Table Of Contents
O Commands
odrt.bin
ocsp url
out-of-service
out-of-service module
out-of-service xbar
O Commands
The commands in this chapter apply to the Cisco MDS 9000 Family of multilayer directors and fabric switches. All commands are shown here in alphabetical order regardless of command mode. Please See "About the CLI Command Modes" section on page 1-3 section to determine the appropriate mode for each command. For more information, see the Cisco MDS 9000 Family CLI Configuration Guide.
odrt.bin
To preform offline data recovery of Cisco SME, use the odrt.bin command on Linux-based systems. This command allows you to recover data when the MSM-18/4 module or the Cisco MDS 9222i fabric switch is not available.
odrt.bin [--help][--version]{-h | -l | -r | -w}{if=input_device_or_file | of=output_device_or_file |
kf=key_export_file | verbose=level}
Syntax Description
--help
|
(Optional)Displays information on the tool.
|
--version
|
(Optional)Displays the version of the tool.
|
-h
|
Reads and prints the tape header information on the tape.
|
-l
|
Lists all SCSI devices.
|
-r
|
Reads the tape device and writes data to intermediate file(s).
|
-w
|
Reads the intermediate file(s) on disk and writes data to the tape.
|
if
|
Specifies the input device or file.
|
of
|
Specifies the output device or file
|
kf
|
Specifies the volume group file name.
|
verbose
|
Specifies the level.
|
Defaults
None.
Command Modes
None. This command runs from the Linux shell.
Command History
Release
|
Modification
|
3.3(1a)
|
This command was introduced.
|
Usage Guidelines
The odrt.bin command operates in the following steps:
•Tape-to-disk- In this mode, the odrt.bin command reads the encrypted data from the tape and stores it as intermediate files on the disk. This mode is invoked with the '-r' flag. The input parameter is the tape device name and filename on the disk is the output parameter.
•Disk-to-tape- In this mode, the odrt.bin command reads intermediate files on the disk, decrypts and decompresses (if applicable) the data and writes the clear-text data to the tape. The decryption key is obtained from the volume group file that is exported from the Cisco Key Management Center (KMC). This mode is invoked with the '-w' flag. The input parameter is the filename on the disk and tape device name is the output parameter. The volume group file name (key export file) is also accepted as a parameter. Key export password needs to be entered at the command prompt.
Examples
The following command reads and prints the Cisco tape header information on the tape:
The following example read the data on tape into intermediate file(s) on disk:
odrt -r if=/dev/sg0 of=diskfile
The following command reads the encrypted/compressed data in intermediate file(s) and writes back the decrypted/decompressed data to the tape:
odrt -w if=diskfile of=/dev/sg0 kf=c1_tb1_Default.dat
A sample output of the odrt command follows:
[root@ips-host06 odrt]# ./odrt.bin -w if=c of=/dev/sg2 kf=sme_L700_IBMLTO3_Default.dat
verbose=3
Please enter key export password:
Elapsed 0:3:39.28, Read 453.07 MB, 2.07 MB/s, Write 2148.27 MB, 9.80 MB/s
ocsp url
To configure the HTTP URL of the Online Certificate Status Protocol (OCSP) for the trust point CA, use the ocsp url command in trust point configuration submode. To discard the OCSP configuration, use the no form of the command.
ocsp url url
no ocsp url url
Syntax Description
url
|
Specifies the OCSP URL. The maximum size is 512 characters.
|
Defaults
None.
Command Modes
Trust point configuration submode.
Command History
Release
|
Modification
|
3.0(1)
|
This command was introduced.
|
Usage Guidelines
The MDS switch uses the OCSP protocol to check the revocation status of a peer certificate (presented to it during the security or authentication exchange for IKE or SSH, for example), only if the revocation checking methods configured for the trust point include OCSP as one of the methods. OCSP checks the certificate revocation status against the latest CRL on the CA using the online protocol, thereby generating network traffic and also requiring that the OCSP service of the CA be available online in the network.
On the other hand, if revocation checking is performed by the cached CRL at the MDS switch, no network traffic is generated. The cached CRL doesn't contain the latest revocation information.
You must authenticate the CA for the trust point before configuring the OCSP URL for it.
Examples
The following example shows how to specify the URL for OCSP to use to check for revoked certificates.
switch(config)# crypto ca trustpoint admin-ca
switch(config-trustpoint)# ocsp url http://admin-ca.cisco.com/ocsp
The following example shows how to remove the URL for OCSP.
switch(config-trustpoint)# no ocsp url http://admin-ca.cisco.com/ocsp
Related Commands
Command
|
Description
|
crypto ca crl-request
|
Configures a CRL or overwrites the existing one for the trust point CA.
|
revocation-check
|
Configures trust point revocation check methods.
|
show crypto ca crl
|
Displays configured CRLs.
|
out-of-service
To put an interface out of service, use the out-of-service command in interface configuration submode. To restore the interface to service, use the no form of the command.
out-of-service [force]
no out-of-service [force]
Syntax Description
force
|
Configures the interface that should be forced out of service.
|
Defaults
None.
Command Modes
Interface configuration submode.
Command History
Release
|
Modification
|
3.0(1)
|
This command was introduced.
|
Usage Guidelines
Before using the out-of-service command, you must disable the interface using the shutdown command.
When an interface is out of service, all the shared resources for the interface are released, as is the configuration associated with those resources.
Caution Taking interfaces out of service releases all the shared resources to ensure that they are available to other interfaces. This causes the configuration in the shared resources to revert to default when the interface is brought back into service. Also, an interface cannot come back into service unless the default shared resources for the port are available. The operation to free up shared resources from another port is disruptive.
Examples
The following example shows how to take an interface out of service.
switch(config)# interface fc 1/1
switch(config-if)#shutdown
switch(config-if)# out-of-service
Putting an interface into out-of-service will cause its shared resource
configuration to revert to default
Do you wish to continue(y/n)? [n]
The following example makes an interface available for service.
switch(config-if)# no out-of-service
Related Commands
Command
|
Description
|
shutdown
|
Disables an interface.
|
show interface
|
Displays the status of an interface.
|
out-of-service module
To perform a graceful shutdown of an integrated crossbar on the supervisor module of a Cisco MDS 9500 Series Director, use the out-of-service module command in EXEC mode.
out-of-service module slot
Syntax Description
slot
|
Specifies the module number. For Cisco MDS 9506 and 9509 Directors, the range is 1 to 6. For the Cisco MDS 9513 Director, the range is 1 to 13.
|
Defaults
None.
Command Modes
EXEC.
Command History
Release
|
Modification
|
3.0(1)
|
This command was introduced.
|
Usage Guidelines
Before removing a crossbar from an MDS 9500 Series Director, you must perform a graceful shutdown of the crossbar.
Enter the EXEC mode out-of-service module command for a graceful shutdown of the integrated crossbar on the supervisor module in a Cisco MDS 9506 or 9509 Director.
out-of-service module slot
The slot refers to the chassis slot number for Supervisor-1 module or Supervisor-2 module where the integrated crossbar is located.
Note To reactivate the integrated crossbar, you must remove and reinsert or replace the Supervisor-1 or Supervisor-2 module.
For additional information about crossbar management, refer to the Cisco MDS 9000 Family CLI Configuration Guide.
Examples
The following example shows how to perform a graceful shutdown of the integrated crossbar.
switch# out-of-service module 2
Related Commands
Command
|
Description
|
out-of-service xbar
|
Performs a graceful shutdown of an external crossbar switching module in a Cisco MDS 9513 Director.
|
show module
|
Displays the status of a module.
|
out-of-service xbar
To perform a graceful shutdown of the external crossbar switching module of a Cisco MDS 9513 Director, use the out-of-service xbar command in EXEC mode.
out-of-service xbar slot
no out-of-service xbar slot
Syntax Description
slot
|
Specifies the external crossbar switching module slot number, either 1 or 2.
|
Defaults
None.
Command Modes
EXEC.
Command History
Release
|
Modification
|
3.0(1)
|
This command was introduced.
|
Usage Guidelines
Before removing a crossbar from an MDS 9500 Series Director, you must perform a graceful shutdown of the crossbar.
The administrator must enter the EXEC mode out-of-service xbar command for a graceful shutdown of the external crossbar switching module in a Cisco MDS 9513 Director.
out-of-service xbar slot
The slot refers to the external crossbar switching module slot number.
Note To reactivate the external crossbar switching module, you must remove and reinsert or replace the crossbar switching module.
Caution Taking the crossbar out-of-service may cause supervisor switchover.
For additional information about crossbar management, refer to the Cisco MDS 9000 Family CLI Configuration Guide.
Examples
The following example shows how to perform a graceful shutdown of the external crossbar switching module of a Cisco MDS 9513 Director.
switch# out-of-service xbar 1
Related Commands
Command
|
Description
|
out-of-service module
|
Performs a graceful shutdown of an integrated crossbar on the supervisor module of a Cisco MDS 9500 Series Director.
|
show module
|
Displays the status of a module.
|