add all available initiator-target-LUN (ITL) groups to the running configuration. For detailed information on ITLs, refer to the Fibre Channel Gateway User Guide.
•pkey
Refer to the Element Manager User Guide to learn more about partitions.
•wwnn
When you enter a question mark (?) after the wwnn keyword, the CLI provides a recommended WWNN value.
Examples
The following example adds an initiator to the running configuration and automatically configures the WWNN of the initiator and the WWPNs of the virtual ports that point to the initiator from the physical FC gateway ports.
SFS-7000P(config)# fc srp initiator 00:00:2C:90:01:1b:b7:50 00:00:00:00:00:00:00:00 auto-bind
The following example assigns the description InfiniBand Host to an existing initiator. The name now appears in the show fc srp initiator command output.
SFS-7000P(config)# fc srp initiator 00:00:2C:90:01:1b:b7:50 00:00:00:00:00:00:00:00 description "InfiniBand Host"
The following example discovers all potential initiator-target-LUN (ITL) combinations that your Server Switch can support and adds them to the running configuration. To view the results of this command, enter the show fc srp itl command.
SFS-7000P(config)# fc srp initiator 00:00:2C:90:01:1b:b7:50 00:00:00:00:00:00:00:00 discover-itl
Related Commands
fc srp-global lun-policy restricted
show fc srp initiatorfc srp initiator-wwpn
To manually create, on a physical FC gateway port, a virtual port that points to an initiator, enter the fc srp initiator-wwpn command in Global Configuration mode.
fc srp initiator-wwpn guid extension slot#/port# wwpn
Syntax Description
Defaults
This command has no default settings.
Command Modes
Global Configuration (config) mode.
Usage Guidelines
Platform Availability:
Cisco SFS 3001, Cisco SFS 3012
Privilege Level:
Unrestricted read-write user or Fibre Channel read-write user.
Configure WWPNs for initiators so that FC devices can recognize them and communicate with them. With virtual ports (NL_ports), physical FC ports can point to multiple initiators, and multiple ports can point to the same initiator. For instance, if you have Initiators X and Y and Physical FC Ports A and B, you can create the following virtual ports:
•virtual port AX on port A that points to initiator X
•virtual port AY on port A that points to initiator Y
•virtual port BX on port B that points to initiator X
•virtual port BY on port B that points to initiator Y
As you can see, in this way, multiple virtual ports can point to one initiator and individual physical ports can support multiple initiators.
When you enter a question mark (?) after the port# variable, the CLI provides a suggested WWPN value.
Note Use the recommended WWPN unless you have a compelling reason to do otherwise. We strongly recommend that you use the fc srp initiator command with the auto-bind keyword to create initiator entries and assign WWPNs to initiators.
Examples
The following example uses the online help (?) to find the recommended WWPN value, then configures a virtual port on port 1 on the FC gateway expansion module in slot 7.
SFS-7000P(config)# fc srp initiator-wwpn 00:00:2c:90:01:1b:b7:50 00:00:00:00:00:00:00:00 7/1 ?
<wwpn> - wwpnSuggested wwpn = 20:03:00:05:ad:70:00:02SFS-7000P(config)# fc srp initiator-wwpn 00:00:2c:90:01:1b:b7:50 00:00:00:00:00:00:00:00 7/1 20:03:00:05:ad:70:00:02
SFS-7000P(config)#Related Commands
fc srp initiator
show fc srp initiatorfc srp it
To configure an initiator-target (IT) pair—a fully-configured link between an initiator and a target storage device port—with your Server Switch, enter the fc srp it command in Global Configuration mode. To delete or reconfigure an IT pair entry from the configuration file, use the no form of this command.
fc srp it guid extension wwpn {description "descr" | discover-itl | gateway-portmask-policy {default | test-mode | restricted port-selection}}
no fc srp it guid extension wwpn [test-mode | gateway-portmask-policy restricted port-selection]
Syntax Description
Defaults
By default, this policy denies initiators access to all targets.
Command Modes
Global Configuration (config) mode.
Usage Guidelines
Platform Availability:
Cisco SFS 3001, Cisco SFS 3012
Privilege Level:
Unrestricted read-write user or Fibre Channel read-write user.
The fc srp it command sets policies that control the extent to which the initiator accesses Fibre Channel gateway ports. Use the no form of this command with the gateway-portmask-policy keyword to grant an initiator access to the ports you specify.
Note We strongly recommends that you let your Server Switch populate the running configuration with IT pairs; do not manually enter IT pairs.
Examples
The following example assigns a description of entry to an existing IT:
SFS-7000P(config)# fc srp it 00:00:2c:90:01:1b:b7:40 00:00:00:00:00:00:00:00 21:00:00:04:cf:75:6b:3b description "entry"
Topspin-360(config)# fc srp it 00:02:c9:02:00:40:0e:d4 00:00:00:00:00:00:00:00 21:00:00:04:cf:86:a0:1f test-modeTopspin-360(config)# fc srp it 00:02:c9:02:00:40:0e:d4 00:00:00:00:00:00:00:00 21:00:00:04:cf:86:a0:1f normal-modeError: Unrecognized commandTopspin-360(config)# no fc srp it 00:02:c9:02:00:40:0e:d4 00:00:00:00:00:00:00:00 21:00:00:04:cf:86:a0:1f test-modeTopspin-360(config)#Related Commands
fc srp-global gateway-portmask-policy restricted
show fc srp it
show interface fcfc srp itl
To configure an initiator-target-LUN (ITL) group—a fully-configured link between an initiator and Fibre Channel storage—on your Server Switch, enter the fc srp itl command in Global Configuration mode. To delete an ITL entry or reset the description of an ITL to an empty string, use the no form of this command.
Note For a breakdown of the different actions that you can perform with the fc srp itl command, refer to Table 3-1.
fc srp itl guid extension wwpn LUN {description "descr" |
dynamic-gateway-port-failover [default] |
dynamic-gateway-port-loadbalancing [default] | dynamic-path-affinity [default] | gateway-portmask-policy {default | restricted {port-selection | all}} |
io-hi-mark mark [default] | lun-policy {default | restricted} | max-retry retry [default] | min-io-timeout timeout [default] | srp-lunid lunid logical-id logical-id}no fc srp itl guid extension wwpn LUN {description | dynamic-gateway-port-failover | dynamic-gateway-port-loadbalancing | dynamic-path-affinity | gateway-portmask-policy restricted port-selection | io-hi-mark | lun-policy restricted | max-retry | min-io-timeout}
Syntax Description
guid
Global unique identifier (GUID) of the initiator.
extension
GUID extension of the initiator.
wwpn
World-wide port name (WWPN) of the target port of the FC storage device.
LUN
FC LUN ID of the FC storage disk.
description
Assigns a text description to the ITL.
descr
Alphanumeric description (up to 50 characters) to assign to the initiator-target-LUN.
dynamic-gateway-port-failover
The fc srp itl command no longer supports this syntax.
Note This syntax appears for legacy purposes. Use the config fc srp lu command to set this feature.
default
(Optional) Sets an attribute to its global default value.
dynamic-gateway-port-loadbalancing
The fc srp itl command no longer supports this syntax.
Note This syntax appears for legacy purposes. Use the config fc srp lu command to set this feature.
dynamic-path-affinity
The fc srp itl command no longer supports this syntax.
Note This syntax appears for legacy purposes. Use the config fc srp lu command to set this feature.
gateway-portmask-policy
Defines the port restrictions that apply to the initiator for that ITL.
restricted
Denies the initiator access to select ports or LUNs for the ITL. Grants the initiator access to select ports or LUNs when you use the no keyword.
port-selection
Port, list of ports, or range of ports that the initiator can or cannot access for the ITL.
all
Specifies all ports.
lun-policy
Permits the initiator to access the LUN or denies the initiator access to the LUN.
io-hi-mark
The fc srp itl command no longer supports this syntax.
Note This syntax appears for legacy purposes. Use the config fc srp lu command to set this feature.
mark
The fc srp itl command no longer supports this syntax.
Note This syntax appears for legacy purposes. Use the config fc srp lu command to set this feature.
max-retry
The fc srp itl command no longer supports this syntax.
Note This syntax appears for legacy purposes. Use the config fc srp lu command to set this feature.
retry
The fc srp itl command no longer supports this syntax.
Note This syntax appears for legacy purposes. Use the config fc srp lu command to set this feature.
min-io-timeout
The fc srp itl command no longer supports this syntax.
Note This syntax appears for legacy purposes. Use the config fc srp lu command to set this feature.
timeout
The fc srp itl command no longer supports this syntax. This syntax appears for legacy purposes.
srp-lunid
Specifies a LUN ID called the SRP LUN ID to which you map an existing FC LUN ID. Essentially, this keyword creates an alias LUN ID.
lunid
SRP LUN ID that maps to an existing FC LUN ID. This value appears in the srp-lunid field of the show fc srp itl command output.
logical-id
Specifies the FC LUN ID to map to the SRP LUN ID.
logical-id
Complete Logical ID (entered without colons, as per the example below) of the LU that maps to the user-created SRP LUN ID. This value appears in the fc-lunid field of the show fc srp itl command output.
Defaults
Default values and behaviors appear in the Syntax Description and Table 3-1.
Command Modes
Global Configuration (config) mode.
Usage Guidelines
Platform Availability:
Cisco SFS 3001, Cisco SFS 3012
Privilege Level:
Unrestricted read-write user or Fibre Channel read-write user.
The fc srp itl command configures new ITLs and sets policies to control access that the SCSI RDMA Protocol (SRP) initiator has to the Fibre Channel storage devices on a per-lun basis. An "initiator-target-lun" (ITL) identifies a fully-configured link between an initiator and storage.
Once an ITL entry is created, the gateway-portmask-policy setting is independent of its IT entry. You may change the setting on a per ITL basis. However, a port is accessible for an ITL only when the port is accessible for both the IT and ITL entries.
The port list specified in this command creates an accumulative effect to the actual gateway-portmask-policy. For example, if your current mask is 2/1 and 2/2, after a command of "config fc srp itl gateway-portmask-policy restricted 2/1" the result of the mask for this itl would be "2/2." The same effect applies to the no-command for gateway-portmask-policy.
We recommend that you create ITLs with the discover-itl keyword in the CLI or the Discover LUNs button in Element Manager.
:
Examples
This example denies the initiator access to port 1 of Fibre Channel interface card 6 for this ITL.
SFS-7000P(config)# fc srp itl 00:00:2c:90:01:1b:b7:40 00:00:00:00:00:00:00:00 21:00:00:04:cf:75:6b:3b 00:00:00:00:00:00:00:00 gateway-portmask-policy restricted 6/1
The following example creates a SRP LUN and maps a LU to it.SFS-7000P(config)# fc srp itl 00:02:c9:01:07:fc:64:a0 00:00:00:00:00:00:00:00 21:00:00:04:cf:fb:8c:87 00:00:00:00:00:00:00:00 srp-lunid 01:01:01:01:01:01:01:01 logical-id 0103000820000004cffb8c870000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000Related Commands
fc srp lu
fc srp target
show fc srp-global
show fc srp initiator
show fc srp it
show fc srp itl
show fc srp lufc srp lu
To configure a logical unit, enter the fc srp lu command in Global Configuration mode. To delete a logical unit or to set a LU attribute to the factory default value, use the no form of this command.
fc srp lu logical-id {description "descr" | device-category {random target wwpn | sequential target wwpn} | dynamic-gateway-port-failover [default] | dynamic-gateway-port-loadbalancing [default] | dynamic-path-affinity [default] | io-hi-mark mark [default] | max-retry retry [default] | min-io-timeout timeout [default] | target wwpn}
no fc srp lu logical-id {dynamic-gateway-port-failover | dynamic-gateway-port-loadbalancing | dynamic-path-affinity | target}
Syntax Description
Defaults
Refer to the Syntax Description for default behavior and values.
Command Modes
Global Configuration (config) mode.
Usage Guidelines
Platform Availability:
Cisco SFS 3001, Cisco SFS 3012
Privilege Level:
Unrestricted read-write user or Fibre Channel read-write user.
Use the fc srp lu command to configure LU attributes.
We recommend that you do not manually create LUs. We recommend that you let your gateway card(s) detect LUs. The gateway card automatically creates LU entries when it discovers LUs.
For the following settings, the LU entry gets the default from srp-global settings at entry creation time depending on the LU category.
Once a LU entry is created, the LU settings are independent of the srp-global. You may change the settings on a per LU basis using this command.
Table 3-2 provides usage guidelines for this command.
Examples
The following example assigns a name to more easily identify the LU.
SFS-7000P(config)# fc srp lu 0103000820000004cf86a01f000000000000000000000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000 description "my-LUN"Related Commands
fc srp itl
show fc srp initiator
show interface fc
show fc srp-global
show fc srp lufc srp target
To configure targets, enter the fc srp target command in Global Configuration mode. To delete a target from the running configuration, use the no form of this command.
fc srp target wwpn {description desc | ioc-guid guid}
no fc srp target wwpn [description | service-name]
Syntax Description
Defaults
The service name serves as the default target name.
Command Modes
Global Configuration (config) mode.
Usage Guidelines
Platform Availability:
Cisco SFS 3001, Cisco SFS 3012
Privilege Level:
Unrestricted read-write user or Fibre Channel read-write user.
Use the fc srp target command to configure target attributes.
We recommend that you do not manually create targets. We recommend that you let your gateway card(s) detect targets. The gateway card automatically creates FC-SRP target entries when it discovers targets.
Examples
The following example assigns a name to more easily identify the target.
SFS-7000P(config)# fc srp target 21:00:00:04:cf:75:6b:3b description jumbalya
Related Commands
fc srp itl
show interface fc
show fc srp initiatorfc srp-global gateway-portmask-policy restricted
To deny new initiators port access to FC gateway ports, enter the fc srp-global gateway-portmask-policy restricted command in Global Configuration mode. To grant port access to new initiators, enter the no form of this command.
fc srp-global gateway-portmask-policy restricted
no fc srp-global gateway-portmask-policy restricted
Syntax Description
This command has no arguments or keywords.
Defaults
Restricted
Command Modes
Global Configuration (config) mode.
Usage Guidelines
Platform Availability:
Cisco SFS 3001, Cisco SFS 3012
Privilege Level:
Unrestricted read-write user or Fibre Channel read-write user.
Apply the default policy to new ITs and ITLs to restrict access so new SRP initiators do not use the Fibre Channel gateway or see the Fibre Channel fabric. If you do not restrict access, new SRP initiators can communicate through the FC gateway ports. You can modify access policies on an individual basis with the fc srp itl command.
Note Policies only apply to ITs and ITLs that you create after you configure the policies.
Examples
The following example denies port access to all new ITLs.
SFS-7000P(config)# fc srp-global gateway-portmask-policy restricted
Related Commands
show fc srp initiator
show interface fcfc srp-global itl
To configure the default attributes that your Server Switch assigns to all new ITLs, enter the fc srp-global itl command in Global Configuration mode. To configure any attribute to an empty string or disable an attribute, use the no form of this command.
fc srp-global itl [sequential] {dynamic-gateway-port-failover | dynamic-gateway-port-loadbalancing | dynamic-path-affinity | io-hi-mark mark | max-retry retry | min-io-timeout timeout}
no fc srp-global itl [sequential] {dynamic-gateway-port-failover | dynamic-gateway-port-loadbalancing | dynamic-path-affinity | io-hi-mark | max-retry | min-io-timeout}
Syntax Description
Defaults
By default, the fc srp-global itl command configures ITLs for random (non-sequential) targets. For additional default values, see Table 3-3.
Command Modes
Global Configuration (config) mode.
Usage Guidelines
Platform Availability:
Cisco SFS 3001, Cisco SFS 3012
Privilege Level:
Unrestricted read-write user or Fibre Channel read-write user.
Table 3-3 provides usage guidelines for this command.
Examples
The following example sets the I/O high mark of the ITL to 32.
SFS-7000P(config)fc srp itl 00:05:ad:00:00:01:29:c5 00:00:00:00:00:00:00:00 21:00:00:04:cf:f6:c2:ab 00:00:00:00:00:00:00:00 io-hi-mark 32Related Commands
show interface fc
show fc srp-globalfc srp-global lun-policy restricted
To enable LUN masking on all new ITs and ITLs, enter the fc srp-global lun-policy restricted command in Global Configuration mode. To disable default LUN masking, use the no form of this command.
fc srp-global lun-policy restricted
no fc srp-global lun-policy restricted
Syntax Description
This command has no arguments or keywords.
Command Modes
Global Configuration (config) mode.
Usage Guidelines
Platform Availability:
Cisco SFS 3001, Cisco SFS 3012
Privilege Level:
Unrestricted read-write user or Fibre Channel read-write user.
Enable global LUN masking to deny LUN access to new initiators so that they cannot communicate with SAN nodes until you grant them access on an individual basis. Disable LUN masking to grant new ITLs immediate access to all LUNs.
Note An initiator requires both port and LUN access before it can successfully access a LUN. To grant port access, use the fc srp-global gateway-portmask-policy restricted, fc srp it and fc srp itl commands.
Note Policies only apply to ITs and ITLs that you create after you configure the policies.
Examples
The following example denies all new initiators access to all LUNs.
SFS-7000P(config)# fc srp-global lun-policy restricted
Defaults
Restricted
Related Commands
authentication
radius-server
fc srp it
fc srp itl
fc srp-global gateway-portmask-policy restricted
show fc srp-global