The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the Cisco NX-OS Fibre Channel, virtual Fibre Channel, and Fibre Channel over Ethernet (FCoE) commands that begin with F.
To utilize a preset quality of service (QoS) setting, use the fabric profile command. To restore the default, use the no form of this command.
fabric profile { reliable-multicast | unicast-optimized }
Optimizes the QoS parameters in the fabric to ensure reliable delivery of multicast traffic. |
|
Optimizes the QoS parameters in the fabric for unicast traffic. |
|
|
---|---|
This example shows how to set the fabric to ensure reliable delivery of multicast traffic:
This example shows how to set the fabric profile to the default value:
|
|
---|---|
To activate fabric binding in a Virtual SAN (VSAN), use the fabric-binding activate command. To disable this feature, use the no form of this command.
fabric-binding activate vsan vsan-id [ force ]
no fabric-binding activate vsan vsan-id
|
|
---|---|
This example shows how to activate the fabric binding database for the specified VSAN:
This example shows how to deactivate the fabric binding database for the specified VSAN:
This example shows how to forcefully activate the fabric binding database for the specified VSAN:
This example shows how to revert to the previously configured state or to the factory default (if no state is configured):
|
|
---|---|
To copy from the active fabric binding database to the configuration fabric binding database, use the fabric-binding database copy command.
fabric-binding database copy vsan vsan-id
Specifies the Virtual SAN (VSAN). The ID of the VSAN is from 1 to 4093. |
|
|
---|---|
Fabric binding is configured on a per-VSAN basis and can be implemented in both FICON VSANs and Fibre Channel VSANs.
If the configured database is empty, this command is not accepted.
This example shows how to copy from the active database to the configuration database in VSAN 1:
|
|
---|---|
Provides the differences between the fabric-binding databases. |
To view the differences between the active database and the configuration database in a Virtual SAN (VSAN), use the fabric-binding database diff command.
fabric-binding database diff { active | config } vsan vsan-id
|
|
---|---|
Fabric binding is configured on a per-VSAN basis and can be implemented in both FICON VSANs and Fibre Channel VSANs.
This example shows how to display the differences between the active database and the configuration database in VSAN 1:
This example shows how to display information about the differences between the configuration database and the active database:
|
|
---|---|
Copies from the active to the configuration fabric binding database. |
To configure a user-specified fabric binding list in a Virtual SAN (VSAN), use the fabric-binding database vsan command. To disable the fabric binding, use the no form of this command.
fabric-binding database vsan vsan-id
swwn switch-wwn domain domain-id
fabric-binding database vsan vsan-id
no swwn switch-wwn domain domain-id
no fabric-binding database vsan vsan-id
Specifies the specified domain ID. The domain ID is a number from 1 to 239. |
|
|
---|---|
Fabric binding is configured on a per-VSAN basis. In a Fibre Channel VSAN, only the switch world wide name (sWWN) is required; the domain ID is optional.
A user-specified fabric binding list contains a list of switch WWNs (sWWNs) within a fabric. If an sWWN attempts to join the fabric and that sWWN is not on the list, or the sWWN is using a domain ID that differs from the one specified in the allowed list, the ISL between the switch and the fabric is automatically isolated in that VSAN and the switch is denied entry into the fabric.
This example shows how to enter the fabric binding database mode and adds the sWWN and domain ID of a switch to the configured database list:
This example shows how to delete a fabric binding database for the specified VSAN:
This example shows how to delete the sWWN and domain ID of a switch from the configured database list:
|
|
---|---|
To enable fabric binding in a Virtual SAN (VSAN), use the fabric-binding enable command. To disable fabric binding, use the no form of this command.
|
|
---|---|
This command was deprecated and replaced with the feature fabric-binding command. For backward compatibility, it will be maintained for a number of releases. |
Fabric binding is configured on a per-VSAN basis.
The fabric binding feature must be enabled in each switch in the fabric that participates in the fabric binding.
This example shows how to enable fabric binding on the switch:
This example shows how to disable fabric binding on the switch:
|
|
---|---|
To configure port security features and reject intrusion attempts, use the fc-port-security command. To negate the command or revert to the factory defaults, use the no form of this command.
fc-port-security { activate vsan vsan-id [ force | no-auto-learn ] | auto-learn vsan vsan-id | database vsan vsan-id }
no fc-port-security { activate vsan vsan-id [ force | no-auto-learn ] | auto-learn vsan vsan-id | database vsan vsan-id }
|
|
When you activate the port security feature, the auto-learn option is also automatically enabled. You can choose to activate the fc-port-security feature and disable auto-learning by using the fc-port-security activate vsan number no-auto-learn command. In this case, you need to manually populate the port security database by individually securing each port.
If the auto-learn option is enabled on a VSAN, you cannot activate the database for that VSAN without the force option.
This example shows how to activate the port security database for the specified VSAN and automatically enable auto-learning:
This example shows how to deactivate the port security database for the specified VSAN and automatically disable auto-learning:
This example shows how to disable the auto-learning feature for the port security database in VSAN 1:
This example shows how to enable auto-learning so the switch can learn about any device that is allowed to access VSAN 1. These devices are logged in the port security active database.
This example shows how to disable auto-learning and stops the switch from learning about new devices accessing the switch:
This example shows how to enter the port security database mode for the specified VSAN:
This example shows how to force the VSAN 1 port security database to activate even if there are conflicts:
|
|
---|---|
To discard the port security Cisco Fabric Services (CFS) distribution session in progress, use the fc-port-security abort command.
fc-port-security abort vsan vsan-id
|
|
This example shows how to discard a port security CFS distribution session in progress:
|
|
---|---|
To apply the pending configuration pertaining to the port security Cisco Fabric Services (CFS) distribution session in progress in the fabric, use the fc-port-security commit command.
fc-port-security commit vsan vsan-id
|
|
This example shows how to commit changes to the active port security configuration:
|
|
---|---|
To copy the port security database or to view the difference within the port security database, use the fc-port-security database command.
fc-port-security database { copy | diff { active | config }} vsan vsan-id
Provides the difference between the active and configuration port security database. |
|
|
|
If the active database is empty, the fc-port-security database is empty. Use the fc-port-security database diff active command to resolve conflicts.
This example shows how to copy the active database to the configured database:
This example shows how to provide the differences between the active database and the configuration database:
This example shows how to provide information on the differences between the configuration database and the active database:
|
|
---|---|
Copies and provides information on the differences within the port security database. |
|
To enable Cisco Fabric Services (CFS) distribution for port security, use the fc-port-security distribute command. To disable this feature, use the no form of this command.
no fc-port-security distribute
|
|
Before distributing the Fibre Channel timer changes to the fabric, the temporary changes to the configuration must be committed to the active configuration by using the fc-port-security commit command.
This example shows how to distribute the port security configuration to the fabric:
|
|
---|---|
Commits the port security configuration changes to the active configuration. |
|
To clone a Fibre Channel alias, use the fcalias clone command.
fcalias clone origFcalias-Name cloneFcalias-Name vsan vsan-id
Fibre Channel alias. The name can be a maximum of 64 characters. |
|
Specifies the clone Fibre Channel alias for a Virtual SAN (VSAN). |
|
|
|
---|---|
To disable a Fibre Channel alias, use the no form of the fcalias name command.
This example shows how to clone a fcalias called origAlias to cloneAlias on VSAN 45:
|
|
---|---|
Displays the member name information in a Fibre Channel alias (fcalias). |
To configure a Fibre Channel alias, use the fcalias name command. To disable a Fibre Channel alias, use the no form of this command.
fcalias name alias-name vsan vsan-id
no fcalias name alias-name vsan vsan-id
Name of the fcalias. The name can a maximum of 64 characters. |
|
|
|
---|---|
To include multiple members in any alias, use the FCID, fWWN, or pWWN values.
This example shows how to configure an fcalias called AliasSample on VSAN 3:
|
|
---|---|
To rename a Fibre Channel alias (fcalias), use the fcalias rename command. To revert to the defaults, use the no form of this command.
fcalias rename current-name new-name vsan vsan-id
no fcalias rename current-name new-name vsan vsan-id
Current fcalias name. The name can be a maximum of 64 characters. |
|
New fcalias name. The name can be a maximum of 64 characters. |
|
|
|
This example shows how to rename an fcalias:
|
|
---|---|
To configure the Fibre Channel domain feature, use the fcdomain command. To disable the Fibre Channel domain, use the no form of this command.
fcdomain { allowed domain vsan vsan-id | auto-reconfigure vsan vsan-id | contiguous-allocation vsan vsan-id | domain id { preferred | static } vsan vsan-id | fabric-name name vsan vsan-id | fcid { database | persistent vsan vsan-id } | optimize fast-restart vsan vsan-id | priority value vsan vsan-id | restart [ disruptive ] vsan vsan-id | vsan vsan-id }
no fcdomain { allowed domain vsan vsan-id | auto-reconfigure vsan vsan-id | contiguous-allocation vsan vsan-id | domain id { preferred | static } vsan vsan-id | fabric-name name vsan vsan-id | fcid { database | persistent vsan vsan-id } | optimize fast-restart vsan vsan-id | priority value vsan vsan-id | restart [ disruptive ] vsan vsan-id | vsan vsan-id }
|
|
---|---|
You can use this command to select the principal switch, configure domain ID distribution, reconfigure the fabric, and allocate FC IDs.
We recommend using the optimize fast-restart option on most fabrics, especially those with a large number of logical ports (3200 or more), where a logical port is an instance of a physical port in a VSAN.
This example shows how to configure a preferred domain ID for VSAN 87:
This example shows how to specify the disruptive fabric reconfiguration for VSAN 1:
This example shows how to enable the domain manager fast restart for VSANs 7 through 10:
This example shows how to configure the fabric world wide name (fWWN) for VSAN 3:
|
|
---|---|
Displays global information about the Fibre Channel domain configurations. |
To flush cached data without committing the cached data and release the lock, use the fcdomain abort vsan command. To disable the flushing of cached data, use the no form of this command.
no fcdomain abort vsan vsan-id
|
|
---|---|
This example shows how to flush cached data:
|
|
---|---|
Displays global information about the Fibre Channel domain configurations. |
To commit cached data and release the lock, use the fcdomain commit vsan command. To release the lock without committing the cached data, use the no form of this command.
no fcdomain commit vsan vsan-id
|
|
---|---|
This example shows how to commit cached data:
|
|
---|---|
Flushes cached data without committing and releases the lock. |
|
Displays global information about the Fibre Channel domain configurations. |
To enable fabric distribution using Cisco Fabric Services (CFS), use the fcdomain distribute command. To disable fabric distribution using CFS, use the no form of this command.
|
|
---|---|
This example shows how to enable the fabric distribution using CFS:
This example shows how to disable the fabric distribution using CFS:
|
|
---|---|
Displays global information about the Fibre Channel domain configurations. |
To enable the reconfigure fabric (RCF) rejection flag for a Fibre Channel interface, use the fcdomain rcf-reject command. To disable this feature, use the no form of this command.
fcdomain rcf-reject vsan vsan-id
no fcdomain rcf-reject vsan vsan-id
Specifies a Virtual SAN (VSAN) ID. The range is from 1 to 4093. |
|
|
---|---|
Use this command to configure the RCF reject option for the selected Fibre Channel or virtual Fibre Channel interface.
This example shows how to configure the FCIP RCF reject fcdomain feature on a virtual Fibre Channel interface:
|
|
---|---|
Displays global information about the Fibre Channel domain configurations. |
|
Displays an interface configuration for a specified Fibre Channel interface. |
To configure the network and switch Fibre Channel drop latency time, use the fcdroplatency command. To disable the Fibre Channel latency time, use the no form of this command.
fcdroplatency { network milliseconds [ vsan vsan-id ] | switch milliseconds }
no fcdroplatency { network milliseconds [ vsan vsan-id ] | switch milliseconds }
(Optional) Specifies a Virtual SAN (VSAN) ID. The range is from 1 to 4093. |
|
Specifies switch latency. The range is from 0 to 60000 milliseconds. |
2000 millisecond network latency
500 millisecond switch latency
|
|
---|---|
This example shows how to configure the network latency to 5000 milliseconds:
This example shows how to revert to the default switch latency:
|
|
---|---|
Displays the configured Fibre Channel drop latency parameters. |
To configure fcflow statistics, use the fcflow stats command. To disable the counter, use the no form of this command.
fcflow stats { aggregated index flow-number vsan vsan-id | index flow-number destination-fcid source-fcid netmask vsan vsan-id }
no fcflow stats { aggregated index flow-number | index flow-number }
Mask for the source and destination FCID (restricted to 6 hexadecimal characters ranging from 0xff0000 to 0xffffff). |
|
|
---|---|
If you enable flow counters, you can enable a maximum of 1024 entries for aggregate flow and flow statistics. Be sure to assign an unused flow index for each new flow. The number space for the flow index is shared between the aggregate flow statistics and the flow statistics.
This example shows how to enable the aggregated flow counter:
This example shows how to disable the aggregated flow counter:
This example shows how to enable the flow counter for a specific flow:
This example shows how to disable the flow counter for index 1001:
|
|
---|---|
Displays the configured Fibre Channel drop latency parameters. |
To manually add a FCID to the default area company ID list, use the fcid-allocation command. To remove a FCID from the default area company ID list, use the no form of this command.
fcid-allocation area company-id company-id
no fcid-allocation area company-id company-id
|
|
---|---|
Fibre Channel standards require a unique FCID to be allocated to an N port attached to a Fx port in any switch. To conserve the number of FCIDs used, Cisco Nexus 5500 Series switches use a special allocation scheme.
Some Host Bust Adaptors (HBAs) do not discover targets that have FC IDs with the same domain and area. The switch software maintains a list of tested company IDs that do not exhibit this behavior. These HBAs were allocated with single FC IDs, and for others a full area was allocated.
To allow further scalability for switches with numerous ports, the switch software maintains a list of HBAs that exhibit this behavior. Each HBA is identified by its company ID (also known as an Organizational Unique Identifier, or OUI) used in the pWWN during a fabric login. A full area is allocated to the N ports with company IDs that are listed and for the others, a single FC ID is allocated. Regardless of the type (whole area or single) of FC ID allocated, the FC ID entries remain persistent.
This example shows how to add a new company ID to the default area company ID list:
|
|
---|---|
To allocate FCIDs on the switch, use the fcinterop fcid-allocation command. To disable FCIDs on the switch, use the no form of this command.
fcinterop fcid-allocation { auto | flat | none }
no fcinterop fcid-allocation { auto | flat | none }
|
|
---|---|
This example shows how to set the FCID allocation to flat:
|
|
---|---|
To enable or disable automatic polling in the name server database, use the fcns no-auto-poll command.
fcns no-auto-poll [ vsan vsan-id ] | [ wwn wwn-id ]
no fcns no-auto-poll [ vsan vsan-id ] | [ wwn wwn-id ]
(Optional) Specifies a Virtual SAN (VSAN) ID. The range is from 1 to 4093. |
|
(Optional) Specifies the port WWN, with the format hh : hh : hh : hh : hh : hh : hh : hh. |
|
|
---|---|
This example shows how to disable automatic polling for VSAN 2:
|
|
---|---|
Displays the name server database and statistical information for a specified VSAN or for all VSANs. |
To register a name server proxy, use the fcns proxy-port command.
fcns proxy-port wwn-id vsan vsan-id
no fcns proxy-port wwn-id vsan vsan-id
Port WWN, with the format hh : hh : hh : hh : hh : hh : hh : hh. |
|
|
|
---|---|
One name server can be configured to proxy another name server, and the name server information can be displayed using the CLI. The name server can be viewed using the CLI or the Cisco Fabric Manager.
All name server registration requests come from the same port whose parameter is registered or changed. If it does not, then the request is rejected.
This example shows how to configure a proxy port for VSAN 2:
|
|
---|---|
Displays the name server database and statistical information for a specified VSAN or for all VSANs. |
To reject the same pwwn from logging in the different switch, use the fcns reject-duplicate-pwwn vsan command in configuration mode.
fcns reject-duplicate-pwwn vsan vsan-id
no fcns reject-duplicate-pwwn vsan vsan-id
|
|
This example shows how to reject duplicate FCNS pWWNs for VSAN 2:
|
|
---|---|
Displays the name server database and statistical information for a specified VSAN or for all VSANs. |
To associate a Cisco Nexus 2000 Series Fabric Extender (FEX) to a switch for pinning Fibre Channel over Ethernet (FCoE) Initialization Protocol (FIP) and FCoE traffic, use the fcoe command. To remove the association, use the no form of this command.
Specifies the VSAN status. The VSAN ID range is from 1 to 4094. |
FEX configuration mode
VLAN configuration mode
|
|
---|---|
Before you use this command, make sure that you enable the Fabric Extender (FEX) features on the switch by using the feature fex command.
You can use this command only on a Cisco Nexus 2232P Fabric Extender. When you bind an interface to a virtual Fibre Channel interface to enable FCoE traffic, you must use slot number 1. The port number can be from 1 to 32.
This example shows how to configure a FEX as FCoE enabled:
This example shows how to configure a pair of FEXs to carry FCoE traffic in a fabric virtual port channel (vPC) topology, with the host uplink ports in the FEXs configured to the same port channel:
This example shows how to configure FCoE traffic on a VLAN:
This example shows how to disable FCoE on a FEX:
|
|
---|---|
To configure the FCoE Initialization Protocol (FIP) priority value advertised by the Fibre Channel Forwarder (FCF) to FCoE nodes (ENodes), use the fcoe fcf-priority command. To revert to the default FCF priority value, use the no form of this command.
FCF priority value. The range is from 0 to 255, and the default is 128. |
Global configuration mode
Interface vFC mode
|
|
---|---|
Before you use this command, you must enable FCoE on the switch by using the feature fcoe command.
The Cisco Nexus 5500 Series switch advertises its priority. The priority is used by the converged network adapters (CNAs) in the fabric to determine the best switch to connect to.
This example shows how to configure the FCF priority on the switch:
To configure the FCoE MAC address prefix (FC-Map) used to associate the FCoE node (ENode), use the fcoe fcmap command. To restore the default global FC-Map value of 0xefc00, use the no form of this command.
FC-Map value. The range is from 0xefc00 to 0xefcff, and the default is 0xefc00. |
|
|
---|---|
Before you use this command, you must enable FCoE on the switch by using the feature fcoe command.
You can prevent data corruption due to cross-fabric talk by configuring an FC-Map, which identifies the Fibre Channel fabric for this Cisco Nexus 5500 Series switch. When the FC-Map is configured, the switch discards the MAC addresses that are not part of the current fabric.
This example shows how to configure the FC-Map value on the switch:
To configure the time interval at which FIP keep alive (FKA) messages are transmitted to the MAC address of the FCoE node (ENode), use the fcoe fka-adv-period command. To revert to the default value of 128 seconds, use the no form of this command.
FKA advertisement period (in seconds). The range is from 4 to 60 seconds, and the default is 8. |
|
|
---|---|
Before you use this command, FCoE must be enabled on the switch, using the feature fcoe command.
This example shows how to configure the FKA advertisement period for the switch to 5 seconds:
To enable a virtual fabric ID (VFID) check for virtual E (VE) ports, use the fcoe veloopback command. To disable checking of VE ports, use the no form of this command.
|
|
---|---|
Before you use this command, make sure that you enable Fibre Channel over Ethernet (FCoE) N-Port Virtualizer (NPV) on the switch by using the feature fcoe-npv command.
This example shows how to enable VFID checks for VE ports:
This example shows how to disable VFID checks for VE ports:
|
|
---|---|
To map a Virtual SAN (VSAN) to a VLAN that carries Fibre Channel over Ethernet (FCoE) traffic, use the fcoe vsan command. To remove the mapping, use the no form of this command.
|
|
---|---|
Before you map the FCoE VLAN to the VSAN, make sure that you create a VSAN using the vsan command in the Vsan database configuration mode.
You should use an FCoE VLAN only for FCoE. Do not use the default VLAN, VLAN1, as an FCoE VLAN. FCoE is not supported on private VLANs.
When you map a FCoE VLAN to a VSAN, ensure that the VSAN is not mapped to any other FCoE VLAN. If you map a FCoE VLAN to a VSAN that is already mapped to another FCoE VLAN, the following error appears:
If you do not specify a VSAN number, a mapping is created from the FCoE VLAN in use to the VSAN with the same number.
This example shows how to map a FCoE VLAN to a VSAN:
|
|
---|---|
To ping an N port, use the fcping command.
fcping { device-alias aliasname | fcid { fc-port | domain-controller-id } | pwwn pwwn-id } vsan vsan-id [ count number [ timeout value [ usr-priority priority ]]]
|
|
To obtain the domain controller ID, concatenate the domain ID with FFFC. For example, if the domain ID is 0xda(218), the concatenated ID is 0xfffcda.
This example shows how to configure an fcping operation for the FCID of the destination. By default, five frames are sent.
This example shows how to configure the number of frames to be sent using the count option. The range is from 0 through 2147483647. A value of 0 will ping forever.
This example shows how to configure the timeout value:
This example shows how to display the fcping operation using the device alias of the specified destination:
|
|
---|---|
To configure Fibre Channel routes and to activate policy routing, use the fcroute command. To remove a configuration or revert to factory defaults, use the no form of this command.
fcroute { fcid [ network-mask ] interface { fc slot / port | san-port-channel port | vfc vfc-id } domain domain-id { metric number | remote | vsan vsan-id }}
no fcroute { fcid [ network-mask ] interface { fc slot / port | san-port-channel port | vfc vfc-id } domain domain-id { metric number | remote | vsan vsan-id }}
|
|
Use this command to assign forwarding information to the switch and to activate a preferred path route map.
This example shows how to specify the Fibre Channel interface and the route for the domain of the next hop switch for VSAN 2:
This example shows how to specify the SAN port channel interface and the route for the domain of the next hop switch for VSAN 4:
This example shows how to specify the Fibre Channel interface, the route for the domain of the next hop switch, and the cost of the route for VSAN 1:
This example shows how to specify the Fibre Channel interface, the route for the domain of the next hop switch, the cost of the route, and configures the static route for a destination switch remotely connected for VSAN 3:
|
|
---|---|
Displays the preferred path route map configuration and status. |
|
To enable Fabric Configuration Server (FCS) platform and node-name checking fabric wide, use the fcs plat-check-global command. To disable this feature, use the no form of this command.
fcs plat-check-global vsan vsan-id
no fcs plat-check-global vsan vsan-id
Specifies the VSAN ID for platform checking, which is from 1 to 4096. |
|
|
This example shows how to enable FCS platform and node-name checking fabric wide:
|
|
---|---|
To register Fabric Configuration Server (FCS) attributes, use the fcs register command. To disable this feature, use the no form of this command.
|
|
This example shows how to register FCS attributes:
|
|
---|---|
To include a virtual device in a query about zone information from an FCS, use the fcs virtual-device-add command. To remove a virtual device, use the no form of this command.
fcs virtual-device-add [ vsan-ranges vsan-ids ]
no fcs virtual-device-add [ vsan-ranges vsan-ids ]
(Optional) Specifies one or multiple ranges of VSANs. The range is from 1 to 4093. |
|
|
VSAN ranges are entered as vsan-ids - vsan-ids. When you specify more than one range, separate each range with a comma. If no range is specified, the command applies to all VSANs.
This example shows how to add to one range of VSANs:
This example shows how to add to more than one range of VSANs:
|
|
---|---|
To configure a Fibre Channel Security Protocol (FC-SP) authentication mode for a specific interface in a FC-SP-enabled switch, use the fcsp command. To disable an FC-SP on the interface, use the no form of this command.
fcsp { auto-active | auto-passive | on | off } [ timeout-period ]
|
|
To use this command, FC-SP must be enabled using the feature fcsp command.
This example shows how to turn on the authentication mode for Fibre Channel interface in port 1 of slot 2:
This example shows how to revert to the factory default of auto-passive for the selected interface:
This example shows how to change the selected interface to initiate FC-SP authentication but does not permit reaunthentication:
|
|
---|---|
Displays an interface configuration for a specified interface. |
To configure DHCHAP options in a switch, use the fcsp dhchap command. To revert to the factory defaults, use the no form of this command.
fcsp dhchap { devicename switch-wwn password [ 0 | 7 ] password |
dhgroup [ 0 ] [ 1 ][ 2 ][ 3 ][ 4 ] | hash [ md5 | sha1 ] | password [ 0 | 7 ] password [ wwn-id ]}
no fcsp dhchap { devicename switch-wwn password [ 0 | 7 ] password |
dhgroup [ 0 ] [ 1 ][ 2 ][ 3 ][ 4 ] | hash [ md5 | sha1 ] | password [ 0 | 7 ] password [ wwn-id ]}
|
|
You can only see the fcsp dhchap command if you enter the feature fcsp command.
Using SHA-1 as the hash algorithm may prevent RADIUS or TACACS+ usage.
If you change the DH group configuration, make sure that you change it globally for all switches in the fabric.
This example shows how to enable FC-SP:
This example shows how to configure the use of only the SHA-1 hash algorithm:
This example shows how to configure the use of only the MD-5 hash algorithm:
This example shows how to define the use of the default hash algorithm priority list of MD-5 followed by SHA-1 for DHCHAP authentication:
This example shows how to revert to the factory default priority list of the MD-5 hash algorithm followed by the SHA-1 hash algorithm:
This example shows how to prioritize the use of DH group 2, 3, and 4 in the configured order:
This example shows how to configure a clear text password for the local switch:
This example shows how to configure a clear text password for the local switch to be used for the device with the specified WWN:
This example shows how to configure a password entered in an encrypted format for the local switch:
|
|
---|---|
To reauthenticate a Fibre Channel or virtual Fibre Channel interface, use the fcsp reauthenticate command. To revert to the factory defaults, use the no form of this command.
fcsp reauthenticate interface { fc slot / port | vfc vfc-id }
no fcsp reauthenticate interface { fc slot / port | vfc vfc-id }
|
|
This example shows how to configure the Fibre Channel Security Protocol (FC-SP) reauthentication on a virtual Fibre Channel interface:
|
|
---|---|
To configure the timeout value for a Fibre Channel Security Protocol (FC-SP) message, use the fcsp timeout command. To revert to the factory defaults, use the no form of this command.
no fcsp timeout timeout-period
|
|
You can only see the fcsp timeout command if you enable FC-SP by using the feature fcsp command.
This example shows how to configure the FCSP timeout value:
|
|
---|---|
To change the default Fibre Channel timers, use the fctimer command. To revert to the default values, use the no form of this command.
fctimer { d_s_tov milliseconds | e_d_tov milliseconds | r_a_tov milliseconds } [ vsan vsan-id ]
no fctimer { d_s_tov milliseconds | e_d_tov milliseconds | r_a_tov milliseconds } [ vsan vsan-id ]
|
|
The Cisco, Brocade, and McData FC Error Detect (ED_TOV) and Resource Allocation (RA_TOV) timers default to the same values. They can be changed if needed. In accordance with the FC-SW2 standard, these values must be the same on each switch in the fabric.
Use the vsan option to configure different TOV values for specific VSANs.
This example shows how to change the default Fibre Channel timers:
|
|
---|---|
To discard a Fibre Channel timer (fctimer) Cisco Fabric Services (CFS) distribution session in progress, use the fctimer abort command.
|
|
This example shows how to discard a CFS distribution session in progress:
|
|
---|---|
To apply the pending configuration pertaining to the Fibre Channel timer (fctimer) Cisco Fabric Services (CFS) distribution session in progress in the fabric, use the fctimer commit command.
|
|
This example shows how to commit changes to the active Fibre Channel timer configuration:
|
|
---|---|
To enable Cisco Fabric Services (CFS) distribution for the Fibre Channel timer (fctimer), use the fctimer distribute command. To disable this feature, use the no form of this command.
|
|
Before distributing the Fibre Channel timer changes to the fabric, the temporary changes to the configuration must be committed to the active configuration using the fctimer commit command.
This example shows how to change the default Fibre Channel timer:
|
|
---|---|
Commits the Fibre Channel timer configuration changes to the active configuration. |
|
To trace the route to an N port, use the fctrace command.
fctrace { device-alias aliasname | fcid fcid | pwwn pwwn-id } vsan vsan-id [ timeout seconds ]
By default, the period to wait before timing out is 5 seconds.
|
|
This example shows how to trace a route to the specified FCID in VSAN 1:
This example shows how to trace a route to the specified device alias in VSAN 1:
|
|
---|---|
To suppress Fabric-Device Management Interface (FDMI) updates, use the fdmi suppress-updates command.
fdmi suppress-updates vsan vsan-id
|
|
This example shows how to suppress the FDMI updates in VSAN 1:
|
|
---|---|
To enable fabric binding in a Virtual SAN (VSAN), use the feature fabric-binding command. To disable fabric binding, use the no form of this command.
|
|
---|---|
Fabric binding is configured on a per-VSAN basis.
The fabric binding feature must be enabled in each switch in the fabric that participates in the fabric binding.
This example shows how to enable fabric binding on the switch:
This example shows how to disable fabric binding on the switch:
|
|
---|---|
To enable port security, use the feature fc-port-security command. To disable port security, use the no form of this command.
|
|
Entering the feature fc-port-security command enables the other commands that are used to configure FC port security.
This example shows how to enable port security:
This example shows how to disable port security:
|
|
---|---|
To enable virtual and native Fibre Channel interfaces after installing the FC_FEATURES_PKG license, use the feature fcoe command. To disable Fibre Channel interfaces and return the FC_FEATURES_PKG license to the license manager software, use the no form of this command.
|
|
---|---|
You must save the configuration, and then reboot the switch to enable or disable the FCoE feature.
This example shows how to enable FCoE on the switch:
|
|
---|---|
To enable Fibre Channel over Ethernet (FCoE) N-Port Virtualizer (NPV), use the feature fcoe-npv command. To disable FCoE NPV, use the no form of this command.
|
|
---|---|
You cannot enable the FCoE NPV feature if you have previously enabled FCoE (using the feature fcoe command) on the switch. To enable FCoE NPV, you must disable the FCoE feature, reload the system, and then enable FCoE NPV on the switch.
This example shows how to enable FCoE NPV on the switch:
This example shows how to disable FCoE NPV on the switch:
|
|
---|---|
To enable the Fibre Channel Security Protocol (FC-SP) in a switch, use the feature fcsp command. To disable FC-SP, use the no form of this command.
|
|
Additional FC-SP commands are available when the FC-SP feature is enabled.
This example shows how to enable FC-SP:
|
|
---|---|
To enable Fabric Extender (FEX) features on the switch, use the feature fex command. To disable FEX, use the no form of this command.
|
|
---|---|
This example shows how to enable FEX features on the switch:
|
|
---|---|
Creates a Fabric Extender and enters fabric extender configuration mode. |
|
To enable N Port Identifier Virtualization (NPIV) for all Virtual SANs (VSANs) on a switch, use the feature npiv command. To disable NPIV, use the no form of this command.
|
|
NPIV provides a means to assign multiple port IDs to a single N port. This feature allows multiple applications on the N port to use different identifiers and allows access control, zoning, and port security to be implemented at the application level.
You must globally enable NPIV for all VSANs on the switch to allow the NPIV-enabled applications to use multiple N port identifiers.
This example shows how to enable NPIV for all VSANs on the switch:
This example shows how to disable NPIV for all VSANs on the switch:
|
|
---|---|
To enable N Port Virtualization (NPV) mode, use the feature npv command. To disable this feature, use the no form of this command.
|
|
---|---|
When NPV mode is enabled, switch configuration related to interfaces is erased and the switch is rebooted. The switch restarts in NPV mode. Configuration and verification commands for NPV are available only when NPV is enabled on the switch. When you disable NPV mode, all related configurations are automatically erased and the switch is rebooted.
This example shows how to enable NPV mode:
|
|
---|---|
To enable port tracking for indirect errors, use the feature port-track command. To disable this feature, use the no form of this command.
|
|
The software brings the linked port down when the tracked port goes down. When the tracked port recovers from the failure and comes back up again, the tracked port is also brought up automatically (unless otherwise configured).
This example shows how to enable port tracking:
This example shows how to disable port tracking:
|
|
---|---|
Displays configuration and status information for a specified Fibre Channel interface. |
|
Displays configuration and status information for a specified SAN port channel interface. |
To enable the Cisco virtual machine features on the switch, use the feature-set virtualization command. To disable the virtualization feature, use the no form of this command.
|
|
---|---|
Note The Cisco virtual machine feature is supported only on the Cisco Nexus 5500 Series switches.
Before you use this command, make sure that you install the virtualization feature set on the switch by using the install feature-set virtualization command.
You cannot view or access any virtualization commands until you enable a Cisco virtual machine on the switch.
Note You must install the Cisco virtual machine feature set before you enable virtualization on the switch.
Before you disable this feature on the switch, do the following:
This example shows how to enable the virtualization feature on the switch:
This example shows how to disable the virtualization feature on the switch:
|
|
---|---|
To create a Cisco Nexus 2000 Series Fabric Extender and enter fabric extender configuration mode, use the fex command. To delete the Fabric Extender configuration, use the no form of this command.
Fabric Extender chassis ID. The chassis ID range is from 100 to 199. |
|
|
You can create and configure the Fabric Extender before you connect and associate it to an interface on the parent switch. Once you associate the Fabric Extender to the switch, the configuration you created is transferred over to the Fabric Extender and applied.
This example shows how to enter Fabric Extender configuration mode:
This example shows how to delete the Fabric Extender configuration:
|
|
---|---|
Attaches a Fabric Extender to a switch for Fibre Channel over Ethernet (FCoE) traffic. |
|
Displays all configured Fabric Extender chassis connected to the switch. |
To configure an Fabric Shortest Path First (FSPF) feature for an entire Virtual SAN (VSAN), use the fspf config command. To delete an FSPF configuration for the entire VSAN, use the no form of this command.
fspf config vsan vsan-id
min-ls-arrival ls-arrival-time
min-ls-interval ls-interval-time
region region-id
spf { hold-time spf-holdtime | static }
no min-ls-arrival
no min-ls-interval
no region
no spf { hold-time | static }
This command is not applicable to virtual Fibre Channel interfaces.
In FSPF configuration mode, the default is dynamic SPF computation.
If configuring the spf hold-time, the default value for FSPF is 0.
If configuring the min-ls-arrival, the default value for FSPF is 1000 milliseconds.
If configuring the min-ls-interval, the default value for FSPF is 5000 milliseconds.
|
|
The fspf config command enters FSPF configuration mode for the specified Virtual SAN (VSAN). In FSPF configuration mode, the commands configure FSPF for this VSAN.
This example shows how to configure a static SPF computation in VSAN 1 and delete the FSPF configuration in VSAN 3:
To configure the Fabric Shortest Path First (FSPF) link cost for a Fibre Channel over IP (FCIP) interface or virtual Fibre Channel interface, use the fspf cost command. To revert to the default value, use the no form of this command.
fspf cost link-cost vsan vsan-id
no fspf cost link-cost vsan vsan-id
1000 seconds for 1 Gigabits per second interfaces
500 seconds for 2 Gigabits per second interfaces
|
|
FSPF tracks the state of links on all switches in the fabric, associates a cost with each link in its database, and then chooses the path with a minimal cost. The cost associated with an interface can be changed using the fspf cost command to implement the FSPF route selection.
For virtual Fibre Channel interfaces, this command configures the FSPF parameters for the virtual E (VE) port.
This example shows how to configure the FSPF link cost on an FCIP interface:
This example shows how to configure the FSPF link cost on a virtual Fibre Channel interface:
|
|
---|---|
Displays an interface configuration for a specified Fibre Channel interface. |
|
To set the maximum interval for which a hello message must be received before the neighbor is considered lost, use the fspf dead-interval command. To revert to the default value, use the no form of this command.
fspf dead-interval seconds vsan vsan-id
no fspf dead-interval seconds vsan vsan-id
FSPF dead interval in seconds. The range is from 2 to 65535. |
|
|
|
This value must be the same in the ports at both ends of the ISL.
For virtual Fibre Channel interfaces, this command configures the FSPF parameters for the virtual E (VE) port.
This example shows how to configure the maximum interval of 4000 seconds for a hello message before the neighbor is considered lost:
This example shows how to configure the maximum interval of 300 seconds for a hello message in a virtual Fibre Channel interface before the neighbor is considered lost:
|
|
---|---|
Displays an interface configuration for a specified Fibre Channel interface. |
|
To enable Fabric Shortest Path First (FSPF) for a Virtual SAN (VSAN), use the fspf enable command. To disable FSPF routing protocols, use the no form of this command.
|
|
This command is not applicable to virtual Fibre Channel interfaces.
This example shows how to enable a FSPF in VSAN 5 and disable FSPF in VSAN 7:
|
|
---|---|
To verify the health of the link, use the fspf hello-interval command. To revert to the default value, use the no form of this command.
fspf hello-interval seconds vsan vsan-id
no fspf hello-interval seconds vsan vsan-id
Specifies the FSPF hello interval in seconds. The range is from 2 to 65535 for Fibre Channel over IP (FCIP) interfaces and from 1 to 65534 for virtual Fibre Channel interfaces. |
|
|
|
This command configures Fabric Shortest Path First (FSPF) for the specified Fibre Channel interface. This value must be the same in the ports at both ends of the ISL for Fibre Channel over IP (FCIP) interfaces.
For virtual Fibre Channel interfaces, this command configures the FSPF parameters for the virtual E (VE) port.
This example shows how to configure a hello interval of 3 seconds on VSAN 1:
This example shows how to configure a hello interval of 30 seconds for a virtual Fibre Channel interface on VSAN 1:
|
|
---|---|
To disable the Fabric Shortest Path First (FSPF) protocol for selected interfaces, use the fspf passive command. To revert to the default state, use the no form of this command.
|
|
By default, FSPF is enabled on all E ports and TE ports of an Fibre Channel over IP (FCIP) interface. FSPF can be disabled by setting the interface as passive using the fspf passive command. FSPF must be enabled on the ports at both ends of the ISL for the protocol to operate correctly.
For virtual Fibre Channel interfaces, this command configures the FSPF parameters for the virtual E (VE) port.
This example shows how to disable the FSPF protocol for an FCIP interface on VSAN 1:
This example shows how to disable the FSPF protocol for a virtual Fibre Channel interface on VSAN 1 and verify the interface configuration:
|
|
---|---|
Displays an interface configuration for a specified FCIP interface. |
|
To specify the time after which an unacknowledged link state update should be transmitted on the interface, use the fspf retransmit-interval command. To revert to the default value, use the no form of this command.
fspf retransmit-interval seconds vsan vsan-id
no fspf retransmit-interval seconds vsan vsan-id
Fabric Shortest Path First (FSPF) retransmit interval in seconds. The range is from 1 to 65535. |
|
|
|
This value must be the same in the ports at both ends of the ISL for Fibre Channel over IP (FCIP) interfaces.
For virtual Fibre Channel interfaces, this command configures the FSPF parameters for the virtual E (VE) port.
This example shows how to specify a retransmit interval of 6 seconds after which an unacknowledged link state update should be transmitted on the interface for VSAN 1:
This example shows how to specify a retransmit interval of 3 seconds after which an unacknowledged link state update should be transmitted on the virtual Fibre Channel interface on VSAN 1:
|
|
---|---|
Displays an interface configuration for a specified FCIP interface. |
|