Cisco Nexus 5000 Series NX-OS Software Configuration Guide

Index

Symbols

* (asterisk)

autolearned entries 45-14

first operational port 36-16

port security wildcards 45-10

Numerics

1-Gigabit speed

configuring 5-5

A

AAA

accounting 16-2

authentication 16-2

authorization 16-2

benefits 16-2

configuration process 16-7

configuring 16-6 to 16-12

default settings 16-13

description 16-1

DHCHAP authentication 44-9

enabling MSCHAP authentication 16-9

example configuration 16-13

field descriptions 16-1

guidelines 16-6

limitations 16-6

monitoring TACACS+ servers 18-3

prerequisites 16-5

TACACS+ server groups 17-15, 18-8, 18-14

user login process 16-4

verifying configurations 16-13

AAA accounting

adding rule methods 16-1

changing rule methods 16-1

configuring default methods 16-10

deleting rule methods 16-1

rearranging rule methods 16-1

AAA accounting logs

clearing 16-12

displaying 16-12

AAA authentication rules

adding methods 16-1

changing methods 16-1

deleting methods 16-1

rearranging methods 16-1

AAA login authentication

configuring console methods 16-7

configuring default methods 16-8

AAA logins

enabling authentication failure messages 16-8

AAA protocols

RADIUS 16-1

TACACS+ 16-1

AAA server groups

description 16-3

AAA servers

specifying SNMPv3 parameters 16-11, 16-12

specifying user roles 16-12

specifying user roles in VSAs 16-11

AAA services

configuration options 16-3

remote 16-2

security 16-1

accounting

description 16-2

active zone sets

considerations 38-4

enabling distribution 38-13

address allocation cache

description 33-20

administrative speeds

configuring 32-10

administrative states

description 32-5

setting 32-9

administrators

default passwords 3-10

aging time

accelerated

for MSTP 9-21

maximum

for MSTP 9-22

authentication

description 16-2

fabric security 44-1

local 16-2

methods 16-3

remote 16-2

user login 16-4

authentication, authorization, and accounting. See AAA

authorization

description 16-2

user login 16-4

auto mode

configuring 32-10

auto port mode

description 32-4

autosensing speed 32-10

B

BB_credits

configuring 32-12

description 32-6

displaying information 32-17

reason codes 32-6

bit errors

reasons 32-11

bit error thresholds

configuring 32-11

description 32-11

blocking state, STP 8-12

BPDU guard

See STP BPDU guard

bridge ID

See STP bridge ID

broadcast storms

see traffic-storm control

Brocade

native interop mode 43-9

buffer-to-buffer credits. See BB_credits

build fabric frames

description 33-3

C

Call Home

description 26-1, 27-1

message format options 26-2

call home

smart call home feature 26-4

Call Home destination profiles

attributes 26-8

Call Home messages

configuring levels 26-4

format options 26-2

call home notifications

full-txt format for syslog 26-19

XML format for syslog 26-19

CDP

configuring 5-6

CFS

configuring for NTP 3-17

Cisco

vendor ID 16-11, 17-3

cisco-av-pair

specifying AAA user parameters 16-11, 16-12

CIST regional root

See MSTP

CIST root

See MSTP

community ports 7-3

community VLANs 7-2, 7-3

company IDs

FC ID allocations 43-7

configuring LACP 11-10

configuring NPV 34-6

consoles

configuring AAA login authentication methods 16-7

Contiguous Domain ID Assignments

About 33-13

D

daylight saving time

adjusting for 3-14

dead time intervals

configuring for FSPF 40-7

description 40-7

debounce timer 5-4

configuring 5-7

default settings

AAA 16-13

RBAC 22-10

rollback 23-4

default users

description 3-9

default VSANs

description 37-8

default zones

configuring 38-10

configuring access permissions 38-10

configuring policies 38-8

description 38-9

interoperability 43-10

policies 38-10

destination IDs

exchange based 36-3

flow based 36-3

in-order delivery 40-10

path selection 37-10

device alias databases

committing changes 39-6

disabling distribution 39-7

discarding changes 39-6

distribution to fabric 39-5

enabling distribution 39-7

locking the fabric 39-6

merging 39-8

overriding fabric locks 39-7

device aliases

comparison with zones (table) 39-2

creating 39-3

creating (procedure) 39-6

default settings 39-10

description 39-1

displaying information 39-9

displaying zone set information 39-9

enhanced mode 39-4

features 39-1

import legacy zone aliases 39-8

modifying databases 39-2

requirements 39-2

using 39-8

zone alias conversion 39-8

device IDs

call home format 26-16

DHCHAP

AAA authentication 44-9

authentication modes 44-4

compatibility with other NX-OS features 44-3

configuring 44-3

configuring AAA authentication 44-9

default settings 44-11

description 44-2

displaying security information 44-9

enabling 44-4

group settings 44-6

hash algorithms 44-5

passwords for local switches 44-6

passwords for remote devices 44-7

sample configuration 44-9

timeout values 44-8

See also FC-SP 44-1

diagnostics

configuring 24-3

default settings 24-4

expansion modules 24-3

health monitoring 24-2

runtime 24-2

Diffie-Hellman Challenge Handshake Authentication Protocol. See DHCHAP

documentation

additional publications 1-ii

related documents 1-ii

domain IDs

allowed lists 33-9

assignment failures 32-7

configuring allowed lists 33-10

configuring CFS distribution 33-10, 33-13

configuring fcalias members 38-10

contiguous assignments 33-13

description 33-7

distributing 33-1

enabling contiguous assignments 33-13

interoperability 43-10

preferred 33-9

static 33-9

domain manager

fast restart feature 33-3

isolation 32-7

drop latency time

configuring 40-13

configuring for FSPF in-order delivery 40-14

displaying information 40-14

E

EFMD

displaying statistics 46-7

fabric binding 46-1

fabric binding initiation 46-3

EISLs

port channel links 36-1

e-mail notifications

Call Home 26-1

enhanced zones

advantages over basic zones 38-18

changing from basic zones 38-19

configuring default full database distribution 38-23

configuring default policies 38-22

configuring default switch-wide zone policies 38-23

default settings 38-24

description 38-18

displaying information 38-23

enabling 38-20

merging databases 38-21

modifying database 38-20

E port mode

classes of service 32-3

description 32-3

E ports

configuring 32-9

fabric binding checking 46-2

FCS support 47-1

FSPF topologies 40-1

isolation 32-7

recovering from link isolations 38-14

trunking configuration 35-3

ethanalyzer 50-3

examples

AAA configurations 16-13

Exchange Fabric Membership Data. See EFMD

exchange IDs

in-order delivery 40-10

load balancing 50-5

path selection 37-10

exchange link parameter. See ELP

executing a session 23-3

expansion port mode. See E port mode

extended range VLANs

See VLANs

F

fabric binding

activation 46-4

checking for E ports 46-2

checking for TE ports 46-2

clearing statistics 46-6

compatibility with DHCHAP 44-3

copying to config database 46-5

copying to configuration file (procedure) 46-6

creating config database (procedure) 46-6

default settings 46-7

deleting databases 46-6

deleting from config database (procedure) 46-6

description 46-1

disabling 46-3

EFMD 46-1

enabling 46-3

enforcement 46-2

forceful activation 46-5

forceful deactivation 46-5

initiation process 46-3

licensing requirements 46-1

port security comparison 46-1

saving to config database 46-5

sWWN lists 46-4

verifying status 46-3

viewing active databases (procedure) 46-6

viewing EFMD statistics (procedure) 46-6

viewing violations (procedure) 46-6

Fabric Configuration Servers. See FCSs

Fabric-Device Management Interface. See FDMI

fabric login. See FLOGI

fabric port mode. See F port mode

fabric pWWNs

zone membership 38-2

fabric reconfiguration

fcdomain phase 33-1

fabrics

See also build fabric frames

fabrics. See RCFs;build fabric frames 33-3

fabric security

authentication 44-1

default settings 44-11

Fabric Shortest Path First. See FSPF

fabric WWNs. See fWWNs

fault tolerant fabrics

example (figure) 40-2

fcaliases

adding members 38-11

cloning 38-16

configuring for zones 38-10

creating 38-11

renaming 38-16

using 39-8

fcdomains

autoreconfigured merged fabrics 33-6

configuring CFS distribution 33-10, 33-13

default settings 33-20

description 33-1

disabling 33-5

displaying information 33-18, 33-19

domain IDs 33-7

domain manager fast restart 33-3

dsiplaying statistics 33-20

enabling 33-5

enabling autoreconfiguration 33-6

incoming RCFs 33-5

initiation 33-5

overlap isolation 32-7

restarts 33-3

switch priorities 33-4

FC IDs

allocating 33-1, 43-6

allocating default company ID lists 43-7

allocation for HBAs 43-6

configuring fcalias members 38-10

description 33-14

persistent 33-14

fcping

default settings 50-16

invoking 50-7

verifying switch connectivity 50-7

FC-SP

authentication 44-1

enabling 44-4

enabling on ISLs 44-9

See also DHCHAP 44-1

FCSs

characteristics 47-2

configuring names 47-2

creating platform using Device Manager 47-4

default settings 47-4

description 47-1

displaying fabric ports using Device Manager 47-4

displaying information 47-3

fctimers

displaying configured values 43-4

distribution 43-3

fctrace

default settings 50-16

invoking 50-5

FDMI

description 41-4

displaying database information 41-4

Fibre Channel

sWWNs for fabric binding 46-4

timeout values 43-1

TOVs 43-2

Fibre Channel domains. See fcdomains

Fibre Channel interfaces

administrative states 32-5

BB_credits 32-6

configuring 32-8

configuring auto port mode 32-10

configuring bit error thresholds 32-11

configuring descriptions 32-9

configuring frame encapsulation 32-11

configuring port modes 32-9

configuring speeds 32-10

default settings 32-17

deleting from port channels 36-11

disabling 32-9

displaying information 32-15

displaying VSAN membership 37-7

enabling 32-9

operational states 32-5

reason codes 32-5

states 32-4

See also interfaces 32-4

Fibre Channel Security Protocol. See FC-SP

field descriptions

AAA 16-1

TACACS+ 18-14

FLOGI

description 41-1

displaying details 41-1

flow statistics

clearing 40-15

counting 40-15

description 40-15

displaying 40-16

forward-delay time

MSTP 9-21

F port mode

classes of service 32-4

description 32-3

F ports

configuring 32-9

description 32-3

See also Fx ports

frame encapsulation

configuring 32-11

FSCN

displaying databases 42-3

FSPF

clearing counters 40-9

clearing VSAN counters 40-5

computing link cost 40-6

configuring globally 40-3

configuring Hello time intervals 40-6

configuring link cost 40-6

configuring on a VSAN 40-4

configuring on interfaces 40-5

dead time intervals 40-7

default settings 40-16

description 40-1

disabling 40-5

disabling on interfaces 40-8

disabling routing protocols 40-5

displaying database information 40-16

displaying global information 40-16

enabling 40-5

fault tolerant fabrics 40-2

in-order delivery 40-10

interoperability 43-11

link state record defaults 40-3

reconvergence times 40-2

redundant links 40-2

resetting configuration 40-4

resetting to defaults 40-4

retransmitting intervals 40-7

routing services 40-1

topology examples 40-2

FSPF routes

configuring 40-9

description 40-9

full zone sets

considerations 38-4

enabling distribution 38-13

fWWNs

configuring fcalias members 38-10

Fx ports

VSAN membership 37-4

G

GOLD diagnostics

configuring 24-3

expansion modules 24-3

health monitoring 24-2

runtime 24-2

graces period alerts

licenses 4-8

H

hard zoning

description 38-12

HBA ports

configuring area FCIDs 33-16

HBAs

FC ID allocations 43-6

health monitoring diagnostics

information 24-2

hello time

MSTP 9-21

Hello time intervals

configuring for FSPF 40-6

description 40-6

host ports

kinds of 7-3

I

IDs

Cisco vendor ID 16-11, 17-3

serial IDs 26-16

IEEE 802.1w

See RSTP

indirect link failures

recovering 48-1

in-order delivery

configuring drop latency time 40-13

displaying status 40-13

enabling for VSANs 40-12

enabling globally 40-12

guidelines 40-12

reordering network frames 40-11

reordering port channel frames 40-11

interfaces

1-Gigabit speed

configuring 5-5

adding to port channels 36-9, 36-10

assigning to VSANs 37-7

CDP

configuring 5-6

configuring descriptions 32-9

configuring fcalias members 38-11

configuring receive data field size 32-11

debounce timer

configuring 5-7

deleting from port channels 36-11

displaying information 32-15

displaying SFP information 32-16

forced addition to port channels 36-11

isolated states 36-10

SFP types 32-15

suspended states 36-10

UDLD

configuring 5-4

defined 5-2

VSAN membership 37-6

interface speed 5-4

interface statistics

description 32-15

interoperability

configuring interop mode 1 43-10

description 43-9

verifying status 43-12

VSANs 37-11

interop modes

configuring mode 1 43-10

default settings 43-15

description 43-9

IOD. See in-order delivery

ISLs

port channel links 36-1

isolated port 7-3

isolated VLANs 7-2, 7-3

isolated VSANs

description 37-8

displaying membership 37-8

L

LACP 11-1, 11-10

system ID 11-5

license key files

description 4-2

installing key files 4-4

updating 4-4

licenses

backing up 4-5

claim certificates 4-1

displaying information 4-5

evaluation 4-2

grace period alerts 4-8

grace period expiration 4-8

grace periods 4-2

host IDs 4-1

identifying features in use 4-6

incremental 4-2

installation options 4-2

installing key files 4-4

installing manually 4-3

missing 4-2

node-locked 4-1

obtaining factory-installed 4-3

obtaining key files 4-4

PAK 4-2

permanent 4-2

terminology 4-1

transferring between switches 4-9

uninstalling 4-6

updating 4-7

Link Aggregation Control Protocol 11-1

link costs

configuring for FSPF 40-6

description 40-6

Link Failure

detecting unidirectional 8-14, 9-8

link failures

recovering 48-1

load balancing

attributes 37-10

attributes for VSANs 37-5

configuring 37-10

description 36-2, 37-10

guarantees 37-10

port channels 36-1

logical unit numbers. See LUNs

LUNs

displaying discovered SCSI targets 42-3

M

MAC addresses

configuring secondary 43-6

management access

description 3-12

management interfaces

displaying information 3-21

using force option during shutdown 3-21

management interfaces. See mgmt0 interfaces

maximum aging time

MSTP 9-22

maximum hop count, MSTP 9-22

McData

native interop mode 43-9

merged fabrics

autoreconfigured 33-6

mgmt0 interfaces

configuring 3-20

description 3-19

Microsoft Challenge Handshake Authentication Protocol. See MSCHAP

MSCHAP

enabling authentication 16-9

MST

CIST regional root 9-5

setting to default values 9-14

MSTP

boundary ports

described 9-7

CIST, described 9-4

CIST regional root 9-5

CIST root 9-6

configuring

forward-delay time 9-21

hello time 9-21

maximum aging time 9-22

maximum hop count 9-22

MST region 9-13

port priority 9-18, 9-19

root switch 9-16

secondary root switch 9-17

switch priority 9-20

CST

defined 9-4

operations between regions 9-5

enabling the mode 9-13

IEEE 802.1s

terminology 9-6

IST

defined 9-4

master 9-5

operations within a region 9-4

mapping VLANs to MST instance 9-14

MST region

CIST 9-4

configuring 9-13

described 9-2

hop-count mechanism 9-7

IST 9-4

supported spanning-tree instances 9-2

multicast storms

see traffic-storm control

N

name servers

displaying database entries 41-3

interoperability 43-11

LUN information 42-1

proxy feature 41-2

registering proxies 41-2

rejecting duplicate pWWNs 41-2

Network Time Protocol. See NTP

NPIV

description 32-13

enabling 32-14

NP links 34-2

N port identifier virtualization. See NPIV

N ports

FCS support 47-1

fctrace 50-5

hard zoning 38-12

zone enforcement 38-12

zone membership 38-2

See also Nx ports

NP-ports 34-1

NPV, configuring 34-6

NTP

configuration guidelines 3-16

configuring 3-15

configuring CFS distribution 3-17

O

operational states

configuring on Fibre Channel interfaces 32-9

description 32-5

P

passwords

administrator 3-8

default for administrators 3-10

DHCHAP 44-6, 44-7

setting administrator default 3-9

strong characteristics 22-2

persistent FC IDs

configuring 33-15

description 33-14

displaying 33-19

enabling 33-15

purging 33-18

PLOGI

name server 41-3

Port Channel

STP 11-1

port channeling 11-1

port channel modes

description 36-7

PortChannel Protocol

converting autocreated groups to manually configured 36-15

port channel Protocol

autocreation 36-14

creating channel group 36-13

description 36-12

port channel protocol

configuring autocreation 36-15

enabling autocreation 36-15

PortChannels

default settings 36-17

show tech-support port-channel command 50-14

verifying configurations 36-16, 36-17

port channels

adding interfaces 36-9, 36-10

administratively down 32-7

comparison with trunking 36-2

compatibility checks 36-10

compatibility with DHCHAP 44-3

configuration guidelines 36-6

configuring 36-9

configuring Fibre Channel routes 40-9

deleting 36-8

deleting interfaces 36-11

description 36-1

forcing interface additions 36-11

in-order guarantee 40-12

interface states 36-10

interoperability 43-10

link changes 40-11

link failures 40-2

load balancing 36-2

misconfiguration error detection 36-6

PortFast BPDU filtering

See STP PortFast BPDU filtering

port modes

auto 32-4

port priority

MSTP 9-18, 9-19

ports

VSAN membership 37-6

port security

activating 45-5

activation 45-2

activation rejection 45-6

adding authorized pairs 45-11

auto-learning 45-2

compatibility with DHCHAP 44-3

configuration guidelines 45-3

configuring CFS distribution 45-12

configuring manually without auto-learning 45-9

deactivating 45-5

default settings 45-19

deleting entries from database (procedure) 45-12

disabling 45-5

displaying configuration 45-18

displaying settings (procedure) 45-7

displaying statistics (procedure) 45-7

displaying violations (procedure) 45-7

enabling 45-5

enforcement mechanisms 45-2

fabric binding comparison 46-1

forcing activation 45-6

license requirement 45-1

preventing unauthorized accesses 45-1

WWN identification 45-10

port security auto-learning

authorization examples 45-8

description 45-2

device authorization 45-8

disabling 45-8

distributing configuration 45-13

enabling 45-7

guidelines for configuring with CFS 45-3

guidelines for configuring without CFS 45-4

port security databases

cleaning up 45-18

copying 45-17

copying active to config (procedure) 45-7

deleting 45-18

displaying configuration 45-19

interactions 45-15

manual configuration guidelines 45-4

merge guidelines 45-14

reactivating 45-6

scenarios 45-15

port speeds

configuring 32-10

port tracking

default settings 48-7

description 48-1

displaying information 48-6

enabling 48-3

guidelines 48-2

monitoring ports in a VSAN 48-5

multiple ports 48-4

shutting down ports forcefully 48-5

port world wide names. See pWWNs

preshared keys

TACACS+ 18-3

primary VLANs 7-2

principal switches

assigning domain ID 33-9

configuring 33-10

private VLANs

community VLANs 7-2, 7-3

end station access to 7-5

isolated VLANs 7-2, 7-3

ports

community 7-3

isolated 7-3

promiscuous 7-3

primary VLANs 7-2

secondary VLANs 7-2

promiscuous ports 7-3

proxies

registering for name servers 41-2

pWWNs

configuring fcalias members 38-10

rejecting duplicates 41-2

zone membership 38-2

R

RADIUS

configuring global preshared keys 17-6

configuring servers 17-4 to 17-13

configuring timeout intervals 17-9

confiugring tranmission retry counts 17-9

default settings 17-15

description 17-1 to 17-4

example configurations 17-15

network environments 17-1

operation 17-2

prequisites 17-4

specifying server at login 17-9

verifying configuration 17-14

VSAs 17-3

RADIUS server groups

configuring 17-8

RADIUS servers

configuring accounting attributes 17-11

configuring authentication attributes 17-11

configuring dead-time intervals 17-13

configuring hosts 17-5

configuring periodic monitoring 17-12

configuring preshared keys 17-7

configuring timeout interval 17-10

confiugring tranmission retry count 17-10

deleting hosts 17-13

displaying statistics 17-14

example configurations 17-15

manually monitoring 17-13

monitoring 17-2

verifying configuration 17-14

Rapid Spanning Tree Protocol

See RSTP

RBAC

default settings 22-10

RCFs

description 33-3

incoming 33-5

rejecting incoming 33-6

read-only zones

default settings 38-24

reason codes

description 32-5

reconfigure fabric frames. See RCFs

reduced MAC address 8-3

redundancy

VSANs 37-4

redundant physical links

example (figure) 40-2

Registered State Change Notifications. See RSCNs

reserved-range VLANs

See VLANs

retransmitting intervals

configuring for FSPF 40-8

description 40-7

roles

authentication 22-1

rollback

checkpoint copy 23-1

creating a checkpoint copy 23-1

default settings 23-4

deleting a checkpoint file 23-1

description 23-1

example configuration 23-1

guidelines 23-1

high availability 23-1

implementing a rollback 23-1

limitations 23-1

reverting to checkpoint file 23-1

verifying configuration 23-4

root guard

See STP root guard

root switch

MSTP 9-16

route costs

computing 40-6

RSCNs

clearing statistics 41-6

default settings 41-10

description 41-4

displaying information 41-5

multiple port IDs 41-5

suppressing domain format SW-RSCNs 41-6

RSCN timers

configuration distribution using CFS 41-7

configuring 41-6

displaying configuration 41-7

RSTP

active topology 8-10

BPDU

processing 8-14

designated port, defined 8-10

designated switch, defined 8-10

proposal-agreement handshake process 8-7

rapid convergence 8-7

point-to-point links 8-7

root ports 8-7

root port, defined 8-10

See also MSTP

runtime checks

static routes 40-9

runtime diagnostics

information 24-2

S

scalability

VSANs 37-4

SCSI

displaying LUN discovery results 42-3

SCSI LUNs

customized discovery 42-2

discovering targets 42-1

displaying information 42-2

starting discoveries 42-1

SD port mode

description 32-4

interface modes 32-4

SD ports

configuring 32-9

secondary MAC addresses

configuring 43-6

secondary VLANs 7-2

serial IDs

description 26-16

server groups. See AAA server groups

server IDs

description 26-17

session manager 23-3

committing a session 23-3

configuring ACLs 23-2

configuring an ACL session (example) 23-3

creating a session 23-2

description 23-1

discarding a session 23-3

guidelines 23-1

limitations 23-1

saving a session 23-3

verifying configuration 23-4

verifying the session 23-3

SFPs

displaying transmitter types 32-16

transmitter types 32-15

small computer system interface. See SCSI

smart call home

description 26-4

registration requirements 26-5

Transport Gateway (TG) aggregation point 26-5

SMARTnet

smart call home registration 26-5

SNMP

access groups 27-4

assigning contact 27-11

assigning location 27-11

configuring LinkUp/LinkDown notifications 27-10, 27-11

group-based access 27-4

server contact name 26-5

user synchronization with CLI 27-4

Version 3 security features 27-2

SNMP (Simple Network Management Protocol)

versions

security models and levels 27-2

SNMPv3

assigning multiple roles 27-6

security features 27-2

specifying AAA parameters 16-11

specifying parameters for AAA servers 16-12

soft zoning

description 38-12

See also zoning

source IDs

call home event format 26-16

exchange based 36-3

flow based 36-3

in-order delivery 40-10

path selection 37-10

SPAN

egress sources 49-1

sources for monitoring 49-1

SPAN destination port mode. See SD port mode

SPAN sources

egress 49-1

ingress 49-1

SPF

computational hold times 40-3

SSH

generating server key-pairs 19-1

static routes

runtime checks 40-9

statistics

TACACS+ 18-13

storage devices

access control 38-1

STP

edge ports 8-7, 10-2

network ports 10-2

normal ports 10-2

Port Channel 11-1

PortFast 8-7, 10-2

port types 10-2

understanding

Blocking State 8-12

disabled state 8-13

forwarding state 8-12

learning state 8-12

root bridge election 8-5

STP bridge ID 8-3

STP root guard 10-5

summer time

adjusting for 3-14

Switched Port Analyzer. See SPAN

switch ports

configuring attribute default values 32-13

switch priorities

configuring 33-4

default 33-4

description 33-4

switch priority

MSTP 9-20

sWWNs

configuring for fabric binding 46-4

T

TACACS+

advanages over RADIUS 18-2

configuring 18-4, 18-13

configuring global preshared keys 18-6

configuring global timeout interval 18-9

description 18-1

disabling 18-13

displaying statistics 18-13

enabling 18-5

example configurations 18-14

field descriptions 18-14

global preshared keys 18-3

limitations 18-4

prerequisites 18-3

preshared key 18-3

specifying TACACS+ servers at login 18-9

user login operation 18-2

verifying configuration 18-14

TACACS+ server

configuring dead-time interval 18-12

TACACS+ servers

configuration process 18-4

configuring hosts 18-5, 18-13

configuring periodic monitoring 18-11

configuring preshared keys 18-7

configuring server groups 17-15, 18-8, 18-14

configuring TCP ports 18-10

configuring timeout interval 18-10

displaying statistics 18-13

field descriptions 18-14

manually monitoring 18-13

monitoring 18-3

verifying configuration 18-14

TCP ports

TACACS+ servers 18-10

TE port mode

classes of service 32-4

description 32-4

TE ports

fabric binding checking 46-2

FCS support 47-1, 47-2

fctrace 50-6

FSPF topologies 40-1

interoperability 43-10

recovering from link isolations 38-14

trunking restrictions 35-1

timeout values. See TOVs

TOVs

configuring across all VSANs 43-2

configuring for a VSAN 43-2

default settings 43-15

interoperability 43-10

ranges 43-1

tracked ports

binding operationally 48-3

traffic isolation

VSANs 37-4

trap notifications 27-2

troubleshooting

collecting output for technical support 50-8

fcping 50-6

fctrace 50-5

show tech-support command 50-8

verifying switch connectivity 50-7

trunk-allowed VSAN lists

description 35-4

trunking

comparison with port channels 36-2

configuration guidelines 35-1

configuring modes 35-3

default settings 35-7

description 35-1

displaying information 35-6

interoperability 43-10

link state 35-3

merging traffic 35-2

restrictions 35-1

trunking E port mode. See TE port mode

trunking ports

associated with VSANs 37-7

trunking protocol

default settings 35-7

default state 35-2

description 35-2

detecting port isolation 35-2

trunk mode

administrative default 32-14

configuring 35-3, 35-4

default settings 35-7

trunk ports

displaying information 35-7

U

UDLD

aggressive mode 5-3

configuring 5-4

defined 5-2

nonaggressive mode 5-3

unicast storms

see traffic-storm control

Unidirectional Link Detection. See UDLD.

unique area FC IDs

configuring 33-16

description 33-16

user accounts

password characteristics 22-2

user login

authentication process 16-4

authorization process 16-4

user logins

configuring AAA login authentication methods 16-8

user roles

specifying on AAA servers 16-11, 16-12

users

description 22-1

V

vendor-specific attributes. See VSAs

Virtual Fibre Channel interfaces

default settings 32-17

VLANs

extended range 6-2

reserved range 6-2

VTP domain 6-3

VSAN IDs

allowed list 35-7

description 37-5

multiplexing traffic 32-4

range 37-4

VSAN membership 37-4

VSANs

advantages 37-3

allowed-active 35-1

cache contents 33-20

comparison with zones (table) 37-4

compatibility with DHCHAP 44-3

configuring 37-6

configuring allowed-active lists 35-6

configuring FSPF 40-3

configuring trunk-allowed lists 35-4, 35-6

default settings 37-11

default VSANs 37-8

deleting 37-9

description 37-1

displaying configuration 37-11

displaying membership 37-7

displaying usage 37-11

domain ID automatic reconfiguration 33-6

FC IDs 37-1

FCS support 47-1

features 37-1

flow statistics 40-14

FSPF 40-4

FSPF connectivity 40-1

interop mode 43-10

isolated 37-8

load balancing 37-10

load balancing attributes 37-5

mismatches 32-7

multiple zones 38-5

names 37-5

name server 41-2

operational states 37-8

port membership 37-6

port tracking 48-5

states 37-5

TE port mode 32-4

timer configuration 43-2

TOVs 43-2

traffic isolation 37-3

trunk-allowed 35-1

trunking ports 37-7

VSAs

format 16-12

protocol options 16-12, 17-4

support description 16-11

VTP

domains

VLANs 6-3

W

world wide names. See WWNs

WWNs

configuring 43-5

displaying information 43-5

link initialization 43-6

port security 45-10

secondary MAC addresses 43-6

suspended connections 32-7

Z

zone aliases

conversion to device aliases 39-8

importing 39-8

zone attribute groups

cloning 38-16

zone databases

migrating a non-MDS database 38-17

release locks 38-21

zone members

adding to zones 38-8

converting to pWWN members 38-11

displaying information 38-9

zones

access control 38-9

adding to zone sets 38-11

adding zone members 38-8

analyzing 38-24

backing up (procedure) 38-16

changing from enhanced zones 38-20

cloning 38-16

compacting for downgrading 38-23

comparison with device aliases (table) 39-2

comparison with VSANs (table) 37-4

configuring 38-11

configuring aliases 38-10

configuring fcaliases 38-10

default policies 38-2

default settings 38-24

displaying information 38-17

editing full zone databases 38-8

enforcing restrictions 38-12

exporting databases 38-14

features 38-1, 38-4

importing databases 38-14

membership using pWWNs 37-4

merge failures 32-7

renaming 38-16

restoring (procedure) 38-16

show tech-support zone command 50-12

viewing information 38-18

See also default zones

See also enhanced zones

See also hard zoning;soft zoning 38-12

See also zoning;zone sets 38-2

zone server databases

clearing 38-17

zone sets

activating 38-9

adding member zones 38-11

analyzing 38-24

cloning 38-16

configuring 38-8

considerations 38-4

copying 38-15

creating 38-8, 38-11

default settings 38-24

displaying information 38-17

distributing configuration 38-13

enabling distribution 38-13

exporting 38-15

exporting databases 38-14

features 38-1

importing 38-15

importing databases 38-14

one-time distribution 38-13

recovering from link isolations 38-14

renaming 38-16

viewing information 38-18

See also active zone sets

See also active zone sets;full zone sets 38-5

See also zones;zoning 38-2

zoning

description 38-1

example 38-3

implementation 38-4

See also zones;zone sets 38-1

Index

Symbols

* (asterisk)

autolearned entries 45-14

first operational port 36-16

port security wildcards 45-10

Numerics

1-Gigabit speed

configuring 5-5

A

AAA

accounting 16-2

authentication 16-2

authorization 16-2

benefits 16-2

configuration process 16-7

configuring 16-6 to 16-12

default settings 16-13

description 16-1

DHCHAP authentication 44-9

enabling MSCHAP authentication 16-9

example configuration 16-13

field descriptions 16-1

guidelines 16-6

limitations 16-6

monitoring TACACS+ servers 18-3

prerequisites 16-5

TACACS+ server groups 17-15, 18-8, 18-14

user login process 16-4

verifying configurations 16-13

AAA accounting

adding rule methods 16-1

changing rule methods 16-1

configuring default methods 16-10

deleting rule methods 16-1

rearranging rule methods 16-1

AAA accounting logs

clearing 16-12

displaying 16-12

AAA authentication rules

adding methods 16-1

changing methods 16-1

deleting methods 16-1

rearranging methods 16-1

AAA login authentication

configuring console methods 16-7

configuring default methods 16-8

AAA logins

enabling authentication failure messages 16-8

AAA protocols

RADIUS 16-1

TACACS+ 16-1

AAA server groups

description 16-3

AAA servers

specifying SNMPv3 parameters 16-11, 16-12

specifying user roles 16-12

specifying user roles in VSAs 16-11

AAA services

configuration options 16-3

remote 16-2

security 16-1

accounting

description 16-2

active zone sets

considerations 38-4

enabling distribution 38-13

address allocation cache

description 33-20

administrative speeds

configuring 32-10

administrative states

description 32-5

setting 32-9

administrators

default passwords 3-10

aging time

accelerated

for MSTP 9-21

maximum

for MSTP 9-22

authentication

description 16-2

fabric security 44-1

local 16-2

methods 16-3

remote 16-2

user login 16-4

authentication, authorization, and accounting. See AAA

authorization

description 16-2

user login 16-4

auto mode

configuring 32-10

auto port mode

description 32-4

autosensing speed 32-10

B

BB_credits

configuring 32-12

description 32-6

displaying information 32-17

reason codes 32-6

bit errors

reasons 32-11

bit error thresholds

configuring 32-11

description 32-11

blocking state, STP 8-12

BPDU guard

See STP BPDU guard

bridge ID

See STP bridge ID

broadcast storms

see traffic-storm control

Brocade

native interop mode 43-9

buffer-to-buffer credits. See BB_credits

build fabric frames

description 33-3

C

Call Home

description 26-1, 27-1

message format options 26-2

call home

smart call home feature 26-4

Call Home destination profiles

attributes 26-8

Call Home messages

configuring levels 26-4

format options 26-2

call home notifications

full-txt format for syslog 26-19

XML format for syslog 26-19

CDP

configuring 5-6

CFS

configuring for NTP 3-17

Cisco

vendor ID 16-11, 17-3

cisco-av-pair

specifying AAA user parameters 16-11, 16-12

CIST regional root

See MSTP

CIST root

See MSTP

community ports 7-3

community VLANs 7-2, 7-3

company IDs

FC ID allocations 43-7

configuring LACP 11-10

configuring NPV 34-6

consoles

configuring AAA login authentication methods 16-7

Contiguous Domain ID Assignments

About 33-13

D

daylight saving time

adjusting for 3-14

dead time intervals

configuring for FSPF 40-7

description 40-7

debounce timer 5-4

configuring 5-7

default settings

AAA 16-13

RBAC 22-10

rollback 23-4

default users

description 3-9

default VSANs

description 37-8

default zones

configuring 38-10

configuring access permissions 38-10

configuring policies 38-8

description 38-9

interoperability 43-10

policies 38-10

destination IDs

exchange based 36-3

flow based 36-3

in-order delivery 40-10

path selection 37-10

device alias databases

committing changes 39-6

disabling distribution 39-7

discarding changes 39-6

distribution to fabric 39-5

enabling distribution 39-7

locking the fabric 39-6

merging 39-8

overriding fabric locks 39-7

device aliases

comparison with zones (table) 39-2

creating 39-3

creating (procedure) 39-6

default settings 39-10

description 39-1

displaying information 39-9

displaying zone set information 39-9

enhanced mode 39-4

features 39-1

import legacy zone aliases 39-8

modifying databases 39-2

requirements 39-2

using 39-8

zone alias conversion 39-8

device IDs

call home format 26-16

DHCHAP

AAA authentication 44-9

authentication modes 44-4

compatibility with other NX-OS features 44-3

configuring 44-3

configuring AAA authentication 44-9

default settings 44-11

description 44-2

displaying security information 44-9

enabling 44-4

group settings 44-6

hash algorithms 44-5

passwords for local switches 44-6

passwords for remote devices 44-7

sample configuration 44-9

timeout values 44-8

See also FC-SP 44-1

diagnostics

configuring 24-3

default settings 24-4

expansion modules 24-3

health monitoring 24-2

runtime 24-2

Diffie-Hellman Challenge Handshake Authentication Protocol. See DHCHAP

documentation

additional publications 1-ii

related documents 1-ii

domain IDs

allowed lists 33-9

assignment failures 32-7

configuring allowed lists 33-10

configuring CFS distribution 33-10, 33-13

configuring fcalias members 38-10

contiguous assignments 33-13

description 33-7

distributing 33-1

enabling contiguous assignments 33-13

interoperability 43-10

preferred 33-9

static 33-9

domain manager

fast restart feature 33-3

isolation 32-7

drop latency time

configuring 40-13

configuring for FSPF in-order delivery 40-14

displaying information 40-14

E

EFMD

displaying statistics 46-7

fabric binding 46-1

fabric binding initiation 46-3

EISLs

port channel links 36-1

e-mail notifications

Call Home 26-1

enhanced zones

advantages over basic zones 38-18

changing from basic zones 38-19

configuring default full database distribution 38-23

configuring default policies 38-22

configuring default switch-wide zone policies 38-23

default settings 38-24

description 38-18

displaying information 38-23

enabling 38-20

merging databases 38-21

modifying database 38-20

E port mode

classes of service 32-3

description 32-3

E ports

configuring 32-9

fabric binding checking 46-2

FCS support 47-1

FSPF topologies 40-1

isolation 32-7

recovering from link isolations 38-14

trunking configuration 35-3

ethanalyzer 50-3

examples

AAA configurations 16-13

Exchange Fabric Membership Data. See EFMD

exchange IDs

in-order delivery 40-10

load balancing 50-5

path selection 37-10

exchange link parameter. See ELP

executing a session 23-3

expansion port mode. See E port mode

extended range VLANs

See VLANs

F

fabric binding

activation 46-4

checking for E ports 46-2

checking for TE ports 46-2

clearing statistics 46-6

compatibility with DHCHAP 44-3

copying to config database 46-5

copying to configuration file (procedure) 46-6

creating config database (procedure) 46-6

default settings 46-7

deleting databases 46-6

deleting from config database (procedure) 46-6

description 46-1

disabling 46-3

EFMD 46-1

enabling 46-3

enforcement 46-2

forceful activation 46-5

forceful deactivation 46-5

initiation process 46-3

licensing requirements 46-1

port security comparison 46-1

saving to config database 46-5

sWWN lists 46-4

verifying status 46-3

viewing active databases (procedure) 46-6

viewing EFMD statistics (procedure) 46-6

viewing violations (procedure) 46-6

Fabric Configuration Servers. See FCSs

Fabric-Device Management Interface. See FDMI

fabric login. See FLOGI

fabric port mode. See F port mode

fabric pWWNs

zone membership 38-2

fabric reconfiguration

fcdomain phase 33-1

fabrics

See also build fabric frames

fabrics. See RCFs;build fabric frames 33-3

fabric security

authentication 44-1

default settings 44-11

Fabric Shortest Path First. See FSPF

fabric WWNs. See fWWNs

fault tolerant fabrics

example (figure) 40-2

fcaliases

adding members 38-11

cloning 38-16

configuring for zones 38-10

creating 38-11

renaming 38-16

using 39-8

fcdomains

autoreconfigured merged fabrics 33-6

configuring CFS distribution 33-10, 33-13

default settings 33-20

description 33-1

disabling 33-5

displaying information 33-18, 33-19

domain IDs 33-7

domain manager fast restart 33-3

dsiplaying statistics 33-20

enabling 33-5

enabling autoreconfiguration 33-6

incoming RCFs 33-5

initiation 33-5

overlap isolation 32-7

restarts 33-3

switch priorities 33-4

FC IDs

allocating 33-1, 43-6

allocating default company ID lists 43-7

allocation for HBAs 43-6

configuring fcalias members 38-10

description 33-14

persistent 33-14

fcping

default settings 50-16

invoking 50-7

verifying switch connectivity 50-7

FC-SP

authentication 44-1

enabling 44-4

enabling on ISLs 44-9

See also DHCHAP 44-1

FCSs

characteristics 47-2

configuring names 47-2

creating platform using Device Manager 47-4

default settings 47-4

description 47-1

displaying fabric ports using Device Manager 47-4

displaying information 47-3

fctimers

displaying configured values 43-4

distribution 43-3

fctrace

default settings 50-16

invoking 50-5

FDMI

description 41-4

displaying database information 41-4

Fibre Channel

sWWNs for fabric binding 46-4

timeout values 43-1

TOVs 43-2

Fibre Channel domains. See fcdomains

Fibre Channel interfaces

administrative states 32-5

BB_credits 32-6

configuring 32-8

configuring auto port mode 32-10

configuring bit error thresholds 32-11

configuring descriptions 32-9

configuring frame encapsulation 32-11

configuring port modes 32-9

configuring speeds 32-10

default settings 32-17

deleting from port channels 36-11

disabling 32-9

displaying information 32-15

displaying VSAN membership 37-7

enabling 32-9

operational states 32-5

reason codes 32-5

states 32-4

See also interfaces 32-4

Fibre Channel Security Protocol. See FC-SP

field descriptions

AAA 16-1

TACACS+ 18-14

FLOGI

description 41-1

displaying details 41-1

flow statistics

clearing 40-15

counting 40-15

description 40-15

displaying 40-16

forward-delay time

MSTP 9-21

F port mode

classes of service 32-4

description 32-3

F ports

configuring 32-9

description 32-3

See also Fx ports

frame encapsulation

configuring 32-11

FSCN

displaying databases 42-3

FSPF

clearing counters 40-9

clearing VSAN counters 40-5

computing link cost 40-6

configuring globally 40-3

configuring Hello time intervals 40-6

configuring link cost 40-6

configuring on a VSAN 40-4

configuring on interfaces 40-5

dead time intervals 40-7

default settings 40-16

description 40-1

disabling 40-5

disabling on interfaces 40-8

disabling routing protocols 40-5

displaying database information 40-16

displaying global information 40-16

enabling 40-5

fault tolerant fabrics 40-2

in-order delivery 40-10

interoperability 43-11

link state record defaults 40-3

reconvergence times 40-2

redundant links 40-2

resetting configuration 40-4

resetting to defaults 40-4

retransmitting intervals 40-7

routing services 40-1

topology examples 40-2

FSPF routes

configuring 40-9

description 40-9

full zone sets

considerations 38-4

enabling distribution 38-13

fWWNs

configuring fcalias members 38-10

Fx ports

VSAN membership 37-4

G

GOLD diagnostics

configuring 24-3

expansion modules 24-3

health monitoring 24-2

runtime 24-2

graces period alerts

licenses 4-8

H

hard zoning

description 38-12

HBA ports

configuring area FCIDs 33-16

HBAs

FC ID allocations 43-6

health monitoring diagnostics

information 24-2

hello time

MSTP 9-21

Hello time intervals

configuring for FSPF 40-6

description 40-6

host ports

kinds of 7-3

I

IDs

Cisco vendor ID 16-11, 17-3

serial IDs 26-16

IEEE 802.1w

See RSTP

indirect link failures

recovering 48-1

in-order delivery

configuring drop latency time 40-13

displaying status 40-13

enabling for VSANs 40-12

enabling globally 40-12

guidelines 40-12

reordering network frames 40-11

reordering port channel frames 40-11

interfaces

1-Gigabit speed

configuring 5-5

adding to port channels 36-9, 36-10

assigning to VSANs 37-7

CDP

configuring 5-6

configuring descriptions 32-9

configuring fcalias members 38-11

configuring receive data field size 32-11

debounce timer

configuring 5-7

deleting from port channels 36-11

displaying information 32-15

displaying SFP information 32-16

forced addition to port channels 36-11

isolated states 36-10

SFP types 32-15

suspended states 36-10

UDLD

configuring 5-4

defined 5-2

VSAN membership 37-6

interface speed 5-4

interface statistics

description 32-15

interoperability

configuring interop mode 1 43-10

description 43-9

verifying status 43-12

VSANs 37-11

interop modes

configuring mode 1 43-10

default settings 43-15

description 43-9

IOD. See in-order delivery

ISLs

port channel links 36-1

isolated port 7-3

isolated VLANs 7-2, 7-3

isolated VSANs

description 37-8

displaying membership 37-8

L

LACP 11-1, 11-10

system ID 11-5

license key files

description 4-2

installing key files 4-4

updating 4-4

licenses

backing up 4-5

claim certificates 4-1

displaying information 4-5

evaluation 4-2

grace period alerts 4-8

grace period expiration 4-8

grace periods 4-2

host IDs 4-1

identifying features in use 4-6

incremental 4-2

installation options 4-2

installing key files 4-4

installing manually 4-3

missing 4-2

node-locked 4-1

obtaining factory-installed 4-3

obtaining key files 4-4

PAK 4-2

permanent 4-2

terminology 4-1

transferring between switches 4-9

uninstalling 4-6

updating 4-7

Link Aggregation Control Protocol 11-1

link costs

configuring for FSPF 40-6

description 40-6

Link Failure

detecting unidirectional 8-14, 9-8

link failures

recovering 48-1

load balancing

attributes 37-10

attributes for VSANs 37-5

configuring 37-10

description 36-2, 37-10

guarantees 37-10

port channels 36-1

logical unit numbers. See LUNs

LUNs

displaying discovered SCSI targets 42-3

M

MAC addresses

configuring secondary 43-6

management access

description 3-12

management interfaces

displaying information 3-21

using force option during shutdown 3-21

management interfaces. See mgmt0 interfaces

maximum aging time

MSTP 9-22

maximum hop count, MSTP 9-22

McData

native interop mode 43-9

merged fabrics

autoreconfigured 33-6

mgmt0 interfaces

configuring 3-20

description 3-19

Microsoft Challenge Handshake Authentication Protocol. See MSCHAP

MSCHAP

enabling authentication 16-9

MST

CIST regional root 9-5

setting to default values 9-14

MSTP

boundary ports

described 9-7

CIST, described 9-4

CIST regional root 9-5

CIST root 9-6

configuring

forward-delay time 9-21

hello time 9-21

maximum aging time 9-22

maximum hop count 9-22

MST region 9-13

port priority 9-18, 9-19

root switch 9-16

secondary root switch 9-17

switch priority 9-20

CST

defined 9-4

operations between regions 9-5

enabling the mode 9-13

IEEE 802.1s

terminology 9-6

IST

defined 9-4

master 9-5

operations within a region 9-4

mapping VLANs to MST instance 9-14

MST region

CIST 9-4

configuring 9-13

described 9-2

hop-count mechanism 9-7

IST 9-4

supported spanning-tree instances 9-2

multicast storms

see traffic-storm control

N

name servers

displaying database entries 41-3

interoperability 43-11

LUN information 42-1

proxy feature 41-2

registering proxies 41-2

rejecting duplicate pWWNs 41-2

Network Time Protocol. See NTP

NPIV

description 32-13

enabling 32-14

NP links 34-2

N port identifier virtualization. See NPIV

N ports

FCS support 47-1

fctrace 50-5

hard zoning 38-12

zone enforcement 38-12

zone membership 38-2

See also Nx ports

NP-ports 34-1

NPV, configuring 34-6

NTP

configuration guidelines 3-16

configuring 3-15

configuring CFS distribution 3-17

O

operational states

configuring on Fibre Channel interfaces 32-9

description 32-5

P

passwords

administrator 3-8

default for administrators 3-10

DHCHAP 44-6, 44-7

setting administrator default 3-9

strong characteristics 22-2

persistent FC IDs

configuring 33-15

description 33-14

displaying 33-19

enabling 33-15

purging 33-18

PLOGI

name server 41-3

Port Channel

STP 11-1

port channeling 11-1

port channel modes

description 36-7

PortChannel Protocol

converting autocreated groups to manually configured 36-15

port channel Protocol

autocreation 36-14

creating channel group 36-13

description 36-12

port channel protocol

configuring autocreation 36-15

enabling autocreation 36-15

PortChannels

default settings 36-17

show tech-support port-channel command 50-14

verifying configurations 36-16, 36-17

port channels

adding interfaces 36-9, 36-10

administratively down 32-7

comparison with trunking 36-2

compatibility checks 36-10

compatibility with DHCHAP 44-3

configuration guidelines 36-6

configuring 36-9

configuring Fibre Channel routes 40-9

deleting 36-8

deleting interfaces 36-11

description 36-1

forcing interface additions 36-11

in-order guarantee 40-12

interface states 36-10

interoperability 43-10

link changes 40-11

link failures 40-2

load balancing 36-2

misconfiguration error detection 36-6

PortFast BPDU filtering

See STP PortFast BPDU filtering

port modes

auto 32-4

port priority

MSTP 9-18, 9-19

ports

VSAN membership 37-6

port security

activating 45-5

activation 45-2

activation rejection 45-6

adding authorized pairs 45-11

auto-learning 45-2

compatibility with DHCHAP 44-3

configuration guidelines 45-3

configuring CFS distribution 45-12

configuring manually without auto-learning 45-9

deactivating 45-5

default settings 45-19

deleting entries from database (procedure) 45-12

disabling 45-5

displaying configuration 45-18

displaying settings (procedure) 45-7

displaying statistics (procedure) 45-7

displaying violations (procedure) 45-7

enabling 45-5

enforcement mechanisms 45-2

fabric binding comparison 46-1

forcing activation 45-6

license requirement 45-1

preventing unauthorized accesses 45-1

WWN identification 45-10

port security auto-learning

authorization examples 45-8

description 45-2

device authorization 45-8

disabling 45-8

distributing configuration 45-13

enabling 45-7

guidelines for configuring with CFS 45-3

guidelines for configuring without CFS 45-4

port security databases

cleaning up 45-18

copying 45-17

copying active to config (procedure) 45-7

deleting 45-18

displaying configuration 45-19

interactions 45-15

manual configuration guidelines 45-4

merge guidelines 45-14

reactivating 45-6

scenarios 45-15

port speeds

configuring 32-10

port tracking

default settings 48-7

description 48-1

displaying information 48-6

enabling 48-3

guidelines 48-2

monitoring ports in a VSAN 48-5

multiple ports 48-4

shutting down ports forcefully 48-5

port world wide names. See pWWNs

preshared keys

TACACS+ 18-3

primary VLANs 7-2

principal switches

assigning domain ID 33-9

configuring 33-10

private VLANs

community VLANs 7-2, 7-3

end station access to 7-5

isolated VLANs 7-2, 7-3

ports

community 7-3

isolated 7-3

promiscuous 7-3

primary VLANs 7-2

secondary VLANs 7-2

promiscuous ports 7-3

proxies

registering for name servers 41-2

pWWNs

configuring fcalias members 38-10

rejecting duplicates 41-2

zone membership 38-2

R

RADIUS

configuring global preshared keys 17-6

configuring servers 17-4 to 17-13

configuring timeout intervals 17-9

confiugring tranmission retry counts 17-9

default settings 17-15

description 17-1 to 17-4

example configurations 17-15

network environments 17-1

operation 17-2

prequisites 17-4

specifying server at login 17-9

verifying configuration 17-14

VSAs 17-3

RADIUS server groups

configuring 17-8

RADIUS servers

configuring accounting attributes 17-11

configuring authentication attributes 17-11

configuring dead-time intervals 17-13

configuring hosts 17-5

configuring periodic monitoring 17-12

configuring preshared keys 17-7

configuring timeout interval 17-10

confiugring tranmission retry count 17-10

deleting hosts 17-13

displaying statistics 17-14

example configurations 17-15

manually monitoring 17-13

monitoring 17-2

verifying configuration 17-14

Rapid Spanning Tree Protocol

See RSTP

RBAC

default settings 22-10

RCFs

description 33-3

incoming 33-5

rejecting incoming 33-6

read-only zones

default settings 38-24

reason codes

description 32-5

reconfigure fabric frames. See RCFs

reduced MAC address 8-3

redundancy

VSANs 37-4

redundant physical links

example (figure) 40-2

Registered State Change Notifications. See RSCNs

reserved-range VLANs

See VLANs

retransmitting intervals

configuring for FSPF 40-8

description 40-7

roles

authentication 22-1

rollback

checkpoint copy 23-1

creating a checkpoint copy 23-1

default settings 23-4

deleting a checkpoint file 23-1

description 23-1

example configuration 23-1

guidelines 23-1

high availability 23-1

implementing a rollback 23-1

limitations 23-1

reverting to checkpoint file 23-1

verifying configuration 23-4

root guard

See STP root guard

root switch

MSTP 9-16

route costs

computing 40-6

RSCNs

clearing statistics 41-6

default settings 41-10

description 41-4

displaying information 41-5

multiple port IDs 41-5

suppressing domain format SW-RSCNs 41-6

RSCN timers

configuration distribution using CFS 41-7

configuring 41-6

displaying configuration 41-7

RSTP

active topology 8-10

BPDU

processing 8-14

designated port, defined 8-10

designated switch, defined 8-10

proposal-agreement handshake process 8-7

rapid convergence 8-7

point-to-point links 8-7

root ports 8-7

root port, defined 8-10

See also MSTP

runtime checks

static routes 40-9

runtime diagnostics

information 24-2

S

scalability

VSANs 37-4

SCSI

displaying LUN discovery results 42-3

SCSI LUNs

customized discovery 42-2

discovering targets 42-1

displaying information 42-2

starting discoveries 42-1

SD port mode

description 32-4

interface modes 32-4

SD ports

configuring 32-9

secondary MAC addresses

configuring 43-6

secondary VLANs 7-2

serial IDs

description 26-16

server groups. See AAA server groups

server IDs

description 26-17

session manager 23-3

committing a session 23-3

configuring ACLs 23-2

configuring an ACL session (example) 23-3

creating a session 23-2

description 23-1

discarding a session 23-3

guidelines 23-1

limitations 23-1

saving a session 23-3

verifying configuration 23-4

verifying the session 23-3

SFPs

displaying transmitter types 32-16

transmitter types 32-15

small computer system interface. See SCSI

smart call home

description 26-4

registration requirements 26-5

Transport Gateway (TG) aggregation point 26-5

SMARTnet

smart call home registration 26-5

SNMP

access groups 27-4

assigning contact 27-11

assigning location 27-11

configuring LinkUp/LinkDown notifications 27-10, 27-11

group-based access 27-4

server contact name 26-5

user synchronization with CLI 27-4

Version 3 security features 27-2

SNMP (Simple Network Management Protocol)

versions

security models and levels 27-2

SNMPv3

assigning multiple roles 27-6

security features 27-2

specifying AAA parameters 16-11

specifying parameters for AAA servers 16-12

soft zoning

description 38-12

See also zoning

source IDs

call home event format 26-16

exchange based 36-3

flow based 36-3

in-order delivery 40-10

path selection 37-10

SPAN

egress sources 49-1

sources for monitoring 49-1

SPAN destination port mode. See SD port mode

SPAN sources

egress 49-1

ingress 49-1

SPF

computational hold times 40-3

SSH

generating server key-pairs 19-1

static routes

runtime checks 40-9

statistics

TACACS+ 18-13

storage devices

access control 38-1

STP

edge ports 8-7, 10-2

network ports 10-2

normal ports 10-2

Port Channel 11-1

PortFast 8-7, 10-2

port types 10-2

understanding

Blocking State 8-12

disabled state 8-13

forwarding state 8-12

learning state 8-12

root bridge election 8-5

STP bridge ID 8-3

STP root guard 10-5

summer time

adjusting for 3-14

Switched Port Analyzer. See SPAN

switch ports

configuring attribute default values 32-13

switch priorities

configuring 33-4

default 33-4

description 33-4

switch priority

MSTP 9-20

sWWNs

configuring for fabric binding 46-4

T

TACACS+

advanages over RADIUS 18-2

configuring 18-4, 18-13

configuring global preshared keys 18-6

configuring global timeout interval 18-9

description 18-1

disabling 18-13

displaying statistics 18-13

enabling 18-5

example configurations 18-14

field descriptions 18-14

global preshared keys 18-3

limitations 18-4

prerequisites 18-3

preshared key 18-3

specifying TACACS+ servers at login 18-9

user login operation 18-2

verifying configuration 18-14

TACACS+ server

configuring dead-time interval 18-12

TACACS+ servers

configuration process 18-4

configuring hosts 18-5, 18-13

configuring periodic monitoring 18-11

configuring preshared keys 18-7

configuring server groups 17-15, 18-8, 18-14

configuring TCP ports 18-10

configuring timeout interval 18-10

displaying statistics 18-13

field descriptions 18-14

manually monitoring 18-13

monitoring 18-3

verifying configuration 18-14

TCP ports

TACACS+ servers 18-10

TE port mode

classes of service 32-4

description 32-4

TE ports

fabric binding checking 46-2

FCS support 47-1, 47-2

fctrace 50-6

FSPF topologies 40-1

interoperability 43-10

recovering from link isolations 38-14

trunking restrictions 35-1

timeout values. See TOVs

TOVs

configuring across all VSANs 43-2

configuring for a VSAN 43-2

default settings 43-15

interoperability 43-10

ranges 43-1

tracked ports

binding operationally 48-3

traffic isolation

VSANs 37-4

trap notifications 27-2

troubleshooting

collecting output for technical support 50-8

fcping 50-6

fctrace 50-5

show tech-support command 50-8

verifying switch connectivity 50-7

trunk-allowed VSAN lists

description 35-4

trunking

comparison with port channels 36-2

configuration guidelines 35-1

configuring modes 35-3

default settings 35-7

description 35-1

displaying information 35-6

interoperability 43-10

link state 35-3

merging traffic 35-2

restrictions 35-1

trunking E port mode. See TE port mode

trunking ports

associated with VSANs 37-7

trunking protocol

default settings 35-7

default state 35-2

description 35-2

detecting port isolation 35-2

trunk mode

administrative default 32-14

configuring 35-3, 35-4

default settings 35-7

trunk ports

displaying information 35-7

U

UDLD

aggressive mode 5-3

configuring 5-4

defined 5-2

nonaggressive mode 5-3

unicast storms

see traffic-storm control

Unidirectional Link Detection. See UDLD.

unique area FC IDs

configuring 33-16

description 33-16

user accounts

password characteristics 22-2

user login

authentication process 16-4

authorization process 16-4

user logins

configuring AAA login authentication methods 16-8

user roles

specifying on AAA servers 16-11, 16-12

users

description 22-1

V

vendor-specific attributes. See VSAs

Virtual Fibre Channel interfaces

default settings 32-17

VLANs

extended range 6-2

reserved range 6-2

VTP domain 6-3

VSAN IDs

allowed list 35-7

description 37-5

multiplexing traffic 32-4

range 37-4

VSAN membership 37-4

VSANs

advantages 37-3

allowed-active 35-1

cache contents 33-20

comparison with zones (table) 37-4

compatibility with DHCHAP 44-3

configuring 37-6

configuring allowed-active lists 35-6

configuring FSPF 40-3

configuring trunk-allowed lists 35-4, 35-6

default settings 37-11

default VSANs 37-8

deleting 37-9

description 37-1

displaying configuration 37-11

displaying membership 37-7

displaying usage 37-11

domain ID automatic reconfiguration 33-6

FC IDs 37-1

FCS support 47-1

features 37-1

flow statistics 40-14

FSPF 40-4

FSPF connectivity 40-1

interop mode 43-10

isolated 37-8

load balancing 37-10

load balancing attributes 37-5

mismatches 32-7

multiple zones 38-5

names 37-5

name server 41-2

operational states 37-8

port membership 37-6

port tracking 48-5

states 37-5

TE port mode 32-4

timer configuration 43-2

TOVs 43-2

traffic isolation 37-3

trunk-allowed 35-1

trunking ports 37-7

VSAs

format 16-12

protocol options 16-12, 17-4

support description 16-11

VTP

domains

VLANs 6-3

W

world wide names. See WWNs

WWNs

configuring 43-5

displaying information 43-5

link initialization 43-6

port security 45-10

secondary MAC addresses 43-6

suspended connections 32-7

Z

zone aliases

conversion to device aliases 39-8

importing 39-8

zone attribute groups

cloning 38-16

zone databases

migrating a non-MDS database 38-17

release locks 38-21

zone members

adding to zones 38-8

converting to pWWN members 38-11

displaying information 38-9

zones

access control 38-9

adding to zone sets 38-11

adding zone members 38-8

analyzing 38-24

backing up (procedure) 38-16

changing from enhanced zones 38-20

cloning 38-16

compacting for downgrading 38-23

comparison with device aliases (table) 39-2

comparison with VSANs (table) 37-4

configuring 38-11

configuring aliases 38-10

configuring fcaliases 38-10

default policies 38-2

default settings 38-24

displaying information 38-17

editing full zone databases 38-8

enforcing restrictions 38-12

exporting databases 38-14

features 38-1, 38-4

importing databases 38-14

membership using pWWNs 37-4

merge failures 32-7

renaming 38-16

restoring (procedure) 38-16

show tech-support zone command 50-12

viewing information 38-18

See also default zones

See also enhanced zones

See also hard zoning;soft zoning 38-12

See also zoning;zone sets 38-2

zone server databases

clearing 38-17

zone sets

activating 38-9

adding member zones 38-11

analyzing 38-24

cloning 38-16

configuring 38-8

considerations 38-4

copying 38-15

creating 38-8, 38-11

default settings 38-24

displaying information 38-17

distributing configuration 38-13

enabling distribution 38-13

exporting 38-15

exporting databases 38-14

features 38-1

importing 38-15

importing databases 38-14

one-time distribution 38-13

recovering from link isolations 38-14

renaming 38-16

viewing information 38-18

See also active zone sets

See also active zone sets;full zone sets 38-5

See also zones;zoning 38-2

zoning

description 38-1

example 38-3

implementation 38-4

See also zones;zone sets 38-1